CentOS / Redhat: Protect Yum Repo's Packages

How do I protect my yum repo's packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?

You need to install the yum-protectbase plugin package:

This plugin allows certain repositories to be protected. Packages in the protected repositories can't be overridden by packages in non-protected repositories even if the non-protected repo has a later version.

Step # 1: Install yum-protectbase

Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:

Loaded plugins: downloadonly, rhnplugin, security, verify
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
==============================================================================================================================================================
 Package                                Arch                          Version                               Repository                                   Size
==============================================================================================================================================================
Installing:
 yum-protectbase                        noarch                        1.1.16-13.el5                         rhel-x86_64-server-5                         11 k
Transaction Summary
==============================================================================================================================================================
Install      1 Package(s)
Update       0 Package(s)
Remove       0 Package(s)
Total download size: 11 k
Is this ok [y/N]: y
Downloading Packages:
yum-protectbase-1.1.16-13.el5.noarch.rpm                                                                                               |  11 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : yum-protectbase                                                                                                                        1/1
Installed:
  yum-protectbase.noarch 0:1.1.16-13.el5
Complete!

Step #2: Enable Plugin

Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:

[main]
enabled = 1

Save and close the file.

How Do I Protect Base Repo?

Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l
Sample outputs:

total 16
-rw-r--r-- 1 root root  954 Apr 25  2008 epel.repo
-rw-r--r-- 1 root root 1054 Apr 25  2008 epel-testing.repo
-rw-r--r-- 1 root root  254 Aug  4 03:24 rhel-debuginfo.repo
-rw-r--r-- 1 root root  235 Mar  3  2009 rhel-src.repo

You can also use the yum repolist command to display repo lists:
# yum repolist

Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify
repo id                                                   repo name                                                                             status
epel                                                      Extra Packages for Enterprise Linux 5 - x86_64                                        enabled: 4,512
rhel-src                                                  Red Hat Enterprise Linux 5Server - x86_64 - Source                                    enabled: 2,733
rhel-x86_64-server-5                                      Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)                                     enabled: 8,117
rhel-x86_64-server-vt-5                                   RHEL Virtualization (v. 5 for 64-bit x86_64)                                          enabled:   250
repolist: 15,612

To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:

[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
protect = 1
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1

Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.

• Tweet
• 
• 

You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

• 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
• Top 30 Nmap Command Examples For Sys/Network Admins
• 25 PHP Security Best Practices For Sys Admins
• 20 Linux System Monitoring Tools Every SysAdmin Should Know
• 20 Linux Server Hardening Security Tips
• Linux: 20 Iptables Examples For New SysAdmins
• Top 20 OpenSSH Server Best Security Practices
• Top 20 Nginx WebServer Best Security Practices
• 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
• 15 Greatest Open Source Terminal Applications Of 2012
• My 10 UNIX Command Line Mistakes
• Top 10 Open Source Web-Based Project Management Software
• Top 5 Email Client For Linux, Mac OS X, and Windows Users
• The Novice Guide To Buying A Linux Laptop