How to tell from what Ubuntu or Debian repository a package comes?

I run apt-cache policy <package name>:

$ apt-cache policy wajig
wajig:
  Installed: 2.1
  Candidate: 2.1
  Version table:
 *** 2.1 0
        100 /var/lib/dpkg/status
     2.0.47 0
        500 file:/home/wena/.repo_bin/ squeeze/main i386 Packages
        500 ftp://ftp.is.co.za/debian/ squeeze/main i386 Packages

That means that there are three wajig packages:

  • One that is installed (/var/lib/dpkg/status)

  • One that is available from a local repository (file:/home/wena/.repo_bin/)

  • One that is available from a remote repository (ftp://ftp.is.co.za/debian), which also happens to have the same version (2.0.47) as the one in a local repository


Additionally, apt-cache madison <package name> will display similar information in a tabular format.

 wajig |        2.2 | mirror://mirrors.ubuntu.com/mirrors.txt/ precise/universe amd64 Packages
 wajig |        2.2 | mirror://mirrors.ubuntu.com/mirrors.txt/ precise/universe Sources

Aha! Apparently, the proper apt command is not apt-cache info, but instead, apt-cache showpkg.

$ apt-cache showpkg linux-generic
Package: linux-generic
Versions: 
2.6.31.19.32 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic-updates_main_binary-amd64_Packages) (/var/lib/apt/lists/security.ubuntu.com_ubuntu_dists_karmic-security_main_binary-amd64_Packages) (/var/lib/dpkg/status)
 Description Language: 
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic-updates_main_binary-amd64_Packages
                  MD5: 5d722da329763b9342d322f5a140005c

2.6.31.14.27 (/var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_main_binary-amd64_Packages)
 Description Language: 
                 File: /var/lib/apt/lists/us.archive.ubuntu.com_ubuntu_dists_karmic_main_binary-amd64_Packages
                  MD5: 5d722da329763b9342d322f5a140005c


Reverse Depends: 
Dependencies: 
2.6.31.19.32 - linux-image-generic (5 2.6.31.19.32) 
2.6.31.14.27 - linux-image-generic (5 2.6.31.14.27) 
Provides: 
2.6.31.19.32 - 
2.6.31.14.27 - 
Reverse Provides: 

The File: line provides the repository information after the /var/lib/apt/lists/.

There is a bug report that aptitude cannot display the source repository, but it seems at present the feature is still on the wish list.


I wonder why no one mentioned aptitude. I use it all the time.

Aptitude is:

  • Shipped by default with many Debian-based distributions. Can be installed to other (such as Ubuntu) via sudo apt install aptitude.

  • Does not require administrative privileges (at least for the command below).

  • Does have a nice ncurses GUI (but most of the time used without it).

  • Provides a really pretty output. To show versions of packages, use aptitude versions command:

     me@wheezy:~$ aptitude versions kde-standard
     Package kde-standard:                        
     i A 5:77+deb7u1     stable              500
     p A 5:84            testing,unstable    130
    
  • Does NOT have Super Cow Powers.

The letter in front of each string indicates the package's status, i is installed and p is purged (or never installed), stable, testing and unstable are repository definitions, the number in the end is a pin priority.

One caveat regarding recent versions of aptitude worth a mentioning here: by default it shows all the packages, which include the name you search, so use a regex magic a little to search by the strict name, for example aptitude versions ^kde-workspace$.