DNF exclude

Hi,
I need to exclude several packages from DNF transactions.

Easy way to do that is to append

exclude=pkg1,pkg2,pkg3

to /etc/dnf/dnf.conf

That works as expected, but is far from the ideal usage I seek.

I administer dozens of machines, which has different needs for the excluded packages.
(= the list of excluded packages differ between machines)
Each excluded package is managed by a standalone script dealing with the specific OS functionality area.
Which makes is very very ugly to maintain that one line in /etc/dnf/dnf.conf.


I’d like to split the /etc/dnf/dnf.conf to multiple files, e.g.:

/etc/dnf/dnf.conf
/etc/dnf/dnf.conf.d
/etc/dnf/dnf.conf.d/exclude-pkg1.conf
/etc/dnf/dnf.conf.d/exclude-pkg2.conf
/etc/dnf/dnf.conf.d/exclude-pkg3.conf

This way I could avoid tainting the default configuration file (which I want to be maintained by the dnf package).
And each script would work with it’s own specific config file, which would both save me the ugliness of re-writing the line in each script, and make it easier to read and understand.

I wasn’t successful in splitting the config file.


On top of that, it seems that the exclude option for DNF works on “last occurrence wins” basis.
Which IMO makes sense for single-value options, but not for additive-value options.
So in configuration like this:

[main]
exclude=pkg1
exclude=pkg2

the last occurrence of specification of the exclude option wins and invalidates all its previous occurrences, effectively applying only the exclude=pkg2, while ignoring exclude=pkg1.

Without this solved, I’d avoid tainting of the default config file, but the ugliness of several scripts (and sometimes humans too) fighting over rewriting that single config line will remain.


I believe I am using the exclude for years, but I wasn’t able to find it in dnf or dnf.conf manpage, only here: DNF Command Reference — DNF @DNF_VERSION@-1 documentation

-x <package-file-spec>, --exclude=<package-file-spec>
Exclude packages specified by <package-file-spec> from the operation.

--excludepkgs=<package-file-spec>
Deprecated option. It was replaced by the --exclude option.

All other sources I’ve come by use the excludepkgs variant.
Not sure whether they behave differently.

Personally I have rarely needed exclude and then only until a package is fixed.
I wonder if this is worth the trouble of implementing if my experience is common?
The current dnf version is due to be replaced with the new dnf5.
I do not know if dnf5 changes this handling, may be worth you checking that out.

If running the updates via script, why not have one script used for updates that adds in the appropriate --exclude=... into the dnf update command for each differing system. Your script could select the proper exclude line to add for that specific host.

This single script could be used for all machines with an if clause to select the proper dnf command line to use for the specific host.

One script, maintained at one location, pushed out to all the hosts when changes are made.

This eliminates the changes to /etc/dnf/dnf.conf and the need to make changes on each individual host.