Red Hat and Debian Package Managers (Linux in a Nutshell, 4th Edition)

5.1. The Red Hat Package Manager

The Red Hat Package Manager (RPM) is a freely available packaging system for software distribution and installation. In addition to Red Hat and Red Hat-based distributions, both SuSE and Caldera are among the Linux distributions that use RPM.

Using RPM is straightforward. A single command, rpm, has options to perform all package management functions except building packages.[7] For example, to find out if the Emacs editor is installed on your system, you could say:

[7]In older versions of RPM, the build options were part of the rpm command.

% rpm -q emacs
emacs-21.2-18

The rpmbuild command is used to build both binary and source packages.

5.1.1. The rpm Command

RPM packages are built, installed, and queried with the rpm command. RPM package names usually end with a .rpm extension. rpm has a set of modes, each with its own options. The format of the rpm command is:

rpm [options] [packages]

With a few exceptions, as noted in the lists of options that follow, the first option specifies the rpm mode (install, query, update, etc.), and any remaining options affect that mode.

Options that refer to packages are sometimes specified as package-name and sometimes as package-file. The package name is the name of the program or application, such as gif2png. The package file is the name of the RPM file, such as gif2png-2.4.6-1.i386.rpm.

RPM provides a configuration file for specifying frequently used options. The default global configuration is usually /usr/lib/rpm/rpmrc, the local system configuration file is /etc/rpmrc, and users can set up their own $HOME/.rpmrc files. You can use the --showrc option to show the values RPM will use for all the options that may be set in an rpmrc file:

rpm --showrc

The rpm command includes FTP and HTTP clients, so you can specify an ftp:// or http:// URL to install or query a package across the Internet. You can use an FTP or HTTP URL wherever package-file is specified in the commands presented here.

Any user can query the RPM database. Most of the other functions require superuser privileges.

5.1.1.1. General options

The following options can be used with all modes:

--dbpath path: Use path as the path to the RPM database instead of the default /var/lib/rpm.
-?, --help: Print a long usage message (running rpm with no options gives a shorter usage message).
--pipe command: Pipe the rpm output to command.
--quiet: Display only error messages.
--rcfile filelist: Get configuration from the files in the colon-separated filelist. If --rcfile is specified, there must be at least one file in the list and the file must exist. filelist defaults to /var/lib/rpm/rpmrc:/usr/lib/rpm/redhat/rpmrc:~/.rpmrc.
--root dir: Perform all operations within the directory tree rooted at dir.
-v: Verbose. Print progress messages.
--version: Print the version number of rpm.
-vv: Print debugging information.

5.1.1.2. Install, upgrade, and freshen options

Use the install command to install or upgrade an RPM package. The install syntax is:

rpm -i [install-options] package_file ... 
rpm --install [install-options] package_file ...

To install a new version of a package and remove an existing version at the same time, use the upgrade command instead:

rpm -U [install-options] package_file ... 
rpm --upgrade [install-options] package_file ...

If the package doesn't already exist on the system, -U acts like -i and installs it. To prevent that behavior, you can freshen a package instead; in that case, rpm upgrades the package only if an earlier version is already installed. The freshen syntax is:

rpm -F [install-options] package_file ...
rpm --freshen [install-options] package_file ...

package-file can be specified as an FTP or HTTP URL to download the file before installing it. See Section 5.1.1.11.

The installation and upgrade options are:

--aid: If rpm suggests additional packages, add them to the list of package files.
--allfiles: Install or upgrade all files.
--badreloc: Used with --relocate to force relocation even if the package is not relocatable.
--excludedocs: Don't install any documentation files.
--excludepath path: Don't install any file whose filename begins with path.
--force: Force the installation. Equivalent to using all of --replacepkgs, --replacefiles, and --oldpackage.
-h, --hash: Print 50 hash marks as the package archive is unpacked. Use with -v or --verbose for a nicer display.
--ignorearch: Install even if the binary package is intended for a different architecture.
--ignoreos: Install binary package even if the operating systems don't match.
--ignoresize: Don't check disk space availability before installing.
--includedocs: Install documentation files. This is needed only if excludedocs: 1 is specified in an rpmrc file.
--justdb: Update the database only; don't change any files.
--nodeps: Don't check whether this package depends on the presence of other packages.
--nodigest: Don't verify package or header digests.
--noorder: Don't reorder packages to satisfy dependencies before installing.
--nopost: Don't execute any post-install script.
--nopostun: Don't execute any post-uninstall script.
--nopre: Don't execute any pre-install script.
--nopreun: Don't execute any pre-uninstall script.
--noscripts: Don't execute any pre-install or post-install scripts. Equivalent to specifying all of --nopre, --nopost, --nopreun, and --nopostun.
--nosignature: Don't verify package or header signatures.
--nosuggest: Don't suggest packages that provide a missing dependency.
--notriggerin: Don't execute any install trigger scriptlet.
--notriggerun: Don't execute any uninstall trigger scriptlet.
--notriggerpostun: Don't execute any post-uninstall trigger scriptlet.
--notriggers: Don't execute any scripts triggered by package installation.
--oldpackage: Allow an upgrade to replace a newer package with an older one.
--percent: Print percent-completion messages as files are unpacked. Useful for running rpm from other tools.
--prefix path: Set the installation prefix to path for relocatable binary packages.
--relocate oldpath=newpath: For relocatable binary files, change all file paths from oldpath to newpath. Can be specified more than once to relocate multiple paths.
--repackage: Repackage the package files before erasing. Rename the package as specified by the macro %_repackage_name_fmt and save it in the directory specified by the macro %_repackage_dir (by default /var/tmp).
--replacefiles: Install the packages even if they replace files from other installed packages.
--replacepkgs: Install the packages even if some of them are already installed.
--test: Go through the installation to see what it would do, but don't actually install the package. This option lets you test for problems before doing the installation.

5.1.1.3. Query options

The syntax for the query command is:

rpm -q [package-options] [information-options]
rpm --query [package-options] [information-options]

There are two subsets of query options. Package selection options determine what packages to query, and information selection options determine what information to provide.

5.1.1.4. Package selection options

package_name

5.1.1.5. Information selection options

-c, --configfiles

5.1.1.6. Uninstall options

The syntax for erase, the uninstall command, is:

rpm -e package_name ...
rpm --erase package_name ...

The uninstall options are:

--allmatches: Remove all versions of the package. Only one package should be specified; otherwise, an error results.
--nodeps: Don't check dependencies before uninstalling the package.
--nopostun: Don't run any post-uninstall scripts.
--nopreun: Don't run any pre-uninstall scripts.
--noscripts: Don't execute any pre-uninstall or post-uninstall scripts. Equivalent to --nopreun --nopostun.
--notriggerpostun: Don't execute any post-uninstall scripts triggered by the removal of this package.
--notriggers: Don't execute any scripts triggered by the removal of this package. Equivalent to --notriggerun --notriggerpostun.
--notriggerun: Don't execute any uninstall scripts triggered by the removal of this package.
--repackage: Repackage the files before uninstalling them. Rename the package as specified by the macro %_repackage_name_fmt and save it in the directory specified by the macro %_repackage_dir (by default /var/tmp).
--test: Don't really uninstall anything; just go through the motions. Use with -vv for debugging.

5.1.1.7. Verify options

The syntax for the verify command is:

rpm -V|-y|--verify [package-selection-options] [verify-options]

Verify mode compares information about the installed files in a package with information about the files that came in the original package, and displays any discrepancies. The information compared includes the size, MD5 sum, permissions, type, owner, and group of each file. Uninstalled files are ignored.

The package selection options include those available for query mode. In addition, the following verify options are available:

--nodeps: Ignore package dependencies.
--nodigest: Ignore package or header digests.
--nofiles: Ignore attributes of package files.
--nogroup: Ignore group ownership errors.
--nolinkto: Ignore symbolic link errors.
--nomd5: Ignore MD5 checksum errors.
--nomode: Ignore file mode (permissions) errors.
--nordev: Ignore major and minor device number errors.
--nomtime: Ignore modification time errors.
--noscripts: Ignore any verify script.
--nosignature: Ignore package or header signatures.
--nosize: Ignore file size errors.
--nouser: Ignore user ownership errors.

The output is formatted as an eight-character string, possibly followed by an attribute marker, and then the filename. The possible attribute markers are:

c	Configuration file
d	Documentation file
g	Ghost file (contents not included in package)
l	License file
r	Readme file

Each of the eight characters in the string represents the result of comparing one file attribute to the value of that attribute from the RPM database. A period (.) indicates that the file passed that test. The following characters indicate failure of the corresponding test:

5	MD5 sum
D	Device
G	Group
L	Symlink
M	Mode (includes permissions and file type)
S	File size
T	Mtime
U	User

5.1.1.8. Database rebuild options

The syntax of the command to rebuild the RPM database is:

rpm --rebuilddb [options]

You also can build a new database:

rpm --initdb [options]

The options available with the database rebuild mode are the --dbpath, --root, and -v options described earlier under Section 5.1.1.1.

5.1.1.9. Signature check options

RPM packages may have a PGP signature built into them. PGP configuration information is read from the rpmrc file. There are three types of digital signature options: you can check signatures, add signatures to packages, and import signatures.

The syntax of the signature check mode is:

rpm --checksig package_file...
rpm -K package_file...

The signature checking options -K and --checksig check the digests and signatures contained in the specified packages to insure the integrity and origin of the packages. Note that RPM now automatically checks the signature of any package when it is read; this option is still useful, however, for checking all headers and signatures associated with a package.

The following options are available for use with signature check mode:

--nogpg: Don't check any GPG signatures.
--nomd5: Don't check any MD5 signatures.
--nopgp: Don't check any PGP signatures.

The syntax for adding signatures to binary packages is:

rpm --addsign binary-pkgfile...
rpm --resign binary-pkgfile...

Both --addsign and --resign generate and insert new signatures, replacing any that already exist in the specified binary packages.[8]

[8]In older versions of RPM, --addsign was used to add new signatures without replacing existing ones, but currently both options work the same way and replace any existing signatures.

The syntax for importing signatures is:

rpm --import public-key

The --import option is used to import an ASCII public key to the RPM database so that digital signatures for packages using that key can be verified. Imported public keys are carried in headers, and keys are kept in a ring, which can be queried and managed like any package file.

5.1.1.10. Miscellaneous options

Several additional rpm options are available:

--querytags: Print the tags available for use with the --queryformat option in query mode.
--setperms packages: Set file permissions of the specified packages to those in the database.
--setugids packages: Set file owner and group of the specified packages to those in the database.
--showrc: Show the values rpm will use for all options that can be set in an rpmrc file.

5.1.1.11. FTP/HTTP options

The following options are available for use with FTP and HTTP URLs in install, update, and query modes.

--ftpport port: Use port for making an FTP connection on the proxy FTP server instead of the default port. Same as specifying the macro %_ftpport.
--ftpproxy host: Use host as the proxy server for FTP transfers through a firewall that uses a proxy. Same as specifying the macro %_ftpproxy.
--httpport port: Use port for making an HTTP connection on the proxy HTTP server instead of the default port. Same as specifying the macro %_httpport.
--httpproxy host

5.1.2. The rpmbuild Command

The rpmbuild command is used to build RPM packages. The syntax for rpmbuild is:

rpmbuild -[b|t]step [build-options] spec-file ...

Specify -b to build a package directly from a spec file, or -t to open a tarred, gzipped file and use its spec file.

Both forms take the following single-character step arguments, listed in the order they would be performed:

p: Perform the prep stage, unpacking source files and applying patches.
l: Do a list check, expanding macros in the files section of the spec file and verifying that each file exists.
c: Perform the build stage. Done after the prep stage; generally equivalent to doing a make.
i: Perform the install stage. Done after the prep and build stages; generally equivalent to doing a make install.
b: Build a binary package. Done after prep, build, and install.
s: Build a source package. Done after prep, build, and install.
a: Build both binary and source packages. Done after prep, build, and install.

The general rpm options described earlier in Section 5.1.1.1 can be used with rpmbuild.

The following additional options can also be used when building an rpm file with rpmbuild:

--buildroot dir: Override the BuildRoot tag with dir when building the package.
--clean: Clean up (remove) the build files after the package has been made.
--nobuild: Go through the motions, but don't execute any build stages. Used for testing spec files.
--rmsource: Remove the source files when the build is done. Can be used as a standalone option with rpm to clean up files separately from creating the packages.
--rmspec: Remove the spec file when the build is done. Like --rmsource, --rmspec can be used as a standalone option with rpmbuild.
--short-circuit: Can be used with -bc and -bi to skip previous stages.
--sign: Add a GPG signature to the package for verifying its identity and origin.
--target platform: When building the package, set the macros %_target, %_target_arch, and %_target_os to the value indicated by platform.

Two other options can be used standalone with rpmbuild to recompile or rebuild a package:

--rebuild source-pkgfile...: Like --recompile, but also build a new binary package. Remove the build directory, the source files, and the spec file once the build is complete.
--recompile source-pkgfile...: Install the named source package, and prep, compile, and install the package.

Finally, the --showrc option is used to show the current rpmbuild configuration:

rpmbuild --showrc

This option shows the values that will be used for all options that can be set in an rpmrc file.

5.1.3. RPM Examples

Query the RPM database to find Emacs-related packages:

% rpm -q -a | grep emacs

Query an uninstalled package, printing information about the package and listing the files it contains:

% rpm -qpil ~/downloads/bash2-doc-2.03-8.i386.rpm

Install a package (assumes superuser privileges):

% rpm -i sudo-1.5.3-6.i386.rpm