#pragma section-numbers 2 = yum-plugin-priorities = <> Many people find the priorities plugin to be a useful tool if properly configured, and used with an understanding of the functionality and a recognition of the limitations and potential issues. It can be used in conjunction with the 'exclude' and/or 'includepkg' options, as well as the 'enabled=0' option to disable a repo by default. This can let you choose which packages a less important repo will supersede those of a more important one. == Nomenclature == '''Note:''' This plugin has carried at least two differing names over time. It is named '''yum-priorities''' on CentOS-5 but was named '''yum-plugin-priorities''' on CentOS-4. CentOS-6 has reverted to '''yum-plugin-priorities'''. It functions in a substantially similar ways in these three CentOS major releases == Usage == The '''priorities''' plugin can be used to enforce ordered protection of repositories, by associating priorities to repositories. Packages from repositories with a lower priority will never be used to upgrade packages that were installed from a repository with a higher priority. The priorities are also in effect when a new package is installed - if a package is in more than one repository, it will be installed from the repository with the highest priority. This plugin is particularly useful for anyone who uses one or more third-party repositories, as these repositories may update system files, which can potentially compromise the stability of your CentOS installation. To be able to use this plugin, you must enable plugins in your '''/etc/yum.conf''' file, see [[PackageManagement/Yum|Yum Plugins]] for details. == Installation == It can be installed with this command: '''CentOS-4 or CentOS-6:''' {{{ yum install yum-plugin-priorities}}} '''CentOS-5:''' {{{ yum install yum-priorities}}} The '''priorities''' plugin is available from two locations: * Through the ''CentOS Extras'' repository. Since the ''CentOS Extras'' repository is enabled by default, you can install this plugin on CentOS 4 by installing the ''yum-plugin-priorities'' package. In the ''CentOS 5 Extras'' repository, the package name is ''yum-priorities''. More information about the ''CentOS Extras'' repository can be found on the [[Repositories]] page. * The '''priorities''' plugin has been added to the upstream [[http://linux.duke.edu/projects/yum/download/yum-utils/|yum-utils]] sources since yum-utils 1.0.1. The version included with yum-utils works with both yum 2.4.x and 3.0.x. Configuration instructions are provided in the '''README''' file that is included in the '''plugins/priorities''' directory of the archive. After the plugin is installed, make sure that it is enabled when you decide to use a given archive. You can do this by editing the '''/etc/yum/pluginconf.d/priorities.conf''' file, and ensuring that it contains the following lines: {{{ [main] enabled=1}}} == Description of function == A {{{man}}} page is of course more authoritative than a wiki article. Some packages specify ''obsoletes'' in their metadata. This property of a package specifies which old packages with a different name the package replaces. This can interfere with the priority protection of packages. For example, this would be enabled if a package from a low-priority repository contained an {{{obsoletes:}}} for package from a high-priority repository. For instance, if the ''gconfmm2'' package was installed from a high-priority repository, and another package (say ''gconfmm20'') claims to replace the obsolete ''gconfmm2'' package, {{{yum}}} will replace the ''gconfmm2'' package with the ''gconfmm20'' package. The plugin can set to consider, but resolve through a fixed rule to OVER-RIDE the otherwise prevented block of a desired transition, for such upgrades, by adding the following line to the ''main'' section of '''/etc/yum/pluginconf.d/priorities.conf''': {{{ check_obsoletes=1}}} This is a mechanical rule, and cannot be aware of analysis and a through process of managing a distribution over time, and is accordingly potentially harmful to good hygiene of a system. Blindly enabling any set of {{{priorities}}} rules is trusting an auto-pilot, unable to react to the growth of the distribution. It can, if properly and thoughtfully used, prevent a 3rd party repo from replacing a core package of a different name through the use of obsoletes. == Specific Configuration == With the plugin enabled, you may add priorities to repositories by adding the line: {{{ priority=N}}} to a repository entry, where ''N'' is an integer from 1 to 99. The default priority for repositories is 99. The repositories with the lowest numerical priority number have the highest priority. Usually, it is best to give at least the CentOS ''base'' and ''update'' repositories a very high priority. In the following example of the '''/etc/yum.repos.d/CentOS-Base.repo''' file, the CentOS ''base'' and ''update'' repositories are given the highest possible priority (1): {{{ [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 priority=1 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 priority=1 #packages used/produced in the build but not released [addons] name=CentOS-$releasever - Addons mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=addons #baseurl=http://mirror.centos.org/centos/$releasever/addons/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 priority=1 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=1 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 priority=1 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 priority=1 #contrib - packages by Centos Users [contrib] name=CentOS-$releasever - Contrib mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib #baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 priority=2}}} '''Note:''' The above example is for CentOS-4, the file name '''RPM-GPG-KEY-centos4''' (in the '''gpgkey''' line) should be replaced with '''RPM-GPG-KEY-CentOS-5''' for use with CentOS-5. After making these changes to the '''/etc/yum.repos.d/CentOS-Base.repo''' file, {{{yum}}} will never update packages from the ''base'' and ''update'' repositories with packages from repositories with lower priorities. This can cause security updates, and 'point release' respin updates to be silently suppressed, and expose your system to potential damage. See the cautions at the head of this article. == Miscellany == One author's recommended settings are: {{{ [base], [addons], [updates], [extras] ... priority=1 [centosplus] priority=1 (same priority as base and updates) but should be left disabled [contrib] ... priority=2 Third Party Repos ... priority=N (where N is > 10 and based on your preference) }}} You can list all repositories set up on your system by a '''yum repolist all'''. However, this does not show priority scores. Here's a one liner for that. If no number is defined, the default is the lowest priority (99). {{{ sed -n -e "/^\[/h; /priority *=/{ G; s/\n/ /; s/ity=/ity = /; p }" /etc/yum.repos.d/*.repo | sort -k3n }}} == A Cautionary Note == Note: The upstream maintainer of {{{yum}}}, Seth Vidal, had the following to say about 'yum priorities' in September 2009: {{{ Gosh, I hope people do not set up yum priorities. There are so many things about priorities that make me cringe all over. It could just be that it reminds me of apt 'pinning' and that makes me want to hurl. }}} This matter was discussed in more depth in the mailing list thread [[http://lists.centos.org/pipermail/centos/2009-November/086189.html|starting here]]. The [[http://wiki.centos.org/AdditionalResources/Repositories|Repositories]] article noted in that thread, which discusses the {{{exclude}}} and {{{includepkg}}} options for {{{yum}}}, is a better place to start in understanding {{{priorities}}}. The primary concern is that priorities is heavy handed over removing packages from the transaction set. It makes it difficult to readily determine what packages are being ignored and why. Even so, it is very flexible and can be extremely useful to provide the largest available list of packages.