By default, Debian includes only the main repository component, which contains exclusively free software that meets the Debian Free Software Guidelines. While this approach aligns with Debian’s commitment to open-source principles, many users require access to proprietary drivers, hardware firmware, and closed-source applications. To enable contrib and non-free repositories on Debian, you modify APT’s configuration to include these additional archive components.
Common scenarios that require these repositories include installing NVIDIA graphics drivers for gaming or CUDA workloads (see install CUDA on Debian), enabling WiFi or Bluetooth firmware for laptops with Intel, Realtek, or Broadcom wireless cards, updating CPU microcode for security patches, or installing proprietary applications like Google Chrome on Debian. This guide walks through adding contrib, non-free, and non-free-firmware components using the modern DEB822 sources format on Debian 13, Debian 12, and Debian 11.
Understanding Debian Archive Components
Before enabling repositories, it helps to understand what each archive component provides. In practice, Debian’s developers split the archive into four distinct areas based on licensing and source code availability. As a result, each component serves a specific purpose, and knowing the differences helps you make informed decisions about which to enable:
| Component | Description | Typical Contents |
|---|---|---|
| main | Free software (DFSG-compliant) with no dependencies on non-free packages. This is the official Debian distribution. | Core applications, utilities, development tools that meet the Debian Free Software Guidelines |
| contrib | Free software that depends on packages in contrib or non-free to build or run. DFSG-compliant but requires non-free dependencies. | Free wrappers and tools for proprietary software, packages needing external non-free libraries |
| non-free | Software that does not meet the Debian Free Software Guidelines. Source code may be unavailable or redistribution restricted. | Proprietary drivers and utilities (NVIDIA drivers, unrar), closed-source applications with restrictive licenses |
| non-free-firmware | Device firmware required for hardware initialization. Separate component (Debian 12+) for easier management and installer inclusion. | WiFi drivers, GPU firmware, CPU microcode updates, network card firmware |
Importantly, on Debian 12 (Bookworm) and Debian 13 (Trixie), all four components are available. However, Debian 11 (Bullseye) and older releases have only main, contrib, and non-free. After the 2022 General Resolution on non-free firmware, Debian introduced the non-free-firmware component to allow firmware on official installation media. As a result, this separation isolates firmware packages from other proprietary software and is now included by default in Debian 12+ installers to simplify hardware support.
Prerequisites
Supported Debian Versions
| Release | Codename | Component Set | Backports |
|---|---|---|---|
| Debian 13 | Trixie (stable) | main, contrib, non-free, non-free-firmware | Available |
| Debian 12 | Bookworm (oldstable) | main, contrib, non-free, non-free-firmware | Available |
| Debian 11 | Bullseye (oldoldstable, LTS) | main, contrib, non-free (no non-free-firmware) | Discontinued |
Currently, Debian 13 (Trixie) is the stable release. Meanwhile, Debian 12 (Bookworm) is oldstable with continued security support. For Debian 11 (Bullseye), LTS continues until August 2026 with security updates but no new packages or backports. As a result, consider upgrading Debian 11 systems to Debian 12 or 13 for full repository access.
Additional Requirements
- Active internet connection for downloading repository metadata and packages
- User account with sudo privileges (see Add a user to sudoers on Debian) to modify system repository configuration
- Terminal access (consult your desktop environment’s documentation to open a terminal)
- Text editor such as
nano,vi, orvimfor manual configuration
Enable Archive Components
For consistency, use the DEB822 .sources format on all supported Debian releases. If you are on Debian 11, omit non-free-firmware and backports.
Before modifying
/etc/apt/sources.list, check if it contains vendor or third-party repositories (Google, Docker, VS Code, etc.). If it does, move those entries to separate files in/etc/apt/sources.list.d/or merge them into the new DEB822 configuration. Keep the file intact if it contains non-Debian repository entries.
Step 1: Open the DEB822 Sources File
First, open the Debian sources file in your editor. If the file already exists, replace its contents with the block for your release:
sudo nano /etc/apt/sources.list.d/debian.sourcesAfter you create
debian.sources, comment out the Debian entries in/etc/apt/sources.listsoapt updatedoes not warn that repositories are defined twice.
Step 2: Add the Components for Your Debian Release
Next, delete any existing content in the file and paste the configuration block that matches your Debian release. If you are unsure which version you have, run this command in a separate terminal:
cat /etc/os-release | grep VERSION_CODENAMEThe output shows your release codename, for example VERSION_CODENAME=trixie for Debian 13, bookworm for Debian 12, or bullseye for Debian 11.
Each configuration block uses the DEB822 format, which is more readable and explicit than the legacy one-line format. The key fields are:
Types: debspecifies binary packages (usedeb-srcto also include source packages)URIs:defines the repository server addressSuites:lists the release codenames and update channels (security, updates, backports)Components:specifies which archive areas to enable (main, contrib, non-free, non-free-firmware)Signed-By:points to the GPG keyring that verifies package signatures
Copy the entire block for your version below, then paste it into the nano editor. To paste in most terminals, use Ctrl+Shift+V or right-click and select Paste.
Trixie (Debian 13):
Types: deb
URIs: https://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://security.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://deb.debian.org/debian
Suites: trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgBookworm (Debian 12):
Types: deb
URIs: https://deb.debian.org/debian
Suites: bookworm bookworm-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://security.debian.org/debian-security
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://deb.debian.org/debian
Suites: bookworm-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgBullseye (Debian 11):
Types: deb
URIs: https://deb.debian.org/debian
Suites: bullseye bullseye-updates
Components: main contrib non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: https://security.debian.org/debian-security
Suites: bullseye-security
Components: main contrib non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgDebian 11 (Bullseye) is in Long Term Support mode and receives only security updates until August 2026. The
bullseye-backportsrepository was discontinued when Debian 11 transitioned to LTS in August 2024, and thenon-free-firmwarecomponent does not exist on this release.
After pasting the configuration, save the file by pressing Ctrl+O, then press Enter to confirm the filename. Exit nano by pressing Ctrl+X.
Step 3: Update the Package Index
With the sources file saved, refresh your repository metadata so APT recognizes the newly enabled components:
sudo apt updateFor example, output on Debian 13 (Trixie) looks like this:
Hit:1 https://deb.debian.org/debian trixie InRelease Hit:2 https://deb.debian.org/debian trixie-updates InRelease Get:3 https://security.debian.org/debian-security trixie-security InRelease [43.4 kB] Get:4 https://deb.debian.org/debian trixie-backports InRelease [54.0 kB] Get:5 https://deb.debian.org/debian trixie/non-free amd64 Packages [100 kB] Get:6 https://deb.debian.org/debian trixie/non-free-firmware amd64 Packages [6888 B] Get:7 https://deb.debian.org/debian trixie/contrib amd64 Packages [53.8 kB] Get:8 https://security.debian.org/debian-security trixie-security/non-free-firmware amd64 Packages [544 B] Get:9 https://security.debian.org/debian-security trixie-security/main amd64 Packages [93.7 kB] Get:10 https://deb.debian.org/debian trixie-backports/non-free amd64 Packages [7352 B] Get:11 https://deb.debian.org/debian trixie-backports/contrib amd64 Packages [5752 B] Get:12 https://deb.debian.org/debian trixie-backports/non-free-firmware amd64 Packages [4044 B] Get:13 https://deb.debian.org/debian trixie-backports/main amd64 Packages [127 kB] Fetched 497 kB in 0s (6860 kB/s) Reading package lists... Building dependency tree... Reading state information... All packages are up to date.
In practice, your output will show your Debian codename and may include different package counts. Debian 11 output will not include
non-free-firmwareor backports lines.
Verify Archive Components Are Enabled
After updating your repository configuration, confirm that the components were added correctly and packages are visible.
Check Your Configuration File
First, confirm that the Components lines include contrib and non-free:
grep -E "Components:.*(contrib|non-free)" /etc/apt/sources.list.d/debian.sourcesFor example, expected output for Debian 12 or 13 looks like:
Components: main contrib non-free non-free-firmware Components: main contrib non-free non-free-firmware Components: main contrib non-free non-free-firmware
On Debian 11, output will show
Components: main contrib non-freeand will not include a backports block.
Test Package Availability
Next, search for NVIDIA drivers to confirm non-free packages are visible:
apt search nvidia-driver | head -10For example, expected output looks like:
Sorting... Full Text Search... nvidia-driver/stable 5xx.xxx.xx-x amd64 NVIDIA metapackage nvidia-driver-bin/stable 5xx.xxx.xx-x amd64 NVIDIA driver support binaries nvidia-driver-full/stable 5xx.xxx.xx-x amd64 NVIDIA metapackage (all components)
Meanwhile, Debian 12 labels results as
oldstable, and Debian 11 labels them asoldoldstable. Version numbers vary by release.
Additionally, on Debian 12 and 13, confirm non-free-firmware by checking a firmware package such as Intel WiFi:
apt-cache policy firmware-iwlwifiFor example, expected output on Debian 12 or 13 looks like:
firmware-iwlwifi:
Installed: (none)
Candidate: 202xmmdd-x
Version table:
202xmmdd-x 500
500 https://deb.debian.org/debian [your-release]/non-free-firmware amd64 Packages
For Debian 11, expect:
firmware-iwlwifi:
Installed: (none)
Candidate: 202xmmdd-x
Version table:
202xmmdd-x 500
500 https://deb.debian.org/debian [your-release]/non-free amd64 Packages
As a reminder, the version numbers and release names are placeholders. Your output will show the actual version and your Debian release codename.
Troubleshooting Common Issues
If you encounter problems during configuration, use the checks below to diagnose and fix them.
APT Reports Duplicate Repository Entries
Typically, you will see duplicate warnings if both /etc/apt/sources.list and debian.sources define the same Debian repositories.
W: Target Packages (main/binary-amd64/Packages) is configured multiple times in /etc/apt/sources.list:1 and /etc/apt/sources.list.d/debian.sources:1
First, check which files contain Debian repository entries:
grep -R "deb.debian.org/debian" /etc/apt/sources.list* /etc/apt/sources.list.d/*.sources 2>/dev/null/etc/apt/sources.list:deb https://deb.debian.org/debian [your-release] main contrib non-free non-free-firmware /etc/apt/sources.list.d/debian.sources:URIs: https://deb.debian.org/debian
Then edit the legacy file and comment out the duplicate Debian lines, keeping any third-party repositories in separate files:
sudo nano /etc/apt/sources.listFinally, verify the warning is gone:
sudo apt updateReading package lists... Building dependency tree... Reading state information... All packages are up to date.
Debian 11 Reports Missing non-free-firmware
Specifically, this warning appears when Debian 11 is configured with a component that does not exist on Bullseye.
W: Skipping acquire of configured file 'non-free-firmware/binary-amd64/Packages' as repository 'https://deb.debian.org/debian bullseye InRelease' doesn't have the component 'non-free-firmware' (component misspelt in sources.list?)
To confirm, check for non-free-firmware in your sources:
grep -R "non-free-firmware" /etc/apt/sources.list* /etc/apt/sources.list.d/*.sources 2>/dev/null/etc/apt/sources.list.d/debian.sources:Components: main contrib non-free non-free-firmware
Then remove non-free-firmware and any bullseye-backports block from the file:
sudo nano /etc/apt/sources.list.d/debian.sourcesAfterward, verify the warning is gone:
sudo apt updateReading package lists... Building dependency tree... Reading state information... All packages are up to date.
APT Fails with NO_PUBKEY Errors
Typically, this means the Debian archive keyring is missing or outdated.
W: GPG error: https://deb.debian.org/debian [your-release] InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 1122334455667788
First, check the keyring package:
dpkg -l debian-archive-keyringii debian-archive-keyring 202x.x all Debian archive keyring
Next, reinstall the keyring package:
sudo apt install --reinstall debian-archive-keyringFinally, verify that the signature warnings are gone:
sudo apt updateReading package lists... Building dependency tree... Reading state information... All packages are up to date.
Revert to Main Only
If you later decide to disable contrib and non-free components (and non-free-firmware on Debian 12 and 13), first edit the sources file and remove those components from each line:
sudo nano /etc/apt/sources.list.d/debian.sourcesDebian 12 or 13: Next, change each Components: line from:
Components: main contrib non-free non-free-firmware
Afterward, set it to:
Components: main
Debian 11: For Debian 11, change each Components: line from Components: main contrib non-free to Components: main.
Finally, run sudo apt update to refresh repository metadata.
Removing these components will prevent installing or updating packages from contrib, non-free, and non-free-firmware. As a result, any currently installed non-free packages will remain but will not receive updates. If critical firmware is installed from these components, removing them could affect hardware functionality after a kernel update.
Conclusion
With contrib, non-free, and non-free-firmware components enabled, you can now install proprietary graphics drivers, wireless firmware, CPU microcode updates, and other restricted software directly through APT. The DEB822 format keeps your repository configuration organized and easier to maintain than the legacy one-line format. When you upgrade to a new Debian release, update the Suites: field to match the new codename and run sudo apt update to refresh your package sources.
Next Steps
Now that the repositories are configured, search for available packages using apt search [package-name] and install software with sudo apt install [package-name].
Common installations from these repositories include:
- NVIDIA graphics drivers:
sudo apt install nvidia-driver(see install NVIDIA drivers on Debian for detailed guidance) - WiFi firmware:
sudo apt install firmware-iwlwififor Intel,firmware-realtekfor Realtek, orfirmware-atherosfor Qualcomm Atheros cards - CPU microcode:
sudo apt install intel-microcodeorsudo apt install amd64-microcodedepending on your processor
For proprietary applications like Google Chrome, browsers still require adding their vendor repositories separately since they are not part of Debian’s archive. See install Google Chrome on Debian for those steps. Alternatively, many proprietary applications are available through Flatpak on Debian, which provides a distribution-agnostic way to install software without modifying your APT sources. If you need newer software versions from the next Debian release without a full upgrade, see configure Debian backports repositories.
Further Reading
For deeper understanding of Debian repositories and archive components, consult these authoritative resources:
- Debian Wiki: SourcesList – The complete reference for repository configuration, detailing both DEB822 and legacy formats with examples for all Debian versions.
- Debian Wiki: Firmware – Comprehensive information about the non-free-firmware component, hardware support, and methods for installing device firmware across different Debian releases.
- Debian Policy Manual: Chapter 2 (The Debian Archive) – Official policy documentation covering archive areas (main, contrib, non-free, non-free-firmware), component definitions, and the Debian Free Software Guidelines (DFSG).
- Debian 13 (Trixie) Release Notes – Official release documentation covering installation, upgrades, and known issues for the current stable release.
Thank you very much for your comprehensive and intuitive guide. Everything to the point with useful examples. This was exactly what I needed. I had installed Debian with Ethernet only and your guide enabled me to add a WiFi connection, now that I cannot use Ethernet.
Anna
Good Evening!
With these command lines, I was able to enable and allow the installation of Steam, which I needed.
Thank you, Joshua James!
Djalma FC
Joshua,
In section
“Confirming the Presence of the Contrib and Non-Free Repositories”
it is written
grep -E “(contrib|non-free)” /etc/apt/sources.list /etc/apt/sources.list
but I think you meant to write
grep -E “(contrib|non-free)” /etc/apt/sources.list
Gérard
Thanks Gérard for pointing out the extra line out for me to fix.