Undoing package changes with yum
General documentation of the system state both prior to and after patching is always good practice. This should include running package-cleanup with following flags, –orphans, –problems, –dupes, –leaves.
Note: Rollback of selinux, selinux-policy-*, kernel, glibc (dependencies of glibc such as gcc) packages to older version is not supported. Thus, downgrading a system to minor version (ex: RHEL6.1 to RHEL6.0) is not recommended as this might leave the system in undesired state. Use the yum history option for small update rollbacks.
Next, identify the transaction ID that we want to ‘undo’.
# yum history list Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. ID | Login user | Date and time | Action(s) | Altered ------------------------------------------------------------------------------- 8 | root <root> | 2011-10-03 14:40 | Install | 1 7 | root <root> | 2011-09-21 04:24 | Install | 1 ## 6 | root <root> | 2011-09-21 04:23 | Install | 1 ## 5 | root <root> | 2011-09-16 13:35 | Install | 1 4 | root <root> | 2011-09-16 13:33 | Erase | 1 3 | root <root> | 2011-09-14 14:36 | Install | 1 2 | root <root> | 2011-09-12 15:48 | I, U | 80 1 | System <unset> | 2011-09-12 14:57 | Install | 1025
The transaction ID we are interested in is ‘8’, so move forward with undo step. If you want to see additional information to verify this is transaction interested in, use yum history info 8 prior to doing the undo:
# yum history undo 8 Loaded plugins: product-id, refresh-packagekit, subscription-manager Updating Red Hat repositories. Undoing transaction 8, from Mon Oct 3 14:40:01 2011 Install screen-4.0.3-16.el6.i686 Resolving Dependencies --> Running transaction check ---> Package screen.i686 0:4.0.3-16.el6 will be erased --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Removing: screen i686 4.0.3-16.el6 @rhel-6-server-rpms 783 k <snip> Removed: screen.i686 0:4.0.3-16.el6 Complete!
To list the change history of one or more packages use the following commands:
# yum history info httpd yum history summary httpd yum history info 15 # yum history package-list httpd <package2..n> OR # yum history package-info httpd <package2..n> # yum history undo 2 #will remove package W # yum history redo 2 #will reinstall package W # yum history rollback 2 #will remove packages from X, Y, and Z. rpm -q --changelog php rpm -qi -changelog kernel-2.4.21-63.EL | grep CVE history [info|list|packages-list|summary|addon-info|redo|undo|rollback|new]
Action(s) - A list of actions that were performed during a transaction as follows: D or Downgrade - Package has been downgraded to an older version. E or Erase - Package has been removed. I or Install - New package has been installed. O or Obsoleting - Package has been marked as obsolete. R or Reinstall - Package has been reinstalled. U or Update - Package has been updated to a newer version. Altered - The number of packages that were affected by a yum, as follows: < - Before the transaction finished, the rpmdb database was changed outside yum. > - After the transaction finished, the rpmdb database was changed outside yum. * - The transaction failed to finish. # - The transaction finished successfully, but yum returned a non-zero exit code. E - The transaction finished successfully, but an error or a warning was displayed. P - The transaction finished successfully, but problems already existed in the rpmdb database. s - The transaction finished successfully, but the -skip-broken command line option was used and certain packages were skipped.