In this episode, I would like to show you a method for locking rpm packages to a particular version.
Lets say for example, that you have a package installed on a server, and that a package update is coming, which will likely break your configuration. You would like to somehow exclude this package from getting updated. Today we are going to look at a yum plugin called, version lock, will help us achieve our goal.
I have setup an example, using the httpd package, to illustrate the problem. Lets run, “yum update httpd”, as you can see, an update was found along with a dependency called httpd-tools. But lets say, for the sake of this example, that we want to keep these are their current versions.
# see if httpd has updates yum update httpd
There is a package called yum-plugin-versionlock, which we can use to solve our problem. Lets take a look at the package info, by running, “yum info yum-plugin-versionlock”. As you can see, it has a version specific purpose, it’s a “yum plugin to lock specific packages from being updated”. Sounds exactly like what we’re looking for.
# look at package info for yum-plugin-versionlock yum info yum-plugin-versionlock
Lets, go ahead and install it, by running, “yum install yum-plugin-versionlock”.
# install yum-plugin-versionlock yum install yum-plugin-versionlock
I like to use “rpm –query –list” and then the package name, in this instance, “yum-plugin-versionlock”, to see what files were installed for a particular rpm. This just helps to give a little info about where the config files live. As you can see here, the first couple lines, are config files, and then there is the plugin itself, some documentation, and then the man page.
# show files for yum-plugin-versionlock rpm --query --list yum-plugin-versionlock
Lets take a look at the versionlock.conf file. It looks pretty straightforward, and it points us to this versionlock.list file. This is where the locked rpm names will live.
Now that we know about versionlock, lets run “yum update httpd” again, we are doing this just to refresh our memory, and so that we can record the package names.
# double check our package names yum update httpd
Armed with these package names, we are going to run “yum versionlock httpd httpd-tools”. In the output you can see that it says, adding version lock on the packages we specified. Lets have another look at the versionlock.list file, just to make sure it has our additions. Yup, look good!
# lock the httpd httpd-tools packages at current versions yum versionlock httpd httpd-tools
Okay, now that we have the yum version locks in place, lets run “yum update httpd” again. It looks like it is working, since it says, “no packages marked for update”. You can also safely run “yum update” to update all packages, and if we scroll up, you’ll see that there is no httpd or httpd-tools listed here.
# see if httpd still want to apply an update yum update httpd
Just before I conclude this episode, I would like to mention, that if the package has already been updated, there is a handy yum option called, –showduplicates, we use it like this, by running “yum list httpd –showduplicates”. This will list all instances of httpd in our repo. Normally you’ll only see the most recent version. So, if you need to downgrade a package for some reason, you can use “show duplicates” to find and install older package versions, then you can use version lock, to lock the package to the older version.
# --showduplicates can show duplicate packages in a repo yum list httpd --showduplicates
You can also view active versionlocks by running “yum versionlock”.
# view active versionlocks yum versionlock