Yum 2nd part: Managing system updates

3-minute read
Centos Fedora redhat Security yum

After covering the basics of Yum in my first article, let’s move on to the second part. In this article I’d like to cover some things about keeping your system up to date with Yum on a CentOS 4 system. But these information will also apply with little changes to any other system using Yum like Fedora Core for example.

Let’s begin with a scheduled update of your system: To activate an automatic nightly update, just enter these lines as root:

chkconfig yum on
service yum start

Yum will now check every night for new software versions in your configured Yum repositories and install them. If you didn’t configure any special repositories, at least the normal CentOS update repository is used, so you won’t miss any critical security updates.

But if you configured any 3rd party repositories (like many people do) you should keep the following things in mind: If you add more and more repositories to your Yum configuration, there is a high chance that important system files that were installed from official CentOS repositories (like base and update) are replaced by versions originating from your added 3rd party repositories.

Why? you may ask. Simple answer: Because they are newer!

Yum always updates your system to the latest versions of all packages it finds. And often, 3rd party repositories contain newer versions of critical system files, so Yum replaces your old ones from CentOS.

Some people may like this behavior very much, but I prefer to have a stable system, so critical system files should only be replaced by official distribution packages. So the following yum behaviour would be very useful: Never update packages originating from official CentOS repositories with 3rd party repository packages.

Unfortunately, Yum can’t do this out of the box, but luckily for us there is a plugin called Protectbase for Yum available which will exactly achieve this. To install this plugin just enter:

yum install yum-plugin-protectbase

Edit /etc/yum.conf and add the following line:

plugins=1

Next you need to edit all .repo files in /etc/yum.repos.d/ and add either:

protect=1

or

protect=0

for each repository. Packages from repositories tagged with “protect=1" can not be updated with packages from “protect=0” repositories, even if they contain newer versions.

So it’s a good idea to tag all official CentOS repositories with “protect=1" and all 3rd party repositories with “protect=0” to ensure a stable running system. Remember: You have to edit all files in /etc/yum.repos.d/ and set the “protect” flag. Repository configurations which are missing the “protect” flag are automatically treated as “protect=1” repositories!

That’s it for today. Another part about Yum will follow :-)

comments powered by Disqus