Package Management

The latest Red Hat errata (bug fixes and software updates) can be found at  http://www.redhat.com/errata . Locate you distribution and architecture and follow the links to updated packages.

Using RPM to install the latest software and patches

• RPMs are software packages
• They simplify the installation, removal, and update of software
• Developers, vendors, and sysadmins use RPMs to organize and deliver
• source code, binaries, and documentation
• Tracks all software installed in the RPM databases

• A tool used to manage and build RPM packages
• Utility Uses
• query, verify, update, erase, and build software packages

• Key to package identification

name-version.arch.rpm

[pattyo@ponto RPMS]$ ls -1 kernel*
kernel-2.4.7-10.athlon.rpm
kernel-2.4.7-10.i386.rpm
kernel-2.4.7-10.i686.rpm
kernel-BOOT-2.4.7-10.i386.rpm
kernel-debug-2.4.7-10.i686.rpm
kernel-doc-2.4.7-10.i386.rpm
kernel-enterprise-2.4.7-10.i686.rpm
kernel-headers-2.4.7-10.i386.rpm
kernel-pcmcia-cs-3.1.27-10.i386.rpm
kernel-smp-2.4.7-10.athlon.rpm
kernel-smp-2.4.7-10.i586.rpm
kernel-smp-2.4.7-10.i686.rpm
kernel-source-2.4.7-10.i386.rpm

SRPM and RPM

• SRPM: source RPM
• source code typically used by developers
• can be modified and recompiled
• facilitates free software philosophy
• RPM: binary RPM
• doesn't include source code
• does include documentation
• typically all you need to apply to your system

• The simplest query option -q
• query a specific package
• returns the kernel packages you have installed

$ rpm -q kernel
kernel-2.4.7-10

$ rpm -q openssh
openssh-2.9p2-7

There are a number of query options to rpm. All can be found in the man page.

To list the files belonging to a certain package

• add l to list

$ rpm -ql  openssh
/etc/ssh
/etc/ssh/primes
/usr/bin/scp
/usr/bin/ssh-keygen
/usr/libexec/openssh
/usr/share/doc/openssh-2.9p2
/usr/share/doc/openssh-2.9p2/CREDITS
/usr/share/doc/openssh-2.9p2/ChangeLog
/usr/share/doc/openssh-2.9p2/INSTALL
/usr/share/doc/openssh-2.9p2/LICENCE
/usr/share/doc/openssh-2.9p2/OVERVIEW
/usr/share/doc/openssh-2.9p2/README
/usr/share/doc/openssh-2.9p2/RFC.nroff
/usr/share/doc/openssh-2.9p2/TODO
/usr/share/doc/openssh-2.9p2/WARNING.RNG
/usr/share/man/man1/scp.1.gz
/usr/share/man/man1/ssh-keygen.1.gz

To examine all the packages installed on your system

$ rpm -qa | less

To determine which package  a file belongs to

• add f to query package owning file

$ rpm -qf /bin/login
util-linux-2.11f-9

$ rpm -qf $(which bash)
bash-2.05-8

To look at an RPM filename that isn't installed

when used with -q

• add the p which tells RPM the package is not installed yet
• add i for information
• rpm -qip /path-to/somepackage.1.1-4.i386.rpm

$ rpm -qip zsh-4.0.2-2.i386.rpm
Name        : zsh                          Relocations: (not relocateable)
Version     : 4.0.2                             Vendor: Red Hat, Inc.
Release     : 2                             Build Date: Mon 30 Jul 2001 11:46:08 AM PDT
Install date: (not installed)               Build Host: porky.devel.redhat.com
Group       : System Environment/Shells     Source RPM: zsh-4.0.2-2.src.rpm
Size        : 2573920                          License: BSD
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Summary     : A shell similar to ksh, but with improvements.
Description :
The zsh shell is a command interpreter usable as an interactive login
shell and as a shell script command processor.  Zsh resembles the ksh
shell (the Korn shell), but includes many enhancements.  Zsh supports
command line editing, built-in spelling correction, programmable
command completion, shell functions (with autoloading), a history
mechanism, and more.

The KDE RPM GUI

 Other query options

--requires,	package prerequisites (this package depends on them)
--provides,	capabilities provided by package
--scripts,	scripts run upon installation and removal
--changelog,	package revision history

# rpm -q --requires LPRng
/etc/rc.d/init.d
mktemp
fileutils
textutils
gawk
/usr/sbin/alternatives
...

# rpm -q --provides LPRng
lpr
/usr/bin/lp
/usr/bin/lpq
/usr/bin/lpr
/usr/bin/lprm
/usr/bin/lpstat
/usr/bin/cancel
/usr/sbin/lpc
liblpr.so.0

# rpm -q --scripts LPRng

# rpm -q --changelog LPRng

Most recent changes will appear at the top.

Updating or Installing an RPM Package

• This is an ongoing task for a systems administrator
• Always keep your packages up to date
• Be careful you don't create conflicts with other system software
• Ultra conservatives backup their system before updating

The freshen option

• It will install the package if the package already exists on your system
• Use the vh options to provide verbose output and headers
• Freshen will remove previous versions of the package
  

# rpm -Fvh somepackage.rpm

The update option

• upgrade or install a package and remove all previous versions
• saves a copy of your config file using .rpmsave extension
  

# rpm -Uvh somepackage.rpm

The install option

• Will install the new package regardless of whether it previously existed on your system
• It will NOT remove other versions of the package
• Note the 'i' has a different meaning when used with the 'q' option

# rmp -ivh somepackage.rpm

• experiencing conflicts between package versions
• one package depends on another package to have a certain version
• sometimes you may want to force the install
• could adversely affect your system -- be careful!

rpm --force package.rpm

Removing or Erasing a package

# rpm -e bind

• To verify the MD5 checksum of your package
• no news is good news
• compares current version with packages metadata stored in RPM database

$ rpm -V openafs

The following is a bit cryptic

• M means the file mode has changed
• S indicates the file size has changed
• 5 indicates that the MD5 checksum has changed since install time
• T indicates that the modification time has changed
• c appears if it is a configuration file
• This makes sense as both the CellServDB and ThisCellconfigfiles were modified for our AFS cell


$ rpm -V openafs-client
.M......   /afs
S.5....T c /usr/vice/etc/CellServDB
S.5....T c /usr/vice/etc/ThisCell

Note: rpm -V   returns nothing if the binary has not been modified in any way.

If you don't know from which package your binary came use the  -qf option

$ rpm -V $(rpm -qf /bin/bash)
$ rpm -V $(rpm -qf $(which bash))

 
See if the MD5 checksum of a RH rpm agrees with the published checksum you can run md5sum on the rpm

$ md5sum kernel-2.2.16-3.i386.rpm
f639d81c76c4a35332f3f4b8bae40b0c kernel-2.2.16-3.i386.rpm

Check GPG signature of rpm before installing

•  --checksig
• -K

$ rpm --checksig zsh-4.0.2-2.i386.rpm

zsh-4.0.2-2.i386.rpm: md5 (GPG) OK (MISSING KEYS: GPG#DB42A60E)

$ rpm --checksig j2re-1_4_0-fcs-linux-i386.rpm 

j2re-1_4_0-fcs-linux-i386.rpm: md5 OK

(Sun's Java Runtime Environment is a signed package)

List packages that have been installed in /usr/bin in the past 14 days

$ find /usr/bin -type f -mtime -14 | xargs rpm -qf

sudo-1.6.5p2-1.7x.1

List of all files that have changed since the package was installed

• This takes a while to finish

$ rpm -Va

Getting the packages via ncftp

$ mkdir Updates
$ cd Updates
$ ncftp updates.redhat.com

NcFTP 3.0.3 (April 15, 2001) by Mike Gleason (ncftp@ncftp.com).

Copyright (c) 1992-2001 by Mike Gleason.
All rights reserved.

Connecting to updates.redhat.com...
Red Hat FTP server ready. All transfers are logged.
Logging in...
THE SOFTWARE AVAILABLE FROM THIS SITE IS PROVIDED AND LICENSED
 "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
 IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Login successful. Have fun.
Sorry, I don't do help.
Logged in to updates.redhat.com.
ncftp / > ls
1.0/         3.0.3/       5.0/         6.1/         7.2/
1.1/         4.0/         5.1/         6.2/         current@
2.0/         4.1/         5.2/         7.0/         other_prod/
2.1/         4.2/         6.0/         7.1/
ncftp / > cd 7.2/en/os/i386
Directory successfully changed.
ncftp /7.2/en/os/i386 > ls
apache-1.3.22-2.i386.rpm
apache-devel-1.3.22-2.i386.rpm
apache-manual-1.3.22-2.i386.rpm
arts-2.2.2-2.i386.rpm
at-3.1.8-23.i386.rpm
balsa-1.2.3-1.i386.rpm
binutils-2.11.90.0.8-12.i386.rpm
cvs-1.11.1p1-7.i386.rpm
cyrus-sasl-1.5.24-23.i386.rpm
cyrus-sasl-devel-1.5.24-23.i386.rpm
...
ncftp /7.2/en/os/i386 > binary
ncftp /7.2/en/os/i386 > mget openssh*
openssh-3.1p1-2.i386.rpm:                  211.37 kB    7.65 kB/s
openssh-askpass-3.1p1-2.i386.rpm:           38.45 kB   11.68 kB/s
openssh-askpass-gnome-3.1p1-2.i386.rpm:     20.77 kB   15.50 kB/s
openssh-clients-3.1p1-2.i386.rpm:          288.01 kB    7.95 kB/s
openssh-server-3.1p1-2.i386.rpm:           166.62 kB   13.76 kB/s
ncftp /7.2/en/os/i386 > quit

LAB: Upgrading openssh

Look at current version

$ rpm -qa |grep openssh
openssh-clients-2.9p2-7
openssh-2.9p2-7
openssh-askpass-gnome-2.9p2-7
openssh-askpass-2.9p2-7
openssh-server-2.9p2-7

* Note the dependency problem

$ sudo rpm -Uvh openssh-3.1p1-2.i386.rpm
error: failed dependencies:
 openssh = 2.9p2-7 is needed by openssh-askpass-2.9p2-7
 openssh = 2.9p2-7 is needed by openssh-askpass-gnome-2.9p2-7
 openssh = 2.9p2-7 is needed by openssh-clients-2.9p2-7
 openssh = 2.9p2-7 is needed by openssh-server-2.9p2-7

Resolve dependency problem with the --nodeps flag

$ sudo rpm -U --nodeps openssh-3.1p1-2.i386.rpm
$ sudo rpm -U openssh-clients-3.1p1-2.i386.rpm
$ sudo rpm -U openssh-server-3.1p1-2.i386.rpm
$ sudo rpm -U openssh-askpass-gnome-3.1p1-2.i386.rpm
$ sudo rpm -U openssh-askpass-3.1p1-2.i386.rpm

Check current OpenSSH packages on your system

$ rpm -qa | grep openssh
openssh-askpass-gnome-3.1p1-2
openssh-server-3.1p1-2
openssh-askpass-3.1p1-2
openssh-3.1p1-2
openssh-clients-3.1p1-2

$ rpm -qf /usr/bin/ssh
openssh-clients-3.1p1-2

$ sudo /etc/rc.d/init.d/sshd restart

or

$ sudo service restart sshd

Password:
Stopping sshd:                  [  OK  ]
Starting sshd:                  [  OK  ]