How do I protect my yum repo’s packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?
You need to install the yum-protectbase plugin package:
This plugin allows certain repositories to be protected. Packages in the protected repositories can’t be overridden by packages in non-protected repositories even if the non-protected repo has a later version.
Step # 1: Install yum-protectbase
Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:
Loaded plugins: downloadonly, rhnplugin, security, verify Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================== Installing: yum-protectbase noarch 1.1.16-13.el5 rhel-x86_64-server-5 11 k Transaction Summary ============================================================================================================================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 11 k Is this ok [y/N]: y Downloading Packages: yum-protectbase-1.1.16-13.el5.noarch.rpm | 11 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : yum-protectbase 1/1 Installed: yum-protectbase.noarch 0:1.1.16-13.el5 Complete!
Step #2: Enable Plugin
Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:
[main] enabled = 1
Save and close the file.
How Do I Protect Base Repo?
Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l
Sample outputs:
total 16 -rw-r--r-- 1 root root 954 Apr 25 2008 epel.repo -rw-r--r-- 1 root root 1054 Apr 25 2008 epel-testing.repo -rw-r--r-- 1 root root 254 Aug 4 03:24 rhel-debuginfo.repo -rw-r--r-- 1 root root 235 Mar 3 2009 rhel-src.repo
You can also use the yum repolist command to display repo lists:
# yum repolist
Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify repo id repo name status epel Extra Packages for Enterprise Linux 5 - x86_64 enabled: 4,512 rhel-src Red Hat Enterprise Linux 5Server - x86_64 - Source enabled: 2,733 rhel-x86_64-server-5 Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) enabled: 8,117 rhel-x86_64-server-vt-5 RHEL Virtualization (v. 5 for 64-bit x86_64) enabled: 250 repolist: 15,612
To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
protect = 1
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.
exclude them in the yum.conf with the following
exclude=php*
This would prevent any php updates from being applied. Accordingly you can do it as a one time from the command line. The switch should be –exclude=php*