Disable Kernel Auto-Updates in Ubuntu 18.04 (cli only)
I have a setup that needs me to make some manual changes every time I do a kernel update.
I'd like be able to do kernel updates manually, instead of having unattended-upgrades push them into my system automatically.
I'm only interested in answers that can be done through the CLI as I don't have gnome-software or ubuntu-software GUIs.
I found an article that was talking on how to do this with Ubuntu 14/15:
sudo apt-mark hold linux-image-generic linux-headers-generic
Does this still work? It feels out of date because current kernels packages all have version numbers attached to package, eg. linux-headers-4.15.0-62. If I tell the system to hold linux-headers-4.15.0-62, I can't imagine a hold stopping the upgrader from automatically installing a newer kernel (eg. linux-headers-4.15.0-72) and setting it as the main kernel, seeing how updating does not actually replace the old kernel but simply makes the system use a new one.
If it doesn't work, is there something else I can try?
You can also add the packages to the 50unattended-upgrades config file:
nano /etc/apt/apt.conf.d/50unattended-upgrades
Locate the blacklist section, and edit to include the packages - even a regex is supported:
// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
"linux-generic";
"linux-image-generic";
"linux-headers-generic";
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
[Edits from my comments:]
The 50unattended-upgrades file automatically matches the provided tags in Package-Blacklist to package names, excluding version numbers etc., so no wild card is required for the simplest implementation.
If you want to go to town, you can craft regular expression (RegEx) strings to match more complicated requirements. In that case if the expression contains '.', '?' or '*' then it is assumed to be a POSIX RegEx. Check out the man page for apt-get, under the "install" option for ideas.
A better way is to run
sudo apt-mark hold linux-generic linux-image-generic linux-headers-generic
That will hold the meta packages. They won't pull new kernel packages.
But this is not a good idea. It is better to ask about the real problem.
Probably installing a HWE kernel will fix your problem.