How to Disable/Lock or Blacklist Package Updates using Apt Tool

APT means Advanced Packaging Tool is another package manager found on Linux based systems. Initially designed as a front-end for dpkg to work with .deb packages, apt has succeeded to show his visibility on Mac OS, Open Solaris etc.

Disable Package Updates in Debian and Ubuntu Using APT
Disable Package Updates in Debian and Ubuntu Using APT

Want to learn and master about APT and DPKG commands to manage Debian package management, then use our in-depth articles which will cover more than 30+ examples on both tools.

In this article we will see various techniques to disable/lock package from install, upgrade and remove in Debian Linux and its derivatives such as Ubuntu and Linux Mint.

1. Disable/Lock Package Using ‘apt-mark’ with hold/unhold Option

The command apt-mark will mark or unmark a software package as being automatically installed and it is used with option hold or unhold.

  1. hold – this option used to mark a package as held back, which will block the package from being installed, upgraded or removed.
  2. unhold – this option used to remove a previously set hold on a package and allow to install, upgrade and remove package.

For example, for making a package say apache2 unavailable for install, up-gradation or uninstall, you can use following command at the terminal with root privileges:

# apt-mark hold apache2

To make this package available for update, just replace ‘hold‘ with ‘unhold‘.

# apt-mark unhold apache2
Hold Package Update in Ubuntu
Hold Package Update in Ubuntu/Debian

Blocking Package Updates Using APT Preferences File

Another way to block updates of a specific package is to add its entry in /etc/apt/preferences or /etc/apt/preferences.d/official-package-repositories.pref file. This file holds responsibility of updating or blocking certain package updates according to priority specified by the user.

To block the package, you just need to enter its name, additional feature, and to what priority you want to take it to. Here, priority < 1 would block the package.

For blocking any package, just enter its details in file /etc/apt/preferences like this:

Package: <package-name> (Here, '*' means all packages)
Pin: release *
Pin-Priority: <less than 0>

For example to block updates for package apache2 add the entry as shown:

Package: apache2
Pin: release o=Ubuntu
Pin-Priority: 1
Block Package Update Using Preference File
Block Package Update Using Preference File

We can use other options with release keyword for further identifying the package on which we are applying the Pin Priority. Those keywords are:

  1. a -> Archive
  2. c -> Component
  3. o -> Origin
  4. l -> Label
  5. n -> Architecture

like:

Pin: release o=Debian,a=Experimental

Would mean to pull the stated package from Debian package experimental archive.

Blacklist a Package Update using APT Autoremove File

Another way to blacklist a package from installation is to update its entry in one of the files contained in /etc/apt/apt.conf.d/ directory which is 01autoremove.

Sample file is shown below:

APT
{
  NeverAutoRemove
  {
        "^firmware-linux.*";
        "^linux-firmware$";
  };

  VersionedKernelPackages
  {
        # linux kernels
        "linux-image";
        "linux-headers";
        "linux-image-extra";
        "linux-signed-image";
        # kfreebsd kernels
        "kfreebsd-image";
        "kfreebsd-headers";
        # hurd kernels
        "gnumach-image";
        # (out-of-tree) modules
        ".*-modules";
        ".*-kernel";
        "linux-backports-modules-.*";
        # tools
        "linux-tools";
  };

  Never-MarkAuto-Sections
  {
        "metapackages";
        "restricted/metapackages";
        "universe/metapackages";
        "multiverse/metapackages";
        "oldlibs";
        "restricted/oldlibs";
        "universe/oldlibs";
        "multiverse/oldlibs";
  };
};

Now, for blacklisting any package, just need to enter its name in Never-MarkAuto-Sections. Just enter the name of the package at the end in Never-MarkAuto-Section and Save and Close the file. This would block apt for searching for further updates of that package.

For example, to blacklist a package from being update add the entry as shown:

Never-MarkAuto-Sections
  {
        "metapackages";
        "restricted/metapackages";
        "universe/metapackages";
        "multiverse/metapackages";
        "oldlibs";
        "restricted/oldlibs";
        "universe/oldlibs";
        "multiverse/oldlibs";
        "apache2*";
  };
};

Custom Package Selection for Update

Another alternative for this is to choose what you want to update. The apt tool gives you freedom to choose what you want to update, but for this you should have knowledge about what all packages are available for up-gradation.

For such a thing, following set of commands can prove to be helpful:

a. To List what packages have updates pending.

# apt-get -u -V upgrade

b. To install only selective packages.

# apt-get --only-upgrade install <package-name>
Update Selected Packages
Update Selected Packages

Conclusion

In this article, we’ve explained few ways to disable/block or blacklist package updates using APT way. If you know any other preferred way, do let us know via comments or if you were looking for yum command to disable/lock package update, then read this below article.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Gunjit Khera
Currently a Computer Science student and a geek when it comes to Operating System and its concepts. Have 1+ years of experience in Linux and currently doing a research on its internals along with developing applications for Linux on python and C.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

7 Comments

Leave a Reply
  1. These tips do not work for me at all.

    apt-mark hold has no effect at all. I can install the package afterward without any problems.

    Using a preferences file makes it impossible to install any software via aptitude but not only the package intended. So I have to search at some other place for valuable tips to block apt package installations

    Reply
  2. “Blocking Package Updates” and “Blacklisting Package Updates” sections of the articles are confusing as written.

    I am using MX Linux. There are no “/etc/apt/preferences” or “/etc/apt/preferences.d/official-package-repositories.pref” files on my system. Do I have to create one of them?

    “Another way to blacklist a package from installation is to update its entry in one of the files contained in /etc/apt/apt.conf.d/ directory which is 01autoremove.”

    Why not just give the full path of the file as “/etc/apt/apt.conf.d/01autoremove“? The way the sentence is written it is confusing.

    Reply
  3. Can You add EXAMPLE of “How to block multiple packages from update”, I mean, can I add them like this:

    # apt-mark hold libsmbclient smbclient samba-common samba-common-bin
    

    Is this ok?
    And in “autoremove file“? Is this fine?

    Never-MarkAuto-Sections
    {
    "metapackages";
    "restricted/metapackages";
    "universe/metapackages";
    "multiverse/metapackages";
    "oldlibs";
    "restricted/oldlibs";
    "universe/oldlibs";
    "multiverse/oldlibs";
    "smbclient";"libsmbclient";"samba-common";"samba-common-bin";
    };
    };
    

    Or it should be one package-in-one-line (?):

    Never-MarkAuto-Sections
    {
    "multiverse/oldlibs";
    "smbclient";
    "libsmbclient";
    "samba-common";
    "samba-common-bin";
    };
    };
    

    THANK YOU

    Reply
  4. Very nice tip. Thanks very much. I had this issue with Texlive on ubuntu 16.04. Each time I selected “sudo apt-get upgrade”, Texlive will also upgrade, which is huge and wastes my data volume.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.