I recently wanted to install nginx to my CentOS 6 box. Then found out that nginx is not present in the base repositories, so I pulled it from EPEL. Then checked the changelog using yum changelog all nginx with the following result.
Code: Select all
Loaded plugins: changelog, ovl
Listing all changelogs
==================== Installed Packages ====================
* Mon Oct 31 12:00:00 2016 Jamie Nguyen <email@example.com> - 1.10.2-1
- update to upstream release 1.10.2
* Sat Jul 2 12:00:00 2016 Jamie Nguyen <firstname.lastname@example.org> - 1.10.1-1
- update to upstream release 1.10.1
- split dynamic modules into subpackages
- spec file cleanup
Then checked for the latest stable version of the 1.10 branch of nginx at their official download page. So I realized that the package EPEL supplies from nginx is almost a year old (1.10.2) and does not include these fixes.
Code: Select all
Changes with nginx 1.10.3 31 Jan 2017
*) Bugfix: in the "add_after_body" directive when used with the
*) Bugfix: unix domain listen sockets might not be inherited during
binary upgrade on Linux.
*) Bugfix: graceful shutdown of old worker processes might require
infinite time when using HTTP/2.
*) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request"
directives client request body might be corrupted; the bug had
appeared in 1.10.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2; the bug had appeared in 1.10.2.
*) Bugfix: an incorrect response might be returned when using the
"sendfile" directive on FreeBSD and macOS; the bug had appeared in
*) Bugfix: a truncated response might be stored in cache when using the
*) Bugfix: a socket leak might occur when using the "aio_write"
And the absence of the bugfixes made me think that using the old nginx from EPEL could also result in a security breach.
So I Googled "nginx on centos 6" and found out that nginx has its own CentOS 6 repositories, so all I need to do is to import them into /etc/yum.repos.d and everything will work fine.
The next problem is Xfce 4 which I really like and don't want it to have a GTK3 interface which I do have by default on CentOS using EPEL releases. However, EPEL releases don't always ship all the bug fixes (as mentioned previously: nginx) so I would not want to use EPEL as an enabled repo for system-wide. My /etc/yum.repos.d/epel.repo looks like this.
Code: Select all
name=Extra Packages for Enterprise Linux 6 - $basearch
I would rather like to use the following workflow for installing packages.
- Do a yum search pkg to find out whether it exists in the base repository consisting of well-tested and really stable packages (sourced from RHEL 6). If the package is there, just install it, problem solved.
- If the package is not in the base repository, I look it up on the internet whether the creators maintain an own repository for CentOS 6 (like nginx does). If I find such an official repo, I'll pull it under /etc/yum.repos.d and install the package from there.
- If there are no official repos, I fall back to EPEL using yum --enablerepo=epel install pkg.
How can I force yum to only upgrade those packages from EPEL that were previously installed from EPEL (for example if an nginx package in the official nginx repo has a lower version number, I don't want it to be overwritten from EPEL)?
How can I create a .repo file for EPEL under /etc/yum.repos.d that is enabled by default but only valid for a single package and its dependencies? So if I want to update my system with yum update, it should only check for Xfce (and its dependencies) from EPEL, without passing --enablerepo=epel as an argument.