smert.net

While initially setting up a kickstart installation on CentOS I needed to add additional repositories without having to worry about them overwriting base packages. Thankfully there are two options priorities and protectbase. Since I was only adding one extra repository that would conflict with anything (rpmforge) I used protectbase. It is really easy to setup all you need to do is add protect = 1 to the yum repositories that you want to protect located in /etc/yum.repos.d. Now everything works great and I don’t have to worry about a 3rd party RPMs effecting the stability of the base OS. I always assumed the process would be the same for RHEL too but this was a bad assumption.

The whole process for getting this to work on RHEL is much different. First, nothing that I did to any yum configuration files seemed to make any difference. Creating yum repositories with the same name will cause a conflict with the RHN plugin repositories. Nothing seemed to make the number of packages excluded due to repository protections increase. I wasted a lot of time trying to find a solution before I read that the RHN plugin doesn’t work with protectbase. That is when I started to look at the source code. YUM and the RHN plugin is written in Python and makes it easy to modify. What you will probably want to do is first configure your RHEL machine to receive updates from the RHN. Then update ‘yum-rhn-plugin’ to the latest version which as of this writing is 0.5.2-5. Now you’re going to configure an exclusion for that package so that it doesn’t get updated. If the plugin were to be updated it would remove the protections to the base repositories. You will have to keep an eye on updates for that plugin your self if you ever plan to update it. You can configure the exclusion by editing /etc/yum.conf and adding exclude=yum-rhn-plugin under [main].

Now that we have our yum-rhn-plugin updated and excluded from any future updates we will need to modify the plugin. The plugin is located in /usr/lib/yum-plugins and the file you need to update is rhnplugin.py. We will be modifying part of the init_hook function.

All I had to do was add repo.protect = 1. Now it should look like this.

Now you should get a message when you do yum update that X number of packages were excluded do to repository protections.

Update (27MAY08)

There was a update to the yum-rhn-plugin. The latest verion is 0.5.3-6.

yum-rhn-plugin provides support for yum to access a Red Hat Network server
for software updates.

This package addresses the following bug:

* yum clean all would not remove packages from the cache correctly, leaving
downloaded rpms in /var/cache/yum/rhel*/packages/. This updated package
fixes the issue and yum clean all now removes packages from the cache
correctly.

Users of yum should upgrade to this updated package, which resolves this issue.