25

How to I prevent Ubuntu from kernel version upgrade and notification?

I'd like to keep my system from getting or prompting me for kernel upgrades and DIST upgrades.

I do want however to get all package updates and security updates.

I have looked at several posts, but they were for package "Holds" and that is too granular for what I am wanting. I just want to prevent Ubuntu from upgrading to a new Distribution like 16.10 which caused me issues, as well as a newer Kernel which booting into recovery mode my mouse and keyboard would not work.

I would like to keep existing dist. as is, as well as get any new software package updates or security updates. I do not want to disable all updates, but I can if that is the simplest option.

smjadtnf707
  • 994
  • Package holds is exactly what you are "wanting" for the kernel updates. For the distro upgrade, just disable it in the software properties. There are lots of questions here about both. – mikewhatever Jul 21 '17 at 19:52

3 Answers3

42

Thank You Mikewhatever for clarifying I needed to use package hold.
I used this post as a reference and ran command :

uname -r

to find my Kernel Version. It gave output:

4.10.0-27-generic

Then I ran command:

sudo apt-mark hold 4.10.0-27-generic

and it gave output:

linux-cloud-tools-4.10.0-27-generic set on hold.
linux-headers-4.10.0-27-generic set on hold.
linux-image-4.10.0-27-generic set on hold.
linux-image-extra-4.10.0-27-generic set on hold.
linux-signed-image-4.10.0-27-generic set on hold.
linux-tools-4.10.0-27-generic set on hold.

I believe this should be what I wanted to accomplish.

smjadtnf707
  • 994
  • Yes, it is but what you want to accomplish makes no sense and is potentially unsafe. Having the OS fully updated, kernel included, is what everybody should do. Except in very specific cases where a given software version (or kernel version in even fewer cases) is required and has to be put on hold, holding kernel and/or security updates just because is really dumb. In an internet facing machine it's quite unsafe and not only for the user that refuses updates. Keep in mind you have, as everybody else, social responsibility. –  Jul 22 '17 at 03:08
  • 2
    Instead of blocking the kernel upgrades, you can boot from an earlier kernel version by selecting it from the GRUB menu like this: https://askubuntu.com/questions/955020/ubuntu-wont-boot-kernel-error/955130#955130 and wait for a kernel upgrade that satisfies all of your requirements by booting once the normal way after each new kernel upgrade. – karel Jan 20 '18 at 10:30
  • 1
    You don't need to hold all those packages. Just hold the meta packages: https://askubuntu.com/a/678633/705736 – FarO Jun 24 '19 at 14:22
  • 1
    Thanks for this answer. Very useful for me where I have a module that only works with a specific kernel version and is difficult to update – Joshua Apr 03 '20 at 05:12
  • 3
    Does this mean that kernel version would persist over an apt upgrade? It's Dec 2020, and Ubuntu 20.04 seems to realize there is a new kernel available and eventually ends up installing it. – tishma Dec 17 '20 at 15:36
  • @tishma: I was wondering about that so I put my kernel on hold but the new kernel still shows in the upgrade list. So I don't think it prevents upgrades from being installed. – Daniel May 10 '22 at 12:15
  • $ sudo apt-mark hold $(uname -r) – Miha_x64 Feb 12 '23 at 19:08
4

Update: This specific approach works only for certain major kernel versions; in particular, 5.4.0-xx. (it might be possible with fancier apt-mark hold rules to stay on e.g 5.8.0-xx kernels)

I frequently came to this question when trying a few times over the last while to figure out how to do a slightly modified version of the original question:

How do I freeze the Ubuntu kernel at (e.g., specifically for Ubuntu 20.04) the 5.4.0-x version, so that I still get minor upgrades, but do not get upgraded to another "major" version like 5.8.0-x

The trick in this specific case was to do the following:

# This prevents installation of, or further upgrades of the package that results in a 5.8 kernel being installed
sudo apt-mark hold linux-generic-hwe-20.04

This will pull in the latest 5.4 Ubuntu kernel, and receive subsequent 5.4.0-x patches too


sudo apt install linux-generic-hwe-18.04

I'm not sure if this is entirely universally applicable, but this worked for Ubuntu 20.04 at least as of January 2021. (The triggering event in my case was that my 5.4 machines started getting updated to 5.8 automatically during the first week of January, 2021). Also note, I'm not an expert but have tested this a fair bit. There may be some significant nuances I have incorrect...

But if you already have a newer major-version kernel installed (e.g. via unattended-upgrades), you'll probably want to uninstall it too. I have not had any issues with the following command/regex to identify what packages would get remove by the command after this one:

dpkg -l | grep -o -P "^ii\s+linux-[\w]-5\.(8|11|13)\.0[\d\S]+"

And the removal command is very similar:

sudo apt remove -y $(dpkg -l | grep -o -P "\blinux-[\w]-5\.(8|11|13)\.0[\w]+\b")

Finally, you'll want to reboot before you do much else, including doing any apt upgrade. Particularly if you've uninstalled the currently running kernel's packages, post-install scripts for other packages might not be happy if run before a reboot!

For more information on the kernel choices for Ubuntu, aka to know roughly what's coming, this page is pretty informative: https://ubuntu.com/about/release-cycle

n.b. For good measure, you can put the apt-mark hold on all three of linux-generic-hwe-20.04 linux-headers-generic-hwe-20.04 linux-image-generic-hwe-20.04 but in practice holding just that first one seemed sufficient.

n.b. In my situation, while in most cases you should not need to do what this post describes, I needed to stick to an older major kernel version in order for some hardware to work properly.

n.b.2: With Ubuntu 20.04, this "remove 5.8 kernels approach" later broke for 5.11 kernels, and would likely also happen with the 5.13 kernels. I've updated the regex above accordingly.

Gertlex
  • 500
  • Your grep command gives me the following error: grep: conflicting matchers specified – Benjamin Bray Aug 07 '21 at 12:41
  • 1
    @BenjaminBray I'm guessing you might have an alias set up for grep that adds a flag that conflicts with the -P flag. e.g. doing grep -E -P soemthing will fail. Perhaps check your .bashrc or the output of alias? – Gertlex Aug 07 '21 at 19:57
  • the common pattern in your pair of regexps is partly wrong (unescaped periods .) and partly pointless ([\S]*, [\d\S]+). recommend fixing/simplifying as \blinux-\w+-5\.(8|11|13)\.[-\w]+\b – ardnew Mar 07 '24 at 03:18
  • Thanks for the more rigorous regex. I'm no master myself, and haven't built up a rigorous mental mapping of the various regex short-hands. – Gertlex Mar 08 '24 at 05:07
0

To summarize the previous answers and allow for this to work on any kernel:

sudo apt-mark hold $(uname -r)

Why would I do this? Essentially kernel 6.2 breaks the NVME that my operating system sits on and then won't boot if a kernel upgrade happens. This is fixed in 6.6, but then the raid controller that the hard drive sits on doesn't function anymore because support hasn't been built for it. This is a temporary measure until High-Point makes drivers that work reliably for the new kernel.

James Dalgleish
  • 1