How to Exclude Packages from Transactions using DNF in RHEL Linux

The dandified yum (DNF) command is the next-generation version of the YUM package manager for installing, upgrading, and removing packages from Fedora, CentOS, AlmaLinux, and other RHEL-based distributions.

While updating packages in your system, you might not want to allow specific packages from transactions, such as updates, for various reasons, such as bugs or instability in the latest release.

Packages such as Kernel, PHP, MySql, Apache, Nginx, Python, etc., are regularly used on the running server. Updating them into unstable releases might lead to a catastrophe event.

In such an event, it is recommended to pause/hold the update for such packages until a new version or fix is released.

follow of upgrade when package is disabled

For one time or permanently pausing/holding packages from updating to their latest release can be quickly done using the DNF or YUM package manager for RHEL-based distributions such as Fedora, CentOS, AlmaLinux, etc.

Exclude Packages from Update

The DNF command allows you to exclude specific packages from the transaction for a single event using the below command.

$ sudo dnf upgrade --exclude=kernel

The above command updates all the system packages, excluding the kernel packages specified in the --exclude options. Next time, execute the same command if you still want to prevent transactions for the kernel package.

Execute the below command to exclude multiple packages from transactions using the DNF command.

$ sudo dnf upgrade --exclude=kernel --exclude=httpd

The above command will exclude kernel and httpd packages from transactions while updating the system.

Excluding relative packages from transactions can be done quickly. For example, if you want to exclude all the relative packages of Python, such as python-unversioned-command, python-libs, etc. As shown below, you can use a wildcard (e.g., * and ?) to prevent the transaction for all matching packages.

$ sudo dnf upgrade --exclude=python*

The above command will exclude Python and its relative packages from system updates. If you want to exclude multiple related packages of Apache and Python, use the following command.

$ sudo dnf upgrade --exclude=httpd* --exclude=python*

Exclude Packages Update Permanently

You can add the below line to the /etc/yum.conf or /etc/dnf/dnf.conf configuration file to exclude/disable packages from updating until they are manually removed.


You can exclude or prevent multiple packages from updating by specifying each package with space as a separator.

exclude=package1 package2 package3

Adding the above line into the configuration will disable the update for package1, package2, and package3 until they are manually removed from the configuration file.

For example, you want to exclude three packages, Apache, PHP, and MySQL, from the transaction (update). First, open the configuration file using your choice of text editor.

$ nano /etc/yum.conf                       # For YUM Package Manager
$ nano /etc/dnf/dnf.conf                   # For DNF Package Manager

Now, add the below line specified with packages to separate them by space at the end of the configuration file.

exclude=httpd php mysql

Below is the output of the above command.

Excluding packages from the update

Whenever you execute sudo dnf upgrade command will update all the system and manually installed packages except Apache, PHP, and MySQL.


Why should I’ve to exclude packages from updates?

There is no straightforward answer. If you have a small site with limited users, you do not have to worry about package updates. But mammoth-sized organisations run multiple nodes on the server, where the update of packages can cause serious issues. These packages are usually not compatible or have major configuration changes, etc.

What type of packages should be excluded?

If you think about the production environment, you might be using httpd (Apache), PHP, and MySQL packages for running websites. Now an improper update in these packages can cause a server error. It is recommended that you first check the update effect on the development environment before enrolling in the production environment.

I’ve updated the packages and the server is down

In such cases, if you have a backup or snapshot, then roll back to the older version.

Oops, I don’t even have a backup or snapshot

You are really careless or taking things too lightly. However, in this case, the reconfiguration with the latest release will do the job unless there are several changes. Otherwise, rolling back to the previous version and excluding the package update for a while will be a good idea.

I hope this guide will be useful for you. If you have any queries, let us know in the comment section.

Leave a Reply