We are trying to update few yum packages but need to ensure that the packages which need to reboot are to be excluded. Example : There are close to 500-1000 packages and I need to exclude kernel packages as we cannot update without security approval. Is there any option in yum to handle this scenario?
Asked
Active
Viewed 1,547 times
0
-
The duplicate deals with the kernel; not generically “packages which need a reboot” – Jeff Schaller Feb 08 '18 at 16:19
-
From vague memory: in the packages for autopatching (`yum-cron`?), there's a helper tool that "knows" if a reboot will be needed, the name of which I don't recall right now. That helper is a python script and contains a hardcoded list of packages that will require reboot. We can't know if that list is complete, but it seems good enough for RHEL. – Ulrich Schwarz Feb 08 '18 at 16:54
-
1@UlrichSchwarz you prompted me to come up with it: possibly [needs-restarting](https://access.redhat.com/discussions/2485141), bubbling up from [recent memory here](https://unix.stackexchange.com/q/419374/117549) – Jeff Schaller Feb 08 '18 at 17:09
-
@JeffSchaller: That's the one, in `yum-utils`, quoting https://access.redhat.com/solutions/27943 (paywall) and listing 'kernel', 'glibc', 'linux-firmware', 'systemd', 'udev', 'openssl-libs', 'gnutls', 'dbus'. Bit surprised about gnutls and openssl-libs, I've got to say. – Ulrich Schwarz Feb 08 '18 at 18:27
-
Just installing the updates won't force a reboot. You'll need to schedule one manually anyway, meaning you can get security approval when you do. – Shadur Feb 10 '18 at 09:25
2 Answers
2
RHEL and derivatives have needs-restarting in the yum-utils package, but that can only give you an after-the-fact evaluation. However, it is a python script, so we can peek inside to find the following hard-coded list of packages that will make it suggest a reboot:
# For which package updates we should recommend a reboot
# Taken from https://access.redhat.com/solutions/27943
REBOOTPKGS = ['kernel', 'glibc', 'linux-firmware', 'systemd', 'udev',
'openssl-libs', 'gnutls', 'dbus']
Note that this list might not be exhaustive. I'd need to double-check if RedHat recommends to their paying and supported customers to restart according to this heuristic when doing unattended updates, that would give me a bit more confidence.
Ulrich Schwarz
- 15,669
- 4
- 47
- 58
-
Quick check .. so post installing yum-utils .. need to run needs-restarting to check list of packages which require restart or reboot? – user227863 Feb 08 '18 at 19:25
-
0
Exclude a package from update : Edit /etc/yum.conf → add one or more "exclude" lines. https://tecadmin.net/exclude-packages-from-yum-update/
exclude=kernel*
Note : The wildcard ( * ) is important.
Knud Larsen
- 2,049
- 1
- 11
- 9