[CentOS] Allow updates but not upgrades

Thu May 10 08:58:17 UTC 2012
Johnny Hughes <johnny at centos.org>

On 05/10/2012 01:46 AM, Peter Kjellström wrote:
> On Thursday 10 May 2012 17.36.07 Gregory Machin wrote:
>> Hi.
>> At the moment it seems my machines just update to the latest current
>> release . I install a 6.0 machine and run yum update , and next thing
>> its 6.2 .
>> I have a requirement where I need machines to only upgrade to even
>> numbered sub releases eg: 6.0 , 6.2, 6.4 and only on my approval. But
>> will allow updates within a given release.
> There is no provided functionality to do this, that is, CentOS doesn't 
> differentiate between what you call updates and upgrades.

I want to point out that neither does Red Hat.

If you are on the RHEL 6 channel and if you run an update after you
install RHEL 6.0, you will be at RHEL 6.2.

6.0, 6.1, and 6.2 are really only point in time freezes of installation
media.  They are not separate entities or versions.  It is like Windows
and service packs.  Windows 7 Service Pack 1 and Windows 7 Service Pack
2 are both Windows 7.  Not many people want to freeze Windows 7 on
Service Pack 1 ... and Microsoft does not provide the ability for you to
freeze at that point.  Nor does Red Hat provide the ability to freeze at
6.1 or 6.0.

As I said, minor releases are about install media, not the distro.  The
Distribution is CentOS-6 it is not CentOS-6.1 or CentOS-6.2.

If you stay on 6.0 then you do not get security updates.  6.0 + updates
= 6.x (whatever that is at the time).

If you want to test the updates before you deploy them (not an unwise
thing to do), then you need to maintain separate repositories where you
dump tested RPMs in and update your machines from that.

The bottom line is, CentOS supports only CentOS-6 (or CentOS-5) ... if
you want something different than that, you need to build your own
repositories out of our packages.

>> How can I achieve this ?
> Normally (default yum config) a machine fetches it's packages from URL.../6/.. 
> You can change this 6 to 6.x. That will prevent you from getting updates 
> belonging to 6.x+1 _but_ will have the negative side-effect of stopping to 
> work when 6.x+1 is released (6.x removed from normal mirrors).
> Keeping you own repo (rsynced without --delete) may be the best idea (but 
> requires more work).
>> If I sync the repositories for eg: 6.0 , 6.2, 6.4 separately in
>> Spacewalk and only allow access to the ones I want to give access to,
>> would that work ?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20120510/4e33495e/attachment-0005.sig>