This article has been rewritten and reorganized using artificial intelligence (AI) based on referenced technical documentation. The purpose is to present the content in a clearer and more accessible manner. For technical clarifications or further verification, readers are advised to consult the original documentation or contact relevant technical personnel.
Imagine you’re about to launch a critical application, only to have a system auto-update cause driver or AI runtime incompatibilities—your entire development team’s hearts skip a beat. This scenario isn’t just dramatic; it’s a real-world challenge for every embedded systems developer, BSP engineer, and Edge AI platform specialist. Today, we’ll take you deep into Advantech’s research breakthroughs on Ubuntu package update restrictions, ensuring your system remains stable and version-consistent from development through production.
Technical Background: Why Restrict Package Updates? #
In modern industrial, AI, and edge computing environments, system stability and version consistency often outweigh the pursuit of the latest features. While automatic upgrades are convenient, they risk “overwriting validated versions” or “causing anomalies in production environments,” potentially impacting overall system operation. This is where package update restrictions become essential—whether it’s freezing BSP versions, controlling OTA upgrade risks, or preventing core drivers from being auto-replaced, these are real needs in the industry!
Four Main Methods to Easily Control Package Updates #
Advantech’s engineering team has summarized four practical methods to restrict Ubuntu package updates. Whether you’re in development, testing, or operations, these techniques are quick to master:
| Method | Purpose | Difficulty | Recommended Scenario |
|---|---|---|---|
| apt-mark hold | Prevent package upgrades | ⭐ | General use |
| dpkg hold | Low-level control | ⭐⭐ | Advanced operations |
| APT Pinning | Version lock / source control | ⭐⭐⭐⭐ | Production / BSP |
| unattended-upgrades blacklist | Exclude from auto-updates | ⭐⭐ | Server / OTA |
Method 1: apt-mark hold (Recommended!) #
This command acts like tagging a package, telling the system “Don’t touch this!”
Steps: #
-
Set hold
sudo apt-mark hold <package_name>Example:
sudo apt-mark hold docker-ce -
View hold list
apt-mark showhold -
Remove hold
sudo apt-mark unhold <package_name>
Features:
- Packages will not be updated by
apt upgradeorapt dist-upgrade. - You can still manually install a specific version for flexibility.
Method 2: dpkg hold (Low-Level Expert) #
Want more granular control? dpkg is the underlying implementation of apt-mark, suitable for automated scripts.
Steps: #
-
Set hold
echo "<package_name> hold" | sudo dpkg --set-selections -
Remove hold
echo "<package_name> install" | sudo dpkg --set-selections
Features:
- Ideal for large-scale devices or automated deployments.
- Supports quick batch operations via scripts.
Method 3: APT Pinning (Advanced Lock, Precise Management) #
APT Pinning assigns “VIP status” to packages, allowing only specific versions or sources—or even completely blocking installation/upgrades!
Configuration Steps: #
-
Create config file
sudo nano /etc/apt/preferences.d/custom-pin -
Lock version (Example 1)
Package: docker-ce Pin: version 5:24.0.* Pin-Priority: 1001- Only allows version 5:24.0.x with the highest priority.
-
Block updates (Example 2)
Package: docker-ce Pin: release * Pin-Priority: -1- Completely prohibits installation and updates!
Pin-Priority Explanation:
| Priority | Behavior |
|---|---|
| >1000 | Force install |
| 990~1000 | Default priority |
| 500 | Standard source |
| <0 | Prohibit |
APT Pinning is the best choice for production environments, BSP, and Edge AI, enabling thorough version freezing.
Method 4: unattended-upgrades Exclusion (Auto-Update Blacklist) #
Auto-updates are convenient, but sometimes you need to “exclude certain packages” to prevent accidental upgrades.
Configuration Steps: #
-
Edit config file
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades -
Add to blacklist
Unattended-Upgrade::Package-Blacklist { "docker-ce"; };
With this, auto-updates will skip your specified packages, enhancing your peace of mind!
Notes: Dependency and Critical Package Risks #
While restricting updates is great, some packages (such as kernel, libc, systemd) may affect system dependencies and stability if frozen. It’s strongly recommended to pair restrictions with testing and validation to ensure dependencies aren’t forcibly updated or removed.
Practical Recommendations: Embedded/BSP Development Process #
Advantech recommends the following staged strategy in real-world development:
- Development Phase: Use apt-mark hold to control individual packages, easy to get started.
- Testing / QA: Use APT Pinning to lock versions and establish a baseline.
- Production: Adopt snapshot repository + APT Pinning for complete version freeze, and disable unnecessary repositories.
Advanced architecture as follows:
+----------------------+
| Internal APT Repo |
| (Snapshot / Mirror) |
+----------+-----------+
|
+---------v----------+
| APT Pinning Policy |
+---------+----------+
|
+----------v-----------+
| Production Device |
| (Frozen Versions) |
+----------------------+
Technical Achievements and Application Value #
These methods have been validated in Advantech’s BSP and Edge AI industrial platforms, successfully:
- Reducing OTA update risks
- Enhancing version consistency
- Improving system stability and controllability
Especially the “APT Pinning + Repository Freeze” combination makes version freezing in production environments simple and efficient, boosting productivity several times compared to manual management!
Conclusion and Future Outlook #
Restricting Ubuntu package updates is no longer an engineer’s secret weapon—it’s a technology every industry partner can easily master. Advantech is committed to ongoing R&D and innovation, driving more automated and intelligent version management solutions to help customers advance steadily in industrial, AI, and embedded fields.
If you want frozen, stable system versions, experience Advantech’s technical breakthroughs now! We believe this isn’t just about solving problems—it’s the starting point for creating new industry value.