How to: Prevent Packages from being Updated

It's a common occurrence in the Linux world that you need to prevent a package from being updated by the package manager. So here we go. For this example we're going to prevent the kernel from being upgraded. Note - you'll need sudo access for this, so make sure you either sudo -i, or append sudo to the beginning of each command.

Debian/Ubuntu

First we need to find the name of the package we are looking to hold. You can use the dpkg -l command to list all the packages currently installed. Combined with grep, we can easily find the exact package we need.

It's simply a matter then of:

echo <package-name> hold | dpkg --set-selections

To reverse this, we simply:

echo <package-name> install | dpkg --set-selections

However, preventing the kernel from updating means doing this for a number of packages, so we can use this handy one-liner.

for i in $(dpkg -l "*$(uname -r)*" | grep -E '(image|header)' | awk '{print $2}'); do echo $i hold | dpkg --set-selections; done 

What this does, is to use dpkg to list all the packages which match our systems kernel release (uname -r). We then trim the output to contain only package name (awk '{print $2}'). Finally we pass this package name into the dpkg command demonstrated previously.

Redhat/CentOs

We can do the same thing in Redhat/CentOs by using the command:

yum update --exclude=PACKAGENAME

So, to exclude kernel packages, this would be:

yum update --exclude=kernel*

However, it's worth noting, that this would only be temporary change and would not carry through a system reboot. To make this permanent, we need to edit the /etc/yum.conf file and ensure the bolded line is present

[main] 

cachedir=/var/cache/yum/$basearch/$releasever 

keepcache=0 

debuglevel=2 

logfile=/var/log/yum.log 

exclude=kernel* redhat-release*

NOTE: If there are multiple packages to be excluded, then separate them using a single space or comma.

Simples.