Tweet
Linux Server Package Management
RPM Package Management
RHEL6 has PackageKit Package Manager as GUI tool to install and update packages on the system. PackageKit is the graphical version of yum which is used to install packages from a repository. All these tools are using the core tool to install precompiled RPM Packages (.rpm) the RPM Packet Manager : rpm.
RPM installation
There are two main methods to install RPMs packages on a RHEL6, the first on is install a new package:
Another way is update an installed package (or install the package if it is not installed):
A mention must be done about Kernel Update action: always install the new kernel (rpm -ihv kernel-new.rpm) instead of upgrade the kernel (rpm -Uhv kernel-new.rpm) because if the kernel is upgraded the old kernel is removed and in case of error the old kernel will not be available resulting an unbootable system:
In order to remove a package the following command must be used:
RPM Info
Every action performed by rpm commands is registered on the rpm database on /var/lib/rpm. This database contains the information about what packages are installed, what versions each package is, and any changes to any files in the package since installation, etc . Using the rpm query mode (rpm -q) this information can be queried:
Lists all installed packages.
Identifies the package that installed file.
Identifies the package that provides file.
Lists configuration files from package.
List documentation files from package.
Displays package general information.
Lists all files installed from package.
Lists package dependencies: these packages must be installed in order to get package working correctly.
RPM Package Signature
RPM uses md5sum to verify that the content of the RPM has not been modified (integrity) and GPG to verify the authenticity of the rpm.
Verifies only the rpm md5sum to be sure that the package is intact. The message 'md5 OK' is displayed if package has not been modified.
Verifies the package authenticity and integrity. Previously the package GPG keys must be imported with 'rpm --import'.
RPM Verification
Once the package has been installed rpm can verify that the files installed by the package have not been modified on the system. Verifying an installed package compares information about that package with information from the RPM database when rpm is executed in verify mode (rpm --verify):
Verify all files within a package against a downloaded RPM.
Verify all files associated with a particular package.
Verify a file associated with a particular package.
In the verification process if everything is verified properly, there is no output. If there are any discrepancies, they are reported. The format of the report is a string of eight characters and a file name. The eight characters show the result of a comparison of one attribute of the file to the value recorded in the RPM database. A single period (.) means the test passed. The eight checking are the following:
5 MD5 checksum
S File size
L Symbolic link
T File modification time
D Device
U User
G Group
M Mode
? unreadable file
For example:
S.5....T c /etc/ntp.conf
It means that the ntp.conf file size (S) md5sum (5) and file time modification (T) has been changed since the installation of the package.
RPM Package Management
RHEL6 has PackageKit Package Manager as GUI tool to install and update packages on the system. PackageKit is the graphical version of yum which is used to install packages from a repository. All these tools are using the core tool to install precompiled RPM Packages (.rpm) the RPM Packet Manager : rpm.
RPM installation
There are two main methods to install RPMs packages on a RHEL6, the first on is install a new package:
Code:
$ rpm -ihv package.rpm
Code:
$ rpm -Uhv ftp://site1.example.com/rpms/package.rpm
Code:
rpm -ihv kernel-new.rpm
Code:
rpm -e package.rpm
Every action performed by rpm commands is registered on the rpm database on /var/lib/rpm. This database contains the information about what packages are installed, what versions each package is, and any changes to any files in the package since installation, etc . Using the rpm query mode (rpm -q) this information can be queried:
Code:
rpm -qa
Code:
rpm -qf file
Code:
rpm -q --whatprovides file
Code:
rpm -qc package.rpm
Code:
rpm -qd package.rpm
Code:
rpm -qi package.rpm
Code:
rpm -ql package.rpm
Code:
rpm -qR package.rpm
RPM Package Signature
RPM uses md5sum to verify that the content of the RPM has not been modified (integrity) and GPG to verify the authenticity of the rpm.
Code:
rpm -K --nosignature package.rpm
Code:
rpm --checksig package.rpm
RPM Verification
Once the package has been installed rpm can verify that the files installed by the package have not been modified on the system. Verifying an installed package compares information about that package with information from the RPM database when rpm is executed in verify mode (rpm --verify):
Code:
rpm --verify -a
Code:
rpm --verify -p package.rpm
Code:
rpm --verify --file file
In the verification process if everything is verified properly, there is no output. If there are any discrepancies, they are reported. The format of the report is a string of eight characters and a file name. The eight characters show the result of a comparison of one attribute of the file to the value recorded in the RPM database. A single period (.) means the test passed. The eight checking are the following:
5 MD5 checksum
S File size
L Symbolic link
T File modification time
D Device
U User
G Group
M Mode
? unreadable file
For example:
Code:
$ rpm --verify --file /etc/ntp.conf
It means that the ntp.conf file size (S) md5sum (5) and file time modification (T) has been changed since the installation of the package.