The rpm command is used to manage software applications and system modules for Red Hat, Fedora, CentOS, Suse and many other Linux distributions.
Step One: Import Red Hat and Fedora GPG signature keys:
View your public key: (RHEL5)
[root@yoserver2 ~]# rpm -qa gpg-pubkey gpg-pubkey-ed555983-3457f7f3 [root@yoserver2 ~]# rpm -qi gpg-pubkey-ed555983-3457f7f3 ... ...(Thus already installed. Your system is ready.)
Remove your public key: (RHEL5)
[root@yoserver2 ~]# rpm -e gpg-pubkey-ed555983-3457f7f3
Install public key: (Red Hat package up2date - now depricated. Use YUM.)
[root@yoserver2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY [root@yoserver2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY-fedoraDo this once to configure RPM so that you won't constantly get the warning message that the signature is "NOKEY".
The purpose is to protect you from using a corrupt or hacked RPM.
Once these command are performed, you are ready to use the RPM command. (This is also required for the YUM commands below.)
Note: Many GPG public keys for other RPM packages (i.e. MySQL: 0x5072E1F5), can be obtained from http://www.keyserver.net/.
(The following RPM installation warning will inform you of the key to obtain: warning: MySQL-XXXX.rpm: V3 DSA signature: NOKEY, key ID 5072e1f5)
Importing a new key from key server:
- gpg --keyserver keyserver.veridis.com --recv-key 5072e1f5
- gpg --export -a 5072e1f5 > pubkey_mysql.asc
- rpm --import pubkey_mysql.asc
Step Two: RPM commands and their use
RPM Command Description rpm -qilp program_package-ver.rpm Query for information on package and list destination of files to be installed by the package.
You can also use the Gnome GUI program file-roller to view and read the contents of an RPM. Great tool for inspecting an RPM package and reading the package documentation before you decide to install the package.
rpm2cpio - < program_package-ver.rpm | cpio -id ./path/and/file-name Extract a single file (with path) from the RPM package to the local directory. rpm -Uvh program_package-ver.rpm Upgrade the system with the RPM package rpm -ivh program_package-ver.rpm New Install rpm -Fvh program_package-ver.rpm Freshen install. Removes all files (including config files) of older version during upgrade. rpm -q program_package Query system RPM database (/var/lib/rpm), to see if package is installed. rpm -qi program_package Query system RPM database for info/description on package (if installed) rpm -ql program_package List all files on the system associated with the package. rpm -qf file Identify the package to which this file belongs. rpm -e program_package Uninstall package from your system rpm -qa List ALL packages on your system. Use this with grep to find families of packages. rpm -qp --requires program_package-ver.rpm List dependancies (files and packages) of RPM. List prerequisites. rpm -q --whatrequires program_package List dependant packages of RPM. What packages will break if this RPM is removed. rpm -K --nogpg *.rpm Non sure if RPM downloaded ok? Verify md5 sum. RPM Flag Description --nodeps RPM flag to force install even if dependency requirements are not met. --force Overwrite of other packages allowed. --notriggers Don't execute scripts which are triggered by the installation of this package. --root /directory-name Use the system chrooted at /directory-name. This means the database will be read or modified under /directory-name. (Used by developers to maintain multiple environments) --ignorearch Allow installation even if the architectures of the binary RPM and host don't match. This is often required for RPM's which were assembled incorrectly
- Fedora RPM downloads: http://archives.fedoraproject.org/pub/archive/fedora/linux/releases/##/Fedora/arch/os/Packages/
Use your browser, wget, curl (downloads using http, https, ftp, ...) or ftp the site download.fedora.redhat.com (login: anonymous, password: your-email-address).
- Many times, (like with glibc library or Netscape RPMs etc)
it is necessary to mention two or more packages on the command line.
The rpm command will account for the co-dependency of the packages. i.e.:
- rpm -ivh abc-package1-i386.rpm abc-package2-i386.rpm abc-package3-i386.rpm
- Configuration information is stored in /var/lib/rpm
- Database of descriptive package info. RPM package rpmdb-redhat.
Installs database of all packages in distributions to make RPM more informative.
- When installing additional RPM's from the Red Hat CD, cd to the
RPMS directory on the CD which contains the packages to be installed.
- Building from a "src" (source) RPM: rpmbuild --rebuild package-name.src.rpm
The source will be placed in /usr/src/redhat/RPMS/....
The command then performs a prep, compile, install and finally creates a new binary RPM package. Use option --clean for cleanup.
The command rpmbuild --showrc package-name.src.rpm shows options to be used as specified in rpmrc and macros configuration file(s).
The source RPMs are not in the RPM database and will not be seen with "rpm -qa
- [Potential Pitfall]: If you get the errors:
error: cannot get exclusive lock on /var/lib/rpm/Packages
error: cannot open Packages index using db3 - Operation not permitted (1)
error: cannot open Packages database in /var/lib/rpm
- Who are you logged in as?: whoami
You must be root.
- File permissions: ls -l /var/lib/rpm/Packages
File must be owned by root.
- Command to kill processes locking file: fuser -k /var/lib/rpm/Packages
It is best to terminate processes by exiting program (like glint) normally if possible.
- [Potential Pitfall]: If you get the errors:
[root]# rpm -e package-name error: "package-name-X.X.X-X" specifies multiple packagesThis is because a package is doubly listed: (Often due to dual 32/64 bit architectures such as the AMD Athelon/Opteron and Intel EM64T - Extended Memory 64 Technology)
[root]# rpm -q package-name package-name-X.X.X-X
- [Potential Pitfall]: You try
and install an
RPM but you can not get the appropriate version of the run time
libraries because they are too old and not present on your system or
you get a runtime error:
/usr/bin/ld: cannot find /lib/libxx.so.1.0.4
Here is how to install some old libraries on your newer system without corrupting your current installation.
- First force the installation of the RPM without the dependency requirement: rpm --nodeps -ivh xxxx-...rmp.
- Next download an old RPM of the appropriate library, i.e. glibc-x.x.x.rpm
- Extract the libraries from the RPM: rpm2cpio glibc-x.x.x.rpm | cpio -idv
This will install to your current directory: ./usr/lib/.. and ./lib/...
- Manually copy the library file to the library directory or path accessible by LD_LIBRARY_PATH or ldconfig: i.e.
- cp ./lib/libxx.so.1.0.4 /lib/libxx.so.1.0.4
Useful man pages:
- rpm - Red Hat Package Manager
- rpmbuild - Build/create an RPM package.
- redhat-config-packages - RH 8.0 GUI
- RPM HowTo.
- RPM.org Home Page
- Alien - package converter between rpm, dpkg, stampede slp, and slackware tgz file formats.
- CheckInstall - Create packages for RPM (Red Hat, Fedora, Suse), Debian or Slackware for install and uninstall.
Select the red dot and exclamation mark icon on the toolbar to launch up2date and follow the GUI. One may also use the command line if managing a remote server.
Execute the following commands (in order given) to perform an automatic system update:
- /usr/bin/rhn_register :You must first register your system with the Red Hat database. This command will perform a hardware inventory and reporting of your system so that Red Hat knows which software to load to match your needs.
- /usr/bin/up2date-config :This allows you to configure the "up2date" process. It allows you to define directories to use, actions to take (i.e. download updates, install or not install, keep RPM's after install or not), network access (i.e. proxy configuration), use of GPG for package verification, packages or files to skip, etc. Use of GPG requires the Red Hat public key: rpm -import /usr/share/rhn/RPM-GPG-KEY
- /usr/sbin/up2date :This command will perform an audit of RPM's on your system and discover what needs to be updated. It gives you a chance to unselect packages targeted for upgrade. It will download RPM packages needed, resolve dependencies and perform a system update if requested.
[Potential Pitfall]: This works quite well but it is not perfect. Red Hat 7.1 Apache upgrade to 1.3.22 changed the configuration completely. (Beware. manual clean-up and re-configuration is required). When up2date finds the first messed up dependency it stops to tells you. You then have to unselect the package. It then starts again from the beginning.
Installing a new package with up2date: up2date package-name
The package name is given without the version number. If the package is not currently installed, it will be downloaded and installed, along with any dependencies that package requires.
Command line options (partial list) for up2date:
Option Description --nox Do not display the GUI interface. -u
Completely update the system -h
Display command line arguments -v
Print more info about what up2date is doing --showall Show a list of all packages available for your release of Red Hat Linux, including those not currently installed.
Also see man pages for:
- Update in console mode (no GUI): up2date --nox --update
- Configuration file for up2date: /etc/sysconfig/rhn/up2date
- System id and configuration info held in XML format for up2date: /etc/sysconfig/rhn/systemid
- The default download directory for up2date is /var/spool/up2date/. RPM packages and support files are downloaded to this directory.
- An automated alert to the need to update utilizes the rhnsd which can be started by issuing the command: /etc/rc.d/init.d/rhnsd start
YUM (Yellowdog Updater, Modified) is a client command line application for updating an RPM based system from an internet repository (YUM "yum-arch" server) accessible by URL (http://xxx, ftp://yyy or even file://zzz local or NFS). The YUM repository has a directory of the headers with RPM info and directory path information. YUM will resolve RPM package dependencies and manage the importation and installation of dependencies.
YUM is also capable of upgrading across releases. One can upgrade Red Hat Linux 7 and 8 to 9. Red Hat 8 and 9 can be upgraded to Fedora Core. See Fedora YUM release upgrades or upgrade Redhat 6 to 7. Note that RHEL6 is the first release of the enterprise product which can be upgraded to the next release.
YUM config file: /etc/yum.conf (CentOS 5)
[main] cachedir=/var/cache/yum keepcache=0 debuglevel=2 logfile=/var/log/yum.log distroverpkg=redhat-release tolerant=1 exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 bugtracker_url=http://bugs.centos.org/yum5bug # Note: yum-RHN-plugin doesn't honor this. metadata_expire=1h installonly_limit = 5 # PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.dYou may list packages you wish NOT to update (Space delimited list. '*' wildcards allowed.): exclude=package-name
(i.e. On x86_64 I do not update firefox or mozplugger with the 64 bit version, I use the 32 bit version so that 32 bit plugins will work.)
Set "gpgcheck=0" to avoid the signature check.
For the option "gpgcheck=1" to work, use the "rpm --import GPG-KEY commands as detailed above in section one of the RPM tutorial.
[root@server2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY
[root@server2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora
File: /etc/yum.repos.d/CentOS-Base.repo (CentOS 5)
[base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 ... ...Mirror site/sites which contain base configuration RPM's are listed.
Other protocols such as ftp can be used as well as http.
- releasever: Release Version - current version of Fedora.
- basearch: Base Architecture - system hardware architecture i.e. i386
Add other repositories: (not included in default install)
- EPEL: Extra Packages for Enterprise Linux
Create file: /etc/yum.repos.d/epel.repo
[epel] name=Extra Packages for Enterprise Linux 5 - $basearch #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch failovermethod=priority enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL [epel-debuginfo] name=Extra Packages for Enterprise Linux 5 - $basearch - Debug #baseurl=http://download.fedoraproject.org/pub/epel/5/$basearch/debug mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-debug-5&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL gpgcheck=1 [epel-source] name=Extra Packages for Enterprise Linux 5 - $basearch - Source #baseurl=http://download.fedoraproject.org/pub/epel/5/SRPMS mirrorlist=http://mirrors.fedoraproject.org/mirrorlist?repo=epel-source-5&arch=$basearch failovermethod=priority enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL gpgcheck=1Adding FreshRPM GPG signature key:
- [root@server2 ~]# rpm --import http://download.fedora.redhat.com/pub/fedora/linux/extras/RPM-GPG-KEY-Fedora-Extras
- Add FreshRPM repository site to your list for downloads of non-standard Fedora software.
(Software not released by Red Hat like DVD players, audio encoders/rippers, etc)
Create file: /etc/yum.repos.d/freshrpms.repo
[freshrpms] name=Fedora Linux $releasever - $basearch - freshrpms baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms enabled=0 gpgcheck=1To directly enable a particular repository which is currently disabled (enabled=0): yum -y --enablerepo=freshrpms install kino
Adding FreshRPM GPG signature key:
- [root@server2 ~]# rpm --import http://freshrpms.net/packages/builds/yum/RPM-GPG-KEY.freshrpms
- Add: RpmForge.org (add by installing RPM with RpmForge configuration: rpmforge-release-xxxx.rpm)
Installs file: /etc/yum.repos.d/rpmforge.repo
[rpmforge] name = RHEL $releasever - RPMforge.net - dag baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge enabled = 1 protect = 0 gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag gpgcheck = 1Required keys and support files are included in the RPM.
- [root@server2 ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
- Add: Macromedia.mplug.org
Create file: /etc/yum.repos.d/flash.repo
[flash] name=Macromedia Flash plugin baseurl=http://macromedia.mplug.org/apt/fedora/$releasever http://sluglug.ucsc.edu/macromedia/apt/fedora/$releasever http://ruslug.rutgers.edu/macromedia/apt/fedora/$releasever http://macromedia.rediris.es/apt/fedora/$releasever enabled=0 #gpgcheck=1To directly enable a particular repository which is currently disabled (enabled=0): yum -y --enablerepo=flash install flash-plugin
- Fedora examples (more repositories: Jpackage, ...)
Registering Red Hat Enterprise Linux to enable YUM repository use:Commands:
- rhn_register: GUI to enter user account and "Installation Number". Must purchase a license to get this.
- rhnreg_ks: Register a login/user account
Using YUM and YUM examples:
- List packages which will be updated: yum check-update
(Does not perform an update)
- Update all packages on your system: yum update
- Update a package: yum update package-name
- Update all with same prefix: yum update package-name-prefix\*
This command will update your system. It will interactively ask permission. i.e. "Is this ok [y/N]:"
- To avoid the prompt/questions use the command: yum -y update
# yum -y update Setting up Update Process Setting up Repos base 100% |=========================| 1.1 kB 00:00 updates-released 100% |=========================| 951 B 00:00 Reading repository metadata in from local files base : ################################################## 2852/2852 primary.xml.gz 100% |=========================| 367 kB 00:02 MD Read : ################################################## 927/927 updates-re: ################################################## 927/927 Excluding Packages in global exclude list Finished Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for mod_dav_svn to pack into transaction set. mod_dav_svn-1.1.4-1.1.x86 100% |=========================| 8.9 kB 00:00 ---> Package mod_dav_svn.x86_64 0:1.1.4-1.1 set to be updated ---> Downloading header for initscripts to pack into transaction set. initscripts-7.93.7-1.x86_ 100% |=========================| 87 kB 00:00 ---> Package initscripts.x86_64 0:7.93.7-1 set to be updated ---> Downloading header for gtk2 to pack into transaction set. ... ... --> Running transaction check Dependencies Resolved Transaction Listing: Install: aqhbci.x86_64 0:1.0.2beta-0.fc3 - updates-released Install: aqhbci-devel.x86_64 0:1.0.2beta-0.fc3 - updates-released Install: kernel.x86_64 0:2.6.11-1.14_FC3 - updates-released ... ... Performing the following to resolve dependencies: Install: aqbanking-devel.x86_64 0:1.0.4beta-0.fc3 - updates-released Install: gwenhywfar-devel.x86_64 0:1.7.2-0.fc3 - updates-released Total download size: 431 M Downloading Packages: (1/168): mod_dav_svn-1.1. 100% |=========================| 54 kB 00:00 (2/168): initscripts-7.93 100% |=========================| 1.1 MB 00:03 ... ... Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating: libgcc 100 % done 1/333 Updating: libgcc 100 % done 2/333 ... ... Completing update for mod_dav_svn - 169/333 Completing update for initscripts - 170/333 Completing update for gtk2 - 171/333 ... ... Installed: aqhbci.x86_64 0:1.0.2beta-0.fc3 aqhbci-devel.x86_64 0:1.0.2beta-0.fc3 kernel.x86_64 0:2.6.11... Dependency Installed: aqbanking-devel.x86_64 0:1.0.4beta-0.fc3 gwenhywfar-devel.x86_64 0:1.7.2-0.fc3 Updated: ImageMagick.i386 0:188.8.131.52-2.fc3 ImageMagick.x86_64 0:184.108.40.206-2.fc3 ImageMagick-c++.i386 ... ... ... Obsoleted: openhbci.x86_64 0:0.9.17-1 openhbci.i386 0:0.9.17-1 openhbci-devel.x86_64 0:0.9.17-1 Complete! #
[Potential Pitfall]: Many times I have found that I can get the following errors:
Setting up Update ProcessI find that the error is traced to having two version of a package installed at once. The following command will reveal if this is true: rpm -q package-name. If there are two versions of the same package installed, I find that removing the newer version and re-running YUM to install an upgrade gets past these errors.
Setting up repositories
Reading repository metadata in from local files
Could not find update match for package-name ... ... --> Finished Dependency Resolution Error: Missing Dependency: package-name
- List packages which will be updated: yum check-update
- To install a single package: yum -y install package-name
This will also resolve package dependencies.
- Remove a package: yum remove package-name
- List available packages, version and state (base, installed, updates-released): yum list
- List the packages installed which are not available in repository listed in config file: yum list extras
- List packages which are obsoleted by packages in yum repository: yum list obsoletes
- Clean local cache of headers and RPM's: yum clean all
YUM Command Description yum -y install package-name Install package. yum -y install package-name.arch Install package of specified architecture. This is common when installing Firefox "i386" on a "x86_64" platform.
i.e.: yum -y install firefox.i386
yum check-update Show which packages are available to be updated. yum -y update package-name
yum -y update
yum -y --exclude=package-name update
Update all packages on system for which updates are available.
Update all packages which have available updates excluding the specified package.
yum remove package-name
yum remove package-name-1 package-name
yum remove package-name-2
yum clean headers
yum clean cache
yum clean all
Remove RPM header files.
Remove files from YUM cache: /var/cache/yum/
Clean up all YUM files left over from previous installations.
yum list package-name
yum list regex
List information about available packages from configured YUM repository. Will also list those which contain the specified regular expression search pattern. yum list installed [regex-optional] List installed packages. Same as rpm -qa yum list available [regex-optional] List all available packages. yum search partial-package-name List all packages which match the string specied in the package name or description. yum grouplist
yum groupinstall group-name
yum groupremove group-name
yum groupupdate group-name
List available package groups.
Install default packages in specified group.
Remove packages in group.
Update packages in group.
rhn_register Register to a Red Hat Network hosted server. Typically useful for licensed Red Hat Enterprise Linux.
- yum man page
- yum.conf man page
- You can set up your own YUM server for your own cluster or intranet. Set up a web server with the same paths as used in the configuration files and point your configuration files to your server. See YoLinux web server tutorial for configuration information.
- Fedora configures YUM as a daily cron job: /etc/cron.daily/yum.cron
if [ -f /var/lock/subsys/yum ]; then
/usr/bin/yum -R 10 -e 0 -d 0 -y update yum
/usr/bin/yum -R 120 -e 0 -d 0 -y update
Groups go beyond packages and dependancies. It is a collective group of supporting (not dependent) packages and tools.List Yum groups available for installation:
# yum grouplist Installed Groups: Administration Tools Authoring and Publishing Cluster Storage Clustering DNS Name Server Development Tools ... ... ... Available Groups: Beagle Development Libraries Eclipse Educational Software Electronic Lab Fedora Packager FreeNX and NX ... ... ...
Install a group (eg Web Server): yum groupinstall "Web Server"
Remove: yum groupremove "Web Server"
YumEx: (Yum Extender) GUI interface to YUM commands and configuration
YumEx will allow you to manage the RPM packages on your system. It allows the administrator to install/update packages from internet repositories as well as un-install RPMs from the system.