≡ Menu

CentOS / Redhat: Protect Yum Repo's Packages

How do I protect my yum repo’s packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?

You need to install the yum-protectbase plugin package:

This plugin allows certain repositories to be protected. Packages in the protected repositories can’t be overridden by packages in non-protected repositories even if the non-protected repo has a later version.

Step # 1: Install yum-protectbase

Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:

Loaded plugins: downloadonly, rhnplugin, security, verify
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

 Package                                Arch                          Version                               Repository                                   Size
 yum-protectbase                        noarch                        1.1.16-13.el5                         rhel-x86_64-server-5                         11 k

Transaction Summary
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         

Total download size: 11 k
Is this ok [y/N]: y
Downloading Packages:
yum-protectbase-1.1.16-13.el5.noarch.rpm                                                                                               |  11 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : yum-protectbase                                                                                                                        1/1 

  yum-protectbase.noarch 0:1.1.16-13.el5                                                                                                                      


Step #2: Enable Plugin

Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:

enabled = 1

Save and close the file.

How Do I Protect Base Repo?

Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l

Sample outputs:

total 16
-rw-r--r-- 1 root root  954 Apr 25  2008 epel.repo
-rw-r--r-- 1 root root 1054 Apr 25  2008 epel-testing.repo
-rw-r--r-- 1 root root  254 Aug  4 03:24 rhel-debuginfo.repo
-rw-r--r-- 1 root root  235 Mar  3  2009 rhel-src.repo

You can also use the yum repolist command to display repo lists:
# yum repolist

Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify
repo id                                                   repo name                                                                             status
epel                                                      Extra Packages for Enterprise Linux 5 - x86_64                                        enabled: 4,512
rhel-src                                                  Red Hat Enterprise Linux 5Server - x86_64 - Source                                    enabled: 2,733
rhel-x86_64-server-5                                      Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)                                     enabled: 8,117
rhel-x86_64-server-vt-5                                   RHEL Virtualization (v. 5 for 64-bit x86_64)                                          enabled:   250
repolist: 15,612

To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:

name=Extra Packages for Enterprise Linux 5 - $basearch
protect = 1

name=Extra Packages for Enterprise Linux 5 - $basearch - Debug

name=Extra Packages for Enterprise Linux 5 - $basearch - Source

Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:

{ 1 comment… add one }
  • Ken October 26, 2010, 6:04 pm

    exclude them in the yum.conf with the following


    This would prevent any php updates from being applied. Accordingly you can do it as a one time from the command line. The switch should be –exclude=php*

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">

   Tagged with: , , , , , , , , , , , , , ,