When administering a Debian (or Ubuntu) system, putting packages on hold can be very useful. For example, if a critical part of the system is used by developers, and is continually updated, the developers will want to be aware of updates and will want to check their code in the new environment. Programs like Tomcat, Cocoon, MySQL will be in this category.
Similarly, if a critical portion of the system is to be updated, you wouldn’t want it to be part of the automatic updates – though you really shouldn’t automatically update, since you don’t know what can break until you test it.
To hold a package or packages, you should use dpkg --set-selections
. If you run the command dpkg --get-selections
you can see what is set already:
# dpkg --get-selections | head acct install adduser install apparmor install apparmor-utils install apt install apt-transport-https install apt-utils install aptitude install at install auditd install
As an example, let’s consider the package dnsutils. Let’s see what would happen before we do anything:
# apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done The following packages will be upgraded: bind9-host dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60 8 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 1,257kB of archives. After this operation, 0B of additional disk space will be used. Do you want to continue [Y/n]? n Abort.
Now let’s change this. We’ll put the package dnsutils on hold using dpkg --set-selections
:
# echo dnsutils hold | dpkg --set-selections
Let us check the results:
# dpkg --get-selections | grep dnsutils dnsutils hold
Now, when we try the system update again, things have changed:
# apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done The following packages have been kept back: bind9-host dnsutils libbind9-60 libdns64 libisc60 libisccfg60 liblwres60 The following packages will be upgraded: libisccc60 1 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. Need to get 29.9kB of archives. After this operation, 0B of additional disk space will be used. Do you want to continue [Y/n]? n Abort.
Now, dnsutils – and its related packages – are being held back, just as we wanted. The other packages are being held back because they are only required by dnsutils; without upgrading dnsutils, they won’t be upgraded either.