When maintaining legacy systems or development environments, version consistency is crucial. The automatic upgrade from CentOS 6.3 to 6.4 through yum update occurs because:
- Yum repositories are configured to pull the latest packages by default
- The 6.4 update was marked as a standard update (not a point release)
- No version locking was implemented in the initial configuration
To permanently lock your CentOS version at 6.3, modify your yum configuration:
# Create or edit the yum configuration
sudo vi /etc/yum.conf
# Add these exclusion rules:
[main]
exclude=centos-release* redhat-release* kernel*This prevents updates to:
- The base distribution packages (centos-release)
- Kernel updates that might require reboot
- Critical system components that could trigger version changes
For more granular control:
# Install the plugin
sudo yum install yum-plugin-versionlock
# Lock specific packages
sudo yum versionlock add centos-release
sudo yum versionlock add redhat-release
sudo yum versionlock add kernelCentOS provides detailed release notes for each version. The standard locations are:
- Official Wiki:
https://wiki.centos.org/Manuals/ReleaseNotes - Package changelogs:
rpm -q --changelog package-name - Announce mailing list archives
Before applying any updates to your production environment:
# Check what would be updated
yum --exclude="centos-release*" check-update
# Test in isolated environment
mkdir /tmp/yum-test
yum --installroot=/tmp/yum-test --releasever=6.3 updateNot at all. This is considered a best practice for:
- Maintaining development environment consistency
- Preventing unexpected dependency conflicts
- Controlling the update cycle in production systems
- Specialized environments requiring certification
The key is to maintain awareness of security updates while controlling major version changes.
When maintaining legacy systems or development environments, version control becomes critical. The default behavior of yum update can unexpectedly upgrade your CentOS 6.3 to 6.4 or later, potentially introducing unvalidated changes to your environment.
CentOS/RHEL provides several methods to lock package versions:
# Method 1: Exclude specific packages from updates
sudo vi /etc/yum.conf
[main]
exclude=centos-release* kernel*Or for more granular control:
# Method 2: Create version lock plugin configuration
sudo yum install yum-plugin-versionlock
sudo yum versionlock add centos-release-6-3.el6.centos.*The most robust approach combines multiple techniques:
# 1. Install required plugin
sudo yum -y install yum-plugin-versionlock
# 2. Lock critical packages
sudo yum versionlock add centos-release-6-3*
sudo yum versionlock add redhat-release-6-3*
sudo yum versionlock add kernel-2.6.32-279*
# 3. Verify locks
sudo yum versionlock listFor tracking CentOS changes:
- Official CentOS 6.4 Release Notes: http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.4
- Red Hat Enterprise Linux Release Notes (CentOS is RHEL-compatible)
- CentOS-announce mailing list archives
To receive security patches while maintaining version 6.3:
# Configure yum to only install security updates
sudo yum --security updateOr create a custom repo file:
# /etc/yum.repos.d/CentOS-Base-6.3.repo
[base-6.3]
name=CentOS-6.3 - Base
baseurl=http://vault.centos.org/6.3/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6Not at all. Version control is standard practice for:
- Development environments requiring consistency
- Legacy application support
- Regulated industries with change control requirements
- When preparing production deployment pipelines
The key is implementing it systematically rather than avoiding updates entirely.
Even with version locking, you should periodically check for essential updates:
# Check available updates without installing
sudo yum --disableplugin=versionlock check-update
# Review security advisories
sudo yum updateinfo list security all