cat <<EOF | sudo tee /etc/apt/preferences.d/pin-uncontrolled Package: your-package-name Pin: version * Pin-Priority: 1001 EOF This prevents APT from replacing your manual package during upgrades. If you must install an uncontrolled deb that has missing dependencies, you can force it:
apt-mark showmanual | grep -vFf <(apt-mark showauto) But for true "no repository origin" detection:
sudo mkdir -p /usr/local/debs sudo mv ~/your-package.deb /usr/local/debs/ sudo dpkg-scanpackages /usr/local/debs /dev/null | sudo tee /usr/local/debs/Packages echo "deb [trusted=yes] file:///usr/local/debs ./" | sudo tee /etc/apt/sources.list.d/local.list sudo apt update sudo apt install your-package # Now controlled! Now APT tracks dependencies and updates. If you cannot create a local repo, at least pin the package to prevent automatic removal:
sudo dpkg --purge package-name sudo apt update sudo apt install package-name # from official repo To a manually installed package into a controlled local repo, use dpkg-repack :
If you’ve ever run dpkg -i some-package.deb without a repository behind it, you’ve invited an "uncontrolled deb" into your system. When left unmanaged, these packages can lead to dependency hell, broken upgrades, and mysterious conflicts.
sudo dpkg --force-depends -i broken-package.deb Then manually install missing deps with apt . This is dangerous — use only as a last resort. For end-user applications, the best "uncontrolled deb" alternative is to avoid .deb entirely:
apt list --installed | grep -v "now" Or more precisely:
sudo apt install deborphan deborphan # Finds packages with no dependencies and no repo origin For a friendly GUI, synaptic shows "Local or obsolete" packages in its "Custom Filters" section. | Risk | Consequence | |------|--------------| | No security updates | Vulnerabilities remain unpatched | | Dependency conflicts | Future apt upgrade may fail due to broken deps | | System inconsistency | Mixed versions of libraries cause crashes | | Uninstall issues | apt remove may not work cleanly | | Debian release upgrades | Major version upgrades (e.g., Bullseye→Bookworm) often abort | Taming the Uncontrolled Deb: 4 Strategies 1. Convert to a Local Repository (Best Practice) Create a simple APT repository for your manually installed packages:
cat <<EOF | sudo tee /etc/apt/preferences.d/pin-uncontrolled Package: your-package-name Pin: version * Pin-Priority: 1001 EOF This prevents APT from replacing your manual package during upgrades. If you must install an uncontrolled deb that has missing dependencies, you can force it:
apt-mark showmanual | grep -vFf <(apt-mark showauto) But for true "no repository origin" detection:
sudo mkdir -p /usr/local/debs sudo mv ~/your-package.deb /usr/local/debs/ sudo dpkg-scanpackages /usr/local/debs /dev/null | sudo tee /usr/local/debs/Packages echo "deb [trusted=yes] file:///usr/local/debs ./" | sudo tee /etc/apt/sources.list.d/local.list sudo apt update sudo apt install your-package # Now controlled! Now APT tracks dependencies and updates. If you cannot create a local repo, at least pin the package to prevent automatic removal: ncontrol deb
sudo dpkg --purge package-name sudo apt update sudo apt install package-name # from official repo To a manually installed package into a controlled local repo, use dpkg-repack :
If you’ve ever run dpkg -i some-package.deb without a repository behind it, you’ve invited an "uncontrolled deb" into your system. When left unmanaged, these packages can lead to dependency hell, broken upgrades, and mysterious conflicts. cat <<EOF | sudo tee /etc/apt/preferences
sudo dpkg --force-depends -i broken-package.deb Then manually install missing deps with apt . This is dangerous — use only as a last resort. For end-user applications, the best "uncontrolled deb" alternative is to avoid .deb entirely:
apt list --installed | grep -v "now" Or more precisely: If you cannot create a local repo, at
sudo apt install deborphan deborphan # Finds packages with no dependencies and no repo origin For a friendly GUI, synaptic shows "Local or obsolete" packages in its "Custom Filters" section. | Risk | Consequence | |------|--------------| | No security updates | Vulnerabilities remain unpatched | | Dependency conflicts | Future apt upgrade may fail due to broken deps | | System inconsistency | Mixed versions of libraries cause crashes | | Uninstall issues | apt remove may not work cleanly | | Debian release upgrades | Major version upgrades (e.g., Bullseye→Bookworm) often abort | Taming the Uncontrolled Deb: 4 Strategies 1. Convert to a Local Repository (Best Practice) Create a simple APT repository for your manually installed packages: