APT-mark vs APT-pin for Version Locking – Which is More Reliable?

aptdpkgpackage-managementpinningupgrade

Usually on my Ubuntu 16.04 LTS, I lock package versions with APT-pin functionality.

For example if I want to pin meld to version 1.5.3-1ubuntu1 I create the following pin-file:

cat <<EOF | sudo tee /etc/apt/preferences.d/pin-meld
Package: meld
Pin: version 1.5.3-1ubuntu1
Pin-Priority: 1337
EOF

This file applies settings system-wide: apt, apt-get, aptitude and GUI tools such as synaptic and muon respects it.

I know other mechanism – apt-mark. Let's assume.
My starting point – I have manually installed meld_1.5.3-1ubuntu1, its pin is removed.

$ apt-mark showhold
$ apt-cache policy meld 
meld:
  Installed: 1.5.3-1ubuntu1
  Candidate: 3.14.2-1
  Version table:
     3.14.2-1 500
        500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu xenial/universe i386 Packages
 *** 1.5.3-1ubuntu1 100
        100 /var/lib/dpkg/status

Then I hold installed version.

$ sudo apt-mark hold meld
meld set on hold.

$ dpkg -l | grep meld
hi  meld                                          1.5.3-1ubuntu1                               all          graphical tool to diff and merge files

APT-mark shows it is on hold. But apt-cache policy meld have no changes

$ apt-cache policy meld 
meld:
  Installed: 1.5.3-1ubuntu1
  Candidate: 3.14.2-1
  Version table:
     3.14.2-1 500
        500 http://archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu xenial/universe i386 Packages
 *** 1.5.3-1ubuntu1 100
        100 /var/lib/dpkg/status

apt-get upgrade reports that meld is kept back:

$ sudo apt-get upgrade 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  meld
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

But if I launch aptitude in interactive mode I have meld in Upgradable Packages:

Actions  Undo  Package  Resolver  Search  Options  Views  Help
C-T: Menu  ?: Help  q: Quit  u: Update  g: Preview/Download/Install/Remove Pkgs
aptitude 0.7.4
--\ Upgradable Packages (1)
  --\ gnome - The GNOME Desktop Environment (1)
    --\ universe - Unsupported Free Software. (1)                                                                                                    
ih    meld    1.5.3-1ubuntu1 3.14.2-1      

and if I accidentally select Actions -> Cancel pending actions the hold will be removed.

As far I can understand synaptic ignores apt-mark markings, its Lock Version functionality works differently.
meld is listed here as Installed (upgradeable). Mark all upgrades button does not auto-select it, but package may be accidentally upgraded by Mark for Upgrade.

Muon works in same manner with packages, held by apt-mark. But what is interesting its option Lock at Current Version writes pin-file to /etc/apt/preferences.d/meld.

Am I understand correctly that APT-pin is more reliable than apt-mark?

Best Answer

Yes, pinning is more reliable, than apt-mark.

What I have discovered:

  • last 12-14 years Synaptic uses its own pinning file (/var/lib/synaptic/preferences) - see bug 42178 on launchpad. For system-wide one may want to set symlink between /etc and Synaptic

    sudo ln -s /etc/apt/preferences.d/synaptic /var/lib/synaptic/preferences
    

    so it is workaround, locking versions in Synaptic is not recommended method (this file does not read by apt-get and aptitude).

  • Muon uses system-wide pin files per-application in /etc/apt/preferences.d.

  • aptitude has two bugs:

    1. on 14.04 LTS it does not respect apt-mark completely (see my bug 1747189 at launchpad).
    2. on 16.04 LTS holds, which were set by apt-mark are lost after clicking on Actions -> Cancel pending actions (see my bug 1747191 at launchpad).

    but in 18.04 LTS aptitude do not have such bugs, it is great.

So my conclusion is the following: apt-mark is usable only if you install/remove/upgrade software only with apt-get, otherwise you should use pinning (i.e. /etc/apt/preferences.d/), it is more reliable and straightforward.


Note: to prevent package installation pin priority should be negative:

P < 0 :
prevents the version from being installed

for example Pin-Priority: -10.

Related Question