Cheat Sheet - Package Management with Yum

Undoing package changes with yum

General documentation of the system state both prior to and after patching is always good practice. This should include running package-cleanup with following flags, –orphans, –problems, –dupes, –leaves.

Note: Rollback of selinux, selinux-policy-*, kernel, glibc (dependencies of glibc such as gcc) packages to older version is not supported. Thus, downgrading a system to minor version (ex: RHEL6.1 to RHEL6.0) is not recommended as this might leave the system in undesired state. Use the yum history option for small update rollbacks.

Next, identify the transaction ID that we want to ‘undo’.

yum history

# yum history list
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.

ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
     8 | root <root>              | 2011-10-03 14:40 | Install        |    1   
     7 | root <root>              | 2011-09-21 04:24 | Install        |    1 ##
     6 | root <root>              | 2011-09-21 04:23 | Install        |    1 ##
     5 | root <root>              | 2011-09-16 13:35 | Install        |    1   
     4 | root <root>              | 2011-09-16 13:33 | Erase          |    1   
     3 | root <root>              | 2011-09-14 14:36 | Install        |    1   
     2 | root <root>              | 2011-09-12 15:48 | I, U           |   80   
     1 | System <unset>           | 2011-09-12 14:57 | Install        | 1025  

The transaction ID we are interested in is ‘8’, so move forward with undo step. If you want to see additional information to verify this is transaction interested in, use yum history info 8 prior to doing the undo:

# yum history undo 8
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
Undoing transaction 8, from Mon Oct  3 14:40:01 2011
    Install screen-4.0.3-16.el6.i686
Resolving Dependencies
--> Running transaction check
---> Package screen.i686 0:4.0.3-16.el6 will be erased
--> Finished Dependency Resolution

Dependencies Resolved
================================================================================
 Package          Arch       Version            Repository              Size
================================================================================
Removing:
 screen           i686       4.0.3-16.el6       @rhel-6-server-rpms     783 k

<snip>

Removed:
  screen.i686 0:4.0.3-16.el6
Complete!

To list the change history of one or more packages use the following commands:

# yum history info httpd
yum history summary httpd
yum history info 15

# yum history package-list httpd <package2..n>
OR
# yum history package-info httpd <package2..n>

# yum history undo 2    #will remove package W
# yum history redo 2    #will  reinstall package W
# yum history rollback 2    #will remove packages from X, Y, and Z. 

rpm -q --changelog php
rpm -qi -changelog kernel-2.4.21-63.EL | grep CVE

history [info|list|packages-list|summary|addon-info|redo|undo|rollback|new]

Lookup table:

Action(s) - A list of actions that were performed during a transaction as follows:
D or Downgrade - Package has been downgraded to an older version.
E or Erase - Package has been removed.
I or Install - New package has been installed.
O or Obsoleting - Package has been marked as obsolete.
R or Reinstall - Package has been reinstalled.
U or Update - Package has been updated to a newer version.

Altered - The number of packages that were affected by a yum, as follows:
< - Before the transaction finished, the rpmdb database was changed outside yum.
> - After the transaction finished, the rpmdb database was changed outside yum.
* - The transaction failed to finish.
# - The transaction finished successfully, but yum returned a non-zero exit code.
E - The transaction finished successfully, but an error or a warning was displayed.
P - The transaction finished successfully, but problems already existed in the rpmdb database.
s - The transaction finished successfully, but the -skip-broken command line option was used and certain packages were skipped.