You are here

MariaDB and MySQL package holding or locking

Repositories from your favourite Linux distribution and from your favourite database software vendor get regular package updates. If you do periodic system upgrades (for example every 2 weeks as we do) you get the newest packages of a release series.
Unfortunately recently the software vendors started not only to fix bugs in new releases but also to introduce new features. And when you fix bugs or introduce new stuff new bugs might appear.
To avoid being hit unexpectedly by new bugs you do not want to upgrade untested software. To achieve this you want to keep/not upgrade some important packages. For example the MariaDB or MySQL server package.
This package pinning is called package version lock on CentOS and Redhat and package holding on Debian and Ubuntu.

How you do this I have summarized below:

Debian / Ubuntu

See also apt_preferences (APT pinning) and man 5 apt_preferences

shell> dpkg -l | grep mariadb
ii  libmariadb3:amd64                     3.0.3-1build1                                   amd64        MariaDB Connector/C
ii  mariadb-client-10.4                   1:10.4.11+maria~bionic                          amd64        MariaDB database client binaries
ii  mariadb-client-core-10.4              1:10.4.11+maria~bionic                          amd64        MariaDB database core client binaries
ii  mariadb-common                        1:10.4.11+maria~bionic                          all          MariaDB database common files (e.g. /etc/mysql/conf.d/mariadb.cnf)
ii  mariadb-server-10.4                   1:10.4.11+maria~bionic                          amd64        MariaDB database server binaries
ii  mariadb-server-core-10.4              1:10.4.11+maria~bionic                          amd64        MariaDB database core server files

shell> apt-mark hold galera-4 libmariadb3 mariadb-client-10.4 mariadb-client-core-10.4  mariadb-common mariadb-server-10.4 mariadb-server-core-10.4
galera-4 set on hold.
libmariadb3 set on hold.
mariadb-client-10.4 set on hold.
mariadb-client-core-10.4 set on hold.
mariadb-common set on hold.
mariadb-server-10.4 set on hold.
mariadb-server-core-10.4 set on hold.

shell> apt-mark showhold
galera-4
libmariadb3
mariadb-client-10.4
mariadb-client-core-10.4
mariadb-common
mariadb-server-10.4
mariadb-server-core-10.4

shell> dpkg -l | grep -e mariadb -e galera
hi  galera-4                              26.4.2-bionic                                   amd64        Replication framework for transactional applications
hi  libmariadb3:amd64                     3.0.3-1build1                                   amd64        MariaDB Connector/C
hi  mariadb-client-10.4                   1:10.4.11+maria~bionic                          amd64        MariaDB database client binaries
hi  mariadb-client-core-10.4              1:10.4.11+maria~bionic                          amd64        MariaDB database core client binaries
hi  mariadb-common                        1:10.4.11+maria~bionic                          all          MariaDB database common files (e.g. /etc/mysql/conf.d/mariadb.cnf)
hi  mariadb-server-10.4                   1:10.4.11+maria~bionic                          amd64        MariaDB database server binaries
hi  mariadb-server-core-10.4              1:10.4.11+maria~bionic                          amd64        MariaDB database core server files

shell> apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
  ...
Use 'apt autoremove' to remove them.
The following packages have been kept back:
  galera-4 libmariadb3 mariadb-client-10.4 mariadb-client-core-10.4 mariadb-common mariadb-server-10.4 mariadb-server-core-10.4 netplan.io
The following packages will be upgraded:
  ...
67 to upgrade, 0 to newly install, 0 to remove and 11 not to upgrade.
Need to get 107 MB of archives.
After this operation, 3,876 kB of additional disk space will be used.
Do you want to continue? [Y/n] 

With the command apt-mark unhold you can release pinned packages again.

CentOS / Redhat

To restrict a package to a fixed version number with yum you have to first install the package yum-plugin-versionlock [ man yum-versionlock ]:

shell> yum install yum-plugin-versionlock

To add a version lock for the MariaDB packages:

shell> yum versionlock add MariaDB-server MariaDB-client MariaDB-common MariaDB-compat galera-4
Adding versionlock on: 0:MariaDB-server-10.4.10-1.el7.centos
Adding versionlock on: 0:MariaDB-client-10.4.10-1.el7.centos
Adding versionlock on: 0:MariaDB-common-10.4.10-1.el7.centos
Adding versionlock on: 0:MariaDB-compat-10.4.10-1.el7.centos
Adding versionlock on: 0:galera-4-26.4.3-1.rhel7.el7.centos
versionlock added: 5

To list any available updates that are currently blocked by version lock you can run:

shell> yum versionlock status
0:MariaDB-common-10.4.13-1.el7.centos.*
0:MariaDB-compat-10.4.13-1.el7.centos.*
0:MariaDB-client-10.4.13-1.el7.centos.*
0:MariaDB-server-10.4.13-1.el7.centos.*
0:galera-4-26.4.4-1.rhel7.el7.centos.*
versionlock status done

And to list the current version lock entries:

shell> yum versionlock list
0:MariaDB-server-10.4.10-1.el7.centos.*
0:MariaDB-client-10.4.10-1.el7.centos.*
0:MariaDB-common-10.4.10-1.el7.centos.*
0:MariaDB-compat-10.4.10-1.el7.centos.*
0:galera-4-26.4.3-1.rhel7.el7.centos.*
versionlock list done

With:

shell> yum versionlock delete MariaDB-server

you can remove any matching version lock entries again.

And to clear the whole list of version lock entries use:

yum versionlock clear

If you will do the next yum update you will not see the MariaDB packages in the list any more:

shell> yum update
...

Dependencies Resolved

========================================================================================================================================================
 Package                                      Arch                       Version                                     Repository                    Size
========================================================================================================================================================
Installing:
 kernel                                       x86_64                     3.10.0-1127.18.2.el7                        updates                       50 M
Updating:
 bind-export-libs                             x86_64                     32:9.11.4-16.P2.el7_8.6                     updates                      1.1 M
 bind-libs-lite                               x86_64                     32:9.11.4-16.P2.el7_8.6                     updates                      1.1 M
 bind-license                                 noarch                     32:9.11.4-16.P2.el7_8.6                     updates                       90 k
 binutils                                     x86_64                     2.27-43.base.el7_8.1                        updates                      5.9 M
 ca-certificates                              noarch                     2020.2.41-70.0.el7_8                        updates                      382 k
 dbus                                         x86_64                     1:1.10.24-14.el7_8                          updates                      245 k
 dbus-libs                                    x86_64                     1:1.10.24-14.el7_8                          updates                      169 k
 device-mapper                                x86_64                     7:1.02.164-7.el7_8.2                        updates                      295 k
 device-mapper-libs                           x86_64                     7:1.02.164-7.el7_8.2                        updates                      324 k
 grub2                                        x86_64                     1:2.02-0.86.el7.centos                      updates                       32 k
 grub2-common                                 noarch                     1:2.02-0.86.el7.centos                      updates                      729 k
 grub2-pc                                     x86_64                     1:2.02-0.86.el7.centos                      updates                       32 k
 grub2-pc-modules                             noarch                     1:2.02-0.86.el7.centos                      updates                      850 k
 grub2-tools                                  x86_64                     1:2.02-0.86.el7.centos                      updates                      1.8 M
 grub2-tools-extra                            x86_64                     1:2.02-0.86.el7.centos                      updates                      1.0 M
 grub2-tools-minimal                          x86_64                     1:2.02-0.86.el7.centos                      updates                      174 k
 kernel-tools                                 x86_64                     3.10.0-1127.18.2.el7                        updates                      8.1 M
 kernel-tools-libs                            x86_64                     3.10.0-1127.18.2.el7                        updates                      8.0 M
 libgudev1                                    x86_64                     219-73.el7_8.8                              updates                      107 k
 microcode_ctl                                x86_64                     2:2.1-61.10.el7_8                           updates                      2.7 M
 python-perf                                  x86_64                     3.10.0-1127.18.2.el7                        updates                      8.1 M
 rsyslog                                      x86_64                     8.24.0-52.el7_8.2                           updates                      621 k
 selinux-policy                               noarch                     3.13.1-266.el7_8.1                          updates                      497 k
 selinux-policy-targeted                      noarch                     3.13.1-266.el7_8.1                          updates                      7.0 M
 systemd                                      x86_64                     219-73.el7_8.8                              updates                      5.1 M
 systemd-libs                                 x86_64                     219-73.el7_8.8                              updates                      416 k
 systemd-sysv                                 x86_64                     219-73.el7_8.8                              updates                       94 k
 yum-plugin-fastestmirror                     noarch                     1.1.31-54.el7_8                             updates                       34 k
Removing:
 kernel                                       x86_64                     3.10.0-957.1.3.el7                          @updates                      63 M

Transaction Summary
========================================================================================================================================================
Install   1 Package
Upgrade  28 Packages
Remove    1 Package

Total download size: 105 M

Server restart required: reboot

After you did a full upgrade of all packages typically a server restart is required. Because this causes downtime and service loss we only want to do this if it is really necessary. To find out if a server restart is really required you can run the following commands:

Debian / Ubuntu

shell> cat /var/run/reboot-required

CentOS / Redhat

shell> yum install yum-utils

shell> needs-restarting -r
Core libraries or services have been updated:
  kernel -> 3.10.0-1127.18.2.el7
  systemd -> 219-73.el7_8.8
  dbus -> 1:1.10.24-14.el7_8
Reboot is required to ensure that your system benefits from these updates.

If only some services must be restarted you can see with:

shell> needs-restarting -s
systemd-logind.service
NetworkManager.service
dbus.service
avahi-daemon.service
sshd.service
polkit.service
systemd-udevd.service
tuned.service
systemd-journald.service
firewalld.service