preventing critical packages from updating in ubuntu

Wubi installations of Ubuntu (>=9.10) are vulnerable to boot failures, kernel panics and other issues when updated. In later versions (10.04, 10.10) the issues may even occur on the base install. In a Wubi installation, the OS lies in a virtual file-system created in a contiguous space within a Windows partition; a pointer to this space is stored in a bootloader file called wubildr, and on booting into the OS, wubildr mounts this space as root. From Windows, this space is visible as a file called root.disk having the same size as that of the Ubuntu installation (say 10 GB). On update, this bootloader is modified, which then cannot find the stored location of root; resulting in boot failure. The user is taken to a grub/ initramfs prompt with an error like, but not limited to

ALERT! root.disk not found. Dropping to a shell!

The trigger for this issue is certain updates that flash on the desktop when they are available for that version of Ubuntu. It is recommended to keep the system updated, but not necessarily in the frequency these updates flash up; because Linux in general is more secure than Windows. There are loopholes in every software, but in Linux, the very few that exist are not too severe to do an update every now and then. For a typical user, a system maintenance maybe once in 6 months should be fine. For the more discerning users, foolproof security actually goes beyond these updates.

So for the normal user who wants to update as much possible but not at the expense of system failure, and till this issue is officially resolved by Ubuntu team, the simplest workaround is to de-notify some packages on which the complete booting process from boot-menu to desktop depends. These are the kernel, bootloader and xorg. Updating any or all of these can corrupt any point of the process.

Let us check if there should be need of an update to these packages/ what would be the benefit of doing so in the first place.

  • The kernel version that comes with an OS should be fine for long term use, say about a year (or more), unless the user is actually into kernel development or there is some serious flaw in it (which is very unlikely). TheĀ  kernel is not maintained by Ubuntu; if there is a major issue with any particular version, it will affect all Linux distributions, and its severity can be found on the internet easily before deciding to update. Even after updating, there is no surety that the latest version wouldn’t have any flaws. A new kernel version is mostly about supporting new hardware, which for a given user, doesn’t change that frequently. Having all fixes till date on the computer is good, but certainly not by risking the boot process. There is more a user needs to do on his computer than fiddle with kernels.
  • The bootloader’s (GRUB2 for Ubuntu >= 9.10) job is to start the OS. There is absolutely no need of updating it, till the OS remains in the PC or some major hardware is changed. In other words, the base version that comes with the OS is just fine.
  • X-org is the program that renders the graphical desktop. Unless the video card driver is updated, there is no need to disturb it. Gaming/ Graphics development are the two areas where this matters, but both have a limited sample among desktop Linux user population as of now. Serious game development happens in server or enterprise editions of an OS, which are more stable/ come with official support contract.

So the idea is to prevent these packages from updating, while continuing with update of other packages. To do so, add the packages in the normally blank /etc/apt/preferences file using a text editor as root. In a terminal,

gksu gedit /etc/apt/preferences &

will open a file with or without content, depending on whether some packages were locked previously. Add these lines to it:

Package: linux-generic linux-headers-generic linux-image-generic linux-restricted-modules-generic
Pin: version <>
Pin-Priority: 1001

Package: xserver-xorg-core xserver-common
Pin: version <2:1.6.4-2ubuntu4>
Pin-Priority: 1001

Package: grub-pc grub-common
Pin: version <1.97~beta4-1ubuntu3>
Pin-Priority: 1001

These are base versions of the packages that come with Ubuntu 9.10 (Karmic). If you are on an updated Karmic or a newer Ubuntu, these may be different. Check your versions by searching one of the packages of each section in Synaptic Package Manager (Desktop Menu > System > Administration). Each section in the file should be separated by a line, and must include all related packages separated by space in the first line. The apt docs define the “Pin-Priority”. This can also be done using the UI. In Synaptic Package Manager, search each package and select Menu > Packages > Lock Version. Since there are many packages in same family, manually editing the preferences file in one shot is easier.

Three releases and several bugs later, the issue still exists in Wubi. Since the normal installation is unaffected, other bugs probably take up priority. But for the user whose time is actually wasted which could otherwise be put to use had the OS been booting at least, after a suggested update which the user did not even ask for, a critical issue is still left to workarounds.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s