CentOS / Redhat: Protect Yum Repo's Packages

Posted on in Categories , , , , last updated October 19, 2009

How do I protect my yum repo’s packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?

You need to install the yum-protectbase plugin package:

This plugin allows certain repositories to be protected. Packages in the protected repositories can’t be overridden by packages in non-protected repositories even if the non-protected repo has a later version.

Step # 1: Install yum-protectbase

Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:

Loaded plugins: downloadonly, rhnplugin, security, verify
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================================================================================
 Package                                Arch                          Version                               Repository                                   Size
==============================================================================================================================================================
Installing:
 yum-protectbase                        noarch                        1.1.16-13.el5                         rhel-x86_64-server-5                         11 k

Transaction Summary
==============================================================================================================================================================
Install      1 Package(s)         
Update       0 Package(s)         
Remove       0 Package(s)         

Total download size: 11 k
Is this ok [y/N]: y
Downloading Packages:
yum-protectbase-1.1.16-13.el5.noarch.rpm                                                                                               |  11 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : yum-protectbase                                                                                                                        1/1 

Installed:
  yum-protectbase.noarch 0:1.1.16-13.el5                                                                                                                      

Complete!

Step #2: Enable Plugin

Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:

[main]
enabled = 1

Save and close the file.

How Do I Protect Base Repo?

Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l
Sample outputs:

total 16
-rw-r--r-- 1 root root  954 Apr 25  2008 epel.repo
-rw-r--r-- 1 root root 1054 Apr 25  2008 epel-testing.repo
-rw-r--r-- 1 root root  254 Aug  4 03:24 rhel-debuginfo.repo
-rw-r--r-- 1 root root  235 Mar  3  2009 rhel-src.repo

You can also use the yum repolist command to display repo lists:
# yum repolist

Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify
repo id                                                   repo name                                                                             status
epel                                                      Extra Packages for Enterprise Linux 5 - x86_64                                        enabled: 4,512
rhel-src                                                  Red Hat Enterprise Linux 5Server - x86_64 - Source                                    enabled: 2,733
rhel-x86_64-server-5                                      Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)                                     enabled: 8,117
rhel-x86_64-server-vt-5                                   RHEL Virtualization (v. 5 for 64-bit x86_64)                                          enabled:   250
repolist: 15,612

To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:

[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
protect = 1

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1

Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

Share this on:

1 comment

  1. exclude them in the yum.conf with the following

    exclude=php*

    This would prevent any php updates from being applied. Accordingly you can do it as a one time from the command line. The switch should be –exclude=php*

    Reply Report comment

Leave a Comment

Tagged as: Tags , , , , , , , , , , , , , ,