Blog

03/06/2019

CentOS / RHEL: Yum Lock Package Version At a Particular Version



I am a new CentOS / RHEL 6.x server user and DevOP. I need to lock a package called nginx on a server being updated via yum command. How do I lock package version at a particular version on CentOS / Red Hat Enterprise Linux (RHEL) 6.x or Fedora Linux?

You have two options as follows:

  1. Pass the --exclude directive to the yum command to define list of packages to exclude from updates or installs.
  2. yum versionlock command – Version lock rpm packages command.

Method # 1: yum versionlock command

You need to install yum-plugin-versionlock plugin. It takes a set of name/versions for packages and excludes all other versions of those packages (including optionally following obsoletes). This allows you to protect packages from being updated by newer versions.

Install yum-plugin-versionlock on a CentOS/RHEL server

To install yum-plugin-versionlock package, enter:
# yum -y install yum-versionlock
OR
# yum -y install yum-plugin-versionlock
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package yum-plugin-versionlock.noarch 0:1.1.30-14.el6 will be installed
--> Finished Dependency Resolution
 
Dependencies Resolved
 
================================================================================
 Package                  Arch     Version         Repository              Size
================================================================================
Installing:
 yum-plugin-versionlock   noarch   1.1.30-14.el6   rhel-x86_64-server-6    27 k
 
Transaction Summary
================================================================================
Install       1 Package(s)
 
Total download size: 27 k
Installed size: 0  
Downloading Packages:
yum-plugin-versionlock-1.1.30-14.el6.noarch.rpm          |  27 kB     00:00     
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1 
  Verifying  : yum-plugin-versionlock-1.1.30-14.el6.noarch                  1/1 
 
Installed:
  yum-plugin-versionlock.noarch 0:1.1.30-14.el6                                 
 
Complete!

Syntax

The basic syntax is as follows:

yum versionlock package-name-here
yum versionlock package1 package2
yum versionlock add package-wildcard
yum versionlock add package1*
yum versionlock [command] package1*

To lock the nginx packages at current versions, type:

# yum versionlock nginx
OR
# yum versionlock add nginx

To list all current versionlock entries, run:

# yum versionlock list

To remove/delete versionlock entry for nginx package, enter:

# yum versionlock delete nginx

To remove all versionlock entries:

# yum versionlock clear
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
versionlock cleared

Add a exclude (within versionlock) for the latest versions of the packages in the available repos

# yum versionlock exclude pakage1 package2
# yum versionlock exclude pakage-wildcard-here

Demo: Locking ethtool package using yum lock version commands

First, check ethtool package has updates on the server:
# yum check-update
# yum check-update ethtool

Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.

ethtool.x86_64               2:3.5-1.2.el6_5                rhel-x86_64-server-6

Lock down ethtool, enter:
# yum versionlock add ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Adding versionlock on: 2:ethtool-3.5-1.el6
versionlock added: 1

List entries in versionlock, enter:
# yum versionlock list
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
2:ethtool-3.5-1.el6.*
versionlock list done

Try to update ethtool package, enter:
# yum update ethtool
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Setting up Update Process
No Packages marked for Update

Delete ethtool versionlock so that yum can apply an update:
# yum versionlock delete '2:ethtool-3.5-1.el6.*'
Sample outputs:

Loaded plugins: product-id, rhnplugin, security, subscription-manager,
              : versionlock
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Deleting versionlock for: 2:ethtool-3.5-1.el6.*
versionlock deleted: 1

Tip: List/view history of package?

Use the following command:
# yum --showduplicates list packageNameHere
# yum --showduplicates list ethtool

Sample outputs:

Fig.01: See all packages versions

The yum command has history option. It allows an admin to access detailed information on the history of yum transactions that have been run on a system. You can see what has happened in past transactions. You can use various command line options to view what happened, undo/redo/rollback to act on that information and start a new history file.

Method # 2: yum –exclude command to lock package version from yum update

Edit /etc/yum.conf
# vi /etc/yum.conf
Append the following line under [main] section to lock php and nginx, enter:

exclude=php* nginx* 

Save and close the file. See how to exclude packages when I use “yum update” command tutorial for more information.

Related media

A quick video tutorial shows you how to prevent any package to be update using yum even its update is available on a CentOS/Red Hat Enterprises Linux server.

Posted by: SXI ADMIN

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

14/08/2019

How to KVM, QEMU start or stop virtual machine from command line (CLI)

KVM or Kernel Based Virtual Machine is a popular virtualization technology. It allows you to run virtual guest machines over a host machine. To start...
14/08/2019

How to Docker backup Saving and restoring your volumes

Running a Docker volume backup First, we spin up a temporary container, and we mount the backup folder and the target Docker volume to this container....
12/08/2019

How to Start and Enable Firewalld on CentOS 7

In this article, we discuss how to start and enable firewalld. It is highly recommended that you have a firewall protecting your server.Pre-Flight CheckThese...