How do I protect my yum repo’s packages from certain repositories getting replaced / updated via yum command itself under CentOS / RHEL / Redhat Enterprise Linux?
You need to install the yum-protectbase plugin package:
This plugin allows certain repositories to be protected. Packages in the protected repositories can’t be overridden by packages in non-protected repositories even if the non-protected repo has a later version.
Step # 1: Install yum-protectbase
Type the following command as the root user:
# yum install yum-protectbase
Sample outputs:
Loaded plugins: downloadonly, rhnplugin, security, verify Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package yum-protectbase.noarch 0:1.1.16-13.el5 set to be updated --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================== Package Arch Version Repository Size ============================================================================================================================================================== Installing: yum-protectbase noarch 1.1.16-13.el5 rhel-x86_64-server-5 11 k Transaction Summary ============================================================================================================================================================== Install 1 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 11 k Is this ok [y/N]: y Downloading Packages: yum-protectbase-1.1.16-13.el5.noarch.rpm | 11 kB 00:00 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : yum-protectbase 1/1 Installed: yum-protectbase.noarch 0:1.1.16-13.el5 Complete!
Step #2: Enable Plugin
Edit /etc/yum/pluginconf.d/protectbase.conf, enter:
# vi /etc/yum/pluginconf.d/protectbase.conf
Make sure enabled is set to 1:
[main] enabled = 1
Save and close the file.
How Do I Protect Base Repo?
Change directory to /etc/yum.repos.d, enter:
# cd /etc/yum.repos.d
# ls -l
Sample outputs:
total 16 -rw-r--r-- 1 root root 954 Apr 25 2008 epel.repo -rw-r--r-- 1 root root 1054 Apr 25 2008 epel-testing.repo -rw-r--r-- 1 root root 254 Aug 4 03:24 rhel-debuginfo.repo -rw-r--r-- 1 root root 235 Mar 3 2009 rhel-src.repo
You can also use the yum repolist command to display repo lists:
# yum repolist
Loaded plugins: downloadonly, protectbase, rhnplugin, security, verify repo id repo name status epel Extra Packages for Enterprise Linux 5 - x86_64 enabled: 4,512 rhel-src Red Hat Enterprise Linux 5Server - x86_64 - Source enabled: 2,733 rhel-x86_64-server-5 Red Hat Enterprise Linux (v. 5 for 64-bit x86_64) enabled: 8,117 rhel-x86_64-server-vt-5 RHEL Virtualization (v. 5 for 64-bit x86_64) enabled: 250 repolist: 15,612
To protect epel.repo repository, edit epel.repo file, enter:
# vi epel.repo
Add protect = 1 to each repo section as follows:
[epel]
name=Extra Packages for Enterprise Linux 5 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
protect = 1
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 5 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS
mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL
gpgcheck=1
Save and close the file. Now epel repo will be protected and will not be updated by newer packages from unprotected repositories.
🐧 1 comment so far... add one ↓
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
exclude them in the yum.conf with the following
exclude=php*
This would prevent any php updates from being applied. Accordingly you can do it as a one time from the command line. The switch should be –exclude=php*