Home Linux Hold Or Prevent A Package From Upgrade In Debian, Ubuntu

Hold Or Prevent A Package From Upgrade In Debian, Ubuntu

By sk
Published: Updated: 12.7K views

As you already know, we can upgrade all installed packages using apt upgrade command in Debian, Ubuntu and other Debian-based systems. During this upgrade process, all installed packages will be upgraded, some additional packages (i.e. dependencies) will be installed, and some unnecessary packages will be deleted. Apt package manager does all these things automatically to help the users to maintain a clean system. Apt also has an option to prevent a package from being automatically installed, upgraded or removed in Debian, Ubuntu and its variants. In this guide, we will discuss various methods to hold or prevent a package from upgrade in Debian, Ubuntu and its derivatives such as Linux Mint and Pop!_OS.

Why would someone wants to prevent a package from upgrade?

You might wonder why would someone want to hold a package back from apt upgrade. Isn't updating the packages to latest version helps us to secure the system? Of course, yes! But you don't want do this under certain circumstances. Here are a few reasons to prevent packages from being upgraded:

  • A current version of a package is just working fine, so you may think it is unnecessary to upgrade it.
  • A particular version is required by another application in order to function properly.
  • The package you are about to update might be problematic. Even though the developers tests the packages thoroughly before pushing them into the repositories, sometimes they might unknowingly push unstable packages which will break your system.
  • Saving bandwidth. You may not want to update a package that consumes more than 500 MB.

So whatever the reason is, if you ever wanted to prevent a package from changes in Debian or Ubuntu systems, this tutorial will help.

Hold Or Prevent A Package From Upgrade In Debian, Ubuntu

We can prevent/hold/ignore/exclude packages from apt upgrade either from command line or using graphical package management utility called Synaptic package manager.

First, let us see the command line methods!

1. Prevent a package from being automatically installed, upgraded or removed using apt-mark command in Debian, Ubuntu

Apt-mark is used to show, set and unset various settings for a package, such as marking a package as being automatically/manually installed or changing dpkg selections such as hold, install, deinstall and purge which are respected e.g. by apt-get dselect-upgrade or aptitude.

To prevent a package from changes (install, uninstall and upgrade), the apt-mark command provides the following three sub-commands:

  1. hold
  2. unhold
  3. showhold

The hold command is used to mark a package as held back, which will prevent the package from being automatically installed, upgraded or removed.

The unhold command is used to cancel a previously set hold on a package to allow all actions again.

And the showhold command is used to display a list of packages on hold.

Let us see an example. I am going to prevent a package (E.g. htop) from being automatically installed, upgraded or removed using command:

$ sudo apt-mark hold htop

Sample output:

htop set on hold.

The locked htop package will remain as the same version even after you upgraded your system.

To show the packages on hold, run:

$ sudo apt-mark showhold

To unhold the package, just run:

$ sudo apt-mark unhold htop

Sample output:

Canceled hold on htop.
Prevent a package from being automatically installed, upgraded or removed using apt-mark command
Prevent a package from being automatically installed, upgraded or removed using apt-mark command

Please note that this method will not prevent the package from manual removal. You can still remove the locked packages using apt-get remove <packagename> command.

This method only prevents the application from automatically installed, updated, upgraded, or removed during system upgrade. Holding a package actually means you're telling the package manager to keep the current version no matter what, even if a new version is available. This trick can be very useful while holding back graphics drivers. It is also useful if more recent version of a currently working program breaks after an update.

Whenever you try to update the system using commands sudo apt-get update or sudo apt-get upgrade, the marked packages will still be the same version at the time you hold the package.

Apt-mark is not the only one CLI utility to prevent package changes in Debian or Ubuntu. There are two more ways to put a package on hold and unhold it later from command line.

2. Prevent package from upgrade using dpkg in Debian, Ubuntu

Dpkg is the command line utility to install, build, remove and manage Debian packages.

To put a package, for example htop, on hold using dpkg, run:

$ echo "htop hold" | sudo dpkg --set-selections

You can view the status of the package that you put on hold earlier, run:

$ dpkg --get-selections | grep "htop"
htop						hold

As you can see, htop is put on hold.

To view status of all packages, run:

$ dpkg --get-selections

To unhold the package, do:

$ echo "htop install" | sudo dpkg --set-selections
Prevent a package from being automatically installed, upgraded or removed using dpkg command
Prevent package from upgrade using dpkg in Debian, Ubuntu

3. Hold a package from upgrade using aptitude in Debian, Ubuntu

Aptitude is a text-based interface to the Debian GNU/Linux package system. It allows the user to perform various package management tasks such as installing, updating, upgrading, listing and removing packages.

To put a package on hold and prevent it from being automatically upgraded, run:

$ sudo aptitude hold htop

To view the status of the package, run:

$ aptitude show htop

Sample output:

Package: htop                            
Version: 2.2.0-2build1
State: installed [held]
Automatically installed: no
Priority: optional
Section: utils
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Uncompressed Size: 225 k
Depends: libc6 (>= 2.15), libncursesw6 (>= 6), libtinfo6 (>= 6)
Suggests: lsof, strace
Description: interactive processes viewer
 Htop is an ncursed-based process viewer similar to top, but it allows
 one to scroll the list vertically and horizontally to see all processes
 and their full command lines. 
 
 Tasks related to processes (killing, renicing) can be done without
 entering their PIDs.
Homepage: https://hisham.hm/htop/

As you see in the above output, the htop package is being held from upgrade.

To unhold the package, simply do:

$ sudo aptitude unhold htop
Hold a package from upgrade using aptitude in Debian, Ubuntu
Hold a package from upgrade using aptitude in Debian, Ubuntu

4. Prevent a package from being automatically installed, upgraded or removed using Synaptic package manager in Debian, Ubuntu

If you have Synaptic package manager installed on your system, you can easily lock a package from being installed, updated, upgraded, or removed.

Open Synaptic manager and search the package you want to hold. Then click Package from the menu bar and click hold.

Prevent a package from being automatically installed, upgraded or removed using Synaptic package manager
Prevent a package from being automatically installed, upgraded or removed using Synaptic package manager

That's it. Now, the package will not be touched during system upgrade as long as you kept it in hold.

To unhold it, go to Synaptic -> Package -> Unlock version.

If Synaptic package manager is not installed in your system, you can install it using command:

$ sudo apt install synaptic

Conclusion

In this tutorial, you learned how to prevent a package from automatically installed, upgraded, and removed in Debian-based systems such as Ubuntu, Linux Mint and Pop!_OS etc.

While holding packages back may be helpful in certain cases, it will also leave security loopholes in your Ubuntu system. One must know when to hold or unhold packages. Use this feature cautiously. Good luck!

Related read:

Featured image by erfouris studio from Pixabay.

You May Also Like

1 comment

Pete January 24, 2021 - 3:42 am

This is why I don’t like update. Causes major headache testing and fixing what was broke.

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More