Linux distributions that are targeted for use in server applications need to be stable and predictable. That’s why when a major version is launched (e.g, Debian 9, codenamed Stretch), most of the software versions included in the official repositories will remain unchanged for the duration of that release. There are a few programs that will receive feature upgrades, for example web browsers, but most packages will only receive security fixes. That’s why even if the Apache HTTP server advanced to version 2.4.35, which you can download from the upstream developer’s page, in Debian, only version 2.4.25 may be available for the whole duration of the current stable release. If every package would always receive all of the latest feature updates, the risk of instability increases, as new, unknown bugs may be introduced, features you rely on may be removed and changes to how programs work may result in making interconnected software incompatible.
In most cases though, even if the software is a few months or even years old, most administrators won’t necessarily need the latest features available in new releases. However, sometimes it’s possible that a new version of a utility brings important improvements that may be desired (e.g., better performance when running PHP code). In this case, there are multiple methods to install newer software on a Linux-based, server oriented distribution. Here are a few examples:
- Using Debian backports.
- Using Ubuntu PPAs (Personal Package Archives).
- Adding a new, third-party software repository to your
- Downloading the software source code and compiling it yourself.
.debpackages from the developer's page and installing them with
It’s recommended to always try these methods in the order they are presented here. The further you go down in this list, the more disadvantages you start to get. It’s also worth mentioning that PPAs should only be used on Ubuntu. There’s a lot of bad advice on the Internet to use PPAs on Debian, because they sometimes do work and don’t seem to cause any problems. However, PPAs are targeted to Ubuntu’s environment and its library versions and they will almost certainly generate conflicts between packages on a Debian system, sooner or later.
Precautions on Third-Party Repositories and .deb Packages
The quality of software packages and how well they integrate with the rest of the system depend on their maintainers. For software included in the official distribution repositories, the quality is almost always very high. However, in the case of third-party repositories and
.deb packages, there are no guarantees. Administrators should make sure that the maintainers are trustworthy and that the packages integrate well with the rest of the system and are always up to date with all of the available security fixes.
Install Newer Software Packages on Debian from Backports
Note: Most commands in this tutorial will require administrator privileges, so you will either need to log in as the
root user, or, if you're logging in as a regular user, prefix the commands with
sudo apt update instead of
Most software evolves slowly, each release bringing only minor changes or improvements over the previous one. However, some programs evolve very fast and each release contains important changes that may be desired and sometimes may even be required (e.g., new video cards need newer drivers to work optimally). Such software will usually be backported by a maintainer. What this means, without going into technical details and keeping it simple, is that the maintainer makes the necessary changes so that newer software can work on a distribution with older software.
To enable backports on your distribution, you have to add a line of text to one of your package manager configuration files,
/etc/apt/sources.list. Fortunately, Alibaba already pre-configures your instances with the necessary lines added. You can read this file with:
And on Debian 9 you would notice a line such as:
deb http://mirrors.cloud.aliyuncs.com/debian/ stretch-backports main non-free contrib
On Debian 10 the line will become:
deb http://mirrors.cloud.aliyuncs.com/debian/ buster-backports main non-free contrib
If, for some reason, backports are not included in your
sources.list file, you can add it to the end of
/etc/apt/sources.list yourself, changing the distribution codename as necessary (the part before
stretch-backports). If the line is commented with one or more preceding
# signs, delete them and the line will be uncommented, thus becoming active. You can edit the file with
While Ubuntu does have backports available, they’re rarely used, for a couple of reasons: software in the main repository is newer than in the case of Debian and PPA’s are usually preferred. If you compare the list of backported packages available in Debian vs Ubuntu, you will see this confirmed:
- List of backported packages in Debian 9, codenamed Stretch
- List of backported packages in Ubuntu 16.04
If you had to manually enable backports in
sources.list, you should update package manager information:
Not all packages have backports available. For the ones that do, you can find out what versions are available with this command:
apt update && apt policy nginx
nginx with the package name that interests you.
Example output on Debian 9:
root@debian:~# apt policy nginx
100 http://mirrors.cloud.aliyuncs.com/debian stretch-backports/main amd64 Packages
100 http://mirrors.cloud.aliyuncs.com/debian stretch-backports/main amd64 Packages
500 http://mirrors.cloud.aliyuncs.com/debian stretch/main amd64 Packages
500 http://mirrors.cloud.aliyuncs.com/debian-security stretch/updates/main amd64 Packages
This shows us that version 1.10.3 is available in the normal repositories and 1.14.0 in backports.
To install a package from backports we have two options (don’t forget to replace
stretch with the codename of your current Debian distribution, if necessary):
apt install nginx/stretch-backports
This would install nginx from backports and package dependencies (e.g., libraries) from the regular repositories, if possible. The advantage of this option is that you don’t “taint” your system with more new packages than necessary, keeping Debian as close to its original (stable) form as possible. Sometimes this approach will fail if the package manager cannot fulfill all of the dependency requirements. In this case, you’ll be forced to try the second option of installing from backports (as above, remember to replace
stretch with the appropriate codename, if necessary):
apt -t=stretch-backports install nginx
In this form, the package manager will also install dependencies from backports, if they are available. To choose between these two variants, you will have to research for your specific use case. In some situations, you may only need the main package to be newer and the packages it depends on can be older. In other cases, you may also want the dependencies to be newer as well, to get all the benefits you are looking for.
This page may be useful to consult when you want to see what packages and dependencies are available in Debian’s repositories: https://www.debian.org/distrib/packages. Scroll down until you find the search form, where you can enter the name of the package that interests you.
Install Newer Software from Ubuntu PPAs (Personal Package Archives)
Let’s take nginx as an example again. If we’re using Ubuntu 18.04 (codenamed Bionic), we can see that nginx version 1.14 is the latest available in the regular repositories (at the time of writing the tutorial): https://packages.ubuntu.com/bionic-updates/nginx. However, if we’re using Ubuntu 16.04, codenamed Xenial, only nginx 1.10 is available: https://packages.ubuntu.com/xenial-updates/nginx. If we search for “nginx ppa” on a web search engine, one of the top results will lead to this page: https://launchpad.net/~nginx/+archive/ubuntu/stable. Scrolling down, we will see that we have an nginx package at version 1.14 for Xenial (at the time of writing this tutorial). The same version is also available for Bionic, but it makes no sense to install it on that distribution since nginx 1.14 is already included in its regular repositories. At a later time, the situation may change though and the PPA may include a newer version than what Bionic will have available. Like in Debian, you can see a list of all versions available for packages with:
apt update && apt policy nginx
There are multiple ways to find a PPA for a package you need. nginx, for example, mentions it on its official page: https://www.nginx.com/resources/wiki/start/topics/tutorials/install/#ubuntu-ppa. This is a trustworthy source and should be preferred whenever available. If you have to use a search engine to find a PPA for your package, make sure you research enough to be certain that the source is trustworthy and the packages are of high quality.
To add the PPA to Ubuntu’s list of package repositories, you will first have to install
apt install software-properties-common
Then add the PPA (the instructions are also included on the PPAs corresponding web page):
Now refresh local package information:
And finally, the newer nginx version can be installed:
apt -V install nginx
-V command line switch is not required but is included here for its effect: it additionally displays the version numbers of the packages that would be installed, so you can visually get confirmation that your intended versions will be downloaded.
Install Newer Software on Debian and Ubuntu from Third Party Sources
Since adding third party repositories or installing
.deb packages directly from the upstream provider is generally the same, examples will be offered here. Compiling, however, is very specific to each application and for this reason the steps you have to follow are usually explained in detail on the developer's web page. Each program will require its own set of build tools, libraries, preparatory configuration steps, etc.
The disadvantage of compiling is that you will have to go through the same process each time the code is updated and especially when a security patch becomes available. Complex projects may take a long time to compile. The advantage though is that you can fine-tune any part of the code and apply patches that may give you certain benefits (e.g., better performance for your specific use case).
Here’s an example of steps you’d have to go through to compile nginx: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#sources
Add Third Party Software Repositories to APT’s sources.list
If you have no other options available, you may have to add an unofficial repository to your distribution’s package manager. This has the potential to mess up your installation if the packages are poorly maintained or insert malware. For these reasons, you should make sure that the maintainers of the repository are trustworthy and skilled in building
.deb packages correctly.
There are generally four steps to adding a new repository to your package manager’s sources file. You will usually find instructions on the official application page, e.g.: https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#prebuilt_debian.
Find and download a cryptographic key:
Add it to the package manager database (trust it):
apt-key add nginx_signing.key
This key is used to verify digital signatures of packages downloaded from the repository, before installing them. It’s a layer of security that prevents installing rogue software. For example, if a hacker uploads malicious packages to the repository, but doesn’t have access to the private signing key, after your packager manager downloads the files, it will check the signatures, see that they are invalid and refuse to install.
sources.list so that your package manager knows where to download the packages from:
Add this line, replacing
stretch with the codename of your current Debian release, if necessary:
deb http://nginx.org/packages/mainline/debian/ stretch nginx
For Ubuntu the procedure is the same but the addresses and distribution codenames will be different (e.g., it may be
deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx).
Now you can update APT’s database and install nginx:
apt install nginx
Install .deb Packages Downloaded from Third Party Sources
As a last resort to install a newer package than is available in the official Debian/Ubuntu repositories, some sites provide
.deb files. You should make sure the source is trustworthy and the package is correctly constructed, otherwise it might make your system unstable, generate conflicts, etc. Generally, going this route has the added disadvantage of having to manually repeat the procedure each time a new
.deb is released. Some developers do configure their packages in such a way that new repositories are automatically added to APT's
sources.list, so that you can then easily upgrade the package with
apt update && apt upgrade, but if this is the case, then you should simply add those lines yourself in the first place, by following the guidelines in the previous section.
Here’s an example on how to install the Atom source code editor from a
.deb package (not suitable for servers without a graphical user interface, offered just to illustrate the steps):
Download the latest package:
Note: On a fresh instance, if you never updated your package manager, you should run
apt updatebefore continuing.
Install the package:
dpkg -i atom-amd64.deb
There will be errors regarding dependencies since
dpkg isn't able to install them automatically. To install dependencies, run:
apt -f install