Admin manual warns about this:
When yum is run from the command line and the software origin is “locked”, EPEL and other repositories which are generically compatible with “7” are enabled
That’s why you got additional updates from CLI.
Developer manual gives some explanation.
When NS Release Lock is enabled, CentOS repos are available but they point to a fixed CentOS release (/etc/yum.repos.d/NsReleaseLock.repo
). Repos that don’t support lock to minor release (epel, centos-sclo-rh, centos-sclo-sclo…) are disabled when using Software Center.
Configuration of enabled repositories is stored inside:
/etc/nethserver/pkginfo.conf
: repos with groups listed on Software Center (modules)
/etc/nethserver/eorepo.conf
: repos enabled by software-repos-save event
Note: when a subscription is enabled, NSReleaseLock will be disabled.
Software Center does not use yum command, it makes use of pkginfo
and pkgaction
commands, and they relay on yum’s API (python). When Release Lock is enabled, Software Center gets updates using pkgaction --strict-update
.
# /usr/libexec/nethserver/pkgaction -h
Usage: /usr/libexec/nethserver/pkgaction {<command> {PACKAGE|@GROUP}}...
command: [--install|--update|--strict-update|--remove]
Those helper programs are placed under /usr/libexec
directory tree and, according to the FHS, are not meant to be used directly by users:
/usr/libexec includes internal binaries that are not intended to be executed directly by users or shell scripts.
Long time ago I recall having used pkgaction, but only for testing purposes while troubleshooting some software center related stuff. I don’t recall its usage having any adverse effect, but NethServer developers can shed some light on it.
While those commands are meant for very specific tasks, yum has more options and is more flexible. man yum
and man yum.conf
probe this.
One way to restrict from which repositories your server gets updates when using yum from CLI, is to make use of --enablerepo=
and --disablerepo=
options.
Haven’t looked much into it but to get same updates as Software Center it could suffice with:
yum --disablerepo=\* --enablerepo=ce-\*,nethserver-{base,updates},nethforge update
or (as lock is enabled some repos are disabled; if additional repos were added adjust command accordingly, or take action on repository settings referenced in the manual):
yum --disablerepo=epel,centos-sclo\* update
But updates for packages from EPEL et al. that are already installed shall be checked from time to time.