Page 1 of 1

How to prevent specific packages being updated

Posted: Sat May 18, 2019 12:12 am
by catweazel
If in doubt, do not apply this procedure. Instead, make a post in the appropriate forum and seek advice.

While this tutorial specifically refers to linux-image-4.18.0.20-generic, linux-image-4.18.0.20-lowlatency and intel-microcode, these steps can be applied to any package that causes issues.

Warning: Disabling linux-image-4.18.0.20-generic and intel-microcode will leave you exposed to certain CPU side-channel data attacks. You must assess the risk of such an attack on your system before deciding to apply these steps.

Warning: This procedure will block all future updates to intel-microcode. If you use this method, it is your responsibility to be aware of future updates to intel-microcode in case of, for example, a more high risk exploit being mitigated. To unblock a blocked update, use this command format:

Code: Select all

sudo apt-mark unhold package_name
Kernel 4.18.0.20 and its associated intel-microcode update are causing havoc on my system, so I've unwound them and blocked them from being installed n a future update. This is how you can achieve the same result.

Part 1: Kernel 4.18.0.20 and intel-microcode are already installed
Boot into an earlier kernel, e.g. 4.18.0.18 then:

Code: Select all

sudo apt remove --purge linux*4.18.0-20*
sudo apt remove --purge intel-microcode
If you get a warning about a modules directory not being empty, use this command. Replace generic with lowlatency if you use the low-latency kernel:

Code: Select all

sudo rm -rf /lib/modules/4.18.0-20-generic
Reboot.

Part 2: Block kernel 4.18.0.20 and intel-microcode from being installed
Replace generic with lowlatency if you use the low-latency kernel:

Code: Select all

sudo apt-mark hold intel-microcode
sudo apt-mark hold linux-image-4.18.0.20-generic
All done.

Re: How to prevent specific packages being updated

Posted: Sat May 18, 2019 2:29 am
by gm10
Users of Update Manager can also simply right-click an update to blacklist it, which will tell Update Manager not to offer you updates for that (source) package anymore. You can manage your blacklisted packages in Update Manager's preferences.

Users of my PPA or the upcoming 19.2 can also blacklist a specific package version only so that one goes away but future updates will still be shown:
Image

Further note that on Mint you can shorten your command line arguments, e.g. sudo apt-mark hold could be apt hold, but your commands are of course more universal in the Debian universe.

Re: How to prevent specific packages being updated

Posted: Sat May 18, 2019 2:35 am
by catweazel
gm10 wrote:
Sat May 18, 2019 2:29 am
Update Manager can also simply right-click an update to blacklist it
This is true, but just as you love scripting, I love the terminal :)

Edit: In addition, I prefer to try to keep these to do's as generic as possible. I don't assume only LM users would search go-ogle for a solution.

Re: How to prevent specific packages being updated

Posted: Sat May 18, 2019 3:30 am
by gm10
catweazel wrote:
Sat May 18, 2019 2:35 am
This is true, but just as you love scripting, I love the terminal :)
Sure, but it was still worth mentioning for the majority of Mint users will probably be more comfortable with a GUI - plus the upcoming version-specific blacklisting is more flexible than the command line version. Yours has the advantage of not being specific to one application though.

How about this then for command line lovers (and I include myself in that group if I may):
catweazel wrote:
Sat May 18, 2019 12:12 am
If you get a warning about a modules directory not being empty, use this command. Replace generic with lowlatency if you use the low-latency kernel:

Code: Select all

sudo rm -rf /lib/modules/4.18.0-20-generic
Here's a script I once wrote to clean up all the left-overs (replace -generic with -lowlatency in your case):

Code: Select all

cd /lib/modules
LISTFILE=/tmp/clean_module_dirs.txt
dpkg-query -Wf '${Version}\n' 'linux-modules-[^gl]*'|sort -u|sed -e 's/\~[^~]*$//' -e 's/\.[^.]*$/-generic/'> $LISTFILE
comm -2 -3 <(ls) <(sort $LISTFILE) | xargs -r sudo rm -rv
rm $LISTFILE
These days I just have a script in /etc/kernel/postrm.d/ that handles it (basically all you need is rm -rf /lib/modules/${version}/ although you may want to add some checks, in particular for an empty $version ;)). Reminds me I should probably add the postrm script to my mintsystem, the downsides are minimal (postrm gets triggered on linux-image removal, not linux-module ... hmm, yeah, better not. but works great for me. maybe I should add it to mintupdate instead).