Question posted in 
At work, we developed some Python software that runs on Raspbian (Debian Based), on a Raspberry Pi.
We have some Ansible scripts that can take a fresh Raspbian image, booted on a Raspberry Pi, and configure it to run our software. Ansible does a few things:
- Installs some required packages with apt
- Sets up a Python virtual environment, and uses pip, and a requirements file, to install the exact version of Python libraries we need to run our software
The fact that every time Ansible runs, it will install the exact version of the Python libraries (from PyPi) that we have tested our software with is great. Unfortunately, this does not apply to the packages installed through apt.
Doing apt-get install package, or the Ansible equivalent, installs the latest version of that package. What the version is today, may not be the same as what it is tomorrow. That means if I run my Ansible scripts to setup a Raspberry Pi today, my software might work perfectly, but running Ansible on a fresh Raspberry Pi tomorrow might install newer versions of software from apt, which may break our software.
Is there any way to do what pip does, but for apt? Freeze the currently-installed versions of packages, and later, when installing on a fresh system, install those exact versions of packages? Or something similar.
I know we can install whatever versions of packages we want, and clone the SD card to other PIs, but that kind of defeats the purpose of having Ansible scripts in the first place.
2
Answers
With ansible you can specify which version of a packge to install this way.
and then to prevent the package to be uprgraded in case of a system upgrade mark the package as hold this way
There is this tool that’s worth mentioning. https://github.com/TrevorSundberg/apt-lock