20200912

apt-get hold back packages on Ubuntu / Debian Linux

Explain how to hold back (blacklist) packages on an Ubuntu / Debian Linux to prevent updating a specific package when using apt/apt-get. 

method 1 - Holding back packages when using apt-get/apt 

 The apt-mark method works with both installed and uninstalled packages. Typically we run the following two commands to update all packages: 

$ sudo apt update && sudo apt upgrade  ## OR ##  $ sudo apt-get update && sudo apt-get upgrade 

Step 1 – List available updates
Run the apt command: 
$ sudo apt list --upgradable 
Step 2 – Force apt-get to hold back package named mariadb-server using the apt-mark 
Pass the hold option to the apt-mark command as follows to mark a package as held back, which will prevent the package from being automatically installed, upgraded or removed: 
$ sudo apt-mark hold package-name 
$ sudo apt-mark hold mariadb-server 

mariadb-server set on hold. 

Step 3 – Display a list of packages on hold 
Let us print a list of packages on hold: 
 
$ apt-mark showhold 
Step 4 – Cancel hold 
Want to cancel a previously set hold on a package to allow all actions again? Try: 
 
$ sudo apt-mark unhold pacakgeName 
$ sudo apt-mark unhold mariadb-server 

Canceled hold on mariadb-server.

method 2 - Holding back package using Ansible IT automation/DevOps tool 

Here is a sample playbook to hold packages: 

# Prevent nginx from being upgraded 
- dpkg_selections: 
    name: python 
    selection: hold 
 
# Kept multiple packages back (hold packages) 
- dpkg_selections: name={{ item }} selection=hold 
  with_items: 
    - apache2
    - php7-fpm 
    - nginx 
    - mariadb-server 
 
# Removing hold using Ansible 
- dpkg_selections: 
    name: python 
    selection: install 

--------------------------------------------------------- 

method 3 - How to prevent updating of a specific package using the dpkg command

Package must be installed to put on hold when using the dpkg method. Otherwise you will get an error as follows: 

dpkg: warning: package not in status nor available database at line 1: PACKAGE_NAME_HERE 
dpkg: warning: found unknown packages; this might mean the available database is outdated, and needs to be updated through a frontend method; 

please see the FAQ We can put a package on hold as follows: 

$ echo "{pkgName} hold" | sudo dpkg --set-selections # Put a bash package on hold # 
$ echo "bash hold" | sudo dpkg --set-selections 

Get the status of your packages: 

$ dpkg --get-selections pkgname ## Use the grep command/egrep command as filter to see the status of a single package named bash ## 
$ dpkg --get-selections | grep bash 

Want to delete the hold? Try: 

$ echo "pkgName install" | sudo dpkg --set-selections 
$ echo "bash install" | sudo dpkg --set-selections
 
(Gracefully stolen from: https://www.cyberciti.biz/faq/apt-get-hold-back-packages-command/)