[CentOS] how to protect RT repository?

Johnny Hughes johnny at centos.org
Wed Oct 17 08:43:19 UTC 2007

Rogelio wrote:
> I'm following the instructions on this URL
> http://wiki.centos.org/HowTos/RT_3.4.x_On_CentOS_4.x
> and came across the part that said
> "WARNING: RT overwrites some packages from the base distribution,
> especially mod_perl"
> How exactly do I "protect" the RT repository?
> It links to the "ProtectBase" program
> http://wiki.centos.org/PackageManagement/Yum/ProtectBase
> ...but what do I mod to protect this RT repository?

protectbase (or priorities) plugins are what you want to use to prevent
3rd party repositories from replacing packages in your CentOS Base repos.

Priorities is the better of the plugins.

What priorities (or protectbase) does is block installing or updating
packages that are in protected repositories from non-protected repositories.

So let's assume you have one repo named Base and you add a new repo named X

Base contains a package called foo-1.0.0.i386.rpm ... and X contains 2
packages named foo-1.1.0.i386.rpm and bar-1.1.0.i386.rpm

The purpose of both the priorities and protectbase plugins is to allow
you to keep foo from Base and get bar from X.

If you only have 2 repos, protectbase and priorities are equally effective.

Now, if we add repo Y ... things get a bit more tricky.  Protectbase
only has protect=1 and protect=0. That means there are 2 groups of repos
with protectbase, protected and non-protected.  All repos in a specific
group are equal (not protected from each other) ... and all repos in the
protected group are protected from all repos in the non-protected group.

Let's put the following packages in repo Y foo-1.2.0.i386.rpm and
bar-1.2.0.i386.rpm and example-1.2.0.i386.rpm

With no plugins installed and all repos enabled if we do this:

yum install foo bar example

Then we get this installed:


(all from repo Y because those are the LARGEST packages)

NOW ... if we have protectbase installed and Base is set to protect=1
and both X and Y are set to protect=0 ... we would get this installed:


(because Base is protected, and if a package is in Base ... in this case
foo, it is not updated by a non protected group.  But since both X and Y
are in the non-protected groups, bar and example both come from Y)

NOW ... if we install priorities, we get to pick a priority for each
repo (and we remove protectbase plugin and no longer need protect= in
the repo config file).  We would use priority=N (where N is 1-99) to set
a priority.  Lets set Base (which contains files that we want to keep
because they are stable and designed to work together) to priority=1
(the highest priority).  We can set X to priority=10 and Y to
priority=20 (I picked these arbitrarily, but it is good to leave space
between priorities so you can add repos in between later).

In this example ... if we did the same yum install command we would get:


This is because foo comes from the highest priority repo where it exists
(Base ... priority=1) and bar comes from the highest priority repo where
it exists (X ... priority=10) and example comes from the highest
priority repo where it exists (Y ... priority=20).

Note that a lower number in priority means a higher priority position
... meaning that Priority=1 is the highest position and Priority=99 is
the lowest priority position.

Protectbase and Priorities are redundant and you only need one or the
other ... and since priorities can do everything that protectbase does
and offer more groups, priorities is recommended.

Now ... for more on priorities and protectbase ... see this link:


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20071017/abd364f4/attachment.sig>

More information about the CentOS mailing list