< Previous | Contents | Next >
8.1.2. Understanding the sources.list File
The sources.list file is the key configuration file for defining package sources, and it is impor- tant to understand how it is laid out and how to configure it since APT will not function without a properly defined list of package sources. Let’s discuss its syntax, take a look at the various repos- itories that are used by Kali Linux, and discuss mirrors and mirror redirection, then you will be ready to put APT to use.
Each active line of the /etc/apt/sources.list file (and of the /etc/apt/sources.list.d/*. list files) contains the description of a source, made of three parts separated by spaces. Com- mented lines begin with a # character:
# deb cdrom:[Debian GNU/Linux 2016.1 _Kali-rolling_ - Official Snapshot amd64 LIVE/
➥ INSTALL Binary 20160830-11:29]/ kali-rolling contrib main non-free
deb http://http.kali.org/kali kali-rolling main non-free contrib
# deb cdrom:[Debian GNU/Linux 2016.1 _Kali-rolling_ - Official Snapshot amd64 LIVE/
➥ INSTALL Binary 20160830-11:29]/ kali-rolling contrib main non-free
deb http://http.kali.org/kali kali-rolling main non-free contrib
Let’s take a look at the syntax of this file. The first field indicates the source type:
• deb for binary packages,
• deb-src for source packages.
The second field gives the base URL of the source: this can consist of a Debian mirror or any other package archive set up by a third party. The URL can start with file:// to indicate a local source installed in the system’s file hierarchy, with http:// to indicate a source accessible from a web server, or with ftp:// for a source available on an FTP server. The URL can also start with cdrom: for CD-ROM/DVD-ROM/Blu-ray disc-based installations, although this is less frequent since network- based installation methods are more and more common.
The cdrom entries describe the CD/DVD-ROMs you have. Contrary to other entries, a CD-ROM is not always available, since it has to be inserted into the drive and usually only one disc can be read at a time. For those reasons, these sources are managed in a slightly different way and need to be added with the apt-cdrom program, usually executed with the add parameter. The latter will then request the disc to be inserted in the drive and will browse its contents looking for Packages files. It will use these files to update its database of available packages (this operation is usually done by the apt update command). After that, APT will request the disc if it needs a package stored on it.
The syntax of the last field depends on the structure of the repository. In the simplest cases, you can simply indicate a subdirectory (with a required trailing slash) of the desired source (this is often a simple “./”, which refers to the absence of a subdirectory—the packages are then directly
at the specified URL). But in the most common case, the repositories will be structured like a Debian mirror, with multiple distributions each having multiple components. In those cases, name the chosen distribution, then the components (or sections) to enable. Let’s take a moment to introduce these sections.
Debian and Kali use three sections to differentiate packages according to the licenses chosen by the authors of each work.
Main contains all packages that fully comply with the Debian Free Software Guidelines1.
The non-free archive is different because it contains software that does not (entirely) conform to these principles but which can nevertheless be distributed without restrictions.
Contrib (contributions) is a set of open source software that cannot function without some non- free elements. These elements may include software from the non-free section or non-free files such as game ROMs, BIOS of consoles, etc. Contrib also includes free software whose compilation requires proprietary elements, such as VirtualBox, which requires a non-free compiler to build some of its files.
Now, let’s take a look at the standard Kali Linux package sources, or repositories.