Recently, in working on updating an Ubuntu server for a client that was running a customized version of Nginx compiled with Google Pagespeed and other mods, we wanted to install all the updates besides any that touched Nginx as we did not want any changes to Nginx to be implemented on the server. The client had made the mistake before of just running a blanket apt-get update and apt-get upgrade before checking to see what the updates affected and essentially broke the webserver running nginx that was working before the updates as the updates replaced many of the critical files and configs of the compiled nginx instance.
Below is a couple of very useful commands that administrators can use to essentially see what updates are going to be installed when running the update and upgrade commands as well as the command that you can use to place certain updates on hold which tells the updater and installer that you don’t want to install those particular updates.
See which updates are going to be installed:
apt-get -s dist-upgrade | grep "^Inst"
Mark certain updates to be on hold to keep from installing:
sudo apt-mark hold <package>
With the above command for instance you can place nginx update from installing:
sudo apt-mark hold nginx
You can effectively use the above command via the shell to see which updates are going to be installed and then place on hold those updates that you do not want to install. It is an effective and easy way to control your Ubuntu server environment without breaking critical services with updates modifying configs, etc.