Introduction
Package manager is probably the most useful tool for a Linux user. You can install, upgrade and remove any software/package from your Linux system with a single command. But sometimes occasions arise when you need granular control over which package you want to install or upgrade and which package to block from being upgraded automatically.
Why would you want to do this? Well, sometimes you find out that a package’s updated version is buggy. You don’t want that package to upgrade the next time you run sudo yum upgrade. And it is a pain to upgrade each package individually.
In this tutorial, we will cover how to block certain packages from being installed or upgraded and how to block specific versions of packages or kernels from being installed.
Note: It is easy to forget what packages you have held after some time even when their bugfree versions are out. So remain on alert as holding packages for long can introduce security issues.
We will discuss five methods here. All of these methods will involve the yum (Yellow dog Updater, Modified) package manager.
Prerequisites
- You need a server with CentOS 7.
- You need a non sudo user to run the commands.
Method 1 – Permanently Disable Package Install/Updates (Using yum.conf)
To lock a package permanently from being installed, updated or removed, we can use the /etc/yum.conf file.
Open the file for editing.
$ sudo nano /etc/yum.conf
It should look like the following.
[main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=5 bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://$ distroverpkg=centos-release ...
If you want to hold a package, for example, nginx from being installed, updated or removed, append the following line at the end of the file.
exclude=nginx
If you want to stop all nginx packages then you can use the * character.
exclude=nginx*
If you want to exclude more than one packages, you can separate their names by space.
exclude=nginx php
The locked package will remain on the same version even if you upgrade your system. This is especially useful for holding back graphics drivers.
Press Ctrl + X to save the file when finished and enter Y when prompted.
Let us try to install the blocked package, nginx.
$ sudo yum install nginx --Output base | 3.6 kB 00:00 extras | 2.9 kB 00:00 updates | 2.9 kB 00:00 No package nginx available. Error: Nothing to do
You can also block packages via their architecture here. For example, if you want to block 32 bit packages, you can enter the following line in the/etc/yum.conf file.
exclude=*.i?86 *i686
There is an important caveat with this method. While the package won’t get automatically upgraded on using the command sudo yum upgrade or while upgrading the system, you can still remove the package manually. sudo yum remove <package>will still work on held packages.
This method only locks them from being changed automatically. Keeping them in the hold will keep them at their current versions no matter what unless you decide to remove them manually.
Method 2 – Temporarily disable Package Install/Updates
This method involves using the yum command with an additional parameter.
At the time of updating any package, use the -x switch with your command to block specific packages which you don’t want to update.
$ sudo yum -x nginx update
The above command will update all the packages except the nginx package on your system. To block multiple packages with a single command, use -x switch multiple times.
$ sudo yum -x nginx -x php update
You can also use the –exclude switch instead of -x in the same way.
$ sudo yum --exclude nginx, php
Method 3 – Using Repository (Using .repo files)
If you have a package installed via its repository, then there is another way to stop it from being upgraded. This is done by editing its .repo file which you can find in the /etc/yum.repos.d directory.
Suppose your system has epel repository added and you don’t want to install the golang package from it, you can block it by adding the line exclude=golang in the /etc/yum.repos.d/epel.repo file as shown.
Open the epel.repo file for editing.
$ sudo nano /etc/yum.repos.d/epel.repo
Now, make the following change by adding the exclude=golang as shown.
[epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 exclude=golang ...
Press Ctrl + X to save the file when finished and enter Y when prompted.
Now, try to install golang.
$ sudo yum install golang --Output epel/x86_64/metalink | 29 kB 00:00 epel | 5.3 kB 00:00 No package golang available. Error: Nothing to do
Method 4 – Blocking an entire repository from updating
Alternatively, you can block an entire repository from being updated.
First, let’s check all the repositories on our system.
$ yum repolist --Output repo id repo name status base/7/x86_64 CentOS-7 - Base 10,096+1 *epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64 13,454+2 extras/7/x86_64 CentOS-7 - Extras 305 updates/7/x86_64 CentOS-7 - Updates 737+1 repolist: 24,592
To exclude epel repository from being updated, use the following command.
$ sudo yum update --disablerepo=epel
You can disable multiple repositories by separating their ids with commas.
$ sudo yum update --disablerepo=epel, extras
Blocking Repositories via their repo file
There is another way to block a repository which involves editing the particular repo file.
Let us open the epel.repo file for editing.
$ sudo nano /etc/yum.repos.d/epel.repo
Change the value of the enabled variable from 1 to 0.
[epel] name=Extra Packages for Enterprise Linux 7 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch&infra=$infra&content=$contentdir failovermethod=priority enabled=0 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 ...
Press Ctrl + X to save the file and enter Y when prompted.
Now, let’s try to install golang package which is available in epel repository.
$ sudo dnf install golang --Output Loaded plugins: fastestmirror, langpacks, versionlock Loading mirror speeds from cached hostfile * base: centos.mirrors.estointernet.in * extras: centos.mirrors.estointernet.in * updates: centos.mirrors.estointernet.in No package golang available. Error: Nothing to do
Method 5 – Blocking Packages at a particular version (Using versionlock plugin)
Versionlock is a plugin of the Yum package manager. This plugin doesn’t allow packages to be upgraded to a version greater than what was installed at the time locking was performed.
First, install versionlock.
$ sudo yum install yum-plugin-versionlock
This will also create a file /etc/yum/pluginconf.d/versionlock.list on your system.
To lock the current version of mariadb-server installed on your system, run the following command.
$ sudo yum versionlock mariadb-server --Output Loaded plugins: fastestmirror, langpacks, versionlock Adding versionlock on: 1:mariadb-server-5.5.60-1.el7_5 versionlock added: 1
You can add multiple packages at once.
$ sudo yum versionlock mariadb-server evolution golang
Let’s try to update the mariadb-server package.
$ sudo yum update mariadb-server --Output Loaded plugins: fastestmirror, langpacks, versionlock Loading mirror speeds from cached hostfile * base: centos.mirrors.estointernet.in * epel: repos.del.extreme-ix.org * extras: centos.mirrors.estointernet.in * updates: centos.mirrors.estointernet.in Excluding 1 update due to versionlock (use "yum versionlock status" to show it) No packages marked for update
To check the list of blocked packages via the versionlock plugin, use the following command.
$ yum versionlock list --Output Loaded plugins: fastestmirror, langpacks, versionlock 1:mariadb-server-5.5.60-1.el7_5.* versionlock list done
To remove the package from the versionlock, use the following command.
$ yum versionlock delete mariadb-server --Output Loaded plugins: fastestmirror, langpacks, versionlock Deleting versionlock for: mariadb-server-5.5.60-1.el7_5.* versionlock deleted: 1
To discard the list and hence clear the blocks, use the following command.
$ sudo yum versionlock clear --Output Loaded plugins: fastestmirror, langpacks, versionlock versionlock cleared
Alternatively, you can also edit the file /etc/yum/pluginconf.d/versionlock.list to block packages using the versionlock plugin.
To add a package to the file, use the following command.
$ sudo sh -c 'rpm -qa | grep evolution >> /etc/yum/pluginconf.d/versionlock.list'
The above commend blocks the evolution package by adding it to the list. We use rpm -qa | grep evolution to grab the full package name. And the sudo sh -c command runs a sudo shell under which the commands to write to the file run.
Conclusion
That’s it to this tutorial. You should now be able to block any or specific versions of any packages you don’t want to get installed or upgraded on your CentOS system.
Leave a Reply