Debian separates software into distinct archive components based on licensing and support: main contains free software compliant with the Debian Free Software Guidelines, while contrib, non-free, and non-free-firmware provide access to proprietary drivers, closed-source applications, multimedia codecs, and hardware firmware. Enabling these restricted components is essential if you need NVIDIA drivers for CUDA, device firmware for WiFi or graphics cards, or closed-source applications; it also prepares your system to install vendor repositories such as Google Chrome when needed.
This guide shows how to enable contrib, non-free, and non-free-firmware components on Debian 13 (Trixie), Debian 12 (Bookworm), and Debian 11 (Bullseye). You will see two methods: the modern DEB822 format (recommended for Debian 12+) and the traditional sources.list format (compatible with all supported versions). By the end, your system will have access to all archive components, and you’ll know how to verify configuration and troubleshoot common issues.
Understanding Debian Archive Components
Before enabling repositories, it’s important to understand what each archive component provides. Debian’s developers split the archive into four distinct areas based on licensing and source code availability. Each component serves a specific purpose, and knowing the differences helps you make informed decisions about which to enable:
| Component | Description | Typical Contents |
|---|---|---|
| main | Free software (DFSG-compliant) with no dependencies on non-free packages. This is the official Debian distribution. | Core applications, utilities, development tools that meet the Debian Free Software Guidelines |
| contrib | Free software that depends on packages in contrib or non-free to build or run. DFSG-compliant but requires non-free dependencies. | Free wrappers and tools for proprietary software, packages needing external non-free libraries |
| non-free | Software that does not meet the Debian Free Software Guidelines. Source code may be unavailable or redistribution restricted. | Proprietary applications (Chrome, Skype), closed-source utilities, software with restrictive licenses |
| non-free-firmware | Device firmware required for hardware initialization. Separate component (Debian 12+) for easier management and installer inclusion. | WiFi drivers, GPU firmware, CPU microcode updates, network card firmware |
Importantly, on Debian 12 (Bookworm) and Debian 13 (Trixie), all four components are available. In contrast, Debian 11 (Bullseye) and older releases have only main, contrib, and non-free. The non-free-firmware component was introduced following the 2022 General Resolution on non-free firmware, which approved including firmware on official installation media. This separation isolates firmware packages from other proprietary software and is now included by default in Debian 12+ installers to simplify hardware support.
Prerequisites
Supported Debian Versions
| Release | Codename | Component Set | Backports |
|---|---|---|---|
| Debian 13 | Trixie (stable) | main, contrib, non-free, non-free-firmware | Available |
| Debian 12 | Bookworm (oldstable) | main, contrib, non-free, non-free-firmware | Available |
| Debian 11 | Bullseye (oldoldstable, LTS) | main, contrib, non-free (no non-free-firmware) | Discontinued |
Debian 13 (Trixie) is the current stable release. Debian 12 (Bookworm) is oldstable with continued security support. Debian 11 (Bullseye) is in LTS-only mode until August 2026, receiving security updates but no new packages or backports. Consider upgrading Debian 11 systems to Debian 12 or 13 for full repository access.
Additional Requirements
- Active internet connection for downloading repository metadata and packages
- User account with sudo privileges to modify system repository configuration
- Terminal access (consult your desktop environment’s documentation to open a terminal)
- Text editor such as
nano,vi, orvimfor manual configuration (optional for Method 2)
Enable Archive Components
There are multiple ways to enable contrib, non-free, and non-free-firmware components on Debian. Below, we explore two methods: the modern DEB822 format (recommended for Debian 12 and later) and the traditional sources.list format (compatible with all supported versions). Choose the method based on your Debian release: if you run Debian 13 (Trixie) or Debian 12 (Bookworm), use Method 1; alternatively, if you’re still on Debian 11, use Method 2.
| Method | Format | Best For | Debian Versions |
|---|---|---|---|
| DEB822 (.sources) | Modern multi-line format in /etc/apt/sources.list.d/ | Clean, maintainable configuration with explicit field separation | Debian 13, 12 (recommended) |
| Legacy (sources.list) | Traditional one-line format in /etc/apt/sources.list | Compatibility with older systems and familiar syntax | Debian 11, 12, 13 (all versions) |
For most users, the DEB822 method is recommended because it provides cleaner syntax, better maintainability, and is the default format on Debian 12 and later. Only use the legacy format if you specifically need Debian 11 compatibility or prefer traditional configuration.
Method 1: Modern DEB822 Format (Debian 12+ Recommended)
Starting with Debian 12 (Bookworm), the modern DEB822 format is the recommended approach for repository configuration. This method uses dedicated files in /etc/apt/sources.list.d/ and is notably cleaner, more maintainable, and explicitly handles the non-free-firmware component with dedicated fields.
Preserve existing repositories: Before modifying
/etc/apt/sources.list, check if it contains vendor or third-party repositories (Google, Docker, VS Code, etc.). If so, either move those entries to separate files in/etc/apt/sources.list.d/before disabling the main file, or merge your custom entries into the new DEB822 configuration. Never blindly removesources.listif it contains non-Debian repository entries.
Create a DEB822 Sources File
First, create a new sources configuration file using the DEB822 format. To begin, open a terminal and create the file with the following command:
sudo nano /etc/apt/sources.list.d/debian.sourcesThis opens nano in your terminal. Next, paste the configuration below that matches your Debian version. All stable releases include main, security updates, and backports. Copy the section that applies to your setup:
Debian 12 (Bookworm):
Types: deb deb-src
URIs: https://deb.debian.org/debian
Suites: bookworm bookworm-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: https://security.debian.org/debian-security
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: https://deb.debian.org/debian
Suites: bookworm-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgDebian 13 (Trixie):
Types: deb deb-src
URIs: https://deb.debian.org/debian
Suites: trixie trixie-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: https://security.debian.org/debian-security
Suites: trixie-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: https://deb.debian.org/debian
Suites: trixie-backports
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpgOnce you’ve entered the configuration that matches your Debian version, save the file by pressing Ctrl+O and then Enter. Finally, exit nano by pressing Ctrl+X. After that, update your repositories with this command:
sudo apt updateAfter running the command, APT fetches package indices from all configured repositories including the newly enabled components. The output will show your codename (bookworm or trixie) and download new component indices:
Debian 12 (Bookworm) output:
Hit:1 https://deb.debian.org/debian bookworm InRelease Hit:2 https://deb.debian.org/debian bookworm-updates InRelease Get:3 https://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB] Get:4 https://deb.debian.org/debian bookworm/contrib amd64 Packages [53.5 kB] Get:5 https://deb.debian.org/debian bookworm/non-free amd64 Packages [102 kB] Get:6 https://deb.debian.org/debian bookworm/non-free-firmware amd64 Packages [6368 B] Fetched 210 kB in 1s (175 kB/s) Reading package lists... Done
Debian 13 (Trixie) output:
Hit:1 https://deb.debian.org/debian trixie InRelease Hit:2 https://deb.debian.org/debian trixie-updates InRelease Get:3 https://security.debian.org/debian-security trixie-security InRelease [43.4 kB] Get:4 https://deb.debian.org/debian trixie/contrib amd64 Packages [53.8 kB] Get:5 https://deb.debian.org/debian trixie/non-free amd64 Packages [100 kB] Get:6 https://deb.debian.org/debian trixie/non-free-firmware amd64 Packages [6888 B] Fetched 204 kB in 1s (170 kB/s) Reading package lists... Done
Important Note for Debian 12+ Only: The
non-free-firmwarecomponent shown above is only available on Debian 12 (Bookworm) and later. Debian 11 (Bullseye) and older releases do not have this component in their archives. If you’re on Debian 11, use the legacy sources.list method (Method 2) below, which properly excludes non-free-firmware from the configuration.
Avoid duplicates: Use either a DEB822 file or the legacy sources.list format, not both. If you migrate to DEB822, back up and comment out your existing
/etc/apt/sources.listfile soapt updatedoes not warn that repositories are defined twice.
Method 2: Legacy Sources.list Format (All Debian Versions)
If you’re running Debian 11 (Bullseye) or prefer the traditional approach, this method is fully compatible with all supported Debian versions. Unlike Method 1, this approach manually edits the traditional /etc/apt/sources.list file directly. While Method 1 is more modern, this method remains reliable and works across every currently supported Debian release.
Open the Sources List File
To begin, launch your terminal and open the sources list file with nano:
sudo nano /etc/apt/sources.listThis command opens nano with the sources.list file. Inside, you’ll see your Debian system’s active software repositories, which are configured as lines beginning with deb or deb-src.
Add Archive Components
Next, locate the lines in the file that start with deb and include main. On each of these lines, add contrib, non-free, and (for Debian 12+) non-free-firmware after main. Use complete blocks so security updates and backports also include the same components:
Debian 12 (Bookworm):
deb https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
deb https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmwareDebian 11 (Bullseye):
deb https://deb.debian.org/debian bullseye main contrib non-free
deb https://deb.debian.org/debian bullseye-updates main contrib non-free
deb https://security.debian.org/debian-security bullseye-security main contrib non-freeDebian 11 LTS Notice: Bullseye is in Long Term Support mode and receives only security updates until August 2026. The
bullseye-backportsrepository was discontinued when Debian 11 transitioned to LTS in August 2024. Additionally, thenon-free-firmwarecomponent is not available on Debian 11. For full repository access including backports and firmware packages, consider upgrading to Debian 12 (Bookworm) or Debian 13 (Trixie).
Debian 13 (Trixie):
deb https://deb.debian.org/debian trixie main contrib non-free non-free-firmware
deb https://deb.debian.org/debian trixie-updates main contrib non-free non-free-firmware
deb https://security.debian.org/debian-security trixie-security main contrib non-free non-free-firmware
deb https://deb.debian.org/debian trixie-backports main contrib non-free non-free-firmwareImportantly, apply these same changes to every deb line in the file, including security and updates lines. Once you’ve edited all repository lines, save the file by pressing Ctrl+O and then Enter. Finally, exit nano by pressing Ctrl+X. After saving, refresh your repository metadata with this command:
sudo apt updateAPT fetches the updated package lists from all repositories. Successful output shows the new components being downloaded. Here is example output for Debian 12 (Bookworm):
Hit:1 https://deb.debian.org/debian bookworm InRelease Hit:2 https://deb.debian.org/debian bookworm-updates InRelease Get:3 https://deb.debian.org/debian bookworm/contrib amd64 Packages [53.5 kB] Get:4 https://deb.debian.org/debian bookworm/non-free amd64 Packages [102 kB] Get:5 https://deb.debian.org/debian bookworm/non-free-firmware amd64 Packages [6368 B] Fetched 162 kB in 1s (135 kB/s) Reading package lists... Done
Debian 13 (Trixie) output will show trixie instead of bookworm in each line. For Debian 11, you will not see a non-free-firmware line since that component does not exist in Bullseye.
HTTPS Best Practice: Always use
https://instead ofhttp://for repository URIs. While Debian’s package manager doesn’t strictly require TLS for repository verification (packages are cryptographically signed independently), HTTPS is still strongly recommended as a best practice. It protects your network traffic from passive observation and provides additional assurance that you’re connecting to the legitimate Debian mirrors.
Verify Archive Components Are Enabled
After updating your repository configuration, it’s essential to verify that the components were added correctly. There are several methods to confirm your configuration is working properly:
Check Your Configuration Files
First, verify that contrib and non-free components are present in your sources configuration. If you used the legacy sources.list method, check with this command:
grep -E "(contrib|non-free)" /etc/apt/sources.listYou should see output showing lines that include contrib, non-free, and (on Debian 12+) non-free-firmware components:
deb https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb https://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware deb https://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
If you created a DEB822 file instead, verify it exists and contains the correct configuration:
cat /etc/apt/sources.list.d/debian.sourcesWhen successful, the output should display configuration blocks with all required components. Here’s what successful configuration looks like:
Types: deb deb-src URIs: https://deb.debian.org/debian Suites: bookworm bookworm-updates Components: main contrib non-free non-free-firmware Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Test Package Availability
Next, verify that packages from the restricted components are actually accessible. Search for a commonly available non-free package like NVIDIA drivers:
apt search nvidia-driver | head -10When repositories are configured correctly, you’ll see results tagged with [non-free/amd64] or your system architecture. This confirms apt can access packages from the non-free component. Here’s what successful output looks like:
Sorting... Full Text Search... nvidia-driver/oldstable 535.247.01-1~deb12u1 amd64 NVIDIA metapackage nvidia-driver-bin/oldstable 535.247.01-1~deb12u1 amd64 NVIDIA driver support binaries
Additionally, confirm non-free-firmware by checking a firmware package such as Intel WiFi:
apt policy firmware-iwlwifiThe Candidate line should show a version from the non-free-firmware component instead of showing (none), confirming firmware packages are reachable:
firmware-iwlwifi:
Installed: (none)
Candidate: 20230210-5
Version table:
20230210-5 500
500 http://deb.debian.org/debian bookworm/non-free-firmware amd64 Packages
Troubleshooting Common Issues
If you encounter problems during configuration, here are solutions for the most common issues:
Duplicate Repository Warnings: If apt update displays warnings about repositories being configured multiple times, you likely have both a legacy .list file and a new .sources file pointing to the same repository. Resolve this by using one format: comment out or rename the older file (for example, /etc/apt/sources.list) before enabling the new DEB822 file.
Permission Denied Errors: Repository configuration requires root privileges. Always prefix commands with sudo when editing /etc/apt/sources.list or creating files in /etc/apt/sources.list.d/. Without elevated privileges, you’ll receive permission errors.
GPG Key Verification Failures: If apt update fails with GPG key errors, ensure the debian-archive-keyring package is installed: sudo apt install debian-archive-keyring. Additionally, verify that the Signed-By path in DEB822 files points to the correct keyring location at /usr/share/keyrings/debian-archive-keyring.gpg.
Revert to Main Only
If you later decide to disable contrib, non-free, and non-free-firmware, you can revert your configuration by editing the sources file and removing those components. For DEB822 format, open the file and change the Components line:
sudo nano /etc/apt/sources.list.d/debian.sourcesChange each Components: line from:
Components: main contrib non-free non-free-firmware
To:
Components: main
For legacy sources.list format, remove contrib non-free non-free-firmware from each line, leaving only main. After saving, run sudo apt update to refresh repository metadata.
Warning: Removing these components will prevent installing or updating packages from contrib, non-free, and non-free-firmware. Any currently installed non-free packages will remain but won’t receive updates. If critical firmware is installed from these components, removing them could affect hardware functionality after a kernel update.
Conclusion
You have successfully configured Debian to access contrib, non-free, and non-free-firmware components. Both methods provide identical functionality and unlock the same software; the choice between them depends only on your Debian version and personal preference. The DEB822 format (Method 1) is the modern standard for Debian 12 and later, offering cleaner syntax and better maintainability. The legacy sources.list format (Method 2) remains fully functional across all supported versions, including Debian 11, and continues to work perfectly on newer releases if you prefer traditional configuration.
Next Steps
After configuration, refresh your repository metadata with sudo apt update. This downloads the latest package lists from all enabled components. Then search for available packages using apt search [package-name] and install software with sudo apt install [package-name]. Common installations include NVIDIA drivers on Debian with sudo apt install nvidia-driver, firmware packages such as sudo apt install firmware-iwlwifi or sudo apt install firmware-realtek, and microcode updates with sudo apt install intel-microcode or sudo apt install amd64-microcode. For Google Chrome, follow the Google Chrome on Debian guide to add Google’s repository because it is not shipped in Debian’s non-free archive. If you need newer software versions from the next Debian release without a full upgrade, see how to configure backports repositories on Debian.
Further Reading
For deeper understanding of Debian repositories and archive components, consult these authoritative resources:
- Debian Wiki: SourcesList – The complete reference for repository configuration, detailing both DEB822 and legacy formats with examples for all Debian versions.
- Debian Wiki: Firmware – Comprehensive information about the non-free-firmware component, hardware support, and methods for installing device firmware across different Debian releases.
- Debian Policy Manual: Chapter 2 (The Debian Archive) – Official policy documentation covering archive areas (main, contrib, non-free, non-free-firmware), component definitions, and the Debian Free Software Guidelines (DFSG).
- Debian 13 (Trixie) Release Notes – Official release documentation covering installation, upgrades, and known issues for the current stable release.
Good Evening!
With these command lines, I was able to enable and allow the installation of Steam, which I needed.
Thank you, Joshua James!
Djalma FC
Joshua,
In section
“Confirming the Presence of the Contrib and Non-Free Repositories”
it is written
grep -E “(contrib|non-free)” /etc/apt/sources.list /etc/apt/sources.list
but I think you meant to write
grep -E “(contrib|non-free)” /etc/apt/sources.list
Gérard
Thanks Gérard for pointing out the extra line out for me to fix.