Linux Packaging Debian Revision Change

The Change

On March 2nd, 2022, we updated debian package versions to explicitly include the debian revision. The change was made so that tooling wouldn’t need to conditionally check for a debian revision, it will always exist. Without this change, a lot of tooling assumed no debian revision existed, and would miss potentially critical updates.

More about the debian revision field can be found here: 5. Control files and their fields — Debian Policy Manual v4.6.1.0

With this change, debian package version structure will always be:



  • {package_name} is the product name, including “-enterprise” where applicable. Such as “vault” or “vault-enterprise”
  • {upstream_version} is the version string exactly as it is on, including metadata. Such as “1.11.0” or “1.11.0+ent”
  • {debian_revision} is the revision of the package itself, starting at 1 for each new product version. Revisions after 1 will contain the same binary as the first revision, but potentially important configuration or install/update/uninstall hook changes. Revisions like this will be documented in the product’s changelog.

To ensure the latest revision is picked up when installing specific versions of HashiCorp products, the recommended install pattern is:

apt install {package_name}={upstream_version}-*

Packages released before March 2nd are still available with no debian revision, such as “vault-enterprise=1.9.4+ent”.

The Bug

Between March 2nd and June 8th, there was a bug with our packaging tool which placed the debian revision before product version metadata. This resulted in version strings such as “1.11.0-1+ent” instead of the expected “1.11.0+ent-1”. Because this involved the ordering with metadata, packages without version metadata, which includes all of our open source packages, were unaffected.

To resolve this issue, a second revision of enterprise packages released within that window were published with the correct version ordering. After the resolution, packages such as “vault-enterprise=1.9.6-1+ent” were republished as “vault-enterprise=1.9.6+ent-2”. Packages such as “vault=1.9.6-1” did not require any updates