I recently wrote a similar article, illustrating how you can use ‘apt-mark’ to prevent application updates. While that was handy, it only applied to those who use APT as their package manager. It offered nothing of value to those who use YUM.
This article will explain how you can prevent application updates with ‘yum-versionlock’. You will learn how you can temporarily prevent application updates when you have no choice but to.
In the previous article, I explained that you should always use the most up-to-date software that you can, at least if your system is connected to the public internet. Software updates provide security fixes, not just bug fixes.
Not updating means you’re vulnerable and your vulnerabilities may impact other users. For example, your computer may become a part of a botnet, a spam relay, or even be used as a command and control device for those things. As a global citizen of the ‘net, you’re obligated to do what you can to minimize harm.
So, it is possible to prevent application updates, but you really should only do so when it’s absolutely necessary. In an ideal world, you’d be able to always use the updated version, but we don’t live in that world. We live in the real world, where we have things like compliance and compatibility issues.
YUM, what is it? YUM stands for Yellowdog Updater, Modified. It’s a package management utility for RPM based distros. You’ll find YUM in distros like RHEL, Fedora, and even OpenSUSE. It’s fairly widely used, though many of the RPM-based distros are more prominent in the server space than they are in the desktop space.
These days there’s actually DNF (which stands for Dandified YUM – don’t blame me, I don’t name these things) but that’s not important today. Today, we’ll be using ‘YUM-VERSIONLOCK‘ to prevent application updates.
Prevent Updates with ‘yum-versionlock’
Unlike ‘apt-mark’, you’ll need to install something in order to do this. It should also be mentioned that there are other ways to accomplish this, but this is the easiest way to prevent application updates. Using versionlock is the most straightforward way of accomplishing this.
First, you’re gonna need to crack open your terminal. You can do that by using your keyboard. Just press
Once your terminal is open, you’ll need to install ‘yum-versionlock’. You can try this first:
1 | sudo yum -y install yum-versionlock |
If that gives you an error, I can’t figure out where the name changed, then you can most likely install it with:
1 | sudo yum -y install yum-plugin-versionlock |
Once you have it installed, you can check the man page to see how you use it. Even if you installed it with the second command, the man page is still found at:
1 | man yum-versionlock |
The one-liner quite accurately defines versionlock as:
yum-versionlock – Version lock rpm packages
Anyhow, to use it to hold a package at its current version, you simply use:
1 | sudo yum versionlock <package_name> |
NOTE: The command supports wildcards. You can use an asterisk with this command. The command will give you feedback. You can also use ‘add’, but it’s redundant.
If you want to remove the lock, which you should do as soon as realistically possible, then the command is fairly evident. It’s just:
1 | sudo yum versionlock delete <package_name> |
If you, like me, don’t always keep the best notes and don’t have the greatest memory, then you can list the locked packages with this command:
1 | yum versionlock list |
There’s no need for elevated permissions with that command, but it will take a little while for it to complete. It will output any locked packages and you can unlock them individually. Again, you can use wildcards in this command.
However, you can remove all the locks with just one command:
1 | sudo yum versionlock clear |
As you might expect, that removes all the locks and your system will resume updating normally. You should not keep software locked to one version for long. Though you may be using a LTS-type distro, only getting minor point release upgrades, you are still getting security updates. Keeping your system secure makes you a good netizen.
Closure:
And there you have it. Another article in the books, this one explaining how to stop updates for specific applications. Thanks for reading and feel free, nay encouraged, to leave feedback. If you have any ideas for articles, feel free to share them. You can also contribute by writing your own article. I’ll even edit it up for you!
Don’t forget that there’s a newsletter (we never spam or share your address with anyone, it’s all in-house) and you can even donate. I’d kinda like the site to at least pay for itself, simply out of principle. If not, there are ads you can unblock! Even if you do none of those things, there are good odds that I’ll keep this site up, running, and interesting.
On Rhel8 the package name is different than Rhel7.
Rhel7:
yum-plugin-versionlock.noarch : Yum plugin to lock specified packages from being
Rhel8:
python3-dnf-plugin-versionlock.noarch : Version Lock Plugin for DNF
I never use it so haven’t tested it, when I want to block a package from updating I add an exclude in /etc/yum.conf or /etc/dnf.conf which doesn’t happen very often.
Thanks for the additional information. I checked on a couple of VMs, found the difference with ‘yum-plugin-versionlock’, wrote both into the answer, and called it good.