Last week (on 2017-06-17), Debian GNU/Linux 9.x (codenamed “stretch”) was released. While preparing to update one of my systems I came across the following statement in section of the release notes (“New requirements for APT repository”): New APT pinning engine

APT 1.1 introduced a new pinning engine that now matches the description in the manual page.

The old engine assigned one pin priority per package; the new one assigns pin priorities per version. It then picks the version with the highest pin that is not a downgrade or that has a pin > 1000.

This changes the effect of some pins, especially negative ones. Previously, pinning a version to -1 effectively prevented the package from being installed (the package pin was -1); it now only prevents the version of this package from being installed.

I run my Debian systems without systemd, and my initial reading of the above text gave me pause because I use APT pinning to prevent systemd from becoming my init system. My initial reading of the above left me with the misunderstanding that I would need to apply a different mechanism to keep my current init setup ('/sbin/init' provided by sysvinit-core package).

The default init system on Debian (since Debian 8.x, codenamed “jessie”) has been systemd, in which '/sbin/init' is provided by the systemd-sysv package. This continues to be the case with Debian 9.x.

My existing setups use a customized set of APT preferences which, among other things, contains the file:


whose meat is:

    Package: systemd-sysv
    Pin: release o=Debian
    Pin-Priority: -1

The effect of the 'Pin-Priority' of -1 is to prevent APT from ever installing the 'systemd-sysv' package. And indeed, this is how the mechanism continues to work in Debian 9.x “stretch”. I did not realize this without closer study, however.

After spending more time than I care to admit searching for and reading related info on the ‘Net, I came to realize that the statement in the release notes above applies very specifically to how APT treats pinning of versions. The above APT configuration, in contrast, is based on the separate concept of release origin.

The above config file snippet applies the -1 pin priority to any 'systemd-sysv' package in which the “Release file” declares the origin as “Debian” (the release o=Debian bit). It does not contain any bits related to the package version.

In retrospect, this is all rather obvious, and I’m embarrassed to think how much time I spent researching it. It was also quite helpful to read the motivation for the release notes blurb, which is contained in bug #852967, against the ‘release-notes’ pseudo-package.

Other than mucking around with my 'sources.list' file (and related), I tend to go many years between having to think about my APT configuration at all – so it is easy to become hazy on the details. Hence my focus on the -1 pin priority but glossing over the specific language in the release notes of “pinning a version” (which it is now clear that I am not doing).

I hope the above saves somebody from the need to research the same concerns I had.