The Apt tool is an advanced package management system used in Debian-based Linux distributions, like Ubuntu, which allows you to easily install, update, and remove software packages.
Initially, APT was designed as a front-end for dpkg to work with .deb packages. It has since gained visibility on macOS, OpenSolaris, and other systems.
Want to learn and master APT and DPKG commands for managing Debian package management? Use our in-depth articles, which cover more than 30 examples of both tools.
In this article, we will explore various techniques to disable or lock packages from being installed, upgraded, or removed in Debian Linux and its derivatives, such as Ubuntu and Linux Mint.
1. Locking a Package Using Apt-mark
The apt-mark command will mark or unmark a software package as automatically installed, and it is used with the options hold or unhold.
hold– This option is used to mark a package as held back, which will block the package from being installed, upgraded, or removed.unhold– This option is used to remove a previously set hold on a package, allowing it to be installed, upgraded, or removed.
Lock the Package in Ubuntu
For example, to make a package like apache2 unavailable for installation, upgrade, or uninstallation, you can use the following command in the terminal with root privileges:
sudo apt-mark hold apache2
To check if the package is successfully locked, run:
apt-mark showhold
This command will display a list of all packages that are currently locked.
Unlocking Package in Ubuntu
If you decide to allow updates for the package again, you can unlock it with:
sudo apt-mark unhold apache2
2. Blocking Package Updates Using Using APT Preferences
Another way to block updates of a specific package is to add its entry in /etc/apt/preferences or /etc/apt/preferences.d/referencefile file, which could be any file and it is responsible for updating or blocking certain package updates according to the priority specified by the user.
To block the package, create a new file in the /etc/apt/preferences.d/ directory.
sudo nano /etc/apt/preferences.d/no-updates
In the file, add the following lines to specify the package you want to blacklist:
Package: apache2 Pin: release o=Ubuntu Pin-Priority: 1
Explanation of Options:
o=Ubuntu: This specifies that the pinning applies to packages originating from the Ubuntu distribution.Pin-Priority: 1: Setting a priority of 1 effectively blocks updates since any package with a higher priority will take precedence.
You can further refine your pinning criteria using various keywords:
a: Archive (e.g., a=stable, a=testing)c: Component (e.g., c=main, c=universe)o: Origin (e.g., o=Debian, o=Ubuntu)l: Label (used for specific repository labels)n: Architecture (e.g., n=amd64)
After saving the preferences file, run the following command to update your package lists.
sudo apt update
3. Blacklist a Package Update using APT Autoremove File
To blacklist a package update using the APT autoremove file, you can create a specific configuration that prevents certain packages from being removed during system clean-up operations.
You need to create or edit a file 99autoremove in the /etc/apt/apt.conf.d/ directory, as this file will specify which packages to keep.
sudo nano /etc/apt/apt.conf.d/99autoremove
In the file, add the following lines to specify the package you want to blacklist from being automatically removed:
Apt::NeverAutoRemove {
"apache2";
};
After adding the necessary lines, run the following command to update your package lists and ensure that your changes take effect:
sudo apt update
To verify that the package has been successfully blacklisted, you can try running the apt autoremove command to see that the blacklisted package should not appear in the list of packages that would be removed.
sudo apt autoremove
If you see the package you blacklisted (like apache2) in the list, it indicates that the configuration was not applied correctly. If it doesn’t appear, the blacklist was successful.
4. Blacklisting a Package in Sources List
You can also blacklist a package by modifying the sources list, but this is less common and usually not recommended and this method involves commenting out the repository that provides the package.
Open the sources list file in a text editor.
sudo nano /etc/apt/sources.list
Find the line that contains the repository for the package you want to blacklist and comment it out by adding a # at the beginning of the line.
# deb http://archive.ubuntu.com/ubuntu/ focal main restricted
Finally, run the following command to update your package lists:
sudo apt update
5. Avoiding Updates During Upgrades
If you want to avoid updates temporarily while performing system upgrades, you can use the --no-upgrade option:
sudo apt upgrade --no-upgrade apache2
This will upgrade all packages except the one you specified.
Conclusion
Disabling, locking, or blacklisting package updates using the Apt tool is a straightforward process that gives you more control over your Linux system.
Whether you choose to lock a package with apt-mark, use APT preferences, or modify the sources list, each method serves a purpose depending on your needs.
These tips do not work for me at all.
apt-mark hold has no effect at all. I can install the package afterward without any problems.
Using a preferences file makes it impossible to install any software via aptitude but not only the package intended. So I have to search at some other place for valuable tips to block apt package installations
“Blocking Package Updates” and “Blacklisting Package Updates” sections of the articles are confusing as written.
I am using MX Linux. There are no “/etc/apt/preferences” or “/etc/apt/preferences.d/official-package-repositories.pref” files on my system. Do I have to create one of them?
“Another way to blacklist a package from installation is to update its entry in one of the files contained in /etc/apt/apt.conf.d/ directory which is 01autoremove.”
Why not just give the full path of the file as “/etc/apt/apt.conf.d/01autoremove“? The way the sentence is written it is confusing.
Can You add EXAMPLE of “How to block multiple packages from update”, I mean, can I add them like this:
Is this ok?
And in “autoremove file“? Is this fine?
Never-MarkAuto-Sections { "metapackages"; "restricted/metapackages"; "universe/metapackages"; "multiverse/metapackages"; "oldlibs"; "restricted/oldlibs"; "universe/oldlibs"; "multiverse/oldlibs"; "smbclient";"libsmbclient";"samba-common";"samba-common-bin"; }; };Or it should be one package-in-one-line (?):
Never-MarkAuto-Sections { "multiverse/oldlibs"; "smbclient"; "libsmbclient"; "samba-common"; "samba-common-bin"; }; };THANK YOU
“Pin-Priority: 1” <- That's not less than zero.
Very nice tip. Thanks very much. I had this issue with Texlive on ubuntu 16.04. Each time I selected “sudo apt-get upgrade”, Texlive will also upgrade, which is huge and wastes my data volume.
Very nice tips, thank you!
Welcome.. :-)