Restricting a Package to a Fixed Version Number with yum
Environment
- Red Hat Enterprise Linux (RHEL) 5, 6, 7
- yum
- Updating a specific package version will cause issues, or must be done separately
Issue
- Lock a package to a specific version only, and no later
- Exclude a package from
$ yum update
- What is
yum versionlock
?
Resolution
-
Install package named
yum-plugin-versionlock
(calledyum-versionlock
in RHEL 5).# yum install yum-plugin-versionlock
The
/etc/yum/pluginconf.d/versionlock.list
will be created on the system. -
To install or lock the version of the
gcc
group of packages, run# yum versionlock gcc-*
Root Cause
Use the yum versionlock
plugin to lock a package or packages to currently installed version. The plugin stores a package list in `/etc/yum/pluginconf.d/versionlock.list, which you can edit directly. Yum will normally attempt to update all packages, but the plugin will exclude the packages listed in the versionlock.list file.
The above configuration will not allow yum update
or yum upgrade
to update any of the gcc
packages to version greater than what was installed at the time the locking was performed.
See the yum-versionlock(1)
for a list of all available commands.
Diagnostic Steps
-
To display the list of locked packages, use:
# yum versionlock list
-
To discard the list of locked packages, use
# yum versionlock clear
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
7 Comments
I followed the instructions and cleared my versionlock list [root@localhost:1 ~]# yum versionlock list Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager, versionlock versionlock list done
$ yum upgrade complains about a number of duplicate packages:
abattis-cantarell-fonts-0.0.25-1.el7.noarch is a duplicate with abattis-cantarell-fonts-0.0.16-3.el7.noarch ...a ton more listed here
$yum upgrade --skip-broken seems to work but doesn't seem to, because re-running it shows the same broken packages
Plus, looks like the lock is still in place: Enable all repositories and try again? [y/N]: Error: Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. Eg.:
Error: Protected multilib versions: rest-0.8.0-1.el7.i686 != rest-0.7.92-5.el7.x86_64 Error: Protected multilib versions: 1:openssl-libs-1.0.2k-8.el7.i686 != 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64
My response is a bit late, but I wanted to clarify the following for others (which is not specific to this article but the error below; to be clear, use of the
versionlock
plugin itself should not create duplicate package problems)If you truly see
"is a duplicate"
warnings and multiple versions of the same (for example)abattis-cantarell-fonts
package or any others in yourrpm -qa
output (or in output from runningpackage-cleanup --dupes
which is provided by theyum-utils
package), then this is a bad rpm database state. This means a yum transaction was incomplete (or that duplicate packages were forced onto the system with therpm
command. We can usually see this in theyum history
output for versions that support history; typically indicated by a**
for a past transaction.If you experience duplicate package issues then please do not perform any more
yum
orrpm
transactions that change the package state (update/install/remove/etc) as that can make things worse (both the database, recovery, or actual server state in relation to new packages that have mismatched libraries on disk due to yum being confused by the duplicates), and please do open a support case to evaluate if it can be recovered. (Note: we do not recommend using thepackage-cleanup
fix options unless you are absolutely sure of what it is about to do, as it can also put the system in a worse state or one that we later cannot recover. However, completing the past yum transaction usingyum-complete-transaction
may simply resolve the issue, but if it fails or you are unsure, please open a support case for further review as each situation of interrupted transactions can be unique.)Note that the
multilib
errors can be seen in other cases where there are no duplicates (such as missing packages in a custom repository, orexclude
d packages in yum configuration files). Though it will often also be seen for transactions that are attempted after the duplicates have been left behind. It indicates that a transaction would result it mismatched x86_64 and i686 versions of the same packages, and is usually indicating a deeper issue unless purposely done by an administrator at some point. (Note: We do not recommend disabling the protected multilibs option; as seeing this error is almost always indicating some other issue, such as duplicate packages or missing rpms in a repository, which should be investigated first.)But how does one restrict the version of versionlock? Chicken and egg...
I think it's more like turtles, as it's trust issues all the way down. But ya gotta trust the tool you choose, man. Otherwise:
1) grab the right yum and versionlock by version
2) lock that down.
QED :-P
Had problems getting this to pin a specific kernel version. As in that just doesn't seem to work. Any advice greatly appreciated :-)
I'm installing RedHat Satellite on RHEL7.9:
satellite-installer --scenario satellitegetting following message back: Package versions are being locked.
Thrn as in this document descriped I've installed the yum-plugin -> yum install yum-plugin-versionlock That works fine without any errors
Then next step as descriped again, check for versionlocks:
yum versionlock listGeladene Plugins: foreman-protector, langpacks, product-id, search-disabled-repos, subscription-manager Kein solcher Befehl: versionlock. Bitte /bin/yum --help verwenden.
Sorry for the german language but it just means that yum is still not understanding the subcommand "versionlock" Of course will open a ticket therefore
Can't succeed to allow update of a package but not upper to a didicated version. As it prevent to whole package update whatever the version is not reached. I need for MS SQL Server to perform only one package update at a time : mssql-server-14.0.3356.20-23.x86_64 was supposed to be removed but is not! Verifying : mssql-server-14.0.3356.20-23.x86_64 1/2 Verifying : mssql-server-14.0.3370.1-18.x86_64 2/2