8.5.3. Plug-in Descriptions

The following list provides descriptions and usage instructions for several useful yum plug-ins. Plug-ins are listed by names, brackets contain the name of the package.
search-disabled-repos (subscription-manager)
The search-disabled-repos plug-in allows you to temporarily or permanently enable disabled repositories to help resolve dependencies. With this plug-in enabled, when Yum fails to install a package due to failed dependency resolution, it offers to temporarily enable disabled repositories and try again. If the installation succeeds, Yum also offers to enable the used repositories permanently. Note that the plug-in works only with the repositories that are managed by subscription-manager and not with custom repositories.


If yum is executed with the --assumeyes or -y option, or if the assumeyes directive is enabled in /etc/yum.conf, the plug-in enables disabled repositories, both temporarily and permanently, without prompting for confirmation. This may lead to problems, for example, enabling repositories that you do not want enabled.
To configure the search-disabled-repos plug-in, edit the configuration file located in /etc/yum/pluginconf.d/search-disabled-repos.conf. For the list of directives you can use in the [main] section, see the table below.

Table 8.4. Supported search-disabled-repos.conf directives

Directive Description
enabled=value Allows you to enable or disable the plug-in. The value must be either 1 (enabled), or 0 (disabled). The plug-in is enabled by default.
notify_only=value Allows you to restrict the behavior of the plug-in to notifications only. The value must be either 1 (notify only without modifying the behavior of Yum), or 0 (modify the behavior of Yum). By default the plug-in only notifies the user.
ignored_repos=repositories Allows you to specify the repositories that will not be enabled by the plug-in.
kabi (kabi-yum-plugins)
The kabi plug-in checks whether a driver update package conforms with official Red Hat kernel Application Binary Interface (kABI). With this plug-in enabled, when a user attempts to install a package that uses kernel symbols which are not on a whitelist, a warning message is written to the system log. Additionally, configuring the plug-in to run in enforcing mode prevents such packages from being installed at all.
To configure the kabi plug-in, edit the configuration file located in /etc/yum/pluginconf.d/kabi.conf. See Table 8.5, “Supported kabi.conf directives” for a list of directives that can be used in the [main] section.

Table 8.5. Supported kabi.conf directives

Directive Description
enabled=value Allows you to enable or disable the plug-in. The value must be either 1 (enabled), or 0 (disabled). When installed, the plug-in is enabled by default.
whitelists=directory Allows you to specify the directory in which the files with supported kernel symbols are located. By default, the kabi plug-in uses files provided by the kernel-abi-whitelists package (that is, the /lib/modules/kabi/ directory).
enforce=value Allows you to enable or disable enforcing mode. The value must be either 1 (enabled), or 0 (disabled). By default, this option is commented out and the kabi plug-in only displays a warning message.
presto (yum-presto)
The presto plug-in adds support to Yum for downloading delta RPM packages, during updates, from repositories which have presto metadata enabled. Delta RPMs contain only the differences between the version of the package installed on the client requesting the RPM package and the updated version in the repository.
Downloading a delta RPM is much quicker than downloading the entire updated package, and can speed up updates considerably. Once the delta RPMs are downloaded, they must be rebuilt to apply the difference to the currently-installed package and thus create the full, updated package. This process takes CPU time on the installing machine. Using delta RPMs is therefore a compromise between time-to-download, which depends on the network connection, and time-to-rebuild, which is CPU-bound. Using the presto plug-in is recommended for fast machines and systems with slower network connections, while slower machines on very fast connections benefit more from downloading normal RPM packages, that is, by disabling presto.
product-id (subscription-manager)
The product-id plug-in manages product identity certificates for products installed from the Content Delivery Network. The product-id plug-in is installed by default.
refresh-packagekit (PackageKit-yum-plugin)
The refresh-packagekit plug-in updates metadata for PackageKit whenever yum is run. The refresh-packagekit plug-in is installed by default.
rhnplugin (yum-rhn-plugin)
The rhnplugin provides support for connecting to RHN Classic. This allows systems registered with RHN Classic to update and install packages from this system. Note that RHN Classic is only provided for older Red Hat Enterprise Linux systems (that is, Red Hat Enterprise Linux 4.x, Red Hat Enterprise Linux 5.x, and Satellite 5.x) in order to migrate them over to Red Hat Enterprise Linux 6. The rhnplugin is installed by default.
See the rhnplugin(8) manual page for more information about the plug-in.
security (yum-plugin-security)
Discovering information about and applying security updates easily and often is important to all system administrators. For this reason Yum provides the security plug-in, which extends yum with a set of highly-useful security-related commands, subcommands and options.
You can check for security-related updates as follows:
~]# yum check-update --security
Loaded plugins: product-id, refresh-packagekit, security, subscription-manager
Updating Red Hat repositories.
INFO:rhsm-app.repolib:repos updated: 0
Limiting package lists to security relevant ones
Needed 3 of 7 packages, for security
elinks.x86_64                   0.12-0.13.el6               rhel
kernel.x86_64                      rhel
kernel-headers.x86_64              rhel
You can then use either yum update --security or yum update-minimal --security to update those packages which are affected by security advisories. Both of these commands update all packages on the system for which a security advisory has been issued. yum update-minimal --security updates them to the latest packages which were released as part of a security advisory, while yum update --security will update all packages affected by a security advisory to the latest version of that package available.
In other words, if:
  • the kernel- package is installed on your system;
  • the kernel- package was released as a security update;
  • then kernel- was released as a bug fix update,
...then yum update-minimal --security will update you to kernel-, and yum update --security will update you to kernel- Conservative system administrators probably want to use update-minimal to reduce the risk incurred by updating packages as much as possible.
See the yum-security(8) manual page for usage details and further explanation of the enhancements the security plug-in adds to yum.
subscription-manager (subscription-manager)
The subscription-manager plug-in provides support for connecting to Red Hat Network. This allows systems registered with Red Hat Network to update and install packages from the certificate-based Content Delivery Network. The subscription-manager plug-in is installed by default.
See Chapter 6, Registering the System and Managing Subscriptions for more information how to manage product subscriptions and entitlements.
yum-downloadonly (yum-plugin-downloadonly)
The yum-downloadonly plug-in provides the --downloadonly command-line option which can be used to download packages from Red Hat Network or a configured Yum repository without installing the packages.
To install the package, follow the instructions in Section 8.5.2, “Installing Additional Yum Plug-ins”. After the installation, see the contents of the /etc/yum/pluginconf.d/downloadonly.conf file to ensure that the plug-in is enabled:
~]$ cat /etc/yum/pluginconf.d/downloadonly.conf
In the following example, the yum install --downloadonly command is run to download the latest version of the httpd package, without installing it:
~]# yum install httpd --downloadonly
Loaded plugins: downloadonly, product-id, refresh-packagekit, rhnplugin,
              : subscription-manager
Updating Red Hat repositories.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd.x86_64 0:2.2.15-9.el6_1.2 will be updated
---> Package httpd.x86_64 0:2.2.15-15.el6_2.1 will be an update
--> Processing Dependency: httpd-tools = 2.2.15-15.el6_2.1 for package: httpd-2.2.15-15.el6_2.1.x86_64
--> Running transaction check
---> Package httpd-tools.x86_64 0:2.2.15-9.el6_1.2 will be updated
---> Package httpd-tools.x86_64 0:2.2.15-15.el6_2.1 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

 Package        Arch      Version                 Repository               Size
 httpd          x86_64    2.2.15-15.el6_2.1       rhel-x86_64-server-6    812 k
Updating for dependencies:
 httpd-tools    x86_64    2.2.15-15.el6_2.1       rhel-x86_64-server-6     70 k

Transaction Summary
Upgrade       2 Package(s)

Total download size: 882 k
Is this ok [y/N]: y
Downloading Packages:
(1/2): httpd-2.2.15-15.el6_2.1.x86_64.rpm                | 812 kB     00:00
(2/2): httpd-tools-2.2.15-15.el6_2.1.x86_64.rpm          |  70 kB     00:00
Total                                           301 kB/s | 882 kB     00:02

exiting because --downloadonly specified
By default, packages downloaded using the --downloadonly option are saved in one of the subdirectories of the /var/cache/yum directory, depending on the Red Hat Enterprise Linux variant and architecture.
If you want to specify an alternate directory to save the packages, pass the --downloaddir option along with --downloadonly:
~]# yum install --downloadonly --downloaddir=/path/to/directory httpd


As an alternative to the yum-downloadonly plugin — to download packages without installing them — you can use the yumdownloader utility that is provided by the yum-utils package.