Explain how to hold back (blacklist) packages on an Ubuntu / Debian Linux to prevent updating a specific package when using apt/apt-get.
method 1 - Holding back packages when using apt-get/apt
The apt-mark method works with both installed and uninstalled packages.
Typically we run the following two commands to update all packages:
$ sudo apt update && sudo apt upgrade ## OR ## $ sudo apt-get update && sudo apt-get upgrade
Step 1 – List available updates
Run the apt command:
$ sudo apt list --upgradable
Step 2 – Force apt-get to hold back package named mariadb-server using the apt-mark
Pass the hold option to the apt-mark command as follows to mark a package as held back, which will prevent the package from being automatically installed, upgraded or removed:
$ sudo apt-mark hold package-name
$ sudo apt-mark hold mariadb-server
mariadb-server set on hold.
Step 3 – Display a list of packages on hold
Let us print a list of packages on hold:
$ apt-mark showhold
Step 4 – Cancel hold
Want to cancel a previously set hold on a package to allow all actions again? Try:
$ sudo apt-mark unhold pacakgeName
$ sudo apt-mark unhold mariadb-server
Canceled hold on mariadb-server.
method 2 - Holding back package using Ansible IT automation/DevOps tool
Here is a sample playbook to hold packages:
# Prevent nginx from being upgraded
- dpkg_selections:
name: python
selection: hold
# Kept multiple packages back (hold packages)
- dpkg_selections: name={{ item }} selection=hold
with_items:
- apache2
- php7-fpm
- nginx
- mariadb-server
# Removing hold using Ansible
- dpkg_selections:
name: python
selection: install
---------------------------------------------------------
method 3 - How to prevent updating of a specific package using the dpkg command
Package must be installed to put on hold when using the dpkg method. Otherwise you will get an error as follows:
dpkg: warning: package not in status nor available database at line 1: PACKAGE_NAME_HERE
dpkg: warning: found unknown packages; this might mean the available database
is outdated, and needs to be updated through a frontend method;
please see the FAQ
We can put a package on hold as follows:
$ echo "{pkgName} hold" | sudo dpkg --set-selections
# Put a bash package on hold #
$ echo "bash hold" | sudo dpkg --set-selections
Get the status of your packages:
$ dpkg --get-selections pkgname
## Use the grep command/egrep command as filter to see the status of a single package named bash ##
$ dpkg --get-selections | grep bash
Want to delete the hold? Try:
$ echo "pkgName install" | sudo dpkg --set-selections
$ echo "bash install" | sudo dpkg --set-selections
(Gracefully stolen from: https://www.cyberciti.biz/faq/apt-get-hold-back-packages-command/)