Prevent harmful Linux updates with versionlock
On my home machine I run Fedora, a Linux distro famous for being at the cutting-edge of Linux development. My laptop is the Dell XPS 13 which uses some fairly advanced hardware. In Open Source this can be a dangerous combination: older Linux kernels can’t handle my machine’s hardware, and brand new kernels often break it too. Every time I do a software update, I’m walking a tightrope.
The way I handle this is with a package manager plugin called versionlock. It lets me tell the package manager to lock certain packages at their current version and voilà! I can blindly apply all software updates and know that those troublesome packages will not be upgraded.
The versionlock plugin is available for both dnf and yum, so pick which package manager your system is using. For dnf:
$ sudo dnf install python2-dnf-plugins-extras-versionlock
$ sudo dnf install python3-dnf-plugins-extras-versionlock
And for yum:
$ sudo yum install yum-plugin-versionlock
Lock a package
To add a package to the locked list, simply run the package manager program with the
$ sudo dnf versionlock add my-package
The yum version:
$ sudo yum versionlock add my-package
As you can see, the commands for dnf and yum are the same. You can lock multiple packages in one command. Here’s how I prevent my system from upgrading the kernel packages:
$ sudo dnf versionlock add sudo dnf versionlock add kernel kernel-core kernel-devel kernel-modules kernel-modules-extra
List locked packages
To see which packages are locked, use the
$ dnf versionlock list Last metadata expiration check: 0:00:00 ago on Mon Mar 21 20:58:57 2016. kernel-0:4.3.5-300.fc23.* kernel-modules-0:4.3.5-300.fc23.* kernel-core-0:4.3.5-300.fc23.* kernel-devel-0:4.3.5-300.fc23.*
Unlock a package
To remove one package from the lock list, use
$ sudo dnf versionlock delete my-package
To remove all packages from the lock list, use
$ sudo yum versionlock clear
If you ever forget these commands, you can list the available commands with
$ dnf help versionlock versionlock [add|exclude|list|delete|clear] [<package-nevr-spec>]
Or read the online documentation.
How many installers do you need?
On Fedora I also remove the Gnome Software program (
gnome-software package). Whilst it’s useful to be reminded of pending updates via the GUI, any package installed via Gnome Software is not part of the dnf history. That makes it harder when it’s necessary to downgrade or remove a troublesome package.
Managing packages can be a pain, but versionlock makes life easier. If you use Debian or Ubuntu you can use
apt-mark hold my-package and
apt-mark unhold my-package to similar effect.