Prevent harmful Linux updates with versionlock

On my home machine I run Fedora, a Linux distro famous for being at the cutting-edge of Linux development. My laptop is the Dell XPS 13 which uses some fairly advanced hardware. In Open Source this can be a dangerous combination: older Linux kernels can’t handle my machine’s hardware, and brand new kernels often break it too. Every time I do a software update, I’m walking a tightrope.

The way I handle this is with a package manager plugin called versionlock. It lets me tell the package manager to lock certain packages at their current version and voilĂ ! I can blindly apply all software updates and know that those troublesome packages will not be upgraded.


The versionlock plugin is available for both dnf and yum, so pick which package manager your system is using. For dnf:

$ sudo dnf install python2-dnf-plugins-extras-versionlock


$ sudo dnf install python3-dnf-plugins-extras-versionlock

And for yum:

$ sudo yum install yum-plugin-versionlock

Lock a package

To add a package to the locked list, simply run the package manager program with the versionlock and add commands:

$ sudo dnf versionlock add my-package

The yum version:

$ sudo yum versionlock add my-package

As you can see, the commands for dnf and yum are the same. You can lock multiple packages in one command. Here’s how I prevent my system from upgrading the kernel packages:

$ sudo dnf versionlock add sudo dnf versionlock add kernel kernel-core kernel-devel kernel-modules kernel-modules-extra

List locked packages

To see which packages are locked, use the list command:

$ dnf versionlock list
Last metadata expiration check: 0:00:00 ago on Mon Mar 21 20:58:57 2016.

Unlock a package

To remove one package from the lock list, use delete:

$ sudo dnf versionlock delete my-package

To remove all packages from the lock list, use clear:

$ sudo yum versionlock clear


If you ever forget these commands, you can list the available commands with help:

$ dnf help versionlock
versionlock [add|exclude|list|delete|clear] [<package-nevr-spec>]

Or read the online documentation.

How many installers do you need?

On Fedora I also remove the Gnome Software program (gnome-software package). Whilst it’s useful to be reminded of pending updates via the GUI, any package installed via Gnome Software is not part of the dnf history. That makes it harder when it’s necessary to downgrade or remove a troublesome package.


Managing packages can be a pain, but versionlock makes life easier. If you use Debian or Ubuntu you can use apt-mark hold my-package and apt-mark unhold my-package to similar effect.


David Farrell

David is the founder and editor of An organizer of the New York Perl Meetup, he works for ZipRecruiter as a software developer.

Browse their articles