How to Configure sources.list on Debian 11

Last updated: June 27, 2022 | Linuxopsys

Debian is one of the most popular Linux distributions of all time, and now it got a new version release Debian 11 Bullseye. There are a lot of derivatives that came out of Debian, of which the most popular is Ubuntu.

Debian Linux distribution is widely used because of its core package management - APT, and its package format .deb. Every application, system utility or game in Debian, is distributed as a package. You can install those packages onto your system using APT (automatically or manually).

In this guide, we will briefly see new features of Debian 11, get familiar with the APT package manager, and learn how to configure its sources.list file on Debian 11 Bullseye.

Let’s see what are the new features and the most important changes.

New features of Debian 11 Bullseye

The most important features of new Debian 11 Bullseye are:

  • GNOME Desktop 3.38
  • Linux Kernel 5.10 series
  • LibreOffice 7.0
  • OpenJDK 11.0
  • Driverless scanning
  • Improved man pages
  • Kernel support for exFAT
  • Support for more hardware architectures
  • 11294 new packages
  • PHP 7.4
  • Python 3.9
  • Alternative init systems are supported
  • Persistent journal functionality by default

What is APT manager and it’s sources.list

APT is the package manager used in Debian and its derivatives. APT stands for Advanced Package Tool and it is a set of tools for managing Debian packages, and therefore all of the applications installed on your Debian system.
APT is used to install, update or remove applications and packages.

APT is capable of resolving dependency problems and retrieving requested packages from package repositories. It delegates the actual installation and removal of packages to dpkg - low level core Debian Package tool. APT is mainly used by its command-line tools, but there are also GUI tools available.

The file '/etc/apt/sources.list' in Debian contains the list of the 'sources' from which the packages can be obtained. sources.list file can vary depending on various factors (from which medium the Debian was installed, was it updated from previous release, etc...)

This is the list we want on our system:

$ cat /etc/apt/sources.list

deb bullseye main non-free contrib
deb-src bullseye main non-free contrib

deb bullseye-security main contrib non-free
deb-src bullseye-security main contrib non-free

We will now discuss the contents of this file and it's different sections.

Contents and sections of Debian sources.list file

The sections of 'sources.list' file are as follows:

  • Archive type
  • Repository URL
  • Distribution
  • Component

We will now go into detail about each of these sections.

Archive type

The first entry on each line - deb or deb-src represents the type of repository archives.

deb means the repository in the URL provided contains pre-compiled packages. These are the packages installed by default when using package managers like apt-get, aptitude, synaptic, etc...
deb-src indicates source packages with Debian control file (.dsc) and the diff.gz containing the changes needed for packaging the program.

Repository URL

The next section on the entry line is an URL of the repository from where the packages will be downloaded from. You can find the main list of Debian repositories from Debian Worldwide sources.list mirrors.


The distribution can be either the release code name / alias (jessie, stretch, buster, bullseye, sid) or the release class (old stable, stable, testing, unstable) respectively. If you intend to track a release class then use the class name, if you want to track a Debian point release, use the code name.


There are normally three components which can be used on Debian, namely:

  • main - This contains packages that are part of Debian distribution. These packages are DFSG compliant.
  • contrib -The packages here are DFSG compliant, but contains packages which are not in the main repository.
  • non-free - This contains software packages which do not comply with the DFSG.

As we can see in the following sources.list file on Debian 11 Bullseye, we want entries to have all three component types listed:

deb bullseye main non-free contrib
deb-src bullseye main non-free contrib

deb bullseye-security main contrib non-free
deb-src bullseye-security main contrib non-free

If your sources.list file differs, you will have to add contrib and non-free sections after main to have all of the packages listed. If this is the case on your system, you can edit the file /etc/apt/sources.list with nano, vim or any other editor to make changes. We will go through that in the next section of the article.

If you also need the Backports, contrib, and non-free components, add bullseye-backports lines. For example, for Debian 11 Bullseye:

deb bullseye-backports main contrib non-free
deb-src bullseye-backports main contrib non-free

You can instead use 'https://...' in all of the above URLs to use the repositories over encrypted HTTPS connections. (Users of Debian 9 Stretch or older releases will need to install the apt-transport-https package first.)

If your sources.list contains all of the sections we can run package update using apt. This will ensure your apt index is synchronized. Then you can install new packages from the repository.

$ sudo apt update
Hit:1 bullseye-security InRelease
Hit:2 bullseye InRelease
Reading package lists... Done

In some cases you can get errors with repositories while updating the package lists. In that case use apt rather than apt-get. apt is preferred over apt-get for interactive use.

$ sudo apt update
$ sudo apt upgrade -y

If that doesn't fix the issue then second option is to use --allow-releaseinfo-change

$ sudo apt-get --allow-releaseinfo-change update

Adding custom repositories

It is not always advisable to add custom and third-party repositories in the '/etc/apt/sources.list' file. Instead, you can create a file under the '/etc/apt/sources.list.d' directory. For example, to install docker-ce on Debian 11 Bullseye from its upstream repository, you'll do the following:

$ sudo vim /etc/apt/sources.list

Add the content:

deb [arch=amd64] bullseye stable

You can use a GNOME tool to edit your sources.list file. Access it through Menu → System → Administration → Software Sources.

gksu --desktop /usr/share/applications/software-properties.desktop /usr/bin/software-properties-gtk

Another way is to use the apt command used for adding third-party repositories:

$ sudo apt-get install software-properties-common

$ sudo add-apt-repository \
   "deb [arch=amd64] \
   $(lsb_release -cs) \

You can then proceed to update apt-cache and install docker-ce package with apt-get. This is the recommended way to add any other third party repository.

You'll notice this won't work because you don't have the GPG key of the docker repository on your system. We'll cover that next.

Importing apt keys

When working with apt and sources.list repositories, at some point you are required to import GPG keys. This is usually done using the command apt-key, with syntax:

# apt-key adv --keyserver [server-address] --recv-keys [key-id]

Or you can download the GPG key directly and install it from the current directory.
As an example, to download docker repository GPG keys, you'll run:

$ curl -fsSL | sudo apt-key add -

To test if the key was correctly installed run the following:

$ sudo apt-key fingerprint 0EBFCD88
pub   rsa4096 2017-02-22 [SCEA]
      9DC8 5822 9FC7 DD38 854A  E2D8 8D81 803C 0EBF CD88
uid           [ unknown] Docker Release (CE deb) 
sub   rsa4096 2017-02-22 [S]

After that you'll run:

$ sudo apt-get update
$ sudo apt-get install docker-ce

Using Apt with Tor

If you're concerned with privacy issues, or unsecure data transfer, you can use Tor with Debian repositories in your sources.list file. Apt can retrieve and download updates through Tor. For this to work you need to install the tor and apt-transport-tor packages. You can then use the official onion services provided by Debian.

deb tor+http://vwakviie2ienjx6t.onion/debian bullseye main
deb-src tor+http://vwakviie2ienjx6t.onion/debian bullseye main

deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security bullseye-security main
deb-src tor+http://sgvtcaew4bxjd7ln.onion/debian-security bullseye-security main

deb tor+http://vwakviie2ienjx6t.onion/debian bullseye-updates main
deb-src tor+http://vwakviie2ienjx6t.onion/debian bullseye-updates main

Note: Debian less supports https due to the fact that the Debian package distribution has a mechanism to verify packages using GPG. The package signature scheme helps better than https in this case. You can use https mirror but make sure you have installed apt-transport-https package installed.


We have seen how we can manipulate sources.list file and package repositories in Debian Linux. This is the updated article for the new Debian release - Debian 11 Bullseye. You should use this info safely because of manipulating sources.list file can make your system full of unstable packages and you may end up encountering many unresolved dependencies or even breaking your system.



Please add comments below to provide the author your ideas, appreciation and feedback.

Leave a Reply

Leave a Comment