1. Overview

In this tutorial, we’ll discuss the various ways to prevent specific package updates in Linux.

First, we’ll cover the Ubuntu and Ubuntu-based distribution that use dpkg and apt. Next, we’ll cover RHEL and Fedora, which use the dnf package manager.

2. The Problem

Sometimes, we need to prevent a specific package update for various reasons. Let’s look at a few:

  • it could be that the package is huge and takes a lot of time to update
  • the package installation might require the system to reboot
  • the package depends on other packages that might not be in the repository

Fortunately, the package managers that come with major distributions have the option to disable these packages. In the following sections, we’ll see the different methods to disable the updates for specific packages.

3. Ubuntu Solutions

On Ubuntu, there are several ways to hold back packages. Holding back a package means that the package will be ignored when a user tries to install or upgrade.

When a package is on-hold, the package manager will provide a feedback:

$ sudo apt-get upgrade 
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:

The tools we can use for the process are dpkg, apt, dselect, aptitude, and synaptic. Let’s go through each one of these tools.

3.1. Using dpkg

We can prevent a package from being updated using the dpkg utility:

$ echo "<package-name> hold" | dpkg --set-selections

The –set-selections option needs to read from stdin, or a file read from stdin. Therefore, we can also have a file that contains a list in the following format:

package1 hold
package2 hold
package3 hold

We can redirect the contents of the file to dpkg:

$ dpkg --set-selections < held-packages.txt

Similarly, we can use the –get-selections option to get the status of a single package:

$ dpkg --get-selections <package-name>

Omitting the package name prints out all the packages:

$ dpkg --get-selections

We can limit our output only to the packages on hold using grep:

$ dpkg --get-selections | grep "hold"

Now, let’s remove the on-hold package by simply replacing the hold keyword with install:

$ echo "<package-name> install" | dpkg --set-selections

We should note that the dpkg command requires root access for write operations.

3.2. Using apt

The dpkg utility does the job but we can make it a little bit easier with the apt command. We can mark a package on hold using the apt-mark command:

$ apt-mark hold <package-name>

Similarly, we can pass the unhold option to remove the hold:

$ apt-mark unhold <package-name>

We can also list the package on hold using the showhold option:

$ apt-mark showhold

Like dpkg, apt-mark also requires root access for write operations.

3.3. Using dselect

dselect is an interactive terminal-based front-end to dpkg.

We can fire up the tool with the dselect command. Once launched, we select the Select item from the menu and select the package we wish to put on hold.

Once highlighted, we can press the H or = key to mark it on hold. The changes take effect when we quit the Select screen.

3.4. Using aptitude

This next method is limited only to Synaptic and aptitude. The apt and dpkg tools will still be able to install the on-hold packages.

This method is similar to the apt-mark method. The only difference is replacing the apt-mark command with aptitude.

To hold a package, we’ll simply pass in the hold option to aptitude:

$ aptitude hold <package-name>

In the same way, we can unhold a package using the unhold option:

$ aptitude unhold <package-name>

3.5. Using the Synaptic Package Manager

Synaptic is a graphical package manager for Ubuntu-based distros. It can be installed from the official package repository under the name synaptic.

Once launched, we can simply search for the package that we want to lock the current status for. Afterward, we can highlight the packages and lock them through Package 🠚 Lock Version.

Locking a package using Synaptic

As mentioned, this method only affects Synaptic and aptitude.

4. Fedora and RHEL Solutions

On Fedora and RHEL, dnf has replaced the yum package manager. Therefore, we’ll focus on the dnf-specific solution for this problem.

We can prevent a package from being installed or updated by adding an entry for it in the /etc/dnf/dnf.conf file:


Here’s how we can list multiple packages separated by whitespace:

exclude=package1 package2 package3*

Additionally, we can also use a wildcard for package names.

5. Conclusion

In the article, we discussed the various ways to prevent a package from being updated in Ubuntu as well as RHEL and Fedora.

Comments are open for 30 days after publishing a post. For any issues past this date, use the Contact form on the site.