Blacklisting packages in DNF/YUM

How to Manage Blacklisted Packages in Linux Package Managers: A Guide for apt, dnf, and zypper

Managing software packages efficiently is crucial for maintaining the stability, performance, and security of Linux systems. One advanced technique system administrators often use is package blacklisting. This approach prevents specific packages from being inadvertently installed or updated, which can be vital for compatibility reasons, or to avoid software with known issues. In this blog post, we'll discuss how to blacklist packages using popular package managers like apt (used in Debian and Ubuntu), dnf (used in Fedora), and zypper (used in openSUSE).

Understanding Package Blacklisting

Package blacklisting is a method to exclude specific packages from being managed through system updates or installations. It's particularly useful in environments where certain software versions need to be maintained, or when packages might interfere with custom-built software.

1. Blacklisting Packages in DNF/YUM

DNF (Dandified YUM) is the next-generation version of the Yellowdog Updater, Modified (YUM), and it is predominantly used in Fedora systems. Here’s how to blacklist packages in DNF:

• Edit the DNF Configuration File: Open the main DNF configuration file in a text editor. For example, you can use nano:

  sudo nano /etc/dnf/dnf.conf
  

• Add the Exclude Directive: To blacklist packages, use the exclude directive. For example, if you want to blacklist all versions of a package named examplepackage, add this line:

  exclude=examplepackage*
  

• Save and Close: After adding all exclusions, save the file and exit the editor.

Whenever you now run dnf update or dnf install, DNF will not consider the blacklisted packages.

2. Blacklisting Packages in YUM

For systems still using YUM, the process is similar to DNF:

• Edit the YUM Configuration File:

  sudo nano /etc/yum.conf
  

• Add the Exclude Directive in the file:

  exclude=examplepackage*
  

YUM will now skip these packages during installations and updates.

3. Blacklisting Packages in APT (Debian, Ubuntu)

APT does not have a direct, standard method for permanently blacklisting packages as DNF/YUM does, but you can hold packages at a current version which effectively prevents updating:

• Hold a Package:

  sudo apt-mark hold examplepackage
  

This command tells APT to keep the package at its current installed version and not update it, no matter what. To unhold it, use:

sudo apt-mark unhold examplepackage

4. Blacklisting Packages in Zypper (openSUSE)

Zypper also allows excluding packages through the Zypper configuration:

• Add a Lock: Zypper uses a locking mechanism to exclude packages. You can add a lock using:

  sudo zypper addlock examplepackage
  

• List Locks: To see what packages are locked, you can run:

  sudo zypper locks
  

• Remove Lock: If you need to remove a lock later, use:

  sudo zypper removelock examplepackage
  

Conclusion

Blacklisting (or effectively managing updates for specific packages) is an excellent way to maintain control over a system's software, especially in production environments where stability is paramount. Whether you’re using dnf, yum, apt, or zypper, there are methods to ensure that you maintain the desired state of software packages, preventing updates from introducing incompatibilities or other issues.

Always remember to test these configurations on a development system before applying them in a production environment to avoid unexpected package conflicts or behavior.

Happy package managing!

Further Reading

For further reading and more insights on managing packages and package blacklisting in various Linux distributions, consider the following resources:

1. DNF System Upgrade - Fedora Project Wiki

   • Provides comprehensive details on how to manage system upgrades using DNF, which is especially useful with Fedora.
   • URL: Fedora Project Wiki - DNF System Upgrade

2. Using YUM - CentOS Documentation

   • A resource for CentOS users, offering details on utilizing YUM for effective package management, including management tips that can be adapted for blacklisting.
   • URL: CentOS Documentation - YUM

3. APT User's Guide - Debian Wiki

   • An in-depth guide provided by the Debian project on how to use APT, including tips on holding packages which is a method closely related to blacklisting.
   • URL: Debian Wiki - APT User's Guide

4. Zypper Usage - openSUSE Wiki

   • Details the usage of Zypper, including commands for adding and removing package locks, which is essential for package blacklisting in openSUSE.
   • URL: openSUSE Wiki - Zypper Usage

5. Linux Package Management with RPM and YUM

   • An informative article that explores the fundamentals of package management using RPM and YUM, with a special focus on enterprise environments.
   • URL: Linux.com - Package Management with RPM and YUM

These resources provide a deeper understanding and additional techniques related to package management across different Linux distributions, aiding system administrators in maintaining robust and stable IT infrastructures.