Hello,
while deploying the first EL6 systems, I have been re-considering the optimal strategy for setting up yum-priorities.
I should say I have been using the priorities plugin for many years without major issues, but there may still be room for improvement ;)
The wiki article (http://wiki.centos.org/PackageManagement/Yum/Priorities) is quite helpful, but there are two statements I don't understand
1. Paragraph 4, concerning the "check_obsoletes=1" option:
[quote]This is a mechanical rule, and cannot be aware of analysis and a through process of managing a distribution over time, and is accordingly potentially harmful to good hygiene of a system.[/quote]
How could this ever be harmful? If I understand the option correctly, it is meant to *prevent* third-party packages from replacing core packages (with different name) via the "obsoletes" definition. This is exactly the desired behaviour, isn't it?
2. Paragraph 5, bottom:
[quote]After making these changes to the /etc/yum.repos.d/CentOS-Base.repo file, yum will never update packages from the base and update repositories with packages from repositories with lower priorities. This can cause security updates, and 'point release' respin updates to be silently suppressed, and expose your system to potential damage.[/quote]
Again, how could protecting base/updates packages from third-party repos *prevent* security updates of those packages? Or even *damage* the system ???
Frankly, these statements contradict my understanding of the functionality of yum-priorities... I would be grateful if anybody could elaborate a bit on these issues :-)
Best regards,
Oliver
priorities strategy
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
priorities strategy
[quote]
ohw0571 wrote:
Hello,
while deploying the first EL6 systems, I have been re-considering the optimal strategy for setting up yum-priorities.
I should say I have been using the priorities plugin for many years without major issues, but there may still be room for improvement ;)
The wiki article (http://wiki.centos.org/PackageManagement/Yum/Priorities) is quite helpful, but there are two statements I don't understand[/quote]
Despite having been the last editor of the page I share your confusion about the language, if not the functionality of the priorities plugin.
[quote]
1. Paragraph 4, concerning the "check_obsoletes=1" option:
[quote]This is a mechanical rule, and cannot be aware of analysis and a through process of managing a distribution over time, and is accordingly potentially harmful to good hygiene of a system.[/quote]
How could this ever be harmful? If I understand the option correctly, it is meant to *prevent* third-party packages from replacing core packages (with different name) via the "obsoletes" definition. This is exactly the desired behaviour, isn't it?[/quote]
I agree, but that gibberish was added by a member of the core team in a major rework of the page, so I was reluctant to change it.
[quote]
2. Paragraph 5, bottom:
[quote]After making these changes to the /etc/yum.repos.d/CentOS-Base.repo file, yum will never update packages from the base and update repositories with packages from repositories with lower priorities. This can cause security updates, and 'point release' respin updates to be silently suppressed, and expose your system to potential damage.[/quote]
Again, how could protecting base/updates packages from third-party repos *prevent* security updates of those packages? Or even *damage* the system ???
Frankly, these statements contradict my understanding of the functionality of yum-priorities... I would be grateful if anybody could elaborate a bit on these issues :-)
[/quote]
Again, I agree with your assessment, and fail to follow the logic of the second assertion.
My approach is to set all core repos (including the new [cr] repo) to "priority=1" and for 3rd party repos to use a combination of lower priorities, "enabled=0", "exclude=", and "includepkgs=" directives to adjust 3rd party repos to achieve desired results - often a non-trivial exercise requiring occasional tuning when conflicts or other problems arise. My only exception to that rule is [url=http://elrepo.org]ELRepo[/url] which merits "priority=1" in my configs, but that is not a general recommendation, YMMV, and I always inspect the operations yum will perform before accepting them.
If one [b]wants[/b] to replace core packages to achieve functionality such as use of newer PHP and MySQL versions, then it gets a lot more complicated, and let the administrator beware.
ohw0571 wrote:
Hello,
while deploying the first EL6 systems, I have been re-considering the optimal strategy for setting up yum-priorities.
I should say I have been using the priorities plugin for many years without major issues, but there may still be room for improvement ;)
The wiki article (http://wiki.centos.org/PackageManagement/Yum/Priorities) is quite helpful, but there are two statements I don't understand[/quote]
Despite having been the last editor of the page I share your confusion about the language, if not the functionality of the priorities plugin.
[quote]
1. Paragraph 4, concerning the "check_obsoletes=1" option:
[quote]This is a mechanical rule, and cannot be aware of analysis and a through process of managing a distribution over time, and is accordingly potentially harmful to good hygiene of a system.[/quote]
How could this ever be harmful? If I understand the option correctly, it is meant to *prevent* third-party packages from replacing core packages (with different name) via the "obsoletes" definition. This is exactly the desired behaviour, isn't it?[/quote]
I agree, but that gibberish was added by a member of the core team in a major rework of the page, so I was reluctant to change it.
[quote]
2. Paragraph 5, bottom:
[quote]After making these changes to the /etc/yum.repos.d/CentOS-Base.repo file, yum will never update packages from the base and update repositories with packages from repositories with lower priorities. This can cause security updates, and 'point release' respin updates to be silently suppressed, and expose your system to potential damage.[/quote]
Again, how could protecting base/updates packages from third-party repos *prevent* security updates of those packages? Or even *damage* the system ???
Frankly, these statements contradict my understanding of the functionality of yum-priorities... I would be grateful if anybody could elaborate a bit on these issues :-)
[/quote]
Again, I agree with your assessment, and fail to follow the logic of the second assertion.
My approach is to set all core repos (including the new [cr] repo) to "priority=1" and for 3rd party repos to use a combination of lower priorities, "enabled=0", "exclude=", and "includepkgs=" directives to adjust 3rd party repos to achieve desired results - often a non-trivial exercise requiring occasional tuning when conflicts or other problems arise. My only exception to that rule is [url=http://elrepo.org]ELRepo[/url] which merits "priority=1" in my configs, but that is not a general recommendation, YMMV, and I always inspect the operations yum will perform before accepting them.
If one [b]wants[/b] to replace core packages to achieve functionality such as use of newer PHP and MySQL versions, then it gets a lot more complicated, and let the administrator beware.
-
AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: priorities strategy
[quote]
I agree, but that gibberish was added by a member of the core team in a major rework of the page, so I was reluctant to change it.
[/quote]
How on earth did that utter [i]gobble-de-gook[/i] ever get committed to that page? It reads like a load of hog-wash. :-x
I agree, but that gibberish was added by a member of the core team in a major rework of the page, so I was reluctant to change it.
[/quote]
How on earth did that utter [i]gobble-de-gook[/i] ever get committed to that page? It reads like a load of hog-wash. :-x
-
pschaff
- Retired Moderator
- Posts: 18276
- Joined: 2006/12/13 20:15:34
- Location: Tidewater, Virginia, North America
- Contact:
Re: priorities strategy
One could guess, but the Wiki "Diff" function tells the tale for those with Edit rights. The style is also distinctive. ;-)
-
AlanBartlett
- Forum Moderator
- Posts: 9345
- Joined: 2007/10/22 11:30:09
- Location: ~/Earth/UK/England/Suffolk
- Contact:
Re: priorities strategy
One phrase comes to mind "[i]tusked warthog[/i]". :roll: