Skip a particular package for update and proceed for all others

Question

I am trying to update a production server after some months maybe. While updating the apt cache I get the following message.

sudo apt update
Hit:1 http://tw.archive.ubuntu.com/ubuntu xenial InRelease
Hit:2 http://tw.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:3 http://tw.archive.ubuntu.com/ubuntu xenial-backports InRelease
Get:4 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]                                                          
Ign:5 http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04  InRelease
Hit:6 http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04  Release
Get:7 http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04  Release.gpg [481 B]
Ign:7 http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04  Release.gpg
Reading package lists... Done 
N: Ignoring file '50unattended-upgrades.ucf-old' in directory '/etc/apt/apt.conf.d/' as it has an invalid filename extension
W: GPG error: http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04  Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 47AE7F72479BC94B
E: The repository 'http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04  Release' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.

I see that one of the package from ownloud could not be verified. I want to skip updating this package for now and move to update others.

Question:

Should I just move forward with sudo apt upgrade for upgrading all others ?
How to resolve the issue with a package whose public key cannot be verified for following cases :

(i) I trust the package and want to upgrade ?

(ii) I do not want to upgrade this package ever ? (I will deal with this in the future though) .

for (i) you want How do I fix the GPG error "NO_PUBKEY"? for (ii) remove the repository: How can PPAs be removed? — Zanna, Jan 25 '17 at 07:40

score 2 · Answer 1 · answered Jan 25 '17 at 07:26

Ok, first of all, especially on production servers, you must have only source lists you really need. Everything else must be removed. Then, every source list you have should provide trusted packages, and the way to check that is easy - every provided package is signed by the one who provides it. Your system has keys which can verify the package signature. Those keys can be viewed with apt-key list. You lack a key for http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04. I saw that Owncloud's key has expired few months ago and they have released a new one. You can obtain it from http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.key. Download it wget ... and import it with apt-key add <filename>. Run apt-get update to refresh your cache.

Next - you're asking how to mask a package from being updated. This can be done with sudo apt-mark hold package_name. Hope that helps you.

Skip a particular package for update and proceed for all others

1 Answers1