CentOS / Redhat: Protect Yum Repo's Packages

How do I protect my yum repo’s packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?

You need to install the yum-protectbase plugin package:

This plugin allows certain repositories to be protected. Packages in the protected repositories can’t be overridden by packages in non-protected repositories even if the non-protected repo has a later version.

Step # 1: Install yum-protectbase

Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:

Loaded plugins: downloadonly, rhnplugin, security, verify
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

 Package                                Arch                          Version                               Repository                                   Size
 yum-protectbase                        noarch                        1.1.16-13.el5                         rhel-x86_64-server-5                         11 k

Transaction Summary
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         

Total download size: 11 k
Is this ok [y/N]: y
Downloading Packages:
yum-protectbase-1.1.16-13.el5.noarch.rpm                                                                                               |  11 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : yum-protectbase                                                                                                                        1/1 

  yum-protectbase.noarch 0:1.1.16-13.el5                                                                                                                      


Step #2: Enable Plugin

Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:

enabled = 1

Save and close the file.

How Do I Protect Base Repo?

Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l

Sample outputs:

total 16
-rw-r--r-- 1 root root  954 Apr 25  2008 epel.repo
-rw-r--r-- 1 root root 1054 Apr 25  2008 epel-testing.repo
-rw-r--r-- 1 root root  254 Aug  4 03:24 rhel-debuginfo.repo
-rw-r--r-- 1 root root  235 Mar  3  2009 rhel-src.repo

You can also use the yum repolist command to display repo lists:
# yum repolist

Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify
repo id                                                   repo name                                                                             status
epel                                                      Extra Packages for Enterprise Linux 5 - x86_64                                        enabled: 4,512
rhel-src                                                  Red Hat Enterprise Linux 5Server - x86_64 - Source                                    enabled: 2,733
rhel-x86_64-server-5                                      Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)                                     enabled: 8,117
rhel-x86_64-server-vt-5                                   RHEL Virtualization (v. 5 for 64-bit x86_64)                                          enabled:   250
repolist: 15,612

To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:

name=Extra Packages for Enterprise Linux 5 - $basearch
protect = 1

name=Extra Packages for Enterprise Linux 5 - $basearch - Debug

name=Extra Packages for Enterprise Linux 5 - $basearch - Source

Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 1 comment so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
1 comment… add one
  • Ken Oct 26, 2010 @ 18:04

    exclude them in the yum.conf with the following


    This would prevent any php updates from being applied. Accordingly you can do it as a one time from the command line. The switch should be –exclude=php*

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum