How to prevent specific packages being updated

Write tutorials for Linux Mint here
More tutorials on https://github.com/orgs/linuxmint/discu ... /tutorials and (archive) on https://community.linuxmint.com/tutorial
Forum rules
Don't add support questions to tutorials; start your own topic in the appropriate sub-forum instead. Before you post read forum rules
Post Reply
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

How to prevent specific packages being updated

Post by catweazel »

If in doubt, do not apply this procedure. Instead, make a post in the appropriate forum and seek advice.

While this tutorial specifically refers to linux-image-4.18.0.20-generic, linux-image-4.18.0.20-lowlatency and intel-microcode, these steps can be applied to any package that causes issues.

Warning: Disabling linux-image-4.18.0.20-generic and intel-microcode will leave you exposed to certain CPU side-channel data attacks. You must assess the risk of such an attack on your system before deciding to apply these steps.

Warning: This procedure will block all future updates to intel-microcode. If you use this method, it is your responsibility to be aware of future updates to intel-microcode in case of, for example, a more high risk exploit being mitigated. To unblock a blocked update, use this command format:

Code: Select all

sudo apt-mark unhold package_name
Kernel 4.18.0.20 and its associated intel-microcode update are causing havoc on my system, so I've unwound them and blocked them from being installed n a future update. This is how you can achieve the same result.

Part 1: Kernel 4.18.0.20 and intel-microcode are already installed
Boot into an earlier kernel, e.g. 4.18.0.18 then:

Code: Select all

sudo apt remove --purge linux*4.18.0-20*
sudo apt remove --purge intel-microcode
If you get a warning about a modules directory not being empty, use this command. Replace generic with lowlatency if you use the low-latency kernel:

Code: Select all

sudo rm -rf /lib/modules/4.18.0-20-generic
Reboot.

Part 2: Block kernel 4.18.0.20 and intel-microcode from being installed
Replace generic with lowlatency if you use the low-latency kernel:

Code: Select all

sudo apt-mark hold intel-microcode
sudo apt-mark hold linux-image-4.18.0.20-generic
All done.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Top
gm10

Re: How to prevent specific packages being updated

Post by gm10 »

Users of Update Manager can also simply right-click an update to blacklist it, which will tell Update Manager not to offer you updates for that (source) package anymore. You can manage your blacklisted packages in Update Manager's preferences.

Users of my PPA or the upcoming 19.2 can also blacklist a specific package version only so that one goes away but future updates will still be shown:
Image

Further note that on Mint you can shorten your command line arguments, e.g. sudo apt-mark hold could be apt hold, but your commands are of course more universal in the Debian universe.
Last edited by gm10 on Sat May 18, 2019 2:45 am, edited 1 time in total.
Top
User avatar
catweazel
Level 19
Level 19
Posts: 9763
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: How to prevent specific packages being updated

Post by catweazel »

gm10 wrote: Sat May 18, 2019 2:29 am Update Manager can also simply right-click an update to blacklist it
This is true, but just as you love scripting, I love the terminal :)

Edit: In addition, I prefer to try to keep these to do's as generic as possible. I don't assume only LM users would search go-ogle for a solution.
"There is, ultimately, only one truth -- cogito, ergo sum -- everything else is an assumption." - Me, my swansong.
Top
gm10

Re: How to prevent specific packages being updated

Post by gm10 »

catweazel wrote: Sat May 18, 2019 2:35 am This is true, but just as you love scripting, I love the terminal :)
Sure, but it was still worth mentioning for the majority of Mint users will probably be more comfortable with a GUI - plus the upcoming version-specific blacklisting is more flexible than the command line version. Yours has the advantage of not being specific to one application though.

How about this then for command line lovers (and I include myself in that group if I may):
catweazel wrote: Sat May 18, 2019 12:12 am If you get a warning about a modules directory not being empty, use this command. Replace generic with lowlatency if you use the low-latency kernel:

Code: Select all

sudo rm -rf /lib/modules/4.18.0-20-generic
Here's a script I once wrote to clean up all the left-overs (replace -generic with -lowlatency in your case):

Code: Select all

cd /lib/modules
LISTFILE=/tmp/clean_module_dirs.txt
dpkg-query -Wf '${Version}\n' 'linux-modules-[^gl]*'|sort -u|sed -e 's/\~[^~]*$//' -e 's/\.[^.]*$/-generic/'> $LISTFILE
comm -2 -3 <(ls) <(sort $LISTFILE) | xargs -r sudo rm -rv
rm $LISTFILE
These days I just have a script in /etc/kernel/postrm.d/ that handles it (basically all you need is rm -rf /lib/modules/${version}/ although you may want to add some checks, in particular for an empty $version ;)). Reminds me I should probably add the postrm script to my mintsystem, the downsides are minimal (postrm gets triggered on linux-image removal, not linux-module ... hmm, yeah, better not. but works great for me. maybe I should add it to mintupdate instead).
Top
Post Reply

Return to “Tutorials”