Holding packages in Debian (and Ubuntu) has gotten easier over the years

November 8, 2023

In Debian (and thus Ubuntu), apt-get itself has no support for selectively upgrading packages, unlike DNF based distributions. In DNF, you can say 'dnf update package' or 'dnf update --exclude package' (with wildcards) to only update the package or to temporarily exclude package(s) from being updated. In apt-get, 'apt-get upgrade' upgrades everything. In order to selectively upgrade packages in modern apt-get, you can do 'apt-get install --only-upgrade package' (although I believe this marks the package as manually installed). In order to selectively exclude packages from upgrades, you need to hold them.

When we started using Ubuntu, holding and un-holding packages was an awkward process that involved piping things into 'dpkg --set-selections' and filtering the output of 'dpkg --get-selections'. Modern versions of Debian's apt suite has improved this drastically with the addition of the apt-mark command. Apt-mark provides straightforward sub-commands to hold and unhold packages and to list held packages; 'apt-mark hold package' (or a list of packages), 'apt-mark unhold package', and 'apt-mark showhold'. For extra convenience, the package names can include wildcards and apt-mark will do the right thing, or more or less the right thing depending on your tastes:

apt-mark hold amanda-*

Holding a package name with a wild card will hold everything that the wildcard matches, whether or not it's installed on your system. The wildcard above will match and hold the amanda-server package, which we don't have installed very many places, along with the amanda-common and amanda-client packages. This is what you want in some cases, but may be at least unaesthetic since you wind up holding packages you don't have installed.

If you want to only hold packages you actually have installed you need a dab of awk and probably you want to use 'dpkg --set-selections' directly. What we use is:

dpkg-query -W 'amanda-*' |
  awk 'NF == 2 {print $1, "hold"}' |
    dpkg --set-selections

(You can contrive a version that uses apt-mark but since apt-mark wants the packages to hold on the command line it feels like more work. Also, as an important safety tip, don't accidentally write this with 'dpkg' instead of 'dpkg-query' and then quietly overlook or throw away the resulting error message.)

Holding Debian packages is roughly equivalent to but generally better than DNF's version-lock plugin. It's explicitly specified as holding things regardless of version and will hold even uninstalled packages if you want that, which is potentially useful to stop things from getting dragged in. I have some things version-locked in DNF on my Fedora machines and I always feel a bit nervous about it; we feel no similar concerns on our Ubuntu machines, which routinely have various packages held.

If you normally have various sensitive packages held to stop surprise upgrades, the one thing to remember is that pretty much anything you do to manually upgrade them is going to require you to re-hold them again. If you want to use 'apt-get upgrade', you need to un-hold them explicitly; if you 'apt-get install' them to override the hold, the hold is removed. After one too many accidents, we wound up automating having some standard holds applied to things like kernels.

(Apt-mark can also be used to inspect and change the 'manually installed' status of packages, in case you want to fix this status for something you ran 'apt-get install' on to force an upgrade.)

Written on 08 November 2023.
« The Vim features that make me a Vim user instead of a Vi user
Brief early impressions of Emacs' evil Vim emulation »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Nov 8 21:39:20 2023
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.