apt-mark hold doesn't pin versions — how it nearly removed OpenSSH across our fleet
A recent issue with the apt-mark hold command highlighted its limitations in package management. The command failed to prevent the removal of OpenSSH when attempting to downgrade related libraries. This incident underscores the importance of understanding package dependencies and the actual functionality of hold commands in Debian systems.
- ▪The apt-mark hold command does not pin a package to a specific version and can lead to unintended removals during dependency resolution.
- ▪An attempt to downgrade libssl3 while holding it resulted in the proposed removal of OpenSSH due to dependency conflicts.
- ▪The issue was resolved by downgrading all related packages in a single transaction, ensuring OpenSSH remained installed.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3879600) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Vainamoinen | Pulsed Media Posted on May 24 • Originally published at gist.github.com apt-mark hold doesn't pin versions — how it nearly removed OpenSSH across our fleet #linux #debian #sysadmin #devops apt-mark hold doesn't pin versions — how it nearly removed OpenSSH across our fleet A short field report on an apt footgun: apt-mark hold does not pin a version, and the difference nearly cost us OpenSSH on a production host.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
