Posted on
Administration

Blacklisting packages in DNF/YUM

Author
  • User
    Linux Bash
    Posts by this author
    Posts by this author

How to Manage Blacklisted Packages in Linux Package Managers: A Guide for apt, dnf, and zypper

Managing software packages efficiently is crucial for maintaining the stability, performance, and security of Linux systems. One advanced technique system administrators often use is package blacklisting. This approach prevents specific packages from being inadvertently installed or updated, which can be vital for compatibility reasons, or to avoid software with known issues. In this blog post, we'll discuss how to blacklist packages using popular package managers like apt (used in Debian and Ubuntu), dnf (used in Fedora), and zypper (used in openSUSE).

Understanding Package Blacklisting

Package blacklisting is a method to exclude specific packages from being managed through system updates or installations. It's particularly useful in environments where certain software versions need to be maintained, or when packages might interfere with custom-built software.

1. Blacklisting Packages in DNF/YUM

DNF (Dandified YUM) is the next-generation version of the Yellowdog Updater, Modified (YUM), and it is predominantly used in Fedora systems. Here’s how to blacklist packages in DNF:

  • Edit the DNF Configuration File: Open the main DNF configuration file in a text editor. For example, you can use nano:

    sudo nano /etc/dnf/dnf.conf

  • Add the Exclude Directive: To blacklist packages, use the exclude directive. For example, if you want to blacklist all versions of a package named examplepackage, add this line:

    exclude=examplepackage*

  • Save and Close: After adding all exclusions, save the file and exit the editor.

Whenever you now run dnf update or dnf install, DNF will not consider the blacklisted packages.

2. Blacklisting Packages in YUM

For systems still using YUM, the process is similar to DNF:

  • Edit the YUM Configuration File:

    sudo nano /etc/yum.conf

  • Add the Exclude Directive in the file:

    exclude=examplepackage*

YUM will now skip these packages during installations and updates.

3. Blacklisting Packages in APT (Debian, Ubuntu)

APT does not have a direct, standard method for permanently blacklisting packages as DNF/YUM does, but you can hold packages at a current version which effectively prevents updating:

  • Hold a Package:

    sudo apt-mark hold examplepackage

This command tells APT to keep the package at its current installed version and not update it, no matter what. To unhold it, use:

sudo apt-mark unhold examplepackage

4. Blacklisting Packages in Zypper (openSUSE)

Zypper also allows excluding packages through the Zypper configuration:

  • Add a Lock: Zypper uses a locking mechanism to exclude packages. You can add a lock using:

    sudo zypper addlock examplepackage

  • List Locks: To see what packages are locked, you can run:

    sudo zypper locks

  • Remove Lock: If you need to remove a lock later, use:

    sudo zypper removelock examplepackage

Conclusion

Blacklisting (or effectively managing updates for specific packages) is an excellent way to maintain control over a system's software, especially in production environments where stability is paramount. Whether you’re using dnf, yum, apt, or zypper, there are methods to ensure that you maintain the desired state of software packages, preventing updates from introducing incompatibilities or other issues.

Always remember to test these configurations on a development system before applying them in a production environment to avoid unexpected package conflicts or behavior.

Happy package managing!

Related posts