Hold packages back from updates without APT Pin?
The answer is to use dpkg --set-selections. If you run the command dpkg --get-selections you can see what is set already:
$ dpkg --get-selections | head
acct install
adduser install
apparmor install
apparmor-utils install
apt install
apt-transport-https install
apt-utils install
aptitude install
at install
auditd install
Consider, in this case, the package dnsutils:
$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be upgraded:
bind9-host dnsutils libbind9-60 libdns64 libisc60 libisccc60 libisccfg60 liblwres60
8 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,257kB of archives.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? n
Abort.
Now let's change it - put the package on hold:
$ echo dnsutils hold | sudo dpkg --set-selections
Check the results:
$ dpkg --get-selections | grep dnsutils
dnsutils hold
Try the update again:
$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages have been kept back:
bind9-host dnsutils libbind9-60 libdns64 libisc60 libisccfg60 liblwres60
The following packages will be upgraded:
libisccc60
1 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Need to get 29.9kB of archives.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? n
Abort.
Now, dnsutils - and its related packages - are being held back, just as we wished.