How to Disable/Lock or Blacklist Package Updates using Apt Tool

APT means Advanced Packaging Tool is another package manager found on Linux based systems. Initially designed as a front-end for dpkg to work with .deb packages, apt has succeeded to show his visibility on Mac OS, Open Solaris etc.

Disable Package Updates in Debian and Ubuntu Using APT
Disable Package Updates in Debian and Ubuntu Using APT

Want to learn and master about APT and DPKG commands to manage Debian package management, then use our in-depth articles which will cover more than 30+ examples on both tools.

In this article we will see various techniques to disable/lock package from install, upgrade and remove in Debian Linux and its derivatives such as Ubuntu and Linux Mint.

1. Disable/Lock Package Using ‘apt-mark’ with hold/unhold Option

The command apt-mark will mark or unmark a software package as being automatically installed and it is used with option hold or unhold.

  1. hold – this option used to mark a package as held back, which will block the package from being installed, upgraded or removed.
  2. unhold – this option used to remove a previously set hold on a package and allow to install, upgrade and remove package.

For example, for making a package say apache2 unavailable for install, up-gradation or uninstall, you can use following command at the terminal with root privileges:

# apt-mark hold apache2

To make this package available for update, just replace ‘hold‘ with ‘unhold‘.

# apt-mark unhold apache2
Hold Package Update in Ubuntu
Hold Package Update in Ubuntu/Debian

Blocking Package Updates Using APT Preferences File

Another way to block updates of a specific package is to add its entry in /etc/apt/preferences or /etc/apt/preferences.d/official-package-repositories.pref file. This file holds responsibility of updating or blocking certain package updates according to priority specified by the user.

To block the package, you just need to enter its name, additional feature, and to what priority you want to take it to. Here, priority < 1 would block the package.

For blocking any package, just enter its details in file /etc/apt/preferences like this:

Package: <package-name> (Here, '*' means all packages)
Pin: release *
Pin-Priority: <less than 0>

For example to block updates for package apache2 add the entry as shown:

Package: apache2
Pin: release o=Ubuntu
Pin-Priority: 1
Block Package Update Using Preference File
Block Package Update Using Preference File

We can use other options with release keyword for further identifying the package on which we are applying the Pin Priority. Those keywords are:

  1. a -> Archive
  2. c -> Component
  3. o -> Origin
  4. l -> Label
  5. n -> Architecture

like:

Pin: release o=Debian,a=Experimental

Would mean to pull the stated package from Debian package experimental archive.

Blacklist a Package Update using APT Autoremove File

Another way to blacklist a package from installation is to update its entry in one of the files contained in /etc/apt/apt.conf.d/ directory which is 01autoremove.

Sample file is shown below:

APT
{
  NeverAutoRemove
  {
        "^firmware-linux.*";
        "^linux-firmware$";
  };

  VersionedKernelPackages
  {
        # linux kernels
        "linux-image";
        "linux-headers";
        "linux-image-extra";
        "linux-signed-image";
        # kfreebsd kernels
        "kfreebsd-image";
        "kfreebsd-headers";
        # hurd kernels
        "gnumach-image";
        # (out-of-tree) modules
        ".*-modules";
        ".*-kernel";
        "linux-backports-modules-.*";
        # tools
        "linux-tools";
  };

  Never-MarkAuto-Sections
  {
        "metapackages";
        "restricted/metapackages";
        "universe/metapackages";
        "multiverse/metapackages";
        "oldlibs";
        "restricted/oldlibs";
        "universe/oldlibs";
        "multiverse/oldlibs";
  };
};

Now, for blacklisting any package, just need to enter its name in Never-MarkAuto-Sections. Just enter the name of the package at the end in Never-MarkAuto-Section and Save and Close the file. This would block apt for searching for further updates of that package.

For example, to blacklist a package from being update add the entry as shown:

Never-MarkAuto-Sections
  {
        "metapackages";
        "restricted/metapackages";
        "universe/metapackages";
        "multiverse/metapackages";
        "oldlibs";
        "restricted/oldlibs";
        "universe/oldlibs";
        "multiverse/oldlibs";
        "apache2*";
  };
};

Custom Package Selection for Update

Another alternative for this is to choose what you want to update. The apt tool gives you freedom to choose what you want to update, but for this you should have knowledge about what all packages are available for up-gradation.

For such a thing, following set of commands can prove to be helpful:

a. To List what packages have updates pending.

# apt-get -u -V upgrade

b. To install only selective packages.

# apt-get --only-upgrade install <package-name>
Update Selected Packages
Update Selected Packages

Conclusion

In this article, we’ve explained few ways to disable/block or blacklist package updates using APT way. If you know any other preferred way, do let us know via comments or if you were looking for yum command to disable/lock package update, then read this below article.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

5 thoughts on “How to Disable/Lock or Blacklist Package Updates using Apt Tool”

  1. Can You add EXAMPLE of “How to block multiple packages from update”, I mean, can I add them like this:

    # apt-mark hold libsmbclient smbclient samba-common samba-common-bin
    

    Is this ok?
    And in “autoremove file“? Is this fine?

    Never-MarkAuto-Sections
    {
    "metapackages";
    "restricted/metapackages";
    "universe/metapackages";
    "multiverse/metapackages";
    "oldlibs";
    "restricted/oldlibs";
    "universe/oldlibs";
    "multiverse/oldlibs";
    "smbclient";"libsmbclient";"samba-common";"samba-common-bin";
    };
    };
    

    Or it should be one package-in-one-line (?):

    Never-MarkAuto-Sections
    {
    "multiverse/oldlibs";
    "smbclient";
    "libsmbclient";
    "samba-common";
    "samba-common-bin";
    };
    };
    

    THANK YOU

    Reply
  2. Very nice tip. Thanks very much. I had this issue with Texlive on ubuntu 16.04. Each time I selected “sudo apt-get upgrade”, Texlive will also upgrade, which is huge and wastes my data volume.

    Reply

Leave a Reply to Gah-Muti Cancel reply

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.