• The article explains how to blacklist specific packages from updating using unattended-upgrades in Debian, a package that allows automatic installation of security updates and other upgrades.
• The article provides a step-by-step guide on how to install, configure, and restart unattended-upgrades, as well as how to add packages to the blacklist section of the config file.
• The article also answers some frequently asked questions related to unattended-upgrades, such as how to enable or disable it, how to change its frequency or schedule, and how to change its sources or origins.

If you use Debian or a Debian-based Linux distribution, such as Ubuntu or Mint, you may have heard of the unattended-upgrades package. This package allows you to automatically install security updates and other upgrades without any user intervention. This can be very convenient and helpful for keeping your system secure and up-to-date.

However, sometimes you may want to prevent certain packages from being updated automatically. For example, you may have a custom configuration or a dependency that requires a specific version of a package. Or you may want to avoid potential conflicts or bugs that may arise from a new version of a package. In these cases, you may want to Blacklist Specific Packages from updating using unattended-upgrades.

In this article, we will show you how to do that in a few simple steps. We will also answer some frequently asked questions related to this topic.

Step 1: Install unattended-upgrades

If you haven’t already installed unattended-upgrades, you can do so by running the following command in a terminal:

sudo apt install unattended-upgrades

This will install the package and its dependencies on your system. You may need to enter your password and confirm the installation.

Step 2: Configure unattended-upgrades

The main configuration file for unattended-upgrades is located at /etc/apt/apt.conf.d/50unattended-upgrades. You can edit this file with your preferred text editor, such as nano or vim. For example, to edit the file with nano, run the following command:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

The file contains several sections and options that control the behavior of unattended-upgrades. You can read the comments in the file for more details on what each option does. For our purpose, we are interested in the section called Unattended-Upgrade::Package-Blacklist.

Step 3: Add packages to the blacklist

The Unattended-Upgrade::Package-Blacklist section of the config file allows you to specify which packages you want to exclude from automatic updates. To do so, you need to add the package names to the list, enclosed in double quotes and separated by semicolons. You can also use wildcards (*) to match multiple packages with a common prefix or suffix.

For example, if you want to Blacklist all packages related to the Linux kernel, you can add the following line:

"linux-*";

Or if you want to blacklist a specific package, such as vim, you can add the following line:

"vim";

You can add as many packages as you want to the blacklist. Just make sure to follow the syntax and format of the file.

Here is an example of how the blacklist section may look like after adding some packages:

Step 4: Save and exit the file

After adding the packages you want to blacklist, save and exit the file. If you are using nano, press Ctrl+O to save and Ctrl+X to exit. If you are using vim, press Esc and then type :wq and press Enter.

Step 5: Restart unattended-upgrades

To apply the changes you made to the config file, you need to restart unattended-upgrades. You can do so by running the following command:

sudo systemctl restart unattended-upgrades.service

This will reload the configuration and restart the service.

Step 6: Verify that unattended-upgrades is working as expected

To verify that unattended-upgrades is working as expected, you can check its log file at /var/log/unattended-upgrades/unattended-upgrades.log. This file contains information about what updates were installed or skipped by unattended-upgrades.

You can view the log file with any text viewer, such as less or tail. For example, to view the last 10 lines of the log file, run the following command:

sudo tail -n 10 /var/log/unattended-upgrades/unattended-upgrades.log

The log file shows which packages were upgraded or skipped by unattended-upgrades. You can see that in this example, unattended-upgrades skipped updating linux-image-generic because it was blacklisted.

Frequently Asked Questions

Here are some common questions and answers related to blacklisting packages from updating using unattended-upgrades.

Question: How do I enable or disable unattended-upgrades?

Answer: You can enable or disable unattended-upgrades by running the following command:

sudo dpkg-reconfigure unattended-upgrades

This will launch a graphical interface that will ask you if you want to enable or disable unattended-upgrades. You can use the arrow keys and the space bar to select your choice and press Enter to confirm.

Question: How do I change the frequency or schedule of unattended-upgrades?

Answer: You can change the frequency or schedule of unattended-upgrades by editing the file /etc/apt/apt.conf.d/20auto-upgrades. This file contains two options that control how often unattended-upgrades runs:

• APT::Periodic::Update-Package-Lists sets how often (in days) unattended-upgrades checks for new updates.
• APT::Periodic::Unattended-Upgrade sets how often (in days) unattended-upgrades installs the updates.

You can change these values to suit your needs. For example, if you want unattended-upgrades to check for updates every day and install them every week, you can set the values to 1 and 7, respectively.

Question: How do I change the sources or origins of unattended-upgrades?

Answer: You can change the sources or origins of unattended-upgrades by editing the file /etc/apt/apt.conf.d/50unattended-upgrades. This file contains a section called Unattended-Upgrade::Allowed-Origins that specifies which sources or origins of updates are allowed by unattended-upgrades.

By default, unattended-upgrades only allows security updates from the official Debian repositories. You can add or remove sources or origins from this list as you wish. For example, if you want to allow updates from the Debian backports repository, you can add the following line:

"o=Debian Backports,a=$distro_codename-backports";

You can also use wildcards (*) to match multiple sources or origins. For example, if you want to allow updates from any Debian repository, you can add the following line:

"o=Debian,*";

You can find more information about the syntax and format of this section in the comments of the file.

Conclusion

In this article, we learned how to blacklist specific packages from updating using unattended-upgrades in Debian. We covered the following steps:

• Install unattended-upgrades
• Configure unattended-upgrades
• Add packages to the blacklist
• Save and exit the file
• Restart unattended-upgrades
• Verify that unattended-upgrades is working as expected

We also answered some frequently asked questions related to this topic.

We hope you found this article helpful and informative. If you have any questions or feedback, please feel free to leave a comment below.

Disclaimer

The author is not responsible for any errors or omissions in this article. The user should always verify the accuracy and validity of the information before applying it to their system. The user should also backup their system before making any changes. The author is not liable for any damages or losses caused by following this article. Use this article at your own risk.

The post How to Blacklist Specific Packages from Updating Using Unattendedupgrades in Debian appeared first on PUPUWEB - Information Resource for Emerging Technology Trends and Cybersecurity.