Linux

Repositories

Sometimes the software you need isn't in the default repositories, or you need a newer version. That's when you add third-party repos.

Understanding Sources

Your package sources are defined in:

Terminal
$cat /etc/apt/sources.list
deb http://archive.ubuntu.com/ubuntu jammy main restricted deb http://archive.ubuntu.com/ubuntu jammy universe deb http://archive.ubuntu.com/ubuntu jammy-updates main restricted

Additional sources go in /etc/apt/sources.list.d/:

Terminal
$ls /etc/apt/sources.list.d/
docker.list nodesource.list google-chrome.list

Adding a PPA (Personal Package Archive)

PPAs are Ubuntu's way to distribute third-party software:

Terminal
$sudo add-apt-repository ppa:graphics-drivers/ppa
PPA added: ppa:graphics-drivers/ppa Press [ENTER] to continue or Ctrl-c to cancel
$sudo apt update
(now includes packages from that PPA)

PPAs Are Not Officially Supported

PPAs are maintained by individuals, not Ubuntu. They could:

  • Stop being updated
  • Contain buggy software
  • Conflict with system packages

Only add PPAs from sources you trust.

Adding Official Third-Party Repos

Major software (Docker, Node.js, VS Code) provides official repos. The process:

  1. Add GPG key (for verification)
  2. Add repository
  3. Update and install

Example: Docker

Terminal
$# Add Docker's GPG key
$curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
$
$# Add the repository
$echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
$
$# Update and install
$sudo apt update && sudo apt install docker-ce

Why GPG Keys?

GPG keys verify that packages actually come from the publisher. Without them, someone could intercept your connection and serve malicious packages.

View Added Repositories

Terminal
$apt policy
Package files: 500 http://archive.ubuntu.com/ubuntu jammy/main amd64 Packages 500 https://download.docker.com/linux/ubuntu jammy/stable amd64 Packages

Remove a Repository

Remove a PPA

Terminal
$sudo add-apt-repository --remove ppa:graphics-drivers/ppa
$sudo apt update

Remove Custom Repository

Terminal
$sudo rm /etc/apt/sources.list.d/docker.list
$sudo apt update

Pin Package Versions

Want to prevent a package from updating? Pin it:

Terminal
$sudo apt-mark hold nginx
nginx set on hold.
$
$# To unhold
$sudo apt-mark unhold nginx
Canceled hold on nginx.
Knowledge Check

Why do third-party repositories require GPG keys?

Quick Reference

CommandPurpose
add-apt-repository ppa:nameAdd PPA
add-apt-repository --removeRemove PPA
apt-mark hold pkgPrevent updates
apt-mark unhold pkgAllow updates
/etc/apt/sources.list.d/Custom repo location

Key Takeaways

  • Default repos are in /etc/apt/sources.list
  • Custom repos go in /etc/apt/sources.list.d/
  • PPAs are convenient but unofficial
  • Official third-party repos need GPG keys
  • Always apt update after adding repos
  • Use apt-mark hold to pin versions

Next: universal package formats - Snap and Flatpak.