Wednesday, April 12, 2017

Debian/ Ubuntu : How to Disable/Lock or Blacklist Package Updates using Apt Tool

How to Disable/Lock or Blacklist Package Updates using Apt Tool


In this article we will see various techniques to disable/lock package from install, upgrade and remove in Debian Linux and its derivatives such as Ubuntu and Linux Mint.

1. Disable/Lock Package Using ‘apt-mark’ with hold/unhold Option

The command apt-mark will mark or unmark a software package as being automatically installed and it is used with option hold or unhold.
  1. hold – this option used to mark a package as held back, which will block the package from being installed, upgraded or removed.
  2. unhold – this option used to remove a previously set hold on a package and allow to install, upgrade and remove package.
For example, for making a package say apache2 unavailable for install, up-gradation or uninstall, you can use following command at the terminal with root privileges:
# apt-mark hold apache2
To make this package available for update, just replace ‘hold‘ with ‘unhold‘.
# apt-mark unhold apache2
Hold Package Update in Ubuntu
Hold Package Update in Ubuntu/Debian

Blocking Package Updates Using APT Preferences File

Another way to block updates of a specific package is to add its entry in /etc/apt/preferences or /etc/apt/preferences.d/official-package-repositories.pref file. This file holds responsibility of updating or blocking certain package updates according to priority specified by the user.
To block the package, you just need to enter its name, additional feature, and to what priority you want to take it to. Here, priority < 1 would block the package.
For blocking any package, just enter its details in file /etc/apt/preferences like this:
Package: <package-name> (Here, '*' means all packages)
Pin: release *
Pin-Priority: <less than 0>
For example to block updates for package apache2 add the entry as shown:
Package: apache2
Pin: release o=Ubuntu
Pin-Priority: 1
Block Package Update Using Preference File
Block Package Update Using Preference File
We can use other options with release keyword for further identifying the package on which we are applying the Pin Priority. Those keywords are:
  1. a -> Archive
  2. c -> Component
  3. o -> Origin
  4. l -> Label
  5. n -> Architecture
like:
Pin: release o=Debian,a=Experimental
Would mean to pull the stated package from Debian package experimental archive.

Blacklist a Package Update using APT Autoremove File

Another way to blacklist a package from installation is to update its entry in one of the files contained in /etc/apt/apt.conf.d/ directory which is 01autoremove.
Sample file is shown below:
APT
{
  NeverAutoRemove
  {
        "^firmware-linux.*";
        "^linux-firmware$";
  };

  VersionedKernelPackages
  {
        # linux kernels
        "linux-image";
        "linux-headers";
        "linux-image-extra";
        "linux-signed-image";
        # kfreebsd kernels
        "kfreebsd-image";
        "kfreebsd-headers";
        # hurd kernels
        "gnumach-image";
        # (out-of-tree) modules
        ".*-modules";
        ".*-kernel";
        "linux-backports-modules-.*";
        # tools
        "linux-tools";
  };

  Never-MarkAuto-Sections
  {
        "metapackages";
        "restricted/metapackages";
        "universe/metapackages";
        "multiverse/metapackages";
        "oldlibs";
        "restricted/oldlibs";
        "universe/oldlibs";
        "multiverse/oldlibs";
  };
};
Now, for blacklisting any package, just need to enter its name in Never-MarkAuto-Sections. Just enter the name of the package at the end in Never-MarkAuto-Section and Save and Close the file. This would block apt for searching for further updates of that package.
For example, to blacklist a package from being update add the entry as shown:
Never-MarkAuto-Sections
  {
        "metapackages";
        "restricted/metapackages";
        "universe/metapackages";
        "multiverse/metapackages";
        "oldlibs";
        "restricted/oldlibs";
        "universe/oldlibs";
        "multiverse/oldlibs";
        "apache2*";
  };
};

Custom Package Selection for Update

Another alternative for this is to choose what you want to update. The apt tool gives you freedom to choose what you want to update, but for this you should have knowledge about what all packages are available for up-gradation.
For such a thing, following set of commands can prove to be helpful:
a. To List what packages have updates pending.
# apt-get -u -V upgrade
b. To install only selective packages.
# apt-get --only-upgrade install <package-name>
Update Selected Packages
Update Selected Packages

Conclusion

In this article, we’ve explained few ways to disable/block or blacklist package updates using APT way.

No comments: