The package manager is one of the most invaluable tools for Linux users. It allows you to seamlessly install, upgrade, and remove any software or package on your Linux system with just a command. However, there are scenarios where you might need more detailed control over which packages to install or upgrade, and which ones to prevent from automatic upgrades. This becomes crucial when you encounter a buggy package update that you’d rather not install the next time you execute sudo yum upgrade. Manually handling each package one by one can be cumbersome.
In this guide, we will explore how to prevent certain packages from being installed or upgraded and how to block specific versions of packages or kernels from their automatic installation.
Note: Be cautious as it’s easy to forget packages that have been held back, even when their stable versions are later released. Holding back packages for extended periods can lead to potential security vulnerabilities.
We’ll discuss five methods using both the yum (Yellowdog Updater, Modified) and dnf (Dandified YUM) package managers.
Prerequisites
- A server running CentOS, Rocky Linux, or Alma Linux. This tutorial was created using Rocky Linux 9, but the commands should work with other distributions and earlier releases as well.
- A non-root user with sudo privileges.
Method 1 – Permanently Disable Package Install/Updates Using yum.conf
To lock a package from being installed, updated, or removed permanently, utilize the /etc/yum.conf or /etc/dnf/dnf.conf file.
It should resemble the following configuration:
[main] gpgcheck=1 installonly_limit=3 clean_requirements_on_remove=True best=True skip_if_unavailable=False
For example, to prevent nginx from installing, updating, or being removed, append the following:
exclude=nginx
To encompass all nginx packages, use the wildcard character *:
exclude=nginx*
To exclude multiple packages, separate them with spaces:
exclude=nginx php
This will ensure the package stays at its current version despite system upgrades, especially beneficial for maintaining specific graphics driver versions.
Block Kernel Updates
Use the command below to block kernel updates:
$ sudo dnf --exclude=kernel* update
or
$ sudo yum --exclude=kernel* update
You can use kernel* as the package name in other methods to block kernel updates.
Method 2 – Temporarily Disable Package Install/Updates
For temporary control, use the -x switch with your yum or dnf commands to exclude certain packages from updates:
$ sudo dnf -x nginx update or $ sudo yum -x nginx update
To block multiple packages, apply the -x switch for each:
$ sudo dnf -x nginx -x php update or $ sudo yum -x nginx -x php update
Alternatively, use the –exclude switch likewise:
$ sudo dnf --exclude=nginx,php update or $ sudo yum --exclude=nginx,php update
Method 3 – Using Repository (.repo Files)
When a package is installed from a repository, block its updates by editing its corresponding .repo file under /etc/yum.repos.d. For instance, to block the certbot package from the Epel repository, add this line:
exclude=certbot
Method 4 – Blocking an Entire Repository from Updating
Check all repositories with:
$ dnf repolist or $ yum repolist
To exclude the Epel repository updates, do the following:
$ sudo dnf update --disablerepo=epel or $ sudo yum update --disablerepo=epel
Method 5 – Blocking Packages at a Particular Version Using Versionlock Plugin
The versionlock plugin restricts packages from upgrading beyond their currently installed version. Install it with:
$ sudo dnf install dnf-plugin-versionlock or $ sudo yum install dnf-plugin-versionlock
Conclusion
We’ve covered several methods to manage package installations and updates effectively. With this know-how, you can safely and strategically hold back specific package versions on your CentOS, Rocky Linux, or Alma Linux systems.
Frequently Asked Questions (FAQ)
- Why should I block package updates?Blocking updates can be crucial if an updated package version is buggy or if you have specific requirements or dependencies for existing software that might be disrupted by an update.
- Does disabling a package update compromise security?It might. Holding back updates can prevent security patches from being applied. Always be vigilant and update packages when a stable version is released.
- Can I manually update a blocked package?Yes, blocked packages can be manually updated by removing or editing the block settings.