280

Is there a method or command which can tell from which repository a package is coming from?

David Foerster
  • 35,754
  • 55
  • 92
  • 145
dfme
  • 2,923
  • 2
  • 15
  • 5
  • 4
    This is ambiguous. Do you mean: which currently enabled repositories provide a package with the given name, or: which repository was used to install the package with that name that is currently installed? (Both are useful. I'm looking for the latter, not the former.) – Reinier Post May 25 '17 at 16:59
  • 2
    @ReinierPost If you know which enabled repositories provide the package, you can determine which one was used based on the version of the package that is provided by each repository. If you are unsure which version is installed, run `dpkg -l | awk '/^ii/{print $3}'` – mchid Feb 04 '21 at 04:23

7 Answers7

231

Use following command. It has better output:

apt-cache policy <Package Name>

For Ubuntu 16.04 and later there is a shorter way to do that:

apt policy <Package Name>
SuB
  • 4,119
  • 5
  • 24
  • 33
  • 19
    This is the correct answer! The commands in the answer by mac9416 need tedious interpretation + guessing based on their output. For more information about ``apt-cache policy`` see also http://superuser.com/a/236605/61370 – pabouk - Ukraine stay strong Nov 23 '15 at 09:45
  • 3
    `apt-cache policy` is good but some times you need `apt-cache showpkg` to compare MD5 sums from package. See also `debsums --changed` – gavenkoa Dec 09 '15 at 11:03
  • this `policy` option is the most useful when comparing with `sources.list` – infinite-etcetera Jan 26 '17 at 13:06
  • This should be the accepted answer! @pabouk is right. This answer's more relevant to the question than the currently accepted one. – Rohan 'HEXcube' Villoth Sep 23 '17 at 13:07
  • 2
    Like @pablo-bianchi pointed out in [his answer](https://askubuntu.com/questions/8560/how-do-i-find-out-which-repository-a-package-comes-from/921197#921197), an even simpler `apt policy ` can be used, from 16.04LTS onwards. Once 14.04LTS becomes EOL'd in 2018, this answer maybe edited to use the newer command. – Rohan 'HEXcube' Villoth Sep 23 '17 at 13:12
  • Thanks for this. It was super easy for me to determine which, if any, packages that I accidentally installed from multiverse along with the following command. `function manually_installed { comm -23 <(apt-mark showmanual | sort -u) <(gzip -dc /var/log/installer/initial-status.gz | sed -n 's/^Package: //p' | sort -u) }` – DeepDeadpool Jan 20 '21 at 17:25
159

Edit:

Check out SuB's answer. Looks a bit simpler!

Original:

Commands Needed:

  • dpkg -s <package> - allows you to find the version of that you have installed. (source)
  • apt-cache showpkg <package> - will show a list of Versions of the package available. For each version, the source of the package, in the form of an index file name, will be given.

If you want to find the source of the package that's currently installed, you'll need the output of dpkg -s <package>. Otherwise, you can simply look at the newest version output by apt-cache showpkg <package>.

Example:

$ dpkg -s liferea
Package: liferea
Status: install ok installed
Priority: optional
Section: web
Installed-Size: 760
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: i386
Version: 1.6.2-1ubuntu6
...

$ apt-cache showpkg liferea
Package: liferea
Versions: 
1.6.2-1ubuntu6.1 (/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lucid-updates_main_binary-i386_Packages)
 Description Language: 
                 File: /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lucid-updates_main_binary-i386_Packages
                  MD5: 557b0b803b7ed864e6d14df4b02e3d26

1.6.2-1ubuntu6 (/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lucid_main_binary-i386_Packages) (/var/lib/dpkg/status)
 Description Language: 
                 File: /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lucid_main_binary-i386_Packages
                  MD5: 557b0b803b7ed864e6d14df4b02e3d26
...

From the first command, I can see that Liferea version 1.6.2-1ubuntu6 is installed. From the second command, I can see that that version is listed in /var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_lucid_main_binary-i386_Packages.

Without too much effort, I can deduce that the source line contains archive.ubuntu.com, ubuntu, lucid, and main.

And, sure enough, my /etc/apt/sources.list contains the following line.

deb http://archive.ubuntu.com/ubuntu lucid main universe restricted multiverse
Michael Scheper
  • 129
  • 9
crenshaw-dev
  • 30,632
  • 9
  • 43
  • 47
  • 1
    mac, thanks for your detailed answer! Unfortunately it doesn't help me with my initial issue of an unmet dependency problem :-( I'm trying to install libqt4-opengl and it says: The following packages have unmet dependencies: libqt4-opengl: Depends: libqtcore4 (= 4:4.6.2-0ubuntu5.1) but 4:4.7.0~beta1+git20100522-0ubuntu1~lucid1~ppa1+appmenu20100624 is to be installed Depends: libqtgui4 (= 4:4.6.2-0ubuntu5.1) but 4:4.7.0~beta1+git20100522-0ubuntu1~lucid1~ppa1+appmenu20100624 is to be installed – dfme Oct 20 '10 at 22:23
  • 1
    It's difficult to see from that just what the problem is. You should open a new question so you can provide full details. If you do, leave a link in a comment. :-) – crenshaw-dev Oct 21 '10 at 13:10
  • 6
    `apt-cache policy ` (from: http://superuser.com/a/236605/37279) – franzlorenzon Aug 01 '13 at 14:47
  • Do apt-cache {showpkg,policy} actually show where an installed package *was installed from*, or just where it *would be installed from* at the time it is queried? – Croad Langshan Feb 21 '15 at 11:36
  • 1
    The latter. If I generally use Ubuntu `trusty` package sources, then temporarily add `utopic` to my `sources.list` in order to install version 1.20ubuntu3 of `init-system-helpers` and then remove the repo again from my `sources.list`, `apt-cache showpkg init-system-helpers` will just lie about the original package list and `apt-cache policy init-system-helpers` will just state the obvious. – blubberdiblub Jul 04 '15 at 01:22
  • This needs a proper GUI. Memorizing these commands and spending all this time reading output is ridiculous. I can't memorize all this crap. Scriptable text interfaces are great but that is not where things should stop. – Ryan Jun 04 '20 at 19:16
  • @Ryan this isn't exactly a super common use case for non-technical users. Check out `apt policy ` for more readable output. Pretty memorable command as well. – crenshaw-dev Jun 04 '20 at 19:19
  • 2
    This tells you where the package will be installed/upgraded from, should you attempt to do so. It won't tell you where the currently installed version came from. It can be different, e.g. after adding/removing a PPA. – Reinier Post Jan 27 '21 at 20:29
26

apt on Ubuntu 16.04+

Beside apt-cache policy, showpkg and show, now we have a more simple, with easy to remember subcommands: apt[1] [2] (don't get confused with classic apt-*):

apt policy <package>

Or the alternative with more info apt show <package>, line starting with "APT-Sources:".

Description: This package provides command line tools for searching and managing as well as querying information about packages as low-level access to all features of the libapt-pkg library. This includes:apt-get, apt-cache, apt-cdrom, apt-config, apt-key.

Warning: apt does not have a stable CLI interface. Use with caution in scripts.

Basic commands from apt --help

Other also easy to remember subcommands:

  • apt list – list packages based on package names

  • apt search – search in package descriptions

  • apt show – show package details

  • apt update – update list of available packages

  • apt install – install packages

  • apt remove – remove packages

  • apt purge – remove packages and configuration files:

    Removing a package removes all packaged data, but leaves usually small (modified) user configuration files behind, in case the remove was an accident. Just issuing an installation request for the accidentally removed package will restore its function as before in that case. On the other hand you can get rid of these leftovers by calling purge even on already removed packages. Note that this does not affect any data or configuration stored in your home directory.

    To remove residual packages:

    sudo apt purge $(dpkg -l | grep "^rc" | awk '{print $2}')

  • apt upgrade – upgrade the system by installing/upgrading packages

  • apt full-upgrade – upgrade the system by removing/installing/upgrading packages

  • apt edit-sources – edit the source information file

Pablo Bianchi
  • 14,308
  • 4
  • 74
  • 117
  • `apt policy xxx` appears identical to `apt-cache policy xxx`, maybe this should've been a comment instead. Or at least mention that `apt show` seems to need the `-a` switch to see "additional records" from other sources – Xen2050 Dec 23 '17 at 23:00
  • `WARNING: apt does not have a stable CLI interface. Use with caution in scripts.` – Reinier Post Jan 27 '21 at 20:31
  • @ReinierPost The comment or an edit suggestion is better than a downvote – Pablo Bianchi Jan 28 '21 at 04:28
  • 1
    @ReinierPost That's just a warning not an error and this isn't a script. – mchid Feb 03 '21 at 18:27
11

Sadly, this information is not recorded during package installation. You can make a decent guess if the repository is still in the source list and the repository still has the package:

grep -l PKG /var/lib/apt/lists/*

Even synaptic cannot tell if you disable the repository and update.

kanaka
  • 283
  • 1
  • 4
4
sudo grep *packagename* /var/lib/apt/lists/* | grep "Filename:"

source

Community
  • 1
sBlatt
  • 4,399
  • 3
  • 23
  • 20
1

Another useful command is "apt-cache policy". It will show something like this:

$ apt-cache policy 
Package files: 
 # The default https://wiki.debian.org/DebianStable repository with a priority of 500
 500 https://deb.debian.org/debian stable/main amd64 Packages
     o=Debian,n=stable,l=Debian,c=main,b=amd64
     origin deb.debian.org

 # The repository for Debian https://wiki.debian.org/PointReleases (security and grave bug fixes ~every 2 months)
 500 https://deb.debian.org/debian stable-updates/main amd64 Packages
     release o=Debian,a=oldstable-updates,n=stable-updates,l=Debian,c=main,b=amd64
     origin deb.debian.org

Ref: https://wiki.debian.org/AptConfiguration

Jiang
  • 111
  • 3
0

When upgrading from one ubuntu version to the next one, I like to use the opportunity to do some spring cleaning.

This is a combination of the above answers.

To generate a filterable list from which repositories a package was installed we can use apt policy and remove the newlines:

dpkg -l | grep "ii" | awk '{print $2}' | xargs -n 1 -IX sh -c "apt policy X 2>/dev/null | tr '\n' ' '" | tee all_packages.txt

Then we can inspect the all_packages.txt file and filter for packages which are not from the ubuntu repositories.

cat all_packages.txt | grep -v "ubuntu.com"

We can now inspect this list and decide which ones to remove and which ones to keep.

To only get the package names we can use:

cat all_packages.txt | grep -v "ubuntu.com" | sed 's/:.*//g'
Jonas
  • 1
  • 1