From 43c0daa0e823dc132312740f1f72d9a2b2ef747f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Hertzog?= Date: Tue, 8 Jan 2019 16:04:08 +0100 Subject: [PATCH] Mark kernel related packages on hold in live images --- kali-config/common/hooks/live/kali-hacks.chroot | 7 +++++++ .../includes.installer/usr/lib/live-installer.d/unhold | 8 ++++++++ 2 files changed, 15 insertions(+) create mode 100755 kali-config/common/includes.installer/usr/lib/live-installer.d/unhold diff --git a/kali-config/common/hooks/live/kali-hacks.chroot b/kali-config/common/hooks/live/kali-hacks.chroot index 09be21d..60d7606 100755 --- a/kali-config/common/hooks/live/kali-hacks.chroot +++ b/kali-config/common/hooks/live/kali-hacks.chroot @@ -37,3 +37,10 @@ update-initramfs -u if [ -x "$(which updatedb 2>/dev/null)" ]; then updatedb fi + +# Mark kernel related packages on hold so that they are not upgraded in +# the live system +for pkg in $(dpkg-query -W -f'${binary:Package}\n' 'linux-image-*' 'linux-headers-*' 'linux-kbuild-*') +do + apt-mark hold $pkg +done diff --git a/kali-config/common/includes.installer/usr/lib/live-installer.d/unhold b/kali-config/common/includes.installer/usr/lib/live-installer.d/unhold new file mode 100755 index 0000000..40e94f7 --- /dev/null +++ b/kali-config/common/includes.installer/usr/lib/live-installer.d/unhold @@ -0,0 +1,8 @@ +#!/bin/sh + +set -e + +# Remove the "hold" mark on any package, in Kali we put kernel packages +# on hold because upgrading them hurts more than it helps and because +# we want to ensure they are not removed by a routine dist-upgrade. +in-target sh -c 'apt-mark showhold | while read pkg; do apt-mark unhold $pkg; done'