DebianHoldPackageAptMark

By admin
In Debian (and thus Ubuntu), apt-get itself has no support for selectively upgrading packages, unlike DNF based distributions. In DNF, you can say ‘dnf update package’ or ‘dnf update –exclude package’ (with wildcards) to only update the package or to temporarily exclude package(s) from being updated. In apt-get, ‘apt-get upgrade’ upgrades everything. In order to selectively upgrade packages in modern apt-get, you can do ‘apt-get install –only-upgrade package’ (although I believe this marks the package as manually installed). In order to selectively exclude packages from upgrades, you need to hold them.

When we started using Ubuntu, holding and

un
ORG

-holding packages was an awkward process that involved piping things into ‘dpkg –set-selections’ and filtering the output of ‘dpkg –get-selections’. Modern versions of

Debian
ORG

‘s apt suite has improved this drastically with the addition of the apt-mark command. Apt-mark provides straightforward sub-commands to hold and unhold packages and to list held packages; ‘apt-mark hold package’ (or a list of packages), ‘apt-mark unhold package’, and ‘apt-mark showhold’. For extra convenience, the package names can include wildcards and apt-mark will do the right thing, or more or less the right thing depending on your tastes:

apt-mark hold amanda-*

Holding a package name with a wild card will hold everything that the wildcard matches, whether or not it’s installed on your system. The wildcard above will match and hold the

amanda
ORG

-server package, which we don’t have installed very many places, along with the

amanda
ORG

-common and

amanda
ORG

-client packages. This is what you want in some cases, but may be at least unaesthetic since you wind up holding packages you don’t have installed.

If you want to only hold packages you actually have installed you need a dab of awk and probably you want to use ‘dpkg –set-selections’ directly. What we use is:

dpkg-query -W ‘amanda-*’ | awk ‘NF ==

2
CARDINAL

{print $

1
MONEY

, "hold"}’ | dpkg –set-selections

(You can contrive a version that uses apt-mark but since apt-mark wants the packages to hold on the command line it feels like more work. Also, as an important safety tip, don’t accidentally write this with ‘dpkg’ instead of ‘dpkg-query’ and then quietly overlook or throw away the resulting error message.)

Holding Debian packages is roughly equivalent to but generally better than DNF’s version-lock plugin. It’s explicitly specified as holding things regardless of version and will hold even uninstalled packages if you want that, which is potentially useful to stop things from getting dragged in. I have some things version-locked in DNF on my

Fedora
ORG

machines and I always feel a bit nervous about it; we feel no similar concerns on our Ubuntu machines, which routinely have various packages held.

If you normally have various sensitive packages held to stop surprise upgrades, the

one
CARDINAL

thing to remember is that pretty much anything you do to manually upgrade them is going to require you to re-hold them again. If you want to use ‘apt-get upgrade’, you need to

un
ORG

-hold them explicitly; if you ‘apt-get install’ them to override the hold, the hold is removed. After

one
CARDINAL

too many accidents, we wound up automating having some standard holds applied to things like kernels.

(Apt-mark can also be used to inspect and change the ‘manually installed’ status of packages, in case you want to fix this status for something you ran ‘apt-get install’ on to force an upgrade.)