Locking Package Versions in Linux to Prevent Updates

Linux operating systems, famed for their versatility and reliability, rely heavily on package managers to handle software installations and updates. Often, the consistent updating of software packages ensures security and feature enhancement. However, in some scenarios—like in production environments or when using critical applications—updating a package might introduce instability or conflicts. In such cases, it may be necessary to lock a package version to prevent it from being updated. This article explores how to lock package versions using various package managers like APT (Debian-based systems), DNF (Fedora), and Zypper (openSUSE).

1. Using APT to Lock Package Versions

APT (Advanced Package Tool) is the package management system used by Debian and its derivatives like Ubuntu. To lock a package version using APT, follow these steps:

Step 1: Check the Installed Package Version

First, determine the installed version of the package you want to lock. You can do this by using:

apt list --installed | grep <package-name>

Step 2: Hold the Package

To hold a package at its current version and prevent it from being updated, use the apt-mark hold command:

sudo apt-mark hold <package-name>

This command prevents the package from being automatically installed, upgraded, or removed. The package version is now locked and will not be updated in the next system upgrade.

Step 3: Verify the Lock Status

To ensure the package is successfully held, you can check the status:

apt-mark showhold

2. Using DNF to Lock Package Versions

DNF is the package manager for Fedora and has replaced Yum in recent releases. Here’s how you can lock package versions in DNF:

Step 1: Install the dnf-plugins-core

First, ensure that the dnf-plugins-core package, which includes the versionlock plugin, is installed:

sudo dnf install dnf-plugins-core

Step 2: Add a Package to the Version Lock List

To lock a package to its current version:

sudo dnf versionlock add <package-name>

DNF will now keep the package at the specified version, ignoring updates.

Step 3: Listing Locked Packages

To see a list of all locked packages:

sudo dnf versionlock list

3. Using Zypper to Lock Package Versions

Zypper is the command line interface of ZYpp package manager, which is used by openSUSE and SUSE Linux Enterprise Systems. Locking package versions in Zypper can be accomplished as follows:

Step 1: Query the Installed Package Version

Check the version of the package:

zypper info <package-name>

Step 2: Add a Lock on the Package

To lock the package version, use the addlock command:

sudo zypper addlock <package-name>

This command will prevent the package from being updated.

Step 3: List All Locked Packages

To see what packages you have locked:

zypper locks

Conclusion

Locking package versions can be crucial for maintaining environment stability, ensuring compatibility, or meeting compliance requirements. Each package manager offers a way to tackle this need, accommodating the diverse ecosystems within the Linux community. By following the instructions above, administrators can effectively control their system’s software and prevent unexpected updates from introducing issues. Remember, however, that preventing updates can also hinder important security patches, so manage your locked packages carefully to strike a balance between stability and security.