Software Packages and rpm
The RPM Package Manager, originally developed by Red Hat, provides a standard way to package software for distribution. Managing software in the form of RPM packages is much simpler than working with software that has simply been extracted into a ﬁle system from an archive. It lets administrators track which ﬁles were installed by the software package and which ones need to be removed if it is uninstalled, and check to ensure that supporting packages are present when it is installed. Information about installed packages is stored in a local RPM database on each system.
RPM package ﬁles names consist of four elements (plus the .rpm sufﬁx): name-versionrelease.architecture:
- NAME is one or more words describing the contents (coreutils).
- VERSION is the version number of the original software (8.30).
- RELEASE is the release number of the package based on that version, and is set by the packager, who might not be the original software developer (4.el8).
- ARCH is the processor architecture the package was compiled to run on. noarch indicates that this package’s contents are not architecture-speciﬁc (as opposed to x86_64 for 64-bit, aarch64 for 64-bit ARM, and so on).
Only the package name is required for installing packages from repositories. If multiple versions exist, the package with the higher version number is installed. If multiple releases of a single version exist, the package with the higher release number is installed.
Each RPM package is a special archive made up of three components:
- The ﬁles installed by the package.
- Information about the package (metadata), such as the name, version, release, and arch; a summary and description of the package; whether it requires other packages to be installed; licensing; a package change log; and other details.
- Scripts that may run when this package is installed, updated, or removed, or are triggered when other packages are installed, updated, or removed.
Typically, software providers digitally sign RPM packages using GPG keys (Red Hat digitally signs all packages it releases). The RPM system veriﬁes package integrity by conﬁrming that the package was signed by the appropriate GPG key. The RPM system refuses to install a package if the GPG signature does not match.
Updating Software with RPM Packages
To update software, RPM removes the older version of the package and installs the new version. Updates usually retain conﬁguration ﬁles, but the packager of the new version deﬁnes the exact behavior.
In most cases, only one version or release of a package may be installed at a time. However, if a package is built so that there are no conﬂicting ﬁle names, then multiple versions may be installed. The most important example of this is the kernel package. Since a new kernel can only be tested by booting to that kernel, the package is speciﬁcally designed so that multiple versions may be installed at once. If the new kernel fails to boot, the old kernel is still available and bootable.
Examining rpm Packages
The rpm utility is a low-level tool that can get information about the contents of package ﬁles and installed packages. By default, it gets information from the local database of installed packages. However, you can use the -p option to specify that you want to get information about a downloaded package ﬁle. You might want to do this in order to inspect the contents of the package ﬁle before installing it.
The general form of a query is:
# rpm -q [select-options] [query-options]
1. RPM queries: General information about installed package.
rpm -qa: List all installed packages.
rpm -qf FILENAME: Find out what package provides FILENAME.
[user@host ~]$ rpm -qf /etc/yum.repos.d redhat-release-8.0-0.39.el8.x86_64
2. RPM queries: Information about speciﬁc packages.
rpm -q: List what version of the package is currently installed.
[user@host ~]$ rpm -q yum yum-18.104.22.168-4.el8.noarch
rpm -qi: Get detailed information about the package.
rpm -ql: List the ﬁles installed by the package.
[user@host ~]$ rpm -ql yum /etc/yum.conf /etc/yum/pluginconf.d /etc/yum/protected.d /etc/yum/vars /usr/bin/yum /usr/share/man/man1/yum-aliases.1.gz /usr/share/man/man5/yum.conf.5.gz /usr/share/man/man8/yum-shell.8.gz /usr/share/man/man8/yum.8.gz
rpm -qc: List just the conﬁguration ﬁles installed by the package.
[user@host ~]$ rpm -qc openssh-clients /etc/ssh/ssh_config /etc/ssh/ssh_config.d/05-redhat.conf
rpm -qd: List just the documentation ﬁles installed by the package.
[user@host ~]$ rpm -qd openssh clients /usr/share/man/man1/scp.1.gz /usr/share/man/man1/sftp.1.gz /usr/share/man/man1/ssh-add.1.gz /usr/share/man/man1/ssh-agent.1.gz /usr/share/man/man1/ssh-copy-id.1.gz /usr/share/man/man1/sshkeyscan.1.gz /usr/share/man/man1/ssh.1.gz /usr/share/man/man5/ssh_config.5.gz /usr/share/man/man8/ssh-pkcs11-helper.8.gz
rpm -q –scripts: List shell scripts that run before or after the package is installed or removed.
[user@host ~]$ rpm -q --scripts openssh-server preinstall scriptlet (using /bin/sh): getent group sshd >/dev/null || groupadd -g 74 -r sshd || : getent passwd sshd >/dev/null || \ useradd -c "Privilege-separated SSH" -u 74 -g sshd \ -s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || : postinstall scriptlet (using /bin/sh): if [ $1 -eq 1 ] ; then # Initial installation /usr/bin/systemctl preset sshd.service sshd.socket >/dev/null 2>&1 || : fi preuninstall scriptlet (using /bin/sh): if [ $1 -eq 0 ] ; then # Package removal, not upgrade /usr/bin/systemctl --no-reload disable sshd.service sshd.socket > /dev/ null 2>&1|| : /usr/bin/systemctl stop sshd.service sshd.socket > /dev/null 2>&1 || : fi postuninstall scriptlet (using /bin/sh): /usr/bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall /usr/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || : fi
rpm -q –changelog: list change information for the package.
[user@host ~]$ rpm -q --changelog audit * Wed Jan 09 2019 Steve Grubb 3.0-0.10.20180831git0047a6c resolves: rhbz#1655270] Message "audit: backlog limit exceeded" reported - Fix annobin failure * Fri Dec 07 2018 Steve Grubb 3.0-0.8.20180831git0047a6c resolves: rhbz#1639745 - build requires go-toolset-7 which is not available resolves: rhbz#1643567 - service auditd stop exits prematurely resolves: rhbz#1616428 - Update git snapshot of audit package - Remove static libs subpackage ...output omitted...
Querying local package ﬁles:
[user@host ~]$ ls -l wonderwidgets-1.0-4.x86_64.rpm -rw-rw-r--. 1 user user 257 Mar 13 20:06 wonderwidgets-1.0-4.x86_64.rpm [user@host ~]$ rpm -qlp wonderwidgets-1.0-4.x86_64.rpm /etc/wonderwidgets.conf /usr/bin/wonderwidgets /usr/share/doc/wonderwidgets-1.0 /usr/share/doc/wonderwidgets-1.0/README.txt
Installing rpm Packages
The rpm command can also be used to install an RPM package that you have downloaded to your local directory.
[root@host ~]# rpm -ivh wonderwidgets-1.0-4.x86_64.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:wonderwidgets-1.0-4 ################################# [100%] [root@host ~]#
However, the next section of this chapter will discuss a more powerful tool for managing RPM installation and updates from the command line, yum.
NOTE: You can extract ﬁles from an RPM package ﬁle without installing the package. The rpm2cpio utility can pass the contents of the RPM to a special archiving tool called cpio, which can extract all ﬁles or individual ﬁles. Pipe the output of rpm2cpio PACKAGEFILE.rpm into cpio -id, to extract all ﬁles stored in the RPM package. Subdirectory trees are created as needed, relative to the current working directory.
[user@host tmp-extract]$ rpm2cpio wonderwidgets-1.0-4.x86_64.rpm | cpio -id
Individual ﬁles are extracted by specifying the path of the ﬁle:
[user@host ~]$ rpm2cpio wonderwidgets-1.0-4.x86_64.rpm | cpio -id "*txt" 11 blocks [user@host ~]$ ls -l usr/share/doc/wonderwidgets-1.0/ total 4 -rw-r--r--. 1 user user 76 Feb 13 19:27 README.txt
Summary of rpm query Commands
Installed packages can be queried directly with the rpm command. Add the -p option to query a package ﬁle before installation.
|rpm -qa||List all RPM packages currently installed|
|rpm -q NAME||Display the version of NAME installed on the system|
|rpm -qi NAME||Display detailed information about a package|
|rpm -ql NAME||List all files included in a package|
|rpm -qc NAME||List configuration files included in a package|
|rpm -qd NAME||List documentation files included in a package|
|rpm -q –changelog NAME||Show a short summary of the reason for a new package release|
|rpm -q –scripts NAME||Display the shell scripts run on package installation, upgrade, or removal|