Tag: software

Prevent Application Updates With ‘YUM-VERSIONLOCK’

I recently wrote a similar article, illustrating how you can use ‘apt-mark’ to prevent application updates. While that was handy, it only applied to those who use APT as their package manager. It offered nothing of value to those who use YUM.

This article will explain how you can prevent application updates with ‘yum-versionlock’. You will learn how you can temporarily prevent application updates when you have no choice but to.

In the previous article, I explained that you should always use the most up-to-date software that you can, at least if your system is connected to the public internet. Software updates provide security fixes, not just bug fixes.

Not updating means you’re vulnerable and your vulnerabilities may impact other users. For example, your computer may become a part of a botnet, a spam relay, or even be used as a command and control device for those things. As a global citizen of the ‘net, you’re obligated to do what you can to minimize harm.

So, it is possible to prevent application updates, but you really should only do so when it’s absolutely necessary. In an ideal world, you’d be able to always use the updated version, but we don’t live in that world. We live in the real world, where we have things like compliance and compatibility issues. 

YUM, what is it? YUM stands for Yellowdog Updater, Modified. It’s a package management utility for RPM based distros. You’ll find YUM in distros like RHEL, Fedora, and even OpenSUSE. It’s fairly widely used, though many of the RPM-based distros are more prominent in the server space than they are in the desktop space.

These days there’s actually DNF (which stands for Dandified YUM – don’t blame me, I don’t name these things) but that’s not important today. Today, we’ll be using ‘YUM-VERSIONLOCK‘ to prevent application updates.

Prevent Updates with ‘yum-versionlock’

Unlike ‘apt-mark’, you’ll need to install something in order to do this. It should also be mentioned that there are other ways to accomplish this, but this is the easiest way to prevent application updates. Using versionlock is the most straightforward way of accomplishing this.

First, you’re gonna need to crack open your terminal. You can do that by using your keyboard. Just press CTRL + ALT + T

Once your terminal is open, you’ll need to install ‘yum-versionlock’. You can try this first:

If that gives you an error, I can’t figure out where the name changed, then you can most likely install it with:

Once you have it installed, you can check the man page to see how you use it. Even if you installed it with the second command, the man page is still found at:

The one-liner quite accurately defines versionlock as:

yum-versionlock – Version lock rpm packages

Anyhow, to use it to hold a package at its current version, you simply use:

NOTE: The command supports wildcards. You can use an asterisk with this command. The command will give you feedback. You can also use ‘add’, but it’s redundant.

If you want to remove the lock, which you should do as soon as realistically possible, then the command is fairly evident. It’s just:

If you, like me, don’t always keep the best notes and don’t have the greatest memory, then you can list the locked packages with this command:

There’s no need for elevated permissions with that command, but it will take a little while for it to complete. It will output any locked packages and you can unlock them individually. Again, you can use wildcards in this command.

However, you can remove all the locks with just one command:

As you might expect, that removes all the locks and your system will resume updating normally. You should not keep software locked to one version for long. Though you may be using a LTS-type distro, only getting minor point release upgrades, you are still getting security updates. Keeping your system secure makes you a good netizen. 

Closure:

And there you have it. Another article in the books, this one explaining how to stop updates for specific applications. Thanks for reading and feel free, nay encouraged, to leave feedback. If you have any ideas for articles, feel free to share them. You can also contribute by writing your own article. I’ll even edit it up for you!

Don’t forget that there’s a newsletter (we never spam or share your address with anyone, it’s all in-house) and you can even donate. I’d kinda like the site to at least pay for itself, simply out of principle. If not, there are ads you can unblock! Even if you do none of those things, there are good odds that I’ll keep this site up, running, and interesting.

Prevent Application Updates With ‘APT-MARK’

While unwise, there are times when you need to prevent application updates. You can do this with ‘apt-mark’ and this article will explain how. Obviously, this method is only effective if you use a Linux distro that has an APT-based package manager.

For the most part, you should always keep your software updated. However, that’s a rule for the Ideal World®. For the rest of us, those of us that live in the Real World®, you’ll almost certainly run into an eventuality that requires you to keep an existing, specific version of software.

While entirely stupid and irresponsible, I kept a version of Thunderbird past its due date because the update simply ruined my existing installation. I only kept that outdated version long enough to make the leap to a more recent distro version. The tool I used to prevent application updates was apt-mark.

You will have your own reasons, from compliance to stability to functionality, for keeping the same version of your installed software. You should only use this sparingly, only as necessary, when there’s simply no other solution. This should also be a temporary measure. You should always try to use the upgraded software because there are (possibly) security implications if you don’t.

A little about APT

While we’ll technically be using ‘apt-mark‘, it should be mentioned that APT stands for Advanced Package Tool. It’s the default package manager that is used in many distros, mostly Debian and those of Debian descent. So, you’ll see it in everything from Ubuntu to Linux Mint. 

In the desktop scene, I suspect it’d be the most common of all package management tools. Even if you use a different distro with a different package manager, you should probably have a basic familiarity.

Using ‘apt-mark’ hold and unhold

The tool we’ll be using is ‘apt-mark’, and the man page helpfully defines it as:

apt-mark – show, set and unset various settings for a package

We’ll only be concentrating on a couple of commands, those necessary when you want to prevent application updates, plus one extra command that will help you keep track of the two commands we’ll be focusing on.

The first of those two commands is ‘hold’. This command is used when you want to ‘hold’ a package at its current version, preventing upgrades. Remember, this should really be used only when there’s no other solution, as many upgrades fix security issues as well as bugs. It’s actually a fairly simple command.

When you enter this command, you’ll get a confirmation message. It will tell you that the application is now being held. It will remain held until you ‘unhold’ it. So, it’s a set-it-and-forget-it type of deal, though you shouldn’t really forget it. You should undo it as soon as you realistically can.

To reverse the restriction, resuming your normal updates, you simply need to ‘unhold’ it. The command is fairly obvious, and it looks like this:

That will free the hold on the package and tell you that the hold has been lifted. The package should then upgrade as necessary and as issued. If new upgrades show up in the repositories, it should function as normal and upgrade like it did prior to the hold.

If you are like me, you may well forget that you’ve held packages back. The package names are often long and nonsensical, so they’re easy to forget. In the heat of the moment, you may have forgotten to make a note of the package(s) you’ve held.

Don’t worry, ‘apt-mark’ has you covered! When you want to know what packages are being held, just run this command:

Note the lack of ‘sudo’ in that command. You don’t need sudo because you don’t need elevated permissions to list held packages. You only need elevated permission if you want to change something. As that command only lists them, you can run it as a normal user.

The apt-mark command has a ton of other uses, this is not an all-inclusive article. You can always see the man page for more help and the rest of the features. This article is only covering the ‘hold’ and ‘unhold’ functions. Maybe there will be another article covering other aspects, but this limited in scope – preventing application updates.

Like always, thanks for reading and I appreciate the feedback! Don’t forget that the site has ads enabled and that you can donate. So, if this article helped you learn how to prevent application updates then show some love! Otherwise, sign up for the newsletter or share this article with your friends on social media. Thanks!

 

Subscribe To Our Newsletter
Get notified when new articles are published! It's free and I won't send you any spam.
.
Linux Tips
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.