apt-mark support, hold packages

[jinnatar]

Is your feature request related to a problem? Please describe

If I install a specific version of a package with apt.packages by listing it as package=1.0.0 this still means a careless apt upgrade will upgrade the package past the defined version. This is due to the fact that installing a specific version in apt does not imply pinning the install to that version. This needs to be explicitly asked for instead.

Describe the solution you'd like

• The standard Debian solution to the problem is to hold the package with apt-mark hold $package. Similarly it's subcommands unhold & showhold are useful here.
• Ideally, I'd love for apt.packages to have arguments held & unheld which control whether the package is in a held state or not. Thus the example above would be solved with:

# Not yet ready for 1.10.x upgrade!
nomad_packages = apt.packages(
    packages=["nomad=1.9.7-1"],
    allow_downgrades=True,
    held=True
)

Further deets

• apt-mark is installed by default as part of the apt package at least since Debian buster & Ubuntu focal (the package search indexes doesn't go further back than that).
• Internal to getting the held/unheld state available, I guess we'd need a fact that knows which packages are held, probably in apt or deb? Technically it's all about manipulating dpkg selection state, but right now dpkg facts are split between apt & deb.
• apt is picky about packages in a held state, which may cause issues if say changing the version number while held. There is the apt install option to use --ignore-hold but since that ignores all holds for that operation, it may not be safe if a dependency is also held separately. It's probably safest to undo the specific hold first, then operate and hold it again afterwards.