Using RPM
RPM has five basic modes of operation (not counting package building): installing, uninstalling, upgrading, querying, and verifying. This section contains an overview of each mode. For complete details and options try rpm --help, or turn to the Section called Additional Resources for more information on RPM.
Before using an RPM, you must know where to find them. An Internet search will return many RPM repositories, but if you are looking for RPM packages built by Red Hat, they can be found at the following locations:
· The official Red Hat Linux CD-ROMs
· The Red Hat Errata Page available at http://www.redhat.com/apps/support/errata/
· A Red Hat FTP Mirror Site available at http://www.redhat.com/download/mirror.html
· Red Hat Network — See Chapter 33 for more details on Red Hat Network
RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). Installing a package is as simple as logging in as root and typing the following command at a shell prompt:
| rpm -Uvh foo-1.0-1.i386.rpm |
If installation is successful, you will see the following:
| Preparing... ########################################### [100%] 1:foo ########################################### [100%] |
As you can see, RPM prints out the name of the package and then prints a succession of hash marks as the package is installed as a progress meter.
Starting with version 4.1 of RPM, the signature of a package is checked when installing or upgrading a package. If verifying the signature fails, you will see an error message such as:
| error: V3 DSA signature: BAD, key ID 0352860f |
If is it a new, header-only, signature, you will see an error message such as:
| error: Header V3 DSA signature: BAD, key ID 0352860f |
If you do not have the appropriate key installed to verify the signature, the message will contain NOKEY such as:
| warning: V3 DSA signature: NOKEY, key ID 0352860f |
Refer to the Section called Checking a Package's Signature for more information on checking a package's signature.
 | Note |
| | If you are installing a kernel package, you should use rpm -ivh instead. Refer to Chapter 29 for details. |
Installing packages is designed to be simple, but you may sometimes see errors.
If the package of the same version is already installed, you will see:
| Preparing... ########################################### [100%] package foo-1.0-1 is already installed |
If you want to install the package anyway and the same version you are trying to install is already installed, you can use the --replacepkgs option, which tells RPM to ignore the error:
| rpm -ivh --replacepkgs foo-1.0-1.i386.rpm |
This option is helpful if files installed from the RPM were deleted or if you want the original configuration files from the RPM to be installed.
If you attempt to install a package that contains a file which has already been installed by another package or an earlier version of the same package, you will see:
| Preparing... ########################################### [100%] file /usr/bin/foo from install of foo-1.0-1 conflicts with file from package bar-2.0.20 |
To make RPM ignore this error, use the --replacefiles option:
| rpm -ivh --replacefiles foo-1.0-1.i386.rpm |
RPM packages can "depend" on other packages, which means that they require other packages to be installed in order to run properly. If you try to install a package which has an unresolved dependency, you will see:
| Preparing... ########################################### [100%] error: Failed dependencies: bar.so.2 is needed by foo-1.0-1 Suggested resolutions: bar-2.0.20-3.i386.rpm |
If you are installing an official Red Hat, it will usually suggest the package(s) need to resolve the dependency. Find this package on the Red Hat Linux CD-ROMs or from the Red Hat FTP site (or mirror), and add it to the command:
| rpm -ivh foo-1.0-1.i386.rpm bar-2.0.20-3.i386.rpm |
If installation of both packages is successful, you will see:
| Preparing... ########################################### [100%] 1:foo ########################################### [ 50%] 2:bar ########################################### [100%] |
If it does not suggest a package to resolve the dependency, you can try the --redhatprovides option to determine which package contains the required file. You need the rpmdb-redhat package installed to use this options.
| rpm -q --redhatprovides bar.so.2 |
If the package that contains bar.so.2 is in the installed database from the rpmdb-redhat package, the name of the package will be displayed:
| bar-2.0.20-3.i386.rpm |
If you want to force the installation anyway (a bad idea since the package probably will not run correctly), use the --nodeps option.
Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt:
| rpm -e foo |
| | Note |
| | Notice that we used the package name foo, not the name of the original package file foo-1.0-1.i386.rpm. To uninstall a package, you will need to replace foo with the actual package name of the original package. |
You can encounter a dependency error when uninstalling a package if another installed package depends on the one you are trying to remove. For example:
| Preparing... ########################################### [100%] error: removing these packages would break dependencies: foo is needed by bar-2.0.20-3.i386.rpm |
To cause RPM to ignore this error and uninstall the package anyway (which is also a bad idea since the package that depends on it will probably fail to work properly), use the --nodeps option.
Upgrading a package is similar to installing one. Type the following command at a shell prompt:
| rpm -Uvh foo-2.0-1.i386.rpm |
What you do not see above is that RPM automatically uninstalled any old versions of the foo package. In fact, you may want to always use -U to install packages, since it will work even when there are no previous versions of the package installed.
Since RPM performs intelligent upgrading of packages with configuration files, you may see a message like the following:
| saving /etc/foo.conf as /etc/foo.conf.rpmsave |
This message means that your changes to the configuration file may not be "forward compatible" with the new configuration file in the package, so RPM saved your original file, and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly.
Upgrading is really a combination of uninstalling and installing, so during an RPM upgrade you can encounter uninstalling and installing errors, plus one more. If RPM thinks you are trying to upgrade to a package with an older version number, you will see:
| package foo-2.0-1 (which is newer than foo-1.0-1) is already installed |
To cause RPM to "upgrade" anyway, use the --oldpackage option:
| rpm -Uvh --oldpackage foo-1.0-1.i386.rpm |
Freshening a package is similar to upgrading one. Type the following command at a shell prompt:
| rpm -Fvh foo-1.2-1.i386.rpm |
RPM's freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM's freshen option, it will be upgraded to the newer version. However, RPM's freshen option will not install a package if no previously-installed package of the same name exists. This differs from RPM's upgrade option, as an upgrade will install packages, whether or not an older version of the package was already installed.
RPM's freshen option works for single packages or a group of packages. If you have just downloaded a large number of different packages, and you only want to upgrade those packages that are already installed on your system, freshening will do the job. If you use freshening, you will not have to delete any unwanted packages from the group that you downloaded before using RPM.
In this case, you can simply issue the following command:
| rpm -Fvh *.rpm |
RPM will automatically upgrade only those packages that are already installed.
Use the rpm -q command to query the database of installed packages. The rpm -q foo command will print the package name, version, and release number of the installed package foo:
| foo-2.0-1 |
| | Note |
| | Notice that we used the package name foo. To query a package, you will need to replace foo with the actual package name. |
Instead of specifying the package name, you can use the following options with -q to specify the package(s) you want to query. These are called Package Specification Options.
· -a queries all currently installed packages.
· -f <file> will query the package which owns <file>. When specifying a file, you must specify the full path of the file (for example, /usr/bin/ls).
· -p <packagefile> queries the package <packagefile>.
There are a number of ways to specify what information to display about queried packages. The following options are used to select the type of information for which you are searching. These are called Information Selection Options.
· -i displays package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information.
· -l displays the list of files that the package contains.
· -s displays the state of all the files in the package.
· -d displays a list of files marked as documentation (man pages, info pages, READMEs, etc.).
· -c displays a list of files marked as configuration files. These are the files you change after installation to adapt the package to your system (for example, sendmail.cf, passwd, inittab, etc.).
For the options that display lists of files, you can add -v to the command to display the lists in a familiar ls -l format.
Verifying a package compares information about files installed from a package with the same information from the original package. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file.
The command rpm -V verifies a package. You can use any of the Package Selection Options listed for querying to specify the packages you wish to verify. A simple use of verifying is rpm -V foo, which verifies that all the files in the foo package are as they were when they were originally installed. For example:
· To verify a package containing a particular file:
| rpm -Vf /bin/vi |
· To verify ALL installed packages:
| rpm -Va |
· To verify an installed package against an RPM package file:
| rpm -Vp foo-1.0-1.i386.rpm |
· This command can be useful if you suspect that your RPM databases are corrupt.
If everything verified properly, there will be no output. If there are any discrepancies they will be displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name. Each of the eight characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single . (a period) means the test passed. The following characters denote failure of certain tests:
· 5 — MD5 checksum
· S — file size
· L — symbolic link
· T — file modification time
· D — device
· U — user
· G — group
· M — mode (includes permissions and file type)
· ? — unreadable file
If you see any output, use your best judgment to determine if you should remove or reinstall the package, or fix the problem in another way.
Quick Guide to Red Hat's Package Manager (RPM)
Introduction
RPM is a powerful software manager. It can install, remove, query, and verify the software on your system. Rpm is more than a Red Hat specific tool. Many other modern distributions, such as Caldera and SuSe, use rpm too. This document will by no means provide comprehensive coverage of rpm. Instead, it will highlight the subset of options I've found useful in the real world.
For simplicity, I will assume all software on your system has been installed via rpm packages.
Querying Your System
The first thing you should do is look and see what software you have installed on your system. Here is the command to use:
rpm -qa | more
In case you are unfamiliar with the command line, let me break this command down. rpm is the command name. It tells the computer you want to run the rpm program. In unix, the set of letters following a dash (-) is called an option or switch. The -q tells rpm you want the query operation. The following a in the -qa is a modifier for the query option which tells rpm you want to list all the packages. The | more part of the above command is not a feature of rpm at all. It is a standard unix way to show output one page at a time. If this seems confusing, don't worry about it. It'll become second nature soon.
The package info is split into three pieces. The first piece is the package name. The second is the software version number. And, the third is the package build number. All three are seperated by dashes. The package build number is important incase if there is a more recent rpm build of a program with the same version. This happens a lot with the kernel. If you see a package with more than two dashes, like glibc-devel-2.0.6-9, I've found it is easiest to start on the right and work left. The package name in this case is glibc-devel.
Lets work with an example. Suppose you query all the packages in your system and see faq-5.0-2. What is it and how can you find out more info? We can query individual packages like this:
rpm -qi faq
The i query option requires a package name. Notice that I used faq and not faq-5.0-2. Rpm is smart enough to use the package name without the version info. Supplying the version info will cause an error (but will not harm your system).
Now that you know what the faq package is, can you see which files it installed on your system? Absolutely!
rpm -ql faq
This command should look similar to the previous one. All we did was replace the i with an l to get a listing of files installed by the faq package.
Installing New Software
Lets look at the command to add new software:
rpm -ivh xsnow-1.40-5.i386.rpm
The -i is the install switch. I like to use the v for verbose messages in case if the installation fails. The h option shows our progress with hash marks. If nothing else, it entertains you while your package is installed.
A variation on an install is an upgrade. An upgrade is used when you want to put a more recent package in place of something that is currently installed (aka upgrade). The upgrade syntax is exactly the same as an install, but you replace the -i with a -U. (Notice it is a capital U) If a new version of xsnow comes out, rpm will take care of removing all the old pieces when you upgrade.
rpm -Uvh xsnow-2.0-1.i386.rpm
One last thing that I should mention is that we are installing binary packages. My Intel chip is not binary compatible with an Alpha and so on. The convention for rpm files is to have the architecture preceding the .rpm extention. Some packages, like man pages, will have noarch in the file name. It means that the package is not dependant on the kind of CPU you have.
Removing Unwanted Software
A major advantage to a packaging system like rpm is its ease to erase software. Here is how you do it:
rpm -e faq
There isn't much more to it. Occationally there may be an error that the package cannot be removed because other software depends on it. We can avoid the dependency check with the --nodeps option.
rpm -e --nodeps faq
I should warn you to think before you do this. Rpm has been smarter than me many times. If you break something, all I can say is you were told so. :-)
Verifying Installed Packages
Package verification is something that I don't use a lot, but its good to know that it exists. Verifying a package compares information about the installed files in the package with information about the files taken from the original package and stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file. Only the discrepencies are displayed. See the man page for more information (Thats where I pulled most of this info).
Why verify at all? If you're up too late and go on a random file deleting spree, it might help you when things don't work. Another more serious use is if you're system has been hacked into. Rpm can verify all of your files to see if you were left backdoors or other surprises. Here is how:
rpm -Va
This command will verify all of the files on your system. The syntax should remind you of how you queried your software. Some of the files it reports will be normal. For example, almost everyone will add a nameserver into /etc/resolv.conf. The file has changed since it was originally installed, but it is not a bad change.
(Disclaimer: If your system security has been compromised, rpm is only one tool to help you. It is not sufficient to only use rpm's verification.)
Advanced Queries
What if you find a file and have no idea what it is or where it came from? Rpm can query that file and show you the package it originated from like this:
rpm -qf /usr/bin/uptime
This command is a little different because it requires the full pathname. Rpm cannot follow symbolic links to a file.
You have looked at files that are already installed, but can you see into a rpm archive? Yes, query with the p option.
rpm -qlp doom-1.8-9.i386.rpm
Notice the -ql is the same as the first section. The third arguement to the command is a little different than before. We used the filename instead of the shorter package name. That is because we are looking into a file, not something that has already been installed.
Common Errors
Sometimes a package is not removed cleanly. Here is the situation, you try to install something and rpm says its already installed. You then try to remove it, and rpm says that is not installed. What can you do?
rpm -ivh --force package-1.0-5.i386.rpm
The --force option is your solution.
Dependencies are generally regarded as a good thing. Rpm has the capability to know if software has such prerequisites. In the real world, not everything on your system can always be from an rpm. If I install the new libxxx without rpm, then I install a rpm which depends on libxxx, it might cause an error and stop. I can use the --nodeps to tell rpm that I don't need it to look out for me.
rpm -ivh --nodeps package-1.0-5.i386.rpm
Now you may be thinking that it sucks that not all software comes in rpm format. The good news is that you can build your own rpms. The bad new is it is beyond the scope of this document. :-) You can find that info in the official RPM HOWTO.
No comments:
Post a Comment