Disable Kernel Auto-Updates in Ubuntu 18.04 (cli only)

apt kernel updates unattended-upgrades

7,874

Solution 1

You can also add the packages to the 50unattended-upgrades config file:

nano /etc/apt/apt.conf.d/50unattended-upgrades

Locate the blacklist section, and edit to include the packages - even a regex is supported:

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
        "linux-generic";
        "linux-image-generic";
        "linux-headers-generic";
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

[Edits from my comments:]

The 50unattended-upgrades file automatically matches the provided tags in Package-Blacklist to package names, excluding version numbers etc., so no wild card is required for the simplest implementation.

If you want to go to town, you can craft regular expression (RegEx) strings to match more complicated requirements. In that case if the expression contains '.', '?' or '*' then it is assumed to be a POSIX RegEx. Check out the man page for apt-get, under the "install" option for ideas.

Solution 2

A better way is to run

sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic

That will hold the meta packages. They won't pull new kernel packages.

But this is not a good idea. It is better to ask about the real problem.

Probably installing a HWE kernel will fix your problem.

7,874

thebunnyrules

Updated on September 18, 2022

Comments

thebunnyrules almost 2 years
I have a setup that needs me to make some manual changes every time I do a kernel update.

I'd like be able to do kernel updates manually, instead of having unattended-upgrades push them into my system automatically.

I'm only interested in answers that can be done through the CLI as I don't have gnome-software or ubuntu-software GUIs.

I found an article that was talking on how to do this with Ubuntu 14/15:
```
sudo apt-mark hold linux-image-generic linux-headers-generic
```
Does this still work? It feels out of date because current kernels packages all have version numbers attached to package, eg. linux-headers-4.15.0-62. If I tell the system to hold linux-headers-4.15.0-62, I can't imagine a hold stopping the upgrader from automatically installing a newer kernel (eg. linux-headers-4.15.0-72) and setting it as the main kernel, seeing how updating does not actually replace the old kernel but simply makes the system use a new one.

If it doesn't work, is there something else I can try?
thebunnyrules almost 5 years

I have some self signed modules, that I have to re-sign every-time an update happens. I'd rather just install the kernel updates manually at my own discretion.
thebunnyrules almost 5 years

I don't think this will work, linux-generic linux-image-generic linux-headers-generic are the base kernel packages that came with my distro. It's not the active kernel. so I don't see how holding it is going to stop updates. I guess it's worth a try.
Pilot6 almost 5 years

These are meta packages responsible for kernel upgrades. If you have 4.15.x on Ubuntu 18.04, these are the right ones.
thebunnyrules almost 5 years

Thanks, that's perfect. Completly forgot about that. Wouldn't it need to be regexp like "linux-generic-*"; "linux-image-generic-*"; ?
sarlacii almost 5 years

@thebunnyrules: The file automatically matches the provided name to package names, excluding version numbers etc., so no wild card is required for the simplest implementation. If you want to go to town, you can craft RegEx strings to match more complicated requirements, and in that case if the expression contains '.', '?' or '*' then it is assumed to be a POSIX RegEx. Check out the man page for apt-get, under the "install" option for ideas.