Introduction

  The RPM Package Manager (RPM) is an open packaging system that runs on Fedora as well as other Linux and UNIX systems. Red Hat and the Fedora Project encourage other vendors to use RPM for their own products. RPM is distributed under the terms of the GPL (GNU General Public License).

  The RPM Package Manager only works with packages built in the RPM format. RPM itself is provided as the pre-installed rpm package. For the end user, RPM makes system updates easy. Installing, uninstalling, and upgrading RPM packages can be accomplished with short commands. RPM maintains a database of installed packages and their files, so you can make queries and verify installed files on your system. There are several applications, such as DNF or PackageKit, that can make working with packages in the RPM format even easier.

  For most package-management tasks, the DNF package manager offers equal and often greater capabilities and utility than RPM. DNF also performs and tracks complicated system-dependency resolutions. DNF maintains the system integrity and forces a system integrity check if packages are installed or removed using another application, such as RPM, instead of DNF. For these reasons, it is highly recommended that you use DNF instead of RPM whenever possible to perform package-management tasks. See 在Fedora 22中使用DNF进行软件包管理.

  If you prefer a graphical interface, you can use the PackageKit GUI application, which uses DNF as its back end, to manage your system's packages.

  During upgrades, RPM handles configuration files carefully, so that you never lose your customizations — something that you cannot accomplish with regular .tar.gz files.

  For the developer, RPM enables software source code to be packaged into source and binary packages for end users. This process is quite simple and is driven from a single file and optional patches that you create. This clear delineation between pristine sources and your patches along with build instructions eases the maintenance of the package as new versions of the software are released.

  Because RPM can make changes to the system itself, performing operations like installing, upgrading, downgrading, and uninstalling binary packages system-wide requires root privileges in most cases.

1. RPM Design Goals

  To understand how to use RPM, it is helpful to understand the design goals of RPM:

Upgradability
  With RPM, you can upgrade individual components of your system without a complete reinstallation. When you get a new release of an operating system based on RPM, such as Fedora, you do not need to reinstall a fresh copy of the operating system on your machine (as you might need to with operating systems based on other packaging systems). RPM allows for intelligent, fully-automated, in-place upgrades of your system. In addition, configuration files in packages are preserved across upgrades, so you do not lose your customizations. There are no special upgrade files needed to upgrade a package because the same RPM file is used to both install and upgrade the package on the system.

Powerful Querying
  RPM is designed to provide powerful querying options. You can perform searches on your copy of the database for packages or even just certain files. You can also easily find out what package a file belongs to and where the package came from. The files an RPM package contains are in a compressed archive, with a custom binary header containing useful information about the package and its contents, allowing you to query individual packages quickly and easily.

System Verification
  Another powerful RPM feature is the ability to verify packages. It allows you to verify that the files installed on the system are the same as the ones supplied by a given package. If an inconsistency is detected, RPM notifies you, and you can reinstall the package if necessary. Any configuration files that you modified are preserved during reinstallation.

Pristine Sources
  A crucial design goal was to allow the use of pristine software sources, as distributed by the original authors of the software. With RPM, you have the pristine sources along with any patches that were used, plus complete build instructions. This is an important advantage for several reasons. For instance, if a new version of a program is released, you do not necessarily have to start from scratch to get it to compile. You can look at the patch to see what you might need to do. All the compiled-in defaults, and all of the changes that were made to get the software to build properly, are easily visible using this technique.

  The goal of keeping sources pristine may seem important only for developers, but it results in higher quality software for end users.

2. Using RPM

  RPM has five basic modes of operation (not counting package building): installing, uninstalling, upgrading, querying, and verifying. This section contains an overview of each mode. For complete details and options, try rpm --help or see rpm(8). Also, see Section 5, “Additional Resources” for more information on RPM.

2.1. Installing and Upgrading Packages

  RPM packages typically have file names in the following form:

package_name-version-release-operating_system-CPU_architecture.rpm

  For example the tree-1.7.0-3.fc22.x86_64.rpm file name includes the package name (tree), version (1.7.0), release (3), operating system major version (fc22) and CPU architecture (x86_64).

  When installing a package, ensure it is compatible with your operating system and processor architecture. This can usually be determined by checking the package name. For example, the file name of an RPM package compiled for the AMD64/Intel 64 computer architectures ends with x86_64.rpm.

  The -U (or --upgrade) option has two functions, it can be used to:

  • upgrade an existing package on the system to a newer version, or
  • install a package if an older version is not already installed.

  The rpm -U package.rpm command is therefore able to either upgrade or install, depending on the presence of an older version of package.rpm on the system.

  Assuming the tree-1.7.0-3.fc22.x86_64.rpm package is in the current directory, log in as root and type the following command at a shell prompt to either upgrade or install the tree package:

~]# rpm -Uvh tree-1.7.0-3.fc22.x86_64.rpm

  The -v and -h options (which are combined with -U) cause rpm to print more verbose output and display a progress meter using hash signs.

  If the upgrade or installation is successful, the following output is displayed:

Preparing...                ########################################### [100%]
   1:tree                   ########################################### [100%]

Always use the -i (install) option to install new kernel packages!
  rpm provides two different options for installing packages: the aforementioned -U option (which historically stands for upgrade), and the -i option (which historically stands for install). Because the -U option includes both install and upgrade functions, the use of rpm -Uvh with all packages, except kernel packages, is recommended.
  You should always use the -i option to install a new kernel package instead of upgrading it. This is because using the -U option to upgrade a kernel package removes the previous (older) kernel package, which could render the system unable to boot if there is a problem with the new kernel. Therefore, use the rpm -i kernel_package command to install a new kernel without replacing any older kernel packages. For more information on installing kernel packages, see Chapter 21, Manually Upgrading the Kernel.

  The signature of a package is checked automatically when installing or upgrading a package. The signature confirms that the package was signed by an authorized party. If the verification of the signature fails, an error message is displayed.

  If you do not have the appropriate key installed to verify the signature, the message contains the word NOKEY:

warning: tree-1.7.0-3.fc22.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 431d51: NOKEY

  See Section 3.2, “Checking Package Signatures” for more information on checking package signatures.

  If a package of the same name and version is already installed, the following output is displayed:

Preparing...                ########################################### [100%]
        package tree-1.7.0-3.fc22.x86_64 is already installed

  To install the package anyway, use the --replacepkgs option, which tells RPM to ignore the error:

~]# rpm -Uvh --replacepkgs tree-1.7.0-3.fc22.x86_64.rpm

  This option is helpful if files installed from the package were deleted or if you want the original configuration files to be installed.

  If you attempt an upgrade to an older version of a package (that is, if a newer version of the package is already installed), RPM informs you that a newer version is already installed. To force RPM to perform the downgrade, use the --oldpackage option:

rpm -Uvh --oldpackage older_package.rpm

  If you attempt to install a package that contains a file that has already been installed by another package, a conflict message is displayed. To make RPM ignore this error, use the --replacefiles option:

rpm -Uvh --replacefiles package.rpm

  RPM packages sometimes depend on other packages, which means that they require other packages to be installed to run properly. If you try to install a package that has an unresolved dependency, a message about a failed dependency is displayed.

  Find the suggested package(s) on the Fedora installation media or on one of the active Fedora mirrors and add it to the installation command. To determine which package contains the required file, use the --whatprovides option:

rpm -q --whatprovides "required_file"

  If the package that contains required_file is in the RPM database, the name of the package is displayed.

  Although you can force rpm to install a package that has an unresolved dependency (using the --nodeps option), this is not recommended and will usually result in the installed software failing to run. Installing packages with --nodeps can cause applications to misbehave or terminate unexpectedly. It can also cause serious package-management problems or system failure. For these reasons, heed the warnings about missing dependencies. The DNF package manager performs automatic dependency resolution and fetches dependencies from on-line repositories.

  Because RPM performs intelligent upgrading of packages with configuration files, you may see the following message:

saving /etc/configuration_file.conf as /etc/configuration_file.conf.rpmsave

  This message means that the changes you made to the configuration file may not be forward-compatible with the new configuration file in the package, so RPM saved your original file and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible to ensure that your system continues to function properly.

  Alternatively, RPM may save the package's new configuration file as, for example, configuration_file.conf.rpmnew and leave the configuration file you modified untouched. You should still resolve any conflicts between your modified configuration file and the new one, usually by merging changes from the old one to the new one, for example using the diff program.

2.2. Uninstalling Packages

  Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt as root:

rpm -e package

  Note that the command expects only the package name, not the name of the original package file. If you attempt to uninstall a package using the rpm -e command and provide the original full file name, you receive a package-name error.

  You can encounter dependency errors when uninstalling a package if another installed package depends on the one you are trying to remove. For example:

~]# rpm -e ghostscript
error: Failed dependencies:
        ghostscript is needed by (installed) ghostscript-cups-9.07-16.fc22.x86_64
        ghostscript is needed by (installed) foomatic-4.0.9-6.fc22.x86_64
        libgs.so.9()(64bit) is needed by (installed) libspectre-0.2.7-4.fc22.x86_64
        libijs-0.35.so()(64bit) is needed by (installed) gutenprint-5.2.9-15.fc22.x86_64
        libijs-0.35.so()(64bit) is needed by (installed) cups-filters-1.0.35-15.fc22.x86_64

  Although you can force rpm to uninstall a package that has unresolved dependencies (using the --nodeps option), this is not recommended. Removing packages with --nodeps can cause applications from the packages whose dependencies are removed to misbehave or terminate unexpectedly. It can also cause serious package-management problems or system failure. For these reasons, heed the warnings about failed dependencies.

2.3. Freshening Packages

  Freshening is similar to upgrading, except that only installed packages are upgraded. Type the following command at a shell prompt as root:

rpm -Fvh package.rpm

  The -F (or --freshen) option compares the versions of the packages specified on the command line with the versions of packages that are already installed on the system. When a newer version of an already-installed package is processed by the --freshen option, it is upgraded to the newer version. However, the --freshen option does not install a package if no previously-installed package of the same name exists. This differs from regular upgrading, as an upgrade installs all specified packages regardless of whether or not older versions of the packages are already installed.

  Freshening works for single packages or package groups. For example, freshening can help if you download a large number of different packages, and you only want to upgrade those packages that are already installed on the system. In this case, issue the following command with the *.rpm global expression:

~]# rpm -Fvh *.rpm

  RPM then automatically upgrades only those packages that are already installed.

2.4. Querying Packages

  The RPM database stores information about all RPM packages installed on the system. It is stored in the /var/lib/rpm/ directory and is used for many things, including querying what packages are installed, what version each package is, and for calculating changes to files in packages since their installation. To query this database, use the rpm command with the -q (or --query) option:

rpm -q package_name

  This command displays the package name, version, and release number of the installed package package_name. For example:

~]$ rpm -q tree
tree-1.7.0-3.fc22.x86_64

  See the Package Selection Options subheading in the rpm(8) manual page for a list of options that can be used to further refine or qualify your query. Use options listed below the Package Query Options subheading to specify what information to display about the queried packages.

2.5. Verifying Packages

  Verifying a package is comparing information about files on the system installed from a package with the same information from the original package. Among other parameters, verifying compares the file size, MD5 sum, permissions, type, owner, and the group of each file.

  Use the rpm command with the -V (or --verify) option to verify packages. For example:

~]$ rpm -V tree

  See the Package Selection Options subheading in the rpm(8) manual page for a list of options that can be used to further refine or qualify your query. Use options listed below the Verify Options subheading to specify what characteristics to verify in the queried packages.

  If everything verifies properly, there is no output. If there are any discrepancies, they are displayed. The output consists of lines similar to these:

~]# rpm -V abrt
S.5....T.  c /etc/abrt/abrt.conf
.M.......    /var/spool/abrt-upload

  The format of the output is a string of nine characters followed by an optional attribute marker and the name of the processed file.

  The first nine characters are the results of tests performed on the file. Each test is the comparison of one attribute of the file to the value of that attribute as recorded in the RPM database. A single period (.) means the test passed, and the question-mark character (?) signifies that the test could not be performed. The following table lists symbols that denote specific discrepancies:

Table 1. RPM Verification Symbols

Symbol Description
S file size differs
M mode differs (includes permissions and file type)
5 digest (formerly MD5 sum) differs
D device major/minor number mismatch
L readLink(2) path mismatch
U user ownership differs
G group ownership differs
T mtime differs
P capabilities differ

  The attribute marker, if present, describes the purpose of the given file. The following table lists the available attribute markers:

Table 2. RPM Verification Symbols

Marker Description
c configuration file
d documentation file
l license file
r readme file

  If you see any output, use your best judgment to determine if you should remove the package, reinstall it, or fix the problem in another way.

3. Finding and Verifying RPM Packages

  Before using any RPM packages, you must know where to find them and be able to verify if you can trust them.

3.1. Finding RPM Packages

  Although there are many RPM repositories on the Internet, for security and compatibility reasons, you should consider installing only official Fedora-provided RPM packages. The following is a list of sources for RPM packages:

  • Official Fedora installation media.
  • Official RPM repositories provided with the DNF package manager. See 在Fedora 22中使用DNF进行软件包管理 for details on how to use the official Fedora package repositories.
  • Unofficial, third-party repositories not affiliated with The Fedora Project also provide RPM packages.

  When considering third-party repositories for use with your Fedora system, pay close attention to the repository's web site with regard to package compatibility before adding the repository as a package source. Alternate package repositories may offer different, incompatible versions of the same software, including packages already included in the Fedora repositories.

3.2. Checking Package Signatures

  RPM packages can be signed using GNU Privacy Guard (or GPG), which helps you make certain that downloaded packages are trustworthy. GPG is a tool for secure communication. With GPG, you can authenticate the validity of documents and encrypt or decrypt data.

  To verify that a package has not been corrupted or tampered with, check its GPG signature by using the rpmkeys command with the -K (or --checksig) option:

rpmkeys -K package.rpm

  Note that the DNF package manager performs automatic checking of GPG signatures during installations and upgrades.

  GPG is installed by default, as well as a set of Red Hat keys for verifying packages.

  To verify Red Hat packages, a Red Hat GPG key needs to be installed. A set of basic keys is installed by default. To view a list of installed keys, execute the following command at a shell prompt:

~]$ rpm -qa gpg-pubkey*

  To display details about a specific key, use rpm -qi followed by the output from the previous command. For example:

~]$ rpm -qi gpg-pubkey-fd431d51-4ae0493b

  Use the rpmkeys command with the --import option to install a new key for use with RPM. The default location for storing RPM GPG keys is the /etc/pki/rpm-gpg/ directory. To import new keys, use a command like the following as root:

~]# rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

  See the Product Signing (GPG) Keys article on the Red Hat Customer Portal for additional information about Red Hat package-signing practices.

4. Common Examples of RPM Usage

  RPM is a useful tool for both managing your system and diagnosing and fixing problems. See the following examples for an overview of some of the most-used options.

  • To verify your entire system and see what files are missing, issue the following command as root:
    rpm -Va
    If some files are missing or appear corrupted, consider reinstalling relevant packages.

  • To determine which package owns a file, enter:
    rpm -qf file

  • To verify the package that owns a particular file, enter as root:
    rpm -Vf file

  • To locate documentation files that are a part of a package to which a file belongs, enter:
    rpm -qdf file

  • To find information about a (non-installed) package file, use the following command:
    rpm -qip package.rpm

  • To list files contained in a package, use:
    rpm -qlp package.rpm

  See the rpm(8) manual page for more options.

5. Additional Resources

  RPM is a complex utility with many options and methods for querying, installing, upgrading, and removing packages. See the following resources to learn more about RPM.

Installed Documentation

  • rpm --help — This command displays a quick reference of RPM parameters.
  • rpm(8) — The RPM manual page offers an overview of all available RPM parameters.

Online Documentation

See Also

Fedora 22中的RPM软件包管理工具的更多相关文章

  1. Fedora 22中的DNF软件包管理工具

    Introduction DNF is the The Fedora Project package manager that is able to query for information abo ...

  2. linux的RPM软件包管理工具

    RPM(Redhat Package Manage)原本是Red Hat Linux发行版专门用来管理Linux各项套件的程序,由于它遵循GPL规则且功能强大方便,因而广受欢迎.逐渐受到其他发行版的采 ...

  3. 逐步搭建Lamp环境之rpm软件包管理

    Linux中的rpm软件包管理类似于windows下的"xxx软件管家"."xxx电脑管家",其作用主要用于查询软件的安装情况.安装软件.卸载软件. 以下针对这 ...

  4. RPM是RedHat Package Manager(RedHat软件包管理工具)

    RPM是RedHat Package Manager(RedHat软件包管理工具)类似Windows里面的“添加/删除程序” rpm 执行安装包二进制包(Binary)以及源代码包(Source)两种 ...

  5. Fedora 22中的用户和用户组管理

    The control of users and groups is a core element of Fedora system administration. This chapter expl ...

  6. day61:Linux:权限管理&rpm软件包管理&yum工具

    目录 1.权限管理 2.rpm软件包管理 3.yum工具(联网) 权限管理 1.什么是权限? 权限主要用来约束用户能对系统所做的操作 2.为什么要使用权限? 因为系统中不可能只存在一个root用户,一 ...

  7. Linux常用命令-软件包管理工具-rpm

    命令简介 rpm(RPM Package Manager)是一个强大的命令行驱动的软件包管理工具,用来安装.卸载.校验.查询和更新 Linux 系统上的软件包. 语法格式 rpm [OPTION... ...

  8. 【one day one linux】linux下的软件包管理工具

    Linux 下的软件包管理工具 linux下的软件安装可以通过两种方式,一种是直接使用自带的软件包管理工具安装,另外一种通过编译源码安装. 1.软件包的种类 Red Hat和Fedora:redhat ...

  9. linux RPM软件包管理

    linux RPM软件包管理 目录 1.软件包的介绍 2.rpm包管理 3.rpm包管理前端工具 1.软件包的介绍 在我们在对软件包管理前,先对软件包有个很好的了解,这样更方便我们来对其进行管理. 软 ...

随机推荐

  1. 前端网络、JavaScript优化以及开发小技巧

    一.网络优化 YSlow有23条规则,中文可以参考这里.这几十条规则最主要是在做消除或减少不必要的网络延迟,将需要传输的数据压缩至最少. 1)合并压缩CSS.JavaScript.图片,静态资源CDN ...

  2. 使用UIBezierPath绘制图形

    当需要画图时我们一般创建一个UIView子类, 重写其中的drawRect方法 再drawRect方法中利用UIBezierPath添加画图 UIBezierPath的使用方法: (1)创建一个Bez ...

  3. 调用微信退款接口或发红包接口时出现System.Security.Cryptography.CryptographicException: 出现了内部错误 解决办法

    我总结了一下出现证书无法加载的原因有以下三个 1.证书密码不正确,微信证书密码就是商户号 解决办法:请检查证书密码是不是和商户号一致 2.IIS设置错误,未加载用户配置文件 解决办法:找到网站使用的应 ...

  4. Take into Action!

    很久没有认真地写文字了. 刚毕业一两年断断续续在csdn上写过一些当时的工作记录,然后没有坚持下去.有时候是觉得自己不牛,记录的东西旁人看起来也许不值一提:有时候觉得结婚生娃了,然后时间不够用(确实是 ...

  5. 新手学习web遇到的一些乱码问题

    在新手学习web网站学习的时候经常会遇到?????这种乱码,对于刚起步的菜鸟来说真的很头痛,很容易打击继续学的信心当然了对于菜鸟的我最近也遇到过乱码问题,沉浸其中不能自拔,爱的深啊!!!!!我所遇到的 ...

  6. 5.0 JS中引用类型介绍

    其实,在前面的"js的六大数据类型"文章中稍微说了一下引用类型.前面我们说到js中有六大数据类型(五种基本数据类型 + 一种引用类型).下面的章节中,我们将详细讲解引用类型. 1. ...

  7. NPM如何更新到最新版

    参考文章--npm更新到最新版本的方法 其实我们可以这样,随便新建一个文件夹例如:F:\test.按着"shift"键,右键该文件夹,选择"在此处打开命令窗口(W)&qu ...

  8. 数据库 DML、DDL、DCL区别 .

    总体解释: DML(data manipulation language): 它们是SELECT.UPDATE.INSERT.DELETE,就象它的名字一样,这4条命令是用来对数据库里的数据进行操作的 ...

  9. 匹夫细说C#:不是“栈类型”的值类型,从生命周期聊存储位置

    0x00 前言: 匹夫在日常和别人交流的时候,常常会发现一旦讨论涉及到“类型”,话题的热度就会立马升温,因为很多似是而非.或者片面的概念常常被人们当做是全面和正确的答案.加之最近在园子看到有人翻译的& ...

  10. EasyPR--开发详解(6)SVM开发详解

    在前面的几篇文章中,我们介绍了EasyPR中车牌定位模块的相关内容.本文开始分析车牌定位模块后续步骤的车牌判断模块.车牌判断模块是EasyPR中的基于机器学习模型的一个模块,这个模型就是作者前文中从机 ...