Linux RPM - Package Management

 

Linux RPM - Package Management

 


Contents

  1. Overview
  2. Importing Keys
  3. Verifying Signature of Packages
  4. Finding RPM Packages
  5. Installing
  6. Package Already Installed
  7. Conflicting Files
  8. Unresolved Dependency
  9. Uninstalling
  10. Upgrading
  11. Freshening
  12. Querying
  13. Verifying

 


 

Package Management Tool

To add, update, and remove software packages from a Linux system, you can use the rpm command, or the Package Management Tool (PMT), which is a GUI frontend to the rpm command. The PMT requires X-windows.

Execute PMT from a menu....

Main Menu Button | System Settings | Add/Remove Applications

...or from a commandline...

redhat-config-packages

Packages are divided into package groups, which contain a list of standard packages and extra packages that share common functionality. Standard packages can not be selected for removal unless the entire package group is removed.

If you use Nautilus to browse the files and directories on your computer, you can also use it to install packages. In Nautilus, go to the directory that contains an RPM package (they usually end in .rpm), and double-click on the RPM icon.

 


RedHat Package Manager

The RedHat Package Manager (RPM) is an open packaging system, distributable under the terms of the GPL.

RPM maintains a database of installed packages and their files, so you can invoke powerful queries and verifications on your system. During upgrades, RPM handles configuration files carefully, so that you never lose your customizations - something that you will not accomplish with regular .tar.gz files.

For the developer, RPM allows you to take software source code and package it into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create. This clear delineation between "pristine" sources and your patches along with build instructions eases the maintenance of the package as new versions of the software are released.

Because RPM makes changes to your system, be root in order to install, remove, or upgrade an RPM package.

 


Finding RPM Packages

RPM repositories built by Red Hat can be found at:

 


Installing

RPM packages typically have file names like...

foo-1.0-1.i386.rpm

...corresponding to...

package_name-version-release.architecture

To install a package:

rpm -Uvh foo-1.0-1.i386.rpm

If installation is successful, you will see the following:

Preparing...  ########################################### [100%]
1:foo         ########################################### [100%]

The signature of a package is checked when installing or upgrading a package. If verifying the signature fails, you will see an error message such as:

error: V3 DSA signature: BAD, key ID 0352860f

If is it a new, header-only, signature, you will see an error message such as:

 error: Header V3 DSA signature: BAD, key ID 0352860f

If you do not have the appropriate key installed to verify the signature, the message will contain NOKEY such as:

 warning: V3 DSA signature: NOKEY, key ID 0352860f

If you are installing a kernel package, you should use rpm -ivh instead. Installing packages is designed to be simple, but you may sometimes see errors.

 

Package Already Installed

If the package of the same version is already installed, you will see:

Preparing...        ########################################### [100%]
package foo-1.0-1 is already installed

If you want to install the package anyway and the same version you are trying to install is already installed, you can use the --replacepkgs option, which tells RPM to ignore the error:

rpm -ivh --replacepkgs foo-1.0-1.i386.rpm

This option is helpful if files installed from the RPM were deleted or if you want the original configuration files from the RPM to be installed.

 

Conflicting Files

If you attempt to install a package that contains a file which has already been installed by another package or an earlier version of the same package, you will see:

Preparing...      ########################################### [100%]
file /usr/bin/foo from install of foo-1.0-1 conflicts with file from package bar-2.0.20

To make RPM ignore this error, use the --replacefiles option:

rpm -ivh --replacefiles foo-1.0-1.i386.rpm

 

Unresolved Dependency

RPM packages can "depend" on other packages, which means that they require other packages to be installed in order to run properly. If you try to install a package which has an unresolved dependency, you will see:

Preparing...        ########################################### [100%]
error: Failed dependencies: bar.so.2 is needed by foo-1.0-1
       Suggested resolutions: bar-2.0.20-3.i386.rpm

If you are installing an official Red Hat, it will usually suggest the package(s) need to resolve the dependency. Find this package on the Red Hat Linux CD-ROMs or from the Red Hat FTP site (or mirror), and add it to the command:

rpm -ivh foo-1.0-1.i386.rpm bar-2.0.20-3.i386.rpm

If installation of both packages is successful, you will see:

Preparing...       ########################################### [100%]
1:foo              ########################################### [ 50%]
2:bar              ########################################### [100%]

If it does not suggest a package to resolve the dependency, you can try the --redhatprovides option to determine which package contains the required file. You need the rpmdb-redhat package installed to use this options.

rpm -q --redhatprovides bar.so.2

If the package that contains bar.so.2 is in the installed database from the rpmdb-redhat package, the name of the package will be displayed:

bar-2.0.20-3.i386.rpm

If you want to force the installation anyway (a bad idea since the package probably will not run correctly), use the --nodeps option.

 


Uninstalling

To uninstall a package:

rpm -e foo

Notice that we used the package name foo, not the name of the original package file foo-1.0-1.i386.rpm. To uninstall a package, you will need to replace foo with the actual package name of the original package.

You can encounter a dependency error when uninstalling a package if another installed package depends on the one you are trying to remove. For example:

Preparing...       ########################################### [100%]
error: removing these packages would break dependencies:
       foo is needed by  bar-2.0.20-3.i386.rpm

To cause RPM to ignore this error and uninstall the package anyway (which is also a bad idea since the package that depends on it will probably fail to work properly), use the --nodeps option.

 


Upgrading

To upgrade a package:

rpm -Uvh foo-2.0-1.i386.rpm

What you do not see above is that RPM automatically uninstalled any old versions of the foo package. In fact, you may want to always use -U to install packages, since it will work even when there are no previous versions of the package installed.

Since RPM performs intelligent upgrading of packages with configuration files, you may see a message like the following:

 saving /etc/foo.conf as /etc/foo.conf.rpmsave

This message means that your changes to the configuration file may not be "forward compatible" with the new configuration file in the package, so RPM saved your original file, and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly.

Upgrading is really a combination of uninstalling and installing, so during an RPM upgrade you can encounter uninstalling and installing errors, plus one more. If RPM thinks you are trying to upgrade to a package with an older version number, you will see:

 package foo-2.0-1 (which is newer than foo-1.0-1) is already installed

To cause RPM to "upgrade" anyway, use the --oldpackage option:

rpm -Uvh --oldpackage foo-1.0-1.i386.rpm

 


Freshening

To freshen a package:

rpm -Fvh foo-1.2-1.i386.rpm

RPM's freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM's freshen option, it will be upgraded to the newer version. However, RPM's freshen option will not install a package if no previously-installed package of the same name exists. This differs from RPM's upgrade option, as an upgrade will install packages, whether or not an older version of the package was already installed.

RPM's freshen option works for single packages or a group of packages. If you have just downloaded a large number of different packages, and you only want to upgrade those packages that are already installed on your system, freshening will do the job. If you use freshening, you will not have to delete any unwanted packages from the group that you downloaded before using RPM.

In this case, you can issue the following command:

rpm -Fvh *.rpm

RPM will automatically upgrade only those packages that are already installed.

 


Querying

Use the rpm -q command to query the database of installed packages. The rpm -q foo command will print the package name, version, and release number of the installed package foo:

 foo-2.0-1

Notice that we used the package name foo. To query a package, you will need to replace foo with the actual package name.

Instead of specifying the package name, you can use the following options with -q to specify the package(s) you want to query. These are called Package Specification Options.

-a Query all currently installed packages.
-f <file> Query the package which owns <file>. When specifying a file, specify the full path of the file (for example, /usr/bin/ls).
-p <packagefile> Query the package <packagefile>.

There are a number of ways to specify what information to display about queried packages. The following options are used to select the type of information for which you are searching. These are called Information Selection Options.

-i Display package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information.
-l Display the list of files that the package contains.
-s Display the state of all the files in the package.
-d Display a list of files marked as documentation (man pages, info pages, READMEs, etc.).
-c Display a list of files marked as configuration files. These are the files you change after installation to adapt the package to your system (for example, sendmail.cf, passwd, inittab, etc.).

For the options that display lists of files, you can add -v to the command to display the lists in a familiar ls -l format.

 


Verifying

Verifying a package compares information about files installed from a package with the same information from the original package. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file.

The command rpm -V verifies a package. You can use any of the Package Selection Options listed for querying to specify the packages you wish to verify. A simple use of verifying is rpm -V foo, which verifies that all the files in the foo package are as they were when they were originally installed. For example:

If everything verified properly, there will be no output. If there are any discrepancies they will be displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name. Each of the eight characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single . (a period) means the test passed. The following characters denote failure of certain tests:

If you see any output, use your best judgment to determine if you should remove or reinstall the package, or fix the problem in another way.

 


Package Signatures

To verify that a package has not been corrupted or tampered with...

rpm -K --nogpg <rpm-file>

You will see the message <rpm-file>: md5 OK, which means that the file was not corrupted by the download. To see a more verbose message, replace -K with -Kvv in the command.

On the other hand, how trustworthy is the developer who created the package? If the package is signed with the developer's GnuPG key, you will know that the developer really is who they say they are.

An RPM package can be signed using Gnu Privacy Guard (or GnuPG), to help you make certain your downloaded package is trustworthy.

GnuPG is a tool for secure communication; it is a complete and free replacement for the encryption technology of PGP, an electronic privacy program. With GnuPG, you can authenticate the validity of documents and encrypt/decrypt data to and from other recipients. GnuPG is capable of decrypting and verifying PGP 5. x files, as well.

During the installation of Red Hat Linux, GnuPG is installed by default. That way you can immediately start using GnuPG to verify any packages that you receive from Red Hat. First, you will need to import Red Hat's public key.

 


Importing Keys

To verify official Red Hat packages, import the Red Hat GPG key:

rpm --import /usr/share/rhn/RPM-GPG-KEY

To display a list of all keys installed for RPM verification, execute the command:

rpm -qa gpg-pubkey*

For the Red Hat key, the output will include:

gpg-pubkey-db42a60e-37ea5438

To display details about a specific key, use rpm -qi followed by the output from the previous command:

rpm -qi gpg-pubkey-db42a60e-37ea5438

 


Verifying Signature of Packages

To check the GnuPG signature of an RPM file after importing the builder's GnuPG key, use the following command (replace <rpm-file> with filename of the RPM package):

rpm -K <rpm-file>

If all goes well, you will see the message: md5 gpg OK. That means that the signature of the package has been verified and that it is not corrupt.

 


Removing Packages

To remove all the package installed within a package group, uncheck the checkbox beside it. To remove individual packages, click the Details button beside the package group and uncheck the individual packages.

When you are finished selecting packages to remove, click the Update button in the main window. The application computes the amount of disk space that will be freed as well as the software package dependencies. If other packages depend on the packages you selected to remove, they will be automatically added to the list of packages to be removed. Click the >Show Details button to view the list of packages to be removed.

Package Removal Summary

Click Continue to start the removal process. When it is finished, an Update Complete message will appear.

You can combine the installation and removal of packages by selecting package groups/packages to be installed/removed and then clicking Update. The Completed System Preparation window will display the number of packages to be installed and removed.

 


Impressing Your Friends with RPM

RPM is a useful tool for both managing your system and diagnosing and fixing problems. The best way to make sense of all of its options is to look at some examples.


 

Home