As you already know, we can upgrade all installed packages using
apt upgrade command in Debian, Ubuntu and other Debian-based systems. During this upgrade process, all installed packages will be upgraded, some additional packages (i.e. dependencies) will be installed, and some unnecessary packages will be deleted. Apt package manager does all these things automatically to help the users to maintain a clean system. Apt also has an option to prevent a package from being automatically installed, upgraded or removed in Debian, Ubuntu and its variants. In this guide, we will discuss various methods to hold or prevent a package from upgrade in Debian, Ubuntu and its derivatives such as Linux Mint and Pop!_OS.
Why would someone wants to prevent a package from upgrade?
You might wonder why would someone want to hold a package back from apt upgrade. Isn't updating the packages to latest version helps us to secure the system? Of course, yes! But you don't want do this under certain circumstances. Here are a few reasons to prevent packages from being upgraded:
- A current version of a package is just working fine, so you may think it is unnecessary to upgrade it.
- A particular version is required by another application in order to function properly.
- The package you are about to update might be problematic. Even though the developers tests the packages thoroughly before pushing them into the repositories, sometimes they might unknowingly push unstable packages which will break your system.
- Saving bandwidth. You may not want to update a package that consumes more than 500 MB.
So whatever the reason is, if you ever wanted to prevent a package from changes in Debian or Ubuntu systems, this tutorial will help.
Hold Or Prevent A Package From Upgrade In Debian, Ubuntu
We can prevent/hold/ignore/exclude packages from apt upgrade either from command line or using graphical package management utility called Synaptic package manager.
First, let us see the command line methods!
1. Prevent a package from being automatically installed, upgraded or removed using apt-mark command in Debian, Ubuntu
Apt-mark is used to show, set and unset various settings for a package, such as marking a package as being automatically/manually installed or changing
dpkg selections such as hold, install, deinstall and purge which are respected e.g. by
apt-get dselect-upgrade or
To prevent a package from changes (install, uninstall and upgrade), the
apt-mark command provides the following three sub-commands:
hold command is used to mark a package as held back, which will prevent the package from being automatically installed, upgraded or removed.
unhold command is used to cancel a previously set hold on a package to allow all actions again.
showhold command is used to display a list of packages on hold.
Let us see an example. I am going to prevent a package (E.g.
htop) from being automatically installed, upgraded or removed using command:
$ sudo apt-mark hold htop
htop set on hold.
htop package will remain as the same version even after you upgraded your system.
To show the packages on hold, run:
$ sudo apt-mark showhold
To unhold the package, just run:
$ sudo apt-mark unhold htop
Canceled hold on htop.
Please note that this method will not prevent the package from manual removal. You can still remove the locked packages using
apt-get remove <packagename> command.
This method only prevents the application from automatically installed, updated, upgraded, or removed during system upgrade. Holding a package actually means you're telling the package manager to keep the current version no matter what, even if a new version is available. This trick can be very useful while holding back graphics drivers. It is also useful if more recent version of a currently working program breaks after an update.
Whenever you try to update the system using commands
sudo apt-get update or
sudo apt-get upgrade, the marked packages will still be the same version at the time you hold the package.
Apt-mark is not the only one CLI utility to prevent package changes in Debian or Ubuntu. There are two more ways to put a package on hold and unhold it later from command line.
2. Prevent package from upgrade using dpkg in Debian, Ubuntu
Dpkg is the command line utility to install, build, remove and manage Debian packages.
To put a package, for example htop, on hold using dpkg, run:
$ echo "htop hold" | sudo dpkg --set-selections
You can view the status of the package that you put on hold earlier, run:
$ dpkg --get-selections | grep "htop" htop hold
As you can see, htop is put on hold.
To view status of all packages, run:
$ dpkg --get-selections
To unhold the package, do:
$ echo "htop install" | sudo dpkg --set-selections
3. Hold a package from upgrade using aptitude in Debian, Ubuntu
Aptitude is a text-based interface to the Debian GNU/Linux package system. It allows the user to perform various package management tasks such as installing, updating, upgrading, listing and removing packages.
To put a package on hold and prevent it from being automatically upgraded, run:
$ sudo aptitude hold htop
To view the status of the package, run:
$ aptitude show htop
Package: htop Version: 2.2.0-2build1 State: installed [held] Automatically installed: no Priority: optional Section: utils Maintainer: Ubuntu Developers <email@example.com> Architecture: amd64 Uncompressed Size: 225 k Depends: libc6 (>= 2.15), libncursesw6 (>= 6), libtinfo6 (>= 6) Suggests: lsof, strace Description: interactive processes viewer Htop is an ncursed-based process viewer similar to top, but it allows one to scroll the list vertically and horizontally to see all processes and their full command lines. Tasks related to processes (killing, renicing) can be done without entering their PIDs. Homepage: https://hisham.hm/htop/
As you see in the above output, the htop package is being held from upgrade.
To unhold the package, simply do:
$ sudo aptitude unhold htop
4. Prevent a package from being automatically installed, upgraded or removed using Synaptic package manager in Debian, Ubuntu
If you have Synaptic package manager installed on your system, you can easily lock a package from being installed, updated, upgraded, or removed.
Open Synaptic manager and search the package you want to hold. Then click Package from the menu bar and click hold.
That's it. Now, the package will not be touched during system upgrade as long as you kept it in hold.
To unhold it, go to Synaptic -> Package -> Unlock version.
If Synaptic package manager is not installed in your system, you can install it using command:
$ sudo apt install synaptic
In this tutorial, you learned how to prevent a package from automatically installed, upgraded, and removed in Debian-based systems such as Ubuntu, Linux Mint and Pop!_OS etc.
While holding packages back may be helpful in certain cases, it will also leave security loopholes in your Ubuntu system. One must know when to hold or unhold packages. Use this feature cautiously. Good luck!