This is a read-only archived version of wiki.centos.org

protectbase

The purpose of the protectbase plugin is to protect certain repositories from updates from other repositories. Repositories that are to be protected will not be updated by newer files from unprotected repositories. This plugin is recommended for anyone who routinely enables 3rd party repositories, as these non-CentOS repositories may update certain system files, potentially causing your CentOS installation to become unstable.

First, you must enable plugins in your /etc/yum.conf file, see Yum Plugins for details. Plugins are enabled by default starting with CentOS 5.

To install the protectbase plugin, ensure that the CentOS extras repository is enabled (it is enabled by default) and issue this command:

yum install yum-plugin-protectbase

On CentOS 5 the package name has changed, and you can use the following command:

yum install yum-protectbase

After the plugin is installed, make sure that it is enabled. Edit the file /etc/yum/pluginconf.d/protectbase.conf and ensure that it contains the following lines:

[main]
enabled = 1

Next you need to edit all .repo files in /etc/yum.repos.d/ and add either:

protect=1

or

protect=0

for each repository. Here is an example of protecting only the [base] and [update] repositories in the CentOS-Base.repo file:

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=1

#released updates 
[update]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=1 

#packages used/produced in the build but not released
[addons]
name=CentOS-$releasever - Addons
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons
#baseurl=http://mirror.centos.org/centos/$releasever/addons/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0 

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0 

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0 

#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4
protect=0 

Note: You MUST add protect=0 to all repos in all .repo files or any repos that you have in /etc/yum.conf if you want them unprotected, otherwise they belong to the protect=1 group.

When doing updates after editing your files, only repositories that have the protect=1 stanza can update packages from other repositories which are also protected with protect=1. In our example, yum will only update packages from the [base] or [update] repositories with RPMs from the [base] or [update] repositories. If there were updated RPMs in the [addons] repository for packages in [base], they would not be updated.