CentOS / Redhat: Protect Yum Repo's Packages

How do I protect my yum repo’s packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?


You need to install the yum-protectbase plugin package:

This plugin allows certain repositories to be protected. Packages in the protected repositories can’t be overridden by packages in non-protected repositories even if the non-protected repo has a later version.

Step # 1: Install yum-protectbase

Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:

Loaded plugins: downloadonly, rhnplugin, security, verify
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

 Package                                Arch                          Version                               Repository                                   Size
 yum-protectbase                        noarch                        1.1.16-13.el5                         rhel-x86_64-server-5                         11 k

Transaction Summary
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         

Total download size: 11 k
Is this ok [y/N]: y
Downloading Packages:
yum-protectbase-1.1.16-13.el5.noarch.rpm                                                                                               |  11 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : yum-protectbase                                                                                                                        1/1 

  yum-protectbase.noarch 0:1.1.16-13.el5                                                                                                                      


Step #2: Enable Plugin

Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:

enabled = 1

Save and close the file.

How Do I Protect Base Repo?

Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l

Sample outputs:

total 16
-rw-r--r-- 1 root root  954 Apr 25  2008 epel.repo
-rw-r--r-- 1 root root 1054 Apr 25  2008 epel-testing.repo
-rw-r--r-- 1 root root  254 Aug  4 03:24 rhel-debuginfo.repo
-rw-r--r-- 1 root root  235 Mar  3  2009 rhel-src.repo

You can also use the yum repolist command to display repo lists:
# yum repolist

Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify
repo id                                                   repo name                                                                             status
epel                                                      Extra Packages for Enterprise Linux 5 - x86_64                                        enabled: 4,512
rhel-src                                                  Red Hat Enterprise Linux 5Server - x86_64 - Source                                    enabled: 2,733
rhel-x86_64-server-5                                      Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)                                     enabled: 8,117
rhel-x86_64-server-vt-5                                   RHEL Virtualization (v. 5 for 64-bit x86_64)                                          enabled:   250
repolist: 15,612

To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:

name=Extra Packages for Enterprise Linux 5 - $basearch
protect = 1

name=Extra Packages for Enterprise Linux 5 - $basearch - Debug

name=Extra Packages for Enterprise Linux 5 - $basearch - Source

Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

1 comment… add one
  • Ken Oct 26, 2010 @ 18:04

    exclude them in the yum.conf with the following


    This would prevent any php updates from being applied. Accordingly you can do it as a one time from the command line. The switch should be –exclude=php*

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.