How to Enable Contrib and Non-Free on Debian (13, 12, 11)

Debian includes only the main repository component by default, which contains exclusively free software that meets the Debian Free Software Guidelines. While this approach aligns with Debian’s open-source principles, many users need access to proprietary drivers, hardware firmware, and closed-source applications. To enable contrib and non-free repositories on Debian, you modify APT’s source configuration to include these additional archive components.

Common scenarios that require these repositories include installing NVIDIA graphics drivers on Debian for gaming or CUDA workloads (see install CUDA on Debian), enabling WiFi or Bluetooth firmware for laptops with Intel, Realtek, or Broadcom wireless cards, updating CPU microcode for security patches, or running applications like Steam on Debian that depend on 32-bit non-free libraries. This guide covers two methods for enabling contrib, non-free, and non-free-firmware components using the modern DEB822 sources format on Debian 13, 12, and 11.

Understanding Debian Contrib and Non-Free Archive Components

Before enabling repositories, it helps to understand what each archive component provides. Debian’s developers split the archive into four distinct areas based on licensing and source code availability. Each component serves a specific purpose, and knowing the differences helps you decide which to enable:

Component	Description	Typical Contents
main	Free software (DFSG-compliant) with no dependencies on non-free packages. This is the official Debian distribution.	Core applications, utilities, and development tools that meet the Debian Free Software Guidelines
contrib	Free software that depends on packages in contrib or non-free to build or run. DFSG-compliant source code but requires non-free dependencies.	Free wrappers for proprietary software, packages needing external non-free libraries (e.g., VirtualBox on Debian)
non-free	Software that does not meet the DFSG. Source code may be unavailable or redistribution restricted.	Proprietary drivers and utilities (NVIDIA drivers, unrar on Debian), closed-source applications with restrictive licenses
non-free-firmware	Device firmware required for hardware initialization. Separate component since Debian 12 for easier management and installer inclusion.	WiFi drivers, GPU firmware, CPU microcode updates, network card firmware

On Debian 12 (Bookworm) and Debian 13 (Trixie), all four components are available. However, Debian 11 (Bullseye) and older releases have only main, contrib, and non-free. After the 2022 General Resolution on non-free firmware, Debian introduced the non-free-firmware component to allow firmware on official installation media. This separation isolates firmware packages from other proprietary software and is now included by default in Debian 12+ installers to simplify hardware support.

Prerequisites for Enabling Debian Non-Free Repos

Supported Debian Versions

Release	Codename	Component Set	Backports
Debian 13	Trixie (stable)	main, contrib, non-free, non-free-firmware	Available
Debian 12	Bookworm (oldstable)	main, contrib, non-free, non-free-firmware	Available
Debian 11	Bullseye (oldoldstable, LTS until Aug 2026)	main, contrib, non-free (no non-free-firmware)	Discontinued

Debian 11 users: Bullseye LTS security support continues until August 2026, but backports are discontinued and the non-free-firmware component does not exist on this release. Consider upgrading from Debian 11 to Debian 12 for full repository access and continued support.

Additional Requirements

• Active internet connection for downloading repository metadata and packages
• Terminal access (search for “Terminal” in Activities on GNOME, or use your desktop environment’s terminal application)
• Text editor such as nano, vi, or vim for manual configuration (Method 1)

Update Your System

Before modifying your sources configuration, refresh the existing package index to ensure APT metadata is current:

sudo apt update

If you are new to using sudo, see how to add a user to sudoers on Debian.

Identify Your Current Debian Configuration

First, check which Debian version you are running:

grep VERSION_CODENAME /etc/os-release

The output shows your release codename, for example VERSION_CODENAME=trixie for Debian 13, bookworm for Debian 12, or bullseye for Debian 11.

Next, check whether your system already uses a DEB822 .sources file or the legacy sources.list format:

ls /etc/apt/sources.list.d/debian.sources 2>/dev/null && echo "DEB822 format" || echo "Legacy format or no debian.sources file"

Debian 12 and 13 fresh installations typically ship with /etc/apt/sources.list.d/debian.sources already configured. Debian 11 uses the legacy /etc/apt/sources.list file. Both methods below create or replace the DEB822 format file, which works on all three versions.

Which Method to Enable Contrib and Non-Free on Debian

Choose the method that best fits your workflow. Both produce the same DEB822 configuration result:

Method	Approach	Best For
Method 1: Manual (nano)	Open the file in a text editor, paste or modify the configuration	Users who want to review and understand each line, or customize individual fields
Method 2: Automatic (tee)	Single command writes the complete configuration file	Quick setup, scripted deployments, or users comfortable with command-line tools

Method 1: Enable Debian Non-Free Repos with nano (Manual)

This method walks through opening the DEB822 sources file in a text editor, reviewing the current content, and pasting the correct configuration for your Debian release.

Step 1: Open the DEB822 Sources File

Open the Debian sources file in nano. If the file already exists, you will see the current configuration. If it does not exist yet, nano creates a new empty file:

sudo nano /etc/apt/sources.list.d/debian.sources

Step 2: Replace the Configuration

Delete any existing content in the file and paste the configuration block that matches your Debian release. Each block uses the DEB822 format with these key fields:

• Types: deb specifies binary packages (add deb-src to also include source packages)
• URIs: defines the repository server address
• Suites: lists the release codenames and update channels
• Components: specifies which archive areas to enable (main, contrib, non-free, non-free-firmware)
• Signed-By: points to the GPG keyring that verifies package signatures

Copy the entire block for your version below, then paste it into nano. To paste in most terminals, use Ctrl+Shift+V or right-click and select Paste.

Trixie (Debian 13):

Types: deb
URIs: https://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://security.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://deb.debian.org/debian
Suites: trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Bookworm (Debian 12):

Types: deb
URIs: https://deb.debian.org/debian
Suites: bookworm bookworm-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://security.debian.org/debian-security
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://deb.debian.org/debian
Suites: bookworm-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Bullseye (Debian 11):

Types: deb
URIs: https://deb.debian.org/debian
Suites: bullseye bullseye-updates
Components: main contrib non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://security.debian.org/debian-security
Suites: bullseye-security
Components: main contrib non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Debian 11 (Bullseye) does not have the non-free-firmware component or active backports. Do not add either to your Bullseye configuration. On Debian 11, firmware packages such as firmware-iwlwifi remain in the non-free component.

Step 3: Save and Exit nano

After pasting the configuration, save the file by pressing Ctrl+O, then press Enter to confirm the filename. Exit nano by pressing Ctrl+X.

Step 4: Disable Legacy Sources (If Applicable)

If your system has an existing /etc/apt/sources.list with Debian repository entries, comment them out to prevent duplicate repository warnings. Open the file:

sudo nano /etc/apt/sources.list

Add a # at the beginning of each line containing deb.debian.org or security.debian.org. Leave any third-party repository lines (Docker, Google, VS Code, etc.) unchanged. Save and exit.

Step 5: Update the Package Index

Refresh your repository metadata so APT recognizes the newly enabled components:

sudo apt update

Expected output on Debian 13 (Trixie) shows the new contrib, non-free, and non-free-firmware components being fetched:

Hit:1 https://deb.debian.org/debian trixie InRelease
Hit:2 https://deb.debian.org/debian trixie-updates InRelease
Get:3 https://security.debian.org/debian-security trixie-security InRelease [43.4 kB]
Get:4 https://deb.debian.org/debian trixie-backports InRelease [54.0 kB]
Get:5 https://deb.debian.org/debian trixie/non-free amd64 Packages [100 kB]
Get:6 https://deb.debian.org/debian trixie/non-free-firmware amd64 Packages [6888 B]
Get:7 https://deb.debian.org/debian trixie/contrib amd64 Packages [53.8 kB]
Fetched 497 kB in 0s (6860 kB/s)
Reading package lists...

Your output will show your Debian codename and may include different package counts. Debian 11 output will not include non-free-firmware or backports lines.

Now skip ahead to the Verify Debian Non-Free Repos Are Enabled section to confirm everything works correctly.

Method 2: Enable Debian Non-Free Repos with tee (Automatic)

This method uses a single command to write the complete DEB822 configuration file. It is faster than manual editing and works well for scripted deployments or quick setup.

Step 1: Back Up Your Current Sources Configuration

Before overwriting the sources file, create a backup in case you need to revert:

sudo cp /etc/apt/sources.list.d/debian.sources /etc/apt/sources.list.d/debian.sources.bak 2>/dev/null; sudo cp /etc/apt/sources.list /etc/apt/sources.list.bak 2>/dev/null

Step 2: Write the DEB822 Sources File

Run the command that matches your Debian release. Each command writes the complete DEB822 configuration in a single step.

Trixie (Debian 13):

sudo tee /etc/apt/sources.list.d/debian.sources <<'EOF'
Types: deb
URIs: https://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://security.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://deb.debian.org/debian
Suites: trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF

Bookworm (Debian 12):

sudo tee /etc/apt/sources.list.d/debian.sources <<'EOF'
Types: deb
URIs: https://deb.debian.org/debian
Suites: bookworm bookworm-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://security.debian.org/debian-security
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://deb.debian.org/debian
Suites: bookworm-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF

Bullseye (Debian 11):

sudo tee /etc/apt/sources.list.d/debian.sources <<'EOF'
Types: deb
URIs: https://deb.debian.org/debian
Suites: bullseye bullseye-updates
Components: main contrib non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: https://security.debian.org/debian-security
Suites: bullseye-security
Components: main contrib non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF

Debian 11 (Bullseye) does not have the non-free-firmware component or active backports. The Bullseye command above omits both. Firmware packages remain available in the non-free component on this release.

Step 3: Disable Legacy Sources (If Applicable)

If /etc/apt/sources.list contains active Debian repository lines, comment them out with sed to avoid duplicate repository warnings:

sudo sed -i 's/^deb /#deb /' /etc/apt/sources.list 2>/dev/null

This command comments out all active deb lines in sources.list. If you have third-party repositories defined in that file (uncommon on modern Debian), move those entries to a separate file in /etc/apt/sources.list.d/ before running this command.

Step 4: Update the Package Index

Refresh APT metadata to apply the new configuration:

sudo apt update

Expected output confirms the new components are being fetched. Look for lines containing contrib, non-free, and non-free-firmware in the output.

Verify Debian Non-Free Repos Are Enabled

After applying either method, confirm that the components were added correctly and packages from the new repositories are visible.

Check Your Configuration File

Verify that the Components lines include contrib and non-free:

grep -E "Components:.*(contrib|non-free)" /etc/apt/sources.list.d/debian.sources

Expected output for Debian 12 or 13:

Components: main contrib non-free non-free-firmware
Components: main contrib non-free non-free-firmware
Components: main contrib non-free non-free-firmware

On Debian 11, output shows Components: main contrib non-free without non-free-firmware, and only two lines (no backports block).

Test Non-Free Package Availability

Search for NVIDIA drivers to confirm non-free packages are visible:

apt search nvidia-driver 2>/dev/null | head -10

Expected output on Debian 13:

Sorting...
Full Text Search...
nvidia-driver/stable 550.163.01-2 amd64
  NVIDIA metapackage

nvidia-driver-bin/stable 550.163.01-2 amd64
  NVIDIA driver support binaries

Debian 12 labels results as oldstable with version 535.x, and Debian 11 labels them as oldoldstable with version 470.x. Version numbers vary by release.

On Debian 12 and 13, also confirm non-free-firmware by checking a firmware package such as Intel WiFi:

apt-cache policy firmware-iwlwifi

Expected output on Debian 13:

firmware-iwlwifi:
  Installed: (none)
  Candidate: 20250410-2
  Version table:
     20250410-2 500
        500 https://deb.debian.org/debian trixie/non-free-firmware amd64 Packages

On Debian 11, the same package appears under non-free instead of non-free-firmware:

firmware-iwlwifi:
  Installed: (none)
  Candidate: 20210315-3
  Version table:
     20210315-3 500
        500 https://deb.debian.org/debian bullseye/non-free amd64 Packages

Troubleshoot Debian Non-Free Repository Issues

If you encounter errors during configuration, use the checks below to diagnose and fix common problems.

APT Reports Duplicate Repository Entries

Duplicate warnings appear when both /etc/apt/sources.list and debian.sources define the same Debian repositories:

W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:1 and /etc/apt/sources.list.d/debian.sources:1

Check which files contain Debian repository entries:

grep -rn "deb.debian.org\|security.debian.org" /etc/apt/sources.list /etc/apt/sources.list.d/ 2>/dev/null

Comment out the duplicate Debian lines in the legacy file, keeping any third-party repositories untouched:

sudo nano /etc/apt/sources.list

Verify the warning is gone:

sudo apt update

Debian 11 Reports Missing non-free-firmware Component

This warning appears when Debian 11 is configured with the non-free-firmware component, which does not exist on Bullseye:

W: Skipping acquire of configured file 'non-free-firmware/binary-amd64/Packages' as repository 'https://deb.debian.org/debian bullseye InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)

This commonly happens when copying a Debian 12 or 13 configuration file onto a Debian 11 system. Confirm the issue:

grep "non-free-firmware" /etc/apt/sources.list.d/debian.sources

Edit the file and remove non-free-firmware from each Components: line, along with any bullseye-backports block:

sudo nano /etc/apt/sources.list.d/debian.sources

After editing, verify the warning is resolved:

sudo apt update

APT Fails with NO_PUBKEY Errors

This error means the Debian archive keyring is missing or outdated:

W: GPG error: https://deb.debian.org/debian trixie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1122334455667788

Check the installed keyring version:

dpkg -l debian-archive-keyring

Reinstall the keyring package to restore the correct keys:

sudo apt install --reinstall debian-archive-keyring

Run sudo apt update again to verify that the signature warnings are resolved.

software-properties-common Is Not Required

Some older tutorials recommend installing software-properties-common to manage repositories on Debian. This package is designed for Ubuntu’s add-apt-repository command and is unnecessary on Debian when configuring DEB822 sources files directly. You do not need it for any step in this guide.

Revert Debian Sources to Main Only

If you later decide to disable contrib and non-free components, edit the sources file and change each Components: line to include only main.

sudo nano /etc/apt/sources.list.d/debian.sources

Debian 12 or 13: Change each Components: line from:

Components: main contrib non-free non-free-firmware

To:

Components: main

Debian 11: Change each Components: line from Components: main contrib non-free to Components: main.

Apply the change:

sudo apt update

Removing these components prevents installing or updating packages from contrib, non-free, and non-free-firmware. Any currently installed non-free packages remain on the system but will not receive updates. If critical firmware is installed from these components, removing them could affect hardware functionality after a kernel update.

Conclusion

With contrib, non-free, and non-free-firmware components enabled on Debian, you can now install proprietary graphics drivers, wireless firmware, CPU microcode updates, and other restricted software directly through APT. The DEB822 format keeps your repository configuration organized and easier to maintain than the legacy one-line format. When you upgrade to a new Debian release, update the Suites: field to match the new codename and run sudo apt update to refresh your package sources.

Common installations from these repositories include:

• NVIDIA graphics drivers on Debian: sudo apt install nvidia-driver
• WiFi firmware: sudo apt install firmware-iwlwifi for Intel, firmware-realtek for Realtek, or firmware-atheros for Qualcomm Atheros cards
• CPU microcode: sudo apt install intel-microcode or sudo apt install amd64-microcode
• Steam on Debian requires both contrib and non-free for 32-bit library support
• Wine on Debian for running Windows applications
• Multimedia codecs with FFmpeg on Debian or the deb-multimedia repository on Debian

For proprietary applications like Google Chrome, browsers still require adding their vendor repositories separately since they are not part of Debian’s archive. Alternatively, many proprietary applications are available through Flatpak on Debian, which provides a distribution-agnostic way to install software without modifying your APT sources. If you need newer software versions from the next Debian release without a full upgrade, see configure Debian backports repositories.

For deeper understanding of Debian archive components, consult the Debian Wiki: SourcesList reference for DEB822 and legacy formats, the Debian Wiki: Firmware page for hardware support details, and the Debian Policy Manual: Chapter 2 (The Debian Archive) for official component definitions.