How to restrict yum to install or upgrade a package to a fixed specific package version?

Solution Verified - Updated -


  • Red Hat Enterprise Linux 5, 6, 7


  • How to restrict yum to install or upgrade a package to a specific version only?
  • How to restrict yum to install or upgrade a package to a fixed specific version and not to a later version than specified.
  • How to lock the package to the specific version from update?
  • What is yum versionlock ?


You can restrict yum to install or upgrade a package to a fixed specific version and not to a later version than specified using the versionlock plugin of yum.

To do this, follow:

  1. Install package named yum-plugin-versionlock (called yum-versionlock in RHEL 5).

    # yum install yum-plugin-versionlock

    The /etc/yum/pluginconf.d/versionlock.list will be created on the system.

  2. To install or lock the version of the gcc package, add that package name to the /etc/yum/pluginconf.d/versionlock.list file by running:

    # yum versionlock gcc-*

    (Alternatively, you can edit the filelist, /etc/yum/pluginconf.d/versionlock.list, directly.)

  • The above configuration will not allow to upgrade the gcc package to version greater than what was installed at the time the locking was performed.
  • Yum will attempt to update all packages, while excluding the packages listed in the versionlock file.

Other Commands

To display the list, use:

# yum versionlock list

To discards the list, use:

# yum versionlock clear

Additional Information

See the yum-versionlock(1) for a list of all available commands.

  • Component
  • yum

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.


I followed the instructions and cleared my versionlock list [root@localhost:1 ~]# yum versionlock list Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager, versionlock versionlock list done

$ yum upgrade complains about a number of duplicate packages:

abattis-cantarell-fonts-0.0.25-1.el7.noarch is a duplicate with abattis-cantarell-fonts-0.0.16-3.el7.noarch ...a ton more listed here

$yum upgrade --skip-broken seems to work but doesn't seem to, because re-running it shows the same broken packages

Plus, looks like the lock is still in place: Enable all repositories and try again? [y/N]: Error: Multilib version problems found. This often means that the root cause is something else and multilib version checking is just pointing out that there is a problem. Eg.:

     1. You have an upgrade for libX11 which is missing some
        dependency that another package requires. Yum is trying to
        solve this by installing an older version of libX11 of the
        different architecture. If you exclude the bad architecture
        yum will tell you what the root cause is (which package
        requires what). You can try redoing the upgrade with
        --exclude libX11.otherarch ... this should give you an error
        message showing the root cause of the problem.

     2. You have multiple architectures of libX11 installed, but
        yum can only see an upgrade for one of those architectures.
        If you don't want/need both architectures anymore then you
        can remove the one with the missing update and everything
        will work.

     3. You have duplicate versions of libX11 installed already.
        You can use "yum check" to get yum show these errors. can also use --setopt=protected_multilib=false to remove
   this checking, however this is almost never the correct thing to
   do as something else is very likely to go wrong (often causing
   much more problems).

   Protected multilib versions: libX11-1.6.5-1.el7.i686 != libX11-1.6.3-3.el7.x86_64

Error: Protected multilib versions: rest-0.8.0-1.el7.i686 != rest-0.7.92-5.el7.x86_64 Error: Protected multilib versions: 1:openssl-libs-1.0.2k-8.el7.i686 != 1:openssl-libs-1.0.1e-60.el7_3.1.x86_64