Page 1 of 1

Custom .repo files for each extra package

Posted: 2017/04/21 10:21:50
by palacs

I recently wanted to install nginx to my CentOS 6 box. Then found out that nginx is not present in the base repositories, so I pulled it from EPEL. Then checked the changelog using yum changelog all nginx with the following result.

Code: Select all

Loaded plugins: changelog, ovl

Listing all changelogs

==================== Installed Packages ====================
nginx-1.10.2-1.el6.x86_64                installed
* Mon Oct 31 12:00:00 2016 Jamie Nguyen <> - 1.10.2-1
- update to upstream release 1.10.2

* Sat Jul  2 12:00:00 2016 Jamie Nguyen <> - 1.10.1-1
- update to upstream release 1.10.1
- split dynamic modules into subpackages
- spec file cleanup

Then checked for the latest stable version of the 1.10 branch of nginx at their official download page. So I realized that the package EPEL supplies from nginx is almost a year old (1.10.2) and does not include these fixes.

Code: Select all

Changes with nginx 1.10.3                                        31 Jan 2017

    *) Bugfix: in the "add_after_body" directive when used with the
       "sub_filter" directive.

    *) Bugfix: unix domain listen sockets might not be inherited during
       binary upgrade on Linux.

    *) Bugfix: graceful shutdown of old worker processes might require
       infinite time when using HTTP/2.

    *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
       directives client request body might be corrupted; the bug had
       appeared in 1.10.2.

    *) Bugfix: a segmentation fault might occur in a worker process when
       using HTTP/2; the bug had appeared in 1.10.2.

    *) Bugfix: an incorrect response might be returned when using the
       "sendfile" directive on FreeBSD and macOS; the bug had appeared in

    *) Bugfix: a truncated response might be stored in cache when using the
       "aio_write" directive.

    *) Bugfix: a socket leak might occur when using the "aio_write"

And the absence of the bugfixes made me think that using the old nginx from EPEL could also result in a security breach.

So I Googled "nginx on centos 6" and found out that nginx has its own CentOS 6 repositories, so all I need to do is to import them into /etc/yum.repos.d and everything will work fine.

The next problem is Xfce 4 which I really like and don't want it to have a GTK3 interface which I do have by default on CentOS using EPEL releases. However, EPEL releases don't always ship all the bug fixes (as mentioned previously: nginx) so I would not want to use EPEL as an enabled repo for system-wide. My /etc/yum.repos.d/epel.repo looks like this.

Code: Select all

name=Extra Packages for Enterprise Linux 6 - $basearch

I would rather like to use the following workflow for installing packages.

  1. Do a yum search pkg to find out whether it exists in the base repository consisting of well-tested and really stable packages (sourced from RHEL 6). If the package is there, just install it, problem solved.
  2. If the package is not in the base repository, I look it up on the internet whether the creators maintain an own repository for CentOS 6 (like nginx does). If I find such an official repo, I'll pull it under /etc/yum.repos.d and install the package from there.
  3. If there are no official repos, I fall back to EPEL using yum --enablerepo=epel install pkg.
How can I keep my EPEL packages up to date without enabling the EPEL repo by default?

How can I force yum to only upgrade those packages from EPEL that were previously installed from EPEL (for example if an nginx package in the official nginx repo has a lower version number, I don't want it to be overwritten from EPEL)?

How can I create a .repo file for EPEL under /etc/yum.repos.d that is enabled by default but only valid for a single package and its dependencies? So if I want to update my system with yum update, it should only check for Xfce (and its dependencies) from EPEL, without passing --enablerepo=epel as an argument.

Re: Custom .repo files for each extra package

Posted: 2017/04/21 10:43:52
by TrevorH
yum install yum-plugin-priorities

Add priority= to each of your repos (1 is preferred over 2 etc)

Or add exclude= or includepkgs= lines to the repo files.

Re: Custom .repo files for each extra package

Posted: 2017/04/21 11:48:35
by palacs
Looks fine. Thanks.

My next question is what is with groups?

Xfce is recommended to be installed using yum groupinstall Xfce. However includepkgs=Xfce has no effect at all, and groupinstall will work for group Xfce even if xfce packages have been excluded.

How can I tell yum to include packages only in a group, without enumerating all the package names?

Re: Custom .repo files for each extra package

Posted: 2017/04/21 11:53:15
by TrevorH
includepkgs= implies exclude=* for everything that is not mentioned so it should exclude everything from that repo that doesn't match the pattern you give. It is probably case sensitive so Xfce doesn't match any of the packages which are all xfce*.

You do need to add includepkgs= under the [heading] for the correct repo of course.

Re: Custom .repo files for each extra package

Posted: 2017/04/21 12:04:01
by palacs
I know that and I could take it into effect. However, I can't make it work for package groups, like Xfce. Xfce with capital X refers to a package group while package names have non-capital letters, like xfce4-session. I install package groups using yum groupinstall pkg_group. That would include all dependencies for Xfce. Otherwise I would have to enumerate it all by hand which would result in a really long, unmaintainable list (e.g. if dependencies change due to a package split or something done by the package maintainers).

Btw, how can I tell yum to include the dependencies as well when specifying a package using includepkgs= ? So that I don't need to track them down by hand.

Re: Custom .repo files for each extra package

Posted: 2017/04/21 12:19:14
by TrevorH
I don't think you can.