home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Linux in a NutshellLinux in a NutshellSearch this book

Chapter 5. Red Hat and Debian Package Managers

This chapter describes the two major Linux packaging systems: the Red Hat Package Manager (RPM) and the Debian GNU/Linux Package Manager.

When you install applications on your Linux system, most often you'll find a binary or a source package containing the application you want, instead of (or in addition to) a .tar.gz file. A package is a file containing the files necessary to install an application. However, while the package contains the files you need for installation, the application might require the presence of other files or packages that are not included, such as particular libraries (and even specific versions of the libraries), to actually be able to run. Such requirements are known as dependencies.

Package management systems offer many benefits. As a user, you may want to query the package database to find out what packages are installed on the system and their versions. As a system administrator, you need tools to install and manage the packages on your system. And if you are a developer, you need to know how to build a package for distribution.

Among other things, package managers do the following:

Any user can list or query packages. However, installing, upgrading, or removing packages generally requires superuser privileges. This is because the packages normally are installed in systemwide directories that are writable only by root. Sometimes you can specify an alternate directory to install a package into your home directory or into a project directory where you have write permission.

Both RPM and the Debian Package Manager back up old files before installing an updated package. Not only does this let you go back if there is a problem, but also ensures that you don't lose your changes (to configuration files, for example).

5.1. The Red Hat Package Manager

The Red Hat Package Manager (RPM) is a freely available packaging system for software distribution and installation. In addition to Red Hat and Red Hat-based distributions, both SuSE and Caldera are among the Linux distributions that use RPM.

Using RPM is straightforward. A single command, rpm, has options to perform all package management functions except building packages.[7] For example, to find out if the Emacs editor is installed on your system, you could say:

[7]In older versions of RPM, the build options were part of the rpm command.

% rpm -q emacs

The rpmbuild command is used to build both binary and source packages.

5.1.1. The rpm Command

RPM packages are built, installed, and queried with the rpm command. RPM package names usually end with a .rpm extension. rpm has a set of modes, each with its own options. The format of the rpm command is:

rpm [options] [packages]

With a few exceptions, as noted in the lists of options that follow, the first option specifies the rpm mode (install, query, update, etc.), and any remaining options affect that mode.

Options that refer to packages are sometimes specified as package-name and sometimes as package-file. The package name is the name of the program or application, such as gif2png. The package file is the name of the RPM file, such as gif2png-2.4.6-1.i386.rpm.

RPM provides a configuration file for specifying frequently used options. The default global configuration is usually /usr/lib/rpm/rpmrc, the local system configuration file is /etc/rpmrc, and users can set up their own $HOME/.rpmrc files. You can use the --showrc option to show the values RPM will use for all the options that may be set in an rpmrc file:

rpm --showrc

The rpm command includes FTP and HTTP clients, so you can specify an ftp:// or http:// URL to install or query a package across the Internet. You can use an FTP or HTTP URL wherever package-file is specified in the commands presented here.

Any user can query the RPM database. Most of the other functions require superuser privileges. General options

The following options can be used with all modes:

--dbpath path
Use path as the path to the RPM database instead of the default /var/lib/rpm.

-?, --help
Print a long usage message (running rpm with no options gives a shorter usage message).

--pipe command
Pipe the rpm output to command.

Display only error messages.

--rcfile filelist
Get configuration from the files in the colon-separated filelist. If --rcfile is specified, there must be at least one file in the list and the file must exist. filelist defaults to /var/lib/rpm/rpmrc:/usr/lib/rpm/redhat/rpmrc:~/.rpmrc.

--root dir
Perform all operations within the directory tree rooted at dir.

Verbose. Print progress messages.

Print the version number of rpm.

Print debugging information. Install, upgrade, and freshen options

Use the install command to install or upgrade an RPM package. The install syntax is:

rpm -i [install-options] package_file ... 
rpm --install [install-options] package_file ...

To install a new version of a package and remove an existing version at the same time, use the upgrade command instead:

rpm -U [install-options] package_file ... 
rpm --upgrade [install-options] package_file ...

If the package doesn't already exist on the system, -U acts like -i and installs it. To prevent that behavior, you can freshen a package instead; in that case, rpm upgrades the package only if an earlier version is already installed. The freshen syntax is:

rpm -F [install-options] package_file ...
rpm --freshen [install-options] package_file ...

package-file can be specified as an FTP or HTTP URL to download the file before installing it. See Section

The installation and upgrade options are:

If rpm suggests additional packages, add them to the list of package files.

Install or upgrade all files.

Used with --relocate to force relocation even if the package is not relocatable.

Don't install any documentation files.

--excludepath path
Don't install any file whose filename begins with path.

Force the installation. Equivalent to using all of --replacepkgs, --replacefiles, and --oldpackage.

-h, --hash
Print 50 hash marks as the package archive is unpacked. Use with -v or --verbose for a nicer display.

Install even if the binary package is intended for a different architecture.

Install binary package even if the operating systems don't match.

Don't check disk space availability before installing.

Install documentation files. This is needed only if excludedocs: 1 is specified in an rpmrc file.

Update the database only; don't change any files.

Don't check whether this package depends on the presence of other packages.

Don't verify package or header digests.

Don't reorder packages to satisfy dependencies before installing.

Don't execute any post-install script.

Don't execute any post-uninstall script.

Don't execute any pre-install script.

Don't execute any pre-uninstall script.

Don't execute any pre-install or post-install scripts. Equivalent to specifying all of --nopre, --nopost, --nopreun, and --nopostun.

Don't verify package or header signatures.

Don't suggest packages that provide a missing dependency.

Don't execute any install trigger scriptlet.

Don't execute any uninstall trigger scriptlet.

Don't execute any post-uninstall trigger scriptlet.

Don't execute any scripts triggered by package installation.

Allow an upgrade to replace a newer package with an older one.

Print percent-completion messages as files are unpacked. Useful for running rpm from other tools.

--prefix path
Set the installation prefix to path for relocatable binary packages.

--relocate oldpath=newpath
For relocatable binary files, change all file paths from oldpath to newpath. Can be specified more than once to relocate multiple paths.

Repackage the package files before erasing. Rename the package as specified by the macro %_repackage_name_fmt and save it in the directory specified by the macro %_repackage_dir (by default /var/tmp).

Install the packages even if they replace files from other installed packages.

Install the packages even if some of them are already installed.

Go through the installation to see what it would do, but don't actually install the package. This option lets you test for problems before doing the installation. Package selection options

Query the installed package package_name.

-a, --all
Query all installed packages.

-f file, --file file
Find out what package owns file.

--fileid md5
Query package with the specified MD5 digest.

-g group, --group group
Find out what packages have group group.

--hdrid sha1
Query package with the specified SHA1 digest in the package header.

-p package_file, --package package_file
Query the uninstalled package package_file, which can be a URL. If package_file is not a binary package, it is treated as a text file containing a package manifest, with each line of the manifest containing a path or one or more whitespace-separated glob expressions to be expanded to paths. These paths are then used instead of package_file as the query arguments. The manifest can contain comments that begin with a hash mark (#).

--pkgid md5
Query the package with a package identifier that is the given MD5 digest of the combined header and contents.

--querybynumber num
Query the numth database entry. Useful for debugging.

-qf, --queryformat num
Specify the format for displaying the query output, using tags to represent different types of data (e.g., NAME, FILENAME, DISTRIBUTION). The format specification is a variation of the standard printf formatting, with the type specifier omitted and replaced by the name of the header tag inclosed in brackets ({ }). For example:


The tag names are case-insensitive. Use --querytags (see Section to view a list of available tags. The tag can be followed by :type to get a different output format type. The possible types are:

Wrap a public key in ASCII armor.

Encode binary data as base64.

Use strftime(3) "%c" format.

Use strftime(3) "%a %b %d %Y" format.

Format dependency flags.

Format file flags.

Use hexadecimal format.

Use octal format.

Format file permissions.

Escape single quotes for use in a script.

Display trigger suffix.

--specfile specfile
Query specfile as if it were a package. Useful for extracting information from a spec file.

--tid tid
List packages with the specified transaction identifier (tid). The tid is a Unix timestamp. All packages installed or erased in a single transaction have the same tid.

--triggeredby pkg
List packages that are triggered by the installation of package pkg.

--whatrequires capability
List packages that require the given capability to function.

--whatprovides capability
List packages that provide the given capability. Verify options

The syntax for the verify command is:

rpm -V|-y|--verify [package-selection-options] [verify-options]

Verify mode compares information about the installed files in a package with information about the files that came in the original package, and displays any discrepancies. The information compared includes the size, MD5 sum, permissions, type, owner, and group of each file. Uninstalled files are ignored.

The package selection options include those available for query mode. In addition, the following verify options are available:

Ignore package dependencies.

Ignore package or header digests.

Ignore attributes of package files.

Ignore group ownership errors.

Ignore symbolic link errors.

Ignore MD5 checksum errors.

Ignore file mode (permissions) errors.

Ignore major and minor device number errors.

Ignore modification time errors.

Ignore any verify script.

Ignore package or header signatures.

Ignore file size errors.

Ignore user ownership errors.

The output is formatted as an eight-character string, possibly followed by an attribute marker, and then the filename. The possible attribute markers are:


Configuration file


Documentation file


Ghost file (contents not included in package)


License file


Readme file

Each of the eight characters in the string represents the result of comparing one file attribute to the value of that attribute from the RPM database. A period (.) indicates that the file passed that test. The following characters indicate failure of the corresponding test:


MD5 sum








Mode (includes permissions and file type)


File size




User Signature check options

RPM packages may have a PGP signature built into them. PGP configuration information is read from the rpmrc file. There are three types of digital signature options: you can check signatures, add signatures to packages, and import signatures.

The syntax of the signature check mode is:

rpm --checksig package_file...
rpm -K package_file...

The signature checking options -K and --checksig check the digests and signatures contained in the specified packages to insure the integrity and origin of the packages. Note that RPM now automatically checks the signature of any package when it is read; this option is still useful, however, for checking all headers and signatures associated with a package.

The following options are available for use with signature check mode:

Don't check any GPG signatures.

Don't check any MD5 signatures.

Don't check any PGP signatures.

The syntax for adding signatures to binary packages is:

rpm --addsign binary-pkgfile...
rpm --resign binary-pkgfile...

Both --addsign and --resign generate and insert new signatures, replacing any that already exist in the specified binary packages.[8]

[8]In older versions of RPM, --addsign was used to add new signatures without replacing existing ones, but currently both options work the same way and replace any existing signatures.

The syntax for importing signatures is:

rpm --import public-key

The --import option is used to import an ASCII public key to the RPM database so that digital signatures for packages using that key can be verified. Imported public keys are carried in headers, and keys are kept in a ring, which can be queried and managed like any package file. Miscellaneous options

Several additional rpm options are available:

Print the tags available for use with the --queryformat option in query mode.

--setperms packages
Set file permissions of the specified packages to those in the database.

--setugids packages
Set file owner and group of the specified packages to those in the database.

Show the values rpm will use for all options that can be set in an rpmrc file.

5.1.2. The rpmbuild Command

The rpmbuild command is used to build RPM packages. The syntax for rpmbuild is:

rpmbuild -[b|t]step [build-options] spec-file ...

Specify -b to build a package directly from a spec file, or -t to open a tarred, gzipped file and use its spec file.

Both forms take the following single-character step arguments, listed in the order they would be performed:

Perform the prep stage, unpacking source files and applying patches.

Do a list check, expanding macros in the files section of the spec file and verifying that each file exists.

Perform the build stage. Done after the prep stage; generally equivalent to doing a make.

Perform the install stage. Done after the prep and build stages; generally equivalent to doing a make install.

Build a binary package. Done after prep, build, and install.

Build a source package. Done after prep, build, and install.

Build both binary and source packages. Done after prep, build, and install.

The general rpm options described earlier in Section can be used with rpmbuild.

The following additional options can also be used when building an rpm file with rpmbuild:

--buildroot dir
Override the BuildRoot tag with dir when building the package.

Clean up (remove) the build files after the package has been made.

Go through the motions, but don't execute any build stages. Used for testing spec files.

Remove the source files when the build is done. Can be used as a standalone option with rpm to clean up files separately from creating the packages.

Remove the spec file when the build is done. Like --rmsource, --rmspec can be used as a standalone option with rpmbuild.

Can be used with -bc and -bi to skip previous stages.

Add a GPG signature to the package for verifying its identity and origin.

--target platform
When building the package, set the macros %_target, %_target_arch, and %_target_os to the value indicated by platform.

Two other options can be used standalone with rpmbuild to recompile or rebuild a package:

--rebuild source-pkgfile...
Like --recompile, but also build a new binary package. Remove the build directory, the source files, and the spec file once the build is complete.

--recompile source-pkgfile...
Install the named source package, and prep, compile, and install the package.

Finally, the --showrc option is used to show the current rpmbuild configuration:

rpmbuild --showrc

This option shows the values that will be used for all options that can be set in an rpmrc file.

Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.