How to Exclude a Package from yum update

The yum package manager simplifies command line administration of RPM-based distributions. While it is common to apply all available updates that yum recommends, there are circumstances where you may wish to pin a package to a specific version. For instance, maybe a newer release is incompatible with your infrastructure, or has bugs that make it unusable. Here is how to prevent yum from automatically updating a package either temporarily or permanently.

Getting Started

This guide will work on any RPM-based distribution that uses yum as its package manager. For the purposes of learning the technique, it is best to practice on a non-production dedicated or virtual server as to not disrupt a running environment. In this example, we’ll use the httpd package. As such, you’ll either want to ensure that this package is not installed in your test environment, or that it is installed and has an update available.

Tutorial

Say you wish to permanently exclude one or more packages from automatically updating when “yum update” is used. This is achieved by editing /etc/yum.conf.

nano /etc/yum.conf

In this example, we’ll tell yum not to automatically update the httpd package. Do this by adding “exclude= httpd” to the bottom of yum.conf.

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d

exclude= httpd <----- ADD THIS LINE WITH THE PACKAGE NAME

You may also wish to exclude many packages from automatically updating. Do so like this:

exclude= httpd php kernel*

Let's check whether this actually worked. If you're testing with a fresh install, the httpd package shouldn't be installed. We'll install it now.

[root@centos7 ~] yum install httpd

Loaded plugins: fastestmirror
base
extras
updates
Loading mirror speeds from cached hostfile
* base: centos.mirror.gtcomm.net
* extras: centos.mirror.iweb.ca
* updates: centos.mirror.gtcomm.net
No package httpd available.
Error: Nothing to do

Another option is temporarily excluding an update. Say you've run "yum update" and see something you'd like to exclude in the list of packages. In some instances, you may wish to defer the update for only a few days while a bug is resolved upstream.

Prevent "yum update" from pulling in a specific upgrade by using this command line option:

yum --exclude=httpd update

Similarly, if you wish to exclude an entire list of packages on the command line, do the following:

yum --exclude=php\* --exclude=httpd\* --exclude=kernel\* update

Conclusion

Ideally, upgrades always work and systems never break. But if you ever find yourself wishing to temporarily or permanently skip a broken upgrade, the above tips should be all that you need. If this guide was helpful to you, kindly share it with others who may also be interested.