Prevent from updating to 9.2


We are stuck at lest temporarily on 9.1 due to kernel support by third parties. Unfortunately I run today sudo dnf update and it upgraded our server to 9.2 which at the same time updated the kernel.

Is it possible to somehow restrict update in dnf (or freeze the minor version) to make sure nobody upgrades the OS to 9.2?


OS pinning is something supported by RHEL. It is not supported or possible for Rocky, Alma or whatever.

Theoretically, you can edit the /etc/yum.repos.d/*.repo files and change the URL to use the Rocky vault url’s to stop it from being upgraded - assuming of course that they are then fixed to 9.1 and not eg: 9 - else when 9.2 gets moved to the vault, you’ll then end up being upgraded.

Obviously that isn’t recommended to do, so the responsibility for any issues later by using that method wouldn’t be the responsibility of Rocky. Updates are to ensure that a server is secure with the appropriate security patches applied etc.

It’s probably better if anything, just to fix the kernel so that it doesn’t upgrade by excluding it in /etc/dnf/dnf.conf - at least that way you won’t have the kernel upgrade issue, but at least the rest of the system will have updates applied and be more secure.

But there is no pinning for RHEL 9.1, so nobody supports 9.1 any more. Not even with money.

Third parties seem to have a systemic issue.

I mentioned generally, since it’s something RHEL supports - obviously they have EUS versions that don’t apply to all versions. However, looks like it works for me:

[root@rhel9 ~]# subscription-manager release --show
Release not set

[root@rhel9 ~]# subscription-manager release --list
          Available Releases       

[root@rhel9 ~]# subscription-manager release --set=9.1
Release set to: 9.1

[root@rhel9 ~]# subscription-manager release --show
Release: 9.1

for EUS channels, then yes updates will be able to be applied. But I can still pin to a particular version, even if it’s not EUS, it just won’t get any extended updates if it’s not an EUS channel.

1 Like

I saw the old kernel indeed is still installed but the problem is with package kernel-devel - we require certain headers to be present and that package it’s not available for the 9.1 kernel. After the upgrade I can only see 5.14.0-284.11.1.el9_2.x86_64 headers available

Good day,

I have a question that relates to this topic, we went from 9.0 to 9.2 we are having issues with third party also. I need to downgrade to 9.1 I have not found a way that will roll everything back to 9.1. While we do a have a way to lock the version already this was a new build and we did not have the lock in place.

Could you share how did you achieve the version lock?


The version lock is on RHEL - it doesn’t work on Rocky/Alma or any other EL derivatives.

You have to edit the /etc/yum.repos.d/*.repo files manually and change the URL’s to use the Rocky Vault URL’s for where the archived versions of Rocky exist to be able to pin it to 9.1 or whatever. But it’s not recommended to do that as previously mentioned but you have the choice if you so wish :slight_smile:

The vault URL: Index of /vault/rocky/

If you want to prevent dnf from updating the kernel, add in the file /etc/dnf/dnf.conf this line:


Be aware that the kernel will NEVER be updated until you drop this line.

Or if you use the dnf option --disableexcludes==[all|main|]

To prevent updates to certain packages, you could use dnf versionlock.

Install dnf install python3-dnf-plugin-versionlock, then lock packages that you want to avoid upgrading, e.g. kernel dnf versionlock kernel-*. See DNF versionlock Plugin — dnf-plugins-core 4.4.1-1 documentation .

1 Like

Index of /vault/rocky/9.1/ if you go into rocky.repo you will see everything has a variable. osversion release all this stuff you just need to change the baseurl not mirror to this static site url for baseOS, extras, appstream

About a month ago, there was this CIQ webinar which mention version pinning. Maybe there is some information from that webinar that might help you.