Using RPM

Finding RPM Packages

Before using any RPM packages, you must know where to find them. An Internet search returns many RPM repositories, but if you are looking for RPM packages built by CentOS, they can be found at the following locations:

• The Community Enterprise Linux CD-ROMs

• The CentOS Errata Page available at http://www.redhat.com/apps/support/errata/
• CentOS Network - Refer to Product Subscriptions and Entitlements for more details on CentOS Network.

Installing

RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). To install a package, log in as root and type the following command at a shell prompt:

rpm -ivh foo-1.0-1.i386.rpm

Alternatively, the following command can also be used:

rpm -Uvh foo-1.0-1.i386.rpm

If the installation is successful, the following output is displayed:

Preparing...                ########################################### [100%]
   1:foo                    ########################################### [100%]

As you can see, RPM prints out the name of the package and then prints a succession of hash marks as a progress meter while the package is installed.

The signature of a package is checked automatically when installing or upgrading a package. The signature confirms that the package was signed by an authorized party. For example, if the verification of the signature fails, an error message such as the following is displayed:

error: V3 DSA signature: BAD, key ID 0352860f

If it is a new, header-only, signature, an error message such as the following is displayed:

error: Header V3 DSA signature: BAD, key ID 0352860f

If you do not have the appropriate key installed to verify the signature, the message contains the word NOKEY such as:

warning: V3 DSA signature: NOKEY, key ID 0352860f

Refer to "Checking a Package's Signature" for more information on checking a package's signature.

If you are installing a kernel package, you should use rpm -ivh instead. Refer to Manually Upgrading the Kernel for details.

Package Already Installed

If a package of the same name and version is already installed, the following output is displayed:

Preparing...                ########################################### [100%]
package foo-1.0-1 is already installed

However, if you want to install the package anyway, you can use the --replacepkgs option, which tells RPM to ignore the error:

rpm -ivh --replacepkgs foo-1.0-1.i386.rpm

This option is helpful if files installed from the RPM were deleted or if you want the original configuration files from the RPM to be installed.

Conflicting Files

If you attempt to install a package that contains a file which has already been installed by another package, the following is displayed:

Preparing...                ########################################### [100%]
file /usr/bin/foo from install of foo-1.0-1 conflicts with file from package bar-2.0.20

To make RPM ignore this error, use the --replacefiles option:

rpm -ivh --replacefiles foo-1.0-1.i386.rpm

Unresolved Dependency

RPM packages may sometimes depend on other packages, which means that they require other packages to be installed to run properly. If you try to install a package which has an unresolved dependency, output similar to the following is displayed:

error: Failed dependencies:
        bar.so.2 is needed by foo-1.0-1
Suggested resolutions:
 bar-2.0.20-3.i386.rpm

If you are installing a package from the Community Enterprise Linux CD-ROM set, it usually suggest the package(s) needed to resolve the dependency. Find the suggested package(s) on the Community Enterprise Linux CD-ROMs or from CentOS Network , and add it to the command:

rpm -ivh foo-1.0-1.i386.rpm bar-2.0.20-3.i386.rpm

If installation of both packages is successful, output similar to the following is displayed:

Preparing...                ########################################### [100%]
   1:foo                    ########################################### [ 50%]
   2:bar                    ########################################### [100%]

If it does not suggest a package to resolve the dependency, you can try the -q --whatprovides option combination to determine which package contains the required file.

rpm -q --whatprovides bar.so.2

To force the installation anyway (which is not recommended since the package may not run correctly), use the --nodeps option.

Uninstalling

Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt:

rpm -e foo

Notice that we used the package name foo, not the name of the original package file foo-1.0-1.i386.rpm. To uninstall a package, replace foo with the actual package name of the original package.

You can encounter a dependency error when uninstalling a package if another installed package depends on the one you are trying to remove. For example:

error: Failed dependencies:
 foo is needed by (installed) bar-2.0.20-3.i386.rpm

To make RPM ignore this error and uninstall the package anyway (which may break the package dependent on it) use the --nodeps option.

Upgrading

Upgrading a package is similar to installing one. Type the following command at a shell prompt:

rpm -Uvh foo-2.0-1.i386.rpm

As part of upgrading a package, RPM automatically uninstalls any old versions of the foo package. Note that -U will also install a package even when there are no previous versions of the package installed.

It is not advisable to use the -U option for installing kernel packages, because RPM replaces the previous kernel package. This does not affect a running system, but if the new kernel is unable to boot during your next restart, there would be no other kernel to boot instead.

Using the -i option adds the kernel to your GRUB boot menu (/etc/grub.conf). Similarly, removing an old, unneeded kernel removes the kernel from GRUB.

Because RPM performs intelligent upgrading of packages with configuration files, you may see a message like the following:

saving /etc/foo.conf as /etc/foo.conf.rpmsave

This message means that changes you made to the configuration file may not be forward compatible with the new configuration file in the package, so RPM saved your original file and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly.

If you attempt to upgrade to a package with an older version number (that is, if a more updated version of the package is already installed), the output is similar to the following:

package foo-2.0-1 (which is newer than foo-1.0-1) is already installed

To force RPM to upgrade anyway, use the --oldpackage option:

rpm -Uvh --oldpackage foo-1.0-1.i386.rpm

Freshening

Freshening is similar to upgrading, except that only existent packages are upgraded. Type the following command at a shell prompt:

rpm -Fvh foo-1.2-1.i386.rpm

RPM's freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM's freshen option, it is upgraded to the newer version. However, RPM's freshen option does not install a package if no previously-installed package of the same name exists. This differs from RPM's upgrade option, as an upgrade does install packages whether or not an older version of the package was already installed.

Freshening works for single packages or package groups. If you have just downloaded a large number of different packages, and you only want to upgrade those packages that are already installed on your system, freshening does the job. Thus, you do not have to delete any unwanted packages from the group that you downloaded before using RPM.

In this case, issue the following command:

rpm -Fvh *.rpm

RPM automatically upgrades only those packages that are already installed.

Querying

The RPM database stores information about all RPM packages installed in your system. It is stored in the directory /var/lib/rpm/, and is used to query what packages are installed, what versions each package is, and any changes to any files in the package since installation, among others.

To query this database, use the -q option. The rpm -q package name command displays the package name, version, and release number of the installed package package name . For example, using rpm -q foo to query installed package foo might generate the following output:

foo-2.0-1

You can also use the following Package Selection Options with -q to further refine or qualify your query:

• -a - queries all currently installed packages.

• -f <filename> - queries the RPM database for which package owns f<filename> . When specifying a file, specify the absolute path of the file (for example, rpm -qf /bin/ls ).
• -p <packagefile> - queries the uninstalled package <packagefile> .

There are a number of ways to specify what information to display about queried packages. The following options are used to select the type of information for which you are searching. These are called Package Query Options.

• -i displays package information including name, description, release, size, build date, install date, vendor, and other miscellaneous information.

• -l displays the list of files that the package contains.
• -s displays the state of all the files in the package.
• -d displays a list of files marked as documentation (man pages, info pages, READMEs, etc.).
• -c displays a list of files marked as configuration files. These are the files you edit after installation to adapt and customize the package to your system (for example, sendmail.cf, passwd, inittab, etc.).

For options that display lists of files, add -v to the command to display the lists in a familiar ls -l format.

Verifying

Verifying a package compares information about files installed from a package with the same information from the original package. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file.

The command rpm -V verifies a package. You can use any of the Verify Options listed for querying to specify the packages you wish to verify. A simple use of verifying is rpm -V foo, which verifies that all the files in the foo package are as they were when they were originally installed. For example:

• To verify a package containing a particular file:

rpm -Vf /usr/bin/foo

In this example, /usr/bin/foo is the absolute path to the file used to query a package.

• To verify ALL installed packages throughout the system:

  rpm -Va

• To verify an installed package against an RPM package file:

  rpm -Vp foo-1.0-1.i386.rpm

  This command can be useful if you suspect that your RPM databases are corrupt.

If everything verified properly, there is no output. If there are any discrepancies, they are displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name. Each of the eight characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single period (.) means the test passed. The following characters denote specific discrepancies:

• 5 - MD5 checksum

• S - file size
• L - symbolic link
• T - file modification time
• D - device
• U - user
• G - group
• M - mode (includes permissions and file type)
• ? - unreadable file

If you see any output, use your best judgment to determine if you should remove the package, reinstall it, or fix the problem in another way.