Join Log in
Score:0
some bits flipped avatar Ubuntu

`apt-cache policy` lists repos not shown in `add-apt-repository --list`

cn flag
some bits flipped

I have several 3rd party repos in /etc/apt/sources.list.d/*, including for apt "foobaz", which is installed. I want to check which repository foobaz came from, or could come from:

figure out what package:

$ which foobaz
/usr/bin/foobaz

$ # FWIW - apt-file does not find anything for this, whereas dpkg-S does (and is limited to just my system, unlike apt-file afaict.
$ dpkg -S /usr/bin/foobaz
foobaz

check which version would be preferred in an upgrade

$ sudo apt update
$ apt policy foobaz
 *** 3.1.0-1 500
        500 https://repo.foobaz.com/debian stable/main all Packages
        100 /var/lib/dpkg/status
     3.0.0-1 500
        500 https://repo.foobaz.com/debian stable/main all Packages
 ...

but, why is the foobaz repository not listed here?

$ sudo add-apt-repository --list | grep foobaz
$ # nothing

$ ls -al /etc/apt/sources.list.d/ | grep foobaz
-rw-r--r-- 1 root root 161 Aug 11 16:52 foobaz-stable.list

$ cat /etc/apt/sources.list.d/foobaz-stable.list
deb [arch="all", signed-by=/usr/share/keyrings/foobaz-stable-archive-keyring.gpg] https://repo.foobaz.com/debian stable main

XY: what command should I be using on ubuntu/debian to:

  1. ascertain which repositories contain the given package (what I'm doing above - a question in it's own right)?
  2. specifically, tell me as quickly/easily (and 100% robustly) from what repository a given executable file on my box came?
29
0 + 6
apt
user535733 avatar
cn flag
user535733
Unable to reproduce: `add-apt-repository --list | grep foobaz` returns the foobaz source(s) as expected.
0
Reply
some bits flipped avatar
cn flag
some bits flipped
@user535733 - I'm not sure what to tell you. Yes, this seems wrong to me. Poking around - one interesting thing I see is that `add-apt-repository --list` displays **two of the four** entries I have in `/etc/apt/sources.list.d/*`. However, given that `dpkg -S $(which foobaz)` finds the file in the `foobaz` package, can't we tell definitively that the currently installed program is coming from a `deb` (and in my case `apt` since I haven't installed anything via `dpkg -i` here)? (note: edits for clarity)
0
Reply
user535733 avatar
cn flag
user535733
"*given that dpkg -S $(which foobaz) finds the file in the foobaz package, can't we tell definitively that the currently installed program is coming from a deb*:" Yes, the output of `dpkg -S` is a definitive answer...as long as your package database is accurate (true 99% of the time).
0
Reply
muru avatar
us flag
muru
"what repository a given executable file on my box came" this is, in the general case, impossible. Imagine: you installed a package X of version Y from some repo. For some reason, that repo removes package X. Another repo you had configured also has package X with version Y (not too odd if two independent groups package the same software). A long time has passed since you installed it, so your logs are gone as well, and your caches have been cleared. To all appearences, it will look as if X came from the second repo
0
Reply
some bits flipped avatar
cn flag
some bits flipped
@muru - I [think I] agree with you - but note in my case the version, timestamps, and critically `sha1sum` are all identical - *and* while memory is absoutely falliable, in the *recent* past (encompassing those `ctime`/`mtime`'s) I am confident I haven't done such a thing. In a case that's general **within** constrained such as this, do you still feel it's impossible?
0
Reply
muru avatar
us flag
muru
Still not possible in the general case - take a repo with, say, testing, stable and archive pocket which moves the same package around. Again, not 100% possible to guarantee it came from which pocket.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.