Advanced Package Management

Package Groups

package group

• Group of packages that serve a common purpose.
• Can query, install, and delete as a single unit rather than dealing with packages individually.
• Two types of package groups: environment groups and package groups.

environment groups available in RHEL 9:

• server, server with GUI, minimal install, workstation, virtualization host, and custom operating system.
• Listed on the software selection window during RHEL 9 installation.

Package groups include:

• container management, smart card support, security tools, system tools, network servers, etc.

Individual packages, package groups, and modules:

Individual Package Management

List, install, query, and remove packages.

Listing Available and Installed Packages

• dnf lists available packages as well as installed packages.

Lab: list all packages available for installation from all enabled repos,

 sudo dnf repoquery

Lab: list of packages that are available only from a specific repo:

 sudo dnf repoquery --repo "BaseOS"

Lab: grep for an expression to narrow down your search.

For example, to find whether the BaseOS repo includes the zsh package.

 sudo dnf repoquery --repo BaseOS | grep zsh

Lab: list all installed packages on the system:

 sudo dnf list installed

Three columns: - package name - package version - repo it was installed from. - @anaconda means the package was installed at the time of RHEL installation.

List all installed packages and all packages available for installation from all enabled repositories:

 sudo dnf list

• @ sign identifies the package as installed.

List all packages available from all enabled repositories that should be able to update:

 sudo dnf list updates

List whether a package (bc, for instance) is installed or available for installation from any enabled repository:

 sudo dnf list bc

List all installed packages whose names begin with the string “gnome” followed by any number of characters:

 sudo dnf list installed ^gnome*

List recently added packages:

 sudo dnf list recent

Refer to the repoquery and list subsections of the dnf command manual pages for more options and examples.

Installing and Updating Packages

Installing a package:

• creates the necessary directory structure
• installs the required files
• runs any post-installation steps.
• If already installed, dnf command updates it to the latest available version.

Attempt to install a package called ypbind, proceed to update if it detects the presence of an older version:

 sudo dnf install ypbind

Install or update a package called dcraw located locally at /mnt/AppStream/Packages/

 sudo dnf localinstall /mnt/AppStream/Packages/dcraw*

Update an installed package (autofs, for example) to the latest available version. Dnf will fail if the specified package is not already installed:

 sudo dnf update autofs

Update all installed packages to the latest available versions:

 sudo dnf -y update

Refer to the install and update subsections of the dnf command manual pages for more options and examples.

Exhibiting Package Information

Show:

• release
• size
• whether it is installed or available for installation
• repo name it was installed or is available from
• short and long descriptions
• license
• so on

dnf info subcommand

View information about a package called autofs:

 dnf info autofs

• Determines whether the specified package is installed or not.

Refer to the info subsection of the dnf command manual pages.

Removing Packages

Removing a package:

• uninstalls it and removes all associated files and directory structure.
• erases any dependencies as part of the deletion process.

Remove a package called ypbind:

 sudo dnf remove ypbind

Output

• Resolved dependencies
• List of the packages that it would remove.
• Disk space that their removal would free up.
• After confirmation, it erased the identified packages and verified their removal.
• List of the removed packages

Refer to the remove subsection of the dnf command manual pages for more options and examples available for removing packages.

Lab: Manipulate Individual Packages

Perform management operations on a package called cifs-utils. Determine if this package is already installed and if it is available for installation. Display its information before installing it. Install the package and exhibit its information. Erase the package along with its dependencies and confirm the removal.

1. Check whether the cifs-utils package is already installed:

 dnf list installed | grep cifs-utils

2. Determine if the cifs-utils package is available for installation:

 dnf repoquery cifs-utils

3. Display detailed information about the package:

 dnf info cifs-utils

4. Install the package:

 dnf install -y cifs-utils

5. Display the package information again:

 dnf info cifs-utils

6. Remove the package:

 dnf remove -y cifs-utils

7. Confirm the removal:

 dnf list installed | grep cif

Determining Provider and Searching Package Metadata

• You can determine what package a specific file belongs to or which package comprises a certain string.

Search for packages that contain a specific file such as /etc/passwd/, use the provides or the whatprovides subcommand with dnf:

 dnf provides /etc/passwd

• Indicates file is part of a package called setup, installed during RHEL installation.

• Second instance, setup package is part of the BaseOS repository.

• Can also use a wildcard character for filename expansion.

List all packages that contain filenames beginning with “system-config” followed by any number of characters:

 dnf whatprovides /usr/bin/system-config*

To search for all the packages that match the specified string in their name or summary:

 dnf search system-config

Package Group Management

• group subcommand
• list, install, query, and remove groups of packages.

Listing Available and Installed Package Groups

group list subcommand:

• list the package groups available for installation from either or both repos
• list the package groups that are already installed on the system.

List all available and installed package groups from all repositories:

 dnf group list

output:

• two categories of package groups:
  • Environment group
  • Package groups

Environment group:

• Larger collection of RHEL packages that provides all necessary software to build the operating system foundation for a desired purpose.

Package group

• Small bunch of RHEL packages that serve a common purpose.
• Saves time on the deployment of individual and dependent packages.
• Output shows installed and available package groups.

Display the number of installed and available package groups:

 sudo dnf group summary

List all installed and available package groups including those that are hidden:

 sudo dnf group list hidden

Try group list with --installed and --available options to narrow down the output list.

 sudo dnf group list --installed

List all packages that a specific package group such as Base contains:

 sudo dnf group info Base

-v option with the group info subcommand for more information.

Review group list and group info subsections of the dnf man pages.

Installing and Updating Package Groups

• Creates the necessary directory structure for all the packages included in the group and all dependent packages.
• Installs the required files.
• Runs any post-installation steps.
• Attempts to update all the packages included in the group to the latest available versions.

Install a package group called Emacs. Update if it detects an older version.

 sudo dnf -y groupinstall emacs

Update the smart card support package group to the latest version:

 dnf groupupdate "Smart Card Support"

Refer to the group install and group update subsections of the dnf command manual pages for more details.

Removing Package Groups

• Uninstalls all the included packages and deletes all associated files and directory structure.
• Erases any dependencies

Erase the smart card support package group that was installed:

 sudo dnf -y groupremove 'smart card support'

Refer to the remove subsection of the dnf command manual pages for more details.

Lab: Manipulate Package Groups

Perform management operations on a package group called system tools. Determine if this group is already installed and if it is available for installation. List the packages it contains and install it. Remove the group along with its dependencies and confirm the removal.

1. Check whether the system tools package group is already installed:

 dnf group list installed

2. Determine if the system tools group is available for installation:

 dnf group list available

The group name is exhibited at the bottom of the list under the available groups.

3. Display the list of packages this group contains:

 dnf group info 'system tools'

• All of the packages will be installed as part of the group installation.

4. Install the group:

 sudo dnf group install 'system tools'

5. Remove the group:

 sudo dnf group remove 'system tools' -y

6. Confirm the removal:

 dnf group list installed

Application Streams and Modules

Application Streams

• Introduced in RHEL 8.
• Employs a modular approach to organize multiple versions of a software application alongside its dependencies to be available for installation from a single repository.

module

• Logical set of application packages that includes everything required to install it, including the executables, libraries, documentation, tools, and utilities as well as dependent components.
• Modularity gives the flexibility to choose the version of software based on need.

• In older RHEL releases, each version of a package would have to come from a separate repository. (This has changed in RHEL 8.)
• Now modules of a single application with different versions can be stored and made available for installation from a common repository.
• The package management tool has also been enhanced to manipulate modules.

• RHEL 9 is shipped with two core repositories called BaseOS and Application Stream (AppStream).

BaseOS repository

• Includes the core set of RHEL 9 components
• kernel, modules, bootloader, and other foundational software packages.
• Lays the foundation to install and run software applications and programs.
• Available in the traditional rpm format.

AppStream repository

• Comes standard with core applications,
• Plus several add-on applications
• Rpm and modular format
• Include web server software, development languages, database software, etc.

Benefits of Segregation

Why separate BaseOS components from other applications?

(1) Separates application components from the core operating system elements.
(2) Allows publishers to deliver and administrators to apply application updates more frequently.

In previous RHEL versions, an OS update would update all installed components including the kernel, service, and application components to the latest versions by default.

This could result in an unstable system or a misbehaving application due to an unwanted upgrade of one or more packages.

By detaching the base OS components from the applications, either of the two can be updated independent of the other.

This provides enhanced flexibility in tailoring the system components and application workloads without impacting the underlying stability of the system.

Module Streams

• Collection of packages organized by version
• Each module can have multiple streams
• Each stream receives updates independent of the other streams
• Stream can be enabled or disabled.

enabled stream

• Allows the packages it contains to be queried or installed
• Only one stream of a specific module can be enabled at a time
• Each module has a default stream, which provides the latest or the recommended version.

Module Profiles

• List of recommended packages organized for purpose-built, convenient deployments to support a variety of use cases such as:
• Minimal, development, common, client, server, etc.
• A profile may also include packages from the BaseOS repository or the dependencies of the stream
• Each module stream can have zero, one, or more profiles associated with it with only one of them marked as the default.

Module Management

Modules are special package groups usually representing an application, a language runtime, or a set of tools. They are available in one or multiple streams which usually represent a major version of a piece of software, They are available in one or multiple streams which give you an option to choose what versions of packages you want to consume. https://docs.fedoraproject.org/en-US/modularity/using-modules/

Modules are a way to deliver different versions of software (such as programming languages, databases, or web servers) independently of the base operating system’s release cycle.

Each module can contain multiple streams, representing different versions or configurations of the software. For example, a module for Python might have streams for Python 2 and Python 3.

module dnf subcommand

• list, enable, install, query, remove, and disable modules.

Listing Available and Installed Modules

List all modules along with their stream, profile, and summary information available from all configured repos:

 dnf module list

Limit the output to a list of modules available from a specific repo such as AppStream by adding --repo AppStream:

 dnf module list --repo AppStream

Output:

• default (d)
• enabled (e)
• disabled (x)
• installed (i)

List all the streams for a specific module such as ruby and display their status:

 dnf module list ruby

Modify the above and list only the specified stream 3.3 for the module ruby

 dnf module list ruby:3.3

List all enabled module streams:

 dnf module list --enabled

Similarly, you can use the --installed and --disabled options with dnf module list to output only the installed or the disabled streams.

Refer to the module list subsection of the dnf command manual pages.

Installing and Updating Modules

Installing a module

• Creates directory tree for all packages included in the module and all dependent packages.
• Installs required files for the selected profile.
• Runs any post-installation steps.
• If module being loaded or a part of it is already present, the command attempts to update all the packages included in the profile to the latest available versions.

Install the perl module using its default stream and default profile:

 sudo dnf -y module install perl

Update a module called squid to the latest version:

 sudo dnf module update squid -y

Install the profile “common” with stream “rhel9” for the container-tools module: (module:stream/profile)

 sudo dnf module install container-tools:rhel9/common

Displaying Module Information

• Shows
  • Name, stream, version, list of profiles, default profile, repo name module was installed or is available from
  • Summary, description, and artifacts.
• Can be viewed by supplying module info with dnf.

List all profiles available for the module ruby:

 dnf module info --profile ruby

Limit the output to a particular stream such as 3.1:

 dnf module info --profile ruby:3.1

Refer to the module info subsection of the dnf command manual pages for more details.

Removing Modules

Removing a module will:

• Uninstall all the included packages and
• Delete all associated files and directory structure.
• Erases any dependencies as part of the deletion process.

Remove the ruby module with “3.1” stream:

 sudo dnf module remove ruby:3.1

Refer to the module remove subsection of the dnf command manual pages:

Lab: Manipulate Modules

• Perform management operations on a module called postgresql.
• Determine if this module is already installed and if it is available for installation.
• Show its information and install the default profile for stream “10”.
• Remove the module profile along with any dependencies
• confirm the removal.

1. Check whether the postgresql module is already installed(i):

 dnf module list postgresql

2. Display detailed information about the default stream of the module:

 dnf module info postgresql:15

3. Install the module with default profile for stream “15”:

 sudo dnf -y module install --profile postgresql:15

4. Display the module information again:

 dnf module info postgresql:15

5. Erase the module profile for the stream:

 dnf module remove -y postgresql:15

6. Confirm the removal (back to (d)):

 dnf module info postgresql:15

Switching Module Streams

• Typically performed to upgrade or downgrade the version of an installed module.

process:

• uninstall the existing version provided by a stream alongside any dependencies that it has,

• switch to the other stream

• install the desired version.

• Installing a module from a stream automatically enables the stream if it was previously disabled

• you can manually enable or disable it with the dnf command.

• Only one stream of a given module enabled at a time.

• Attempting to enable another one for the same module automatically disables the current enabled stream.

• dnf module list and dnf module info expose the enable/disable status of the module stream.

Lab: Install a Module from an Alternative Stream

• Downgrade a module to a lower version.
• Remove the stream ruby 3.3 and
• Confirm its removal.
• manually enable the stream perl 5.24 and confirm its new status.
• install the new version of the module and display its information.

1. Check the current state of all perl streams:

 dnf module list perl

2. Remove perl 5.26:

 sudo dnf module remove perl -y

1. Confirm the removal:

 dnf module list ruby

2. Reset the module so that neither stream is enabled or disabled. This will remove the enabled (e) indication from ruby 3.3

 sudo dnf module reset ruby

3. Install the non-default profile “minimal” for ruby stream 3.1. This will auto-enable the stream.

–allowerasing

• Will instruct the command to remove installed packages for dependency resolution.

 sudo dnf module install ruby:3.1 --allowerasing

4. Check the status of the module:

 dnf module list perl

The dnf Command

• Introduced in RHEL 8
• Can use interchangeably with yum in RHEL
  • yum is a soft link to the dnf utility.
• Requires the system to have access to either:
  • a local or remote software repository
  • a local installable package file.

Subscription Management* (RHSM) service

• Available in the Red Hat Customer Portal

• Offers access to official Red Hat software repositories.

• Other web-based repositories that host packages are available

• You can also set up a local, custom repository on your system and add packages of your choice to it.

Primary benefit of using dnf over rpm:

• Resolve dependencies automatically

  • By identifying and installing any additional required packages

• With multiple repositories set up, dnf extracts the software from wherever it finds it.

• Perform abundant software administration tasks.

• Invokes the rpm utility in the background

• Can perform a number of operations on individual packages, package groups, and modules:

  • listing
  • querying
  • installing
  • removing
  • enabling and disabling specific module streams.

Software handling tasks that dnf can perform on packages:

• Clean and repolist are specific to repositories.
• Refer to the manual pages of dnf for additional subcommands, operators, options, examples, and other details.

dnf subcommands that are intended for operations on package groups and modules:

For labs, you’ll need to create a definition file and configure access to the two repositories available on the RHEL 8 ISO image.

Lab: Configure Access to Pre-Built Repositories

Set up access to the two dnf repositories that are available on RHEL 9 image. (You should have already configured an automatic mounting of RHEL 9 image on /mnt.) Create a definition file for the repositories and confirm.

1. Verify that the image is currently mounted:

 df -h | grep mnt

2. Create a definition file called local.repo in /etc/yum.repos.d/ using the vim editor and define the following data for both repositories in it:

 [BaseOS] 
 name=BaseOS 
 baseurl=file:///mnt/BaseOS 
 gpgcheck=0 

 [AppStream] 
 name=AppStream 
 baseurl=file:///mnt/AppStream 
 gpgcheck=0

3. Confirm access to the repositories:

 sudo dnf repolist 

• Ignore lines 1-4 in the output that are related to subscription and system registration.
• Lines 5 and 6 show the rate at which the command read the repo data.
• Line 7 displays the timestamp of the last metadata check.
• last two lines show the repo IDs, repo names, and a count of packages they hold.
• AppStream repo consists of 4,672 packages
• BaseOS repo contains 1,658 packages.
• Both repos are enabled by default and are ready for use.

dnf yum Repository

dnf repository (yum repository or a repo)

• Digital library for storing software packages

• Repository is accessed for package retrieval, query, update, and installation

• The two repositories

  • BaseOS and AppStream
    • come preconfigured with the RHEL 9 ISO image.

• Number of other repositories available on the Internet that are maintained by software publishers such as Red Hat and CentOS.

• Can build private custom repositories for internal IT use for stocking and delivering software.

  • Good practice for an organization with a large Linux server base, as it manages dependencies automatically and aids in maintaining software consistency across the board.

• Can also be used to store in-house developed packages.

• It is important to obtain software packages from authentic and reliable sources such as Red Hat to prevent potential damage to your system and to circumvent possible software corruption.

• There is a process to create repositories and to access preconfigured repositories.

• There are two pre-set repositories available on the RHEL 9 image. You will configure access to them via a definition file to support the exercises and lab environment.

Repository Definition File

• Repo definition files are located in /etc/yum.repos.d/
• Can create local.repo file in this directory to specify local repos
• See dnf.conf man page

Sample repo definition file and key directives:

 [BaseOS_RHEL_9]
 name= RHEL 9 base operating system components
 baseurl=file://*mnt*BaseOS
 enabled=1
 gpgcheck=0

EXAM TIP:

• Knowing how to configure a dnf/yum repository using a URL plays an important role in completing some of the RHCSA exam tasks successfully.
• Use two forward slash characters (//) with the baseurl directive for an FTP, HTTP, or HTTPS source.

Five lines from a sample repo file: Line 1 defines an exclusive ID within the square brackets. Line 2 is a brief description of the repo with the “name” directive. Line 3 is the location of the repodata directory with the “baseurl” directive. Line 4 shows whether this repository is active. Line 5 shows if packages are to be GPGchecked for authenticity.

• Each repository definition file must have:

  • Unique ID
  • Description
  • Baseurl directive defined
  • Other directives are set as required.

• The baseurl directive for a local directory path is defined as file:///local_path

  • The first two forward slash characters represent the URL convention, and the third forward slash is for the absolute path to the destination directory)
  • FTP and
    • \ftp://hostname/network_path
  • HTTP(S)
    • http(s)://hostname/network_path
  • network path must include a resolvable hostname or an IP address.

Software Management with dnf

• Tools are available to work with individual packages as well as package groups and modules.
• rpm command is limited to managing one package at a time.
• dnf has an associated configuration file that can define settings to control its behavior.

dnf Configuration File

• Key configuration file: /etc/dnf/dnf.conf
• “main” section - Sets directives that have a global effect on dnf operations.
• Can define separate sections for each custom repository that you plan to set up on the system.
• Preferred location to store configuration for each custom repository in their own definition files is in /etc/yum.repos.d
  • default location created for this purpose.

Default content of this configuration file:

 cat /etc/dnf/dnf.conf

 [main]
 gpgcheck=1
 installonly_limit=3
 clean_requirements_on_remove=True
 best=True
 skip_if_unavailable=False

The above and a few other directives that you may define in the file:

For other directives: man 5 dnf.conf

Advanced Package Management DIY Labs

1. Configure Access to RHEL 8 Repositories (Make sure the RHEL 8 ISO image is attached to the VM and mounted.) Create a definition file under /etc/yum.repos.d/, and define two blocks (one for BaseOS and another for AppStream).

  vim /etc/yum.repos.d/local.repo

 [BaseOS]
 name=BaseOS 
 baseurl=file:///mnt/BaseOS 
 gpgcheck=0 

 [AppStrean]
 name=AppStream 
 baseurl=file:///mnt/AppStream 
 gpgcheck=0

4. Verify the configuration with dnf repolist. You should see numbers in thousands under the Status column for both repositories.

 dnf repolist -v

Lab: Install and Manage Individual Packages

1. List all installed and available packages separately.

 dnf list --available && dnf list --installed

2. Show which package contains the /etc/group file.

 dnf provides /etc/group

3. Install the package httpd.

 dnf -y install httpd

4. Review /var/log/yum.log/ for confirmation. (/var/lib/dnf/history)

  dnf history

5. Perform the following on the httpd package:
6. Show information

 dnf info httpd

2. List dependencies

 dnf repoquery --requires httpd

3. Remove it

 dnf remove httpd

Lab Install and Manage Package Groups

1. List all installed and available package groups separately.

 dnf group list available && dnf group list installed

1. Install package groups Security Tools and Scientific Support.

 dnf group install 'Security Tools'

2. Review /var/log/yum.log for confirmation.

 dnf history

3. Show the packages included in the Scientific Support package group, and delete this group.

 dnf group info 'Scientific Support' && dnf group  remove 'Scientific Support'

Lab: Install and Manage Modules

4. List all modules. Identify which modules, streams and profiles are installed, default, disabled, and enabled from the output.

 dnf module list

5. Install the default stream of the development profile for module php, and verify.

 dnf module install php && dnf module list

6. Remove the module.

 dnf module remove php

Lab Switch Module Streams and Install Software

7. List postgresql module. This will display the streams and profiles, and their status.

 dnf module list postgresql

8. Reset both streams

 dnf module reset postgresql

9. enable the stream for the older version, and install its client profile.

 dnf module install postgresql:15

Basic Package Management

RPM (Redhat Package Manager)

• Specially formatted File(s) packaged together with the .rpm extension.
• Packages included or available for RHEL are in rpm format.
• Metadata info gets updated whenever a package is updated.

rpm command

• Install, Upgrade, remove, query, freshen, or decompress packages.
• Validate package authenticity and integrity.

Packages

• Two types of packages binary (or installable) and source.

Binary packages

• Installation ready
• Bundled for distribution.
• Have .rpm extension.
• Contain:
  • install scripts (pre and post)
  • Executables
  • Configuration files
  • Library files
  • Dependency information
  • Where to install files
  • Documentation
    • How to install/uninstall
    • Man pages for config files/commands
    • Other install and usage info
  • Metadata
    • Stored in central location
    • Includes:
      • Package version
      • Install location
      • Checksum values
      • List of included files and their attributes
• Package intelligence
  • Used by package administration toolset for successful completion of the package installation process.
  • May include info on:
    • prerequisites
    • User account setup
    • Needed directories/ soft links
  • Includes reverse process for uninstall

Package Naming

5 parts to a package name: 1. Name 2. Version 3. release (revision or build) 4. Linux version 5. Processor Architecture - noarch - platform independant - src - Source code packages

• Always has .rpm extension
• .rpm is removed after install Example: openssl-1.1.1-8.el8.x86_64.rpm,

Package Dependency

• Dependency info is in the metadata
  • Read by package handling utilities

Package Database

• Metadata for installed packages and package files is stored in /var/lib/rpm/
  • Package database
  • Referenced by package manipulation utilities to obtain:
    • package name and version data
    • Info about owerships, permissions, timestamps, and file sizes that are part of the package.
    • Contain info on dependencies.
    • Aids management commands in:
      • listing and querying packages
      • Verifying dependencies and file attributes.
      • Installing new packages.
      • Upgrading and uninstalling packages.
    • Removes and replaces metadata when a package is replaced.
    • Can maintain multiple version of a single package.

Package Management Tools

• rpm (redhat package manager)
  • Does not automatically resolve dependencies.
• yum (yellowdog update, modified)
  • Find, get, and install dependencies automatically.
  • softlink to dnf now.
• dnf (dandified yum)

Package management with rpm

rpm package management tasks: - query - install - upgrade - freshen - overwrite - remove - extract - validate - verify

• Works with installed and installable packages.

rpm command

Query options

Query and display packages
-q (--query)

List all installed packages
-qa (--query --all)

List config files in a package
-qc (--query --config-files)

List documentation files in a package
-qd (--query --docfiles)

Exhibit what package a file comes from
-qf (--query --file)

Show installed package info (Version, Size, Installation status, Date, Signature, Description, etc.) -qi (--query --info)

Show installable package info (Version, Size, Installation status, Date, Signature, Description, etc.) -qip (--query --info --package)

List all files in a package.
-ql (--query --list)

List files and packages a package depends on.
-qR (--query --requires)

List packages that provide the specified package or file.
-q --whatprovides

List packages that require the specified package or file.
-q --whatrequires

Package installation options

Remove a package
-e (--erase)

Upgrades installed package. Or loads if not installed.
-U (--upgrade)

Display detailed information
-v (--verbose or -vv)

Verify integrity of a package or package files
-V (--verify)

Querying packages

Query packages in the package database or at a specified location.

Installing a package

• Creates directory structure needed
• Installs files
• Runs needed post installation steps
• Installing package will fail if missing dependencies.
• Error message will show missing dependencies.

Upgrading a package

• Installs the package if previous version does not exist. (-U)
• Makes backup of effected configuration files and adds .rpmsave extension.

Freshening a package

• Older version must exist.
• -F option
• Will only work if a newer version of a package is available.

Overwriting a Package

• Replaces existing files of a package with the same version.
• –replacepkgs option.
• Useful when you suspect corruption.

Removing a Package

• Uninstalls package and associated files/ directories
• -e Option
• Checks to see if this package is a dependency for another program and fails if it is.

Extracting Files from an Installable Package

• rpm2cpio command
• -i (extract)
• -d create directory structure. Useful for:
  • Examining package contents.
  • Replacing corrupt or lost command.
  • Replace critical configuration file to it’s original state

Package Integrity and Credibility

• MD5 Checksum for verifying package integrity
• GNU Privacy Guard Public Key (GNU Privacy Guard or GPG) for ensuring credibility of publisher.
• PGP (Pretty Good Privacy) - commercial version of GPG.
• --nosignature
  • Don’t verify package or header signatures when reading.
• -K
  • keep package files after installation rpmkeys command
  • check credibility, import GPG key, and verify packages
• Redhat signs their products and updates with a GPG key.
  • Files in installation media include public keys in the products for verification.
  • Copied to /etc/pki/rpm-gpg during OS installation. RPM-GPG-KEY-redhat-release
    • Used for packages shipped after November 2009 and their updates. RPM-GPG-KEY-redhat-beta
    • For Beta products shipped after November 2009.
• Import the relevant GPG key and the verify the package to check the credibility of a package.

Viewing GPG Keys

• view with rpm command rpm -q gpg-pubkey
• -i option
  • show info about a key.

Verifying Package Attributes

• Compare package file attributes with originals stored in package database at the time of installation.
• -V option
  • compare owner, group, permission mode, size, modification time, digest, type, etc.
  • Returns to prompt if no changes are detected
  • -v or vv for verbose
• -Vf
  • run the check directly on the file
• Three columns of output:
  • Column 1
    • 9 fields
      • S = Different file size.
      • M = Mode or permission or file type change.
      • 5 = MD5 Checksum does not match.
      • D = Device file and its major and minor number have changed.
      • L = File is a symlink and it’s path has been altered.
      • U = Ownership has changed.
      • G = Group membership has been modified.
      • T = Timestamp changed.
      • P = Capabilities are altered.
      • . = No modifications detected.
  • Column 2
    • File type
      • c = Configuration file
      • d = Documentation File
      • g = Ghost FIle
      • l = License file
      • r = Readme file
  • Column 3
    • Full path of file

Basic Package Management Labs

Lab: Mount RHEL 9 ISO Persistently

1. Go to the VirtualBox VM Manager and make sure that the RHEL 8 image is attached to RHEL9-VM1 as depicted below:

2. Open the /etc/fstab file in the vim editor (or another editor of your choice) and add the following line entry at the end of the file to mount the DVD image (/dev/sr0) in read-only (ro) mode on the /mnt directory.

   /dev/sr0 /mnt iso9660 ro 0 0

Note: sr0 represents the first instance of the optical device and iso9660 is the standard format for optical file systems.

3. Mount the file system as per the configuration defined in the /etc/fstab file using the mount command with the -a (all) option:

   sudo mount -a

4. Verify the mount using the df command:

   df -h | grep mnt

Note: The image and the packages therein can now be accessed via the /mnt directory just like any other local directory on the system.

5. List the two directories—/mnt/BaseOS/Packages and /mnt/AppStream/Packages—that contain all the software packages (directory names are case sensitive):

   ls -l /mnt/BaseOS/Packages | more

Lab: Query Packages (RPM)

1. query all installed packages: rpm -qa

2. query whether the perl package is installed: rpm -q perl

3. list all files in a package: rpm -ql iproute

4. list only the documentation files in a package: rpm -qd audit

5. list only the configuration files in a package: rpm -qc cups

6. identify which package owns the specified file: rpm -qf /etc/passwd

7. display information about an installed package including version, release, installation status, installation date, size, signatures, description, and so on: rpm -qi setup

8. list all file and package dependencies for a given package: rpm -qR chrony

9. query an installable package for metadata information (version, release, architecture, description, size, signatures, etc.): rpm -qip /mnt/BaseOS/Packages/zsh-5.5.1-6.el8.x86_64.rpm

10. determine what packages require the specified package in order to operate properly: rpm -q --whatrequires lvm2

Lab: Installing a Package (RPM)

1. Install zsh-5.5.1-6.el8.x86_64.rpm sudo rpm -ivh /mnt/BaseOS/Packages/zsh-5.5.1-6.el8.x86_64.rpm

Lab: Upgrading a Package (RPM)

1. Upgrade sushi with the -U option: sudo rpm -Uvh /mnt/AppStream/Packages/sushi-3.28.3-1.el8.x86_64.rpm

Lab: Freshening a Package

1. Freshen the sushi package: sudo rpm -Fvh /mnt/AppStream/Packages/sushi-3.28.3-1.el8.x86_64.rpm

Lab: Overwriting a Package

1. Overwrite zsh-5.5.1-6.el8.x86_64 sudo rpm -ivh --replacepkgs /mnt/BaseOS/Packages/zsh-5.5.1-6.el8.x86_64

Lab: Removing a Package

1. Remove sushi sudo rpm sushi -ve

Lab: Extracting Files from an Installable Package

1. You have lost /etc/crony.conf. Determine what package this file comes from: rpm -qf /etc/chrony.conf

2. Extract all files from the crony package to /tmp and create the directory structure:

[root@server30 mnt]# cd /tmp

[sudo rpm2cpio /mnt/BaseOS/Packages/chrony-3.3-3.el8.x86_64.rpm | cpio -imd
1066 blocks](<[root@server30 tmp]# rpm2cpio /mnt/BaseOS/Packages/chrony-4.3-1.el9.x86_64.rpm | cpio -imd
1253 blocks>)

3. Use find to locate the crony.conf file: sudo find . -name chrony.conf

4. Copy the file to /etc:

Lab: Validating Package Integrity and Credibility

1. Check the integrity of zsh-5.5.1-6.el8.x86_64.rpm located in /mnt/BaseOS/Packages: rpm -K /mnt/BaseOS/Packages/zsh-5.5.1-6.el8.x86_64.rpm --nosignature
2. Import the GPG key from the proper file and verify the signature for the zsh-5.5.1-6.el8.x86_64.rpm package.

sudo rpmkeys --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
sudo rpmkeys -K /mnt/BaseOS/Packages/zsh-5.5.1-6.el8.x86_64.rpm

Lab: Viewing GPG Keys

1. List the imported key: rpm -q gpg-pubkey
2. View details for the first key: rpm -qi gpg-pubkey-fd431d51-4ae0493b

Lab: Verifying Package Attributes

1. Run a check on the at program: sudo rpm -V at

2. Change permissions of one of the files and run the check again:

ls -l /etc/sysconfig/atd
sudo chmod -v 770 /etc/sysconfig/atd
sudo rpm -V at

3. Run the check directly on the file: sudo rpm -Vf /etc/sysconfig/atd

4. Reset the value and check the file again:

sudo chmod -v 644 /etc/sysconfig/atd
sudo rpm -V at

Lab: Perform Package Management Using rpm

1. Run the ls command on the /mnt/AppStream/Packages directory to confirm that the rmt package is available:

[root@server30 tmp]# ls -l /mnt/BaseOS/Packages/rmt*
-r--r--r--. 1 root root 49582 Nov 20  2021 /mnt/BaseOS/Packages/rmt-1.6-6.el9.x86_64.rpm

2. Run the rpm command and verify the integrity and credibility of the package:

[root@server30 tmp]# rpmkeys -K /mnt/BaseOS/Packages/rmt-1.6-6.el9.x86_64.rpm
/mnt/BaseOS/Packages/rmt-1.6-6.el9.x86_64.rpm: digests signatures OK

3. Install the Package:

[root@server30 tmp]# rpmkeys -K /mnt/BaseOS/Packages/rmt-1.6-6.el9.x86_64.rpm
/mnt/BaseOS/Packages/rmt-1.6-6.el9.x86_64.rpm: digests signatures OK
[root@server30 tmp]# rpm -ivh /mnt/BaseOS/Packages/rmt-1.6-6.el9.x86_64.rpm
Verifying...                         ################################# [100%])
Preparing...                         ################################# [100%])
Updating / installing...
   1:rmt-2:1.6-6.el9                 ################################# [100%])

4. Show basic information about the package:

[root@server30 tmp]# rpm -qi rmt
Name        : rmt
Epoch       : 2
Version     : 1.6
Release     : 6.el9
Architecture: x86_64
Install Date: Sat 13 Jul 2024 09:02:08 PM MST
Group       : Unspecified
Size        : 88810
License     : CDDL
Signature   : RSA/SHA256, Sat 20 Nov 2021 08:46:44 AM MST, Key ID 199e2f91fd431d51
Source RPM  : star-1.6-6.el9.src.rpm
Build Date  : Tue 10 Aug 2021 03:13:47 PM MST
Build Host  : x86-vm-55.build.eng.bos.redhat.com
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://freecode.com/projects/star
Summary     : Provides certain programs with access to remote tape devices
Description :
The rmt utility provides remote access to tape devices for programs
like dump (a filesystem backup program), restore (a program for
restoring files from a backup), and tar (an archiving program).

5. Show all the files the package contains:

[root@server30 tmp]# rpm -ql rmt
/etc/default/rmt
/etc/rmt
/usr/lib/.build-id
/usr/lib/.build-id/c2
/usr/lib/.build-id/c2/6a51ea96fc4b4367afe7d44d16f1405c3c7ec9
/usr/sbin/rmt
/usr/share/doc/star
/usr/share/doc/star/CDDL.Schily.txt
/usr/share/doc/star/COPYING
/usr/share/man/man1/rmt.1.gz

6. List the documentation files the package has:

[root@server30 tmp]# rpm -qd rmt
/usr/share/doc/star/CDDL.Schily.txt
/usr/share/doc/star/COPYING
/usr/share/man/man1/rmt.1.gz

7. Verify the attributes of each file in the package. Use verbose mode.

[root@server30 tmp]# rpm -vV rmt
.........  c /etc/default/rmt
.........    /etc/rmt
.........  a /usr/lib/.build-id
.........  a /usr/lib/.build-id/c2
.........  a /usr/lib/.build-id/c2/6a51ea96fc4b4367afe7d44d16f1405c3c7ec9
.........    /usr/sbin/rmt
.........    /usr/share/doc/star
.........  d /usr/share/doc/star/CDDL.Schily.txt
.........  d /usr/share/doc/star/COPYING
.........  d /usr/share/man/man1/rmt.1.gz

8. Remove the package:

[root@server30 tmp]# rpm -ve rmt
Preparing packages...
rmt-2:1.6-6.el9.x86_64

Lab 9-1: Install and Verify Packages

As user1 with sudo on server3,

• make sure the RHEL 9 ISO image is attached to the VM and mounted.
• Use the rpm command and install the zsh package by specifying its full path.

[root@server30 Packages]# rpm -ivh /mnt/BaseOS/Packages/zsh-5.8-9.el9.x86_64.rpm 
Verifying...                         ################################# [100%])
Preparing...                         ################################# [100%])
	package zsh-5.8-9.el9.x86_64 is already installed

• Run the rpm command again and perform the following on the zsh package:
• (1) show information

[root@server30 Packages]# rpm -qi zsh
Name        : zsh
Version     : 5.8
Release     : 9.el9
Architecture: x86_64
Install Date: Sat 13 Jul 2024 06:49:40 PM MST
Group       : Unspecified
Size        : 8018363
License     : MIT
Signature   : RSA/SHA256, Thu 24 Feb 2022 08:59:15 AM MST, Key ID 199e2f91fd431d51
Source RPM  : zsh-5.8-9.el9.src.rpm
Build Date  : Wed 23 Feb 2022 07:10:14 AM MST
Build Host  : x86-vm-56.build.eng.bos.redhat.com
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://zsh.sourceforge.net/
Summary     : Powerful interactive shell
Description :
The zsh shell is a command interpreter usable as an interactive login
shell and as a shell script command processor.  Zsh resembles the ksh
shell (the Korn shell), but includes many enhancements.  Zsh supports
command line editing, built-in spelling correction, programmable
command completion, shell functions (with autoloading), a history
mechanism, and more.

• (2) validate integrity

[root@server30 Packages]# rpm -K zsh-5.8-9.el9.x86_64.rpm
zsh-5.8-9.el9.x86_64.rpm: digests signatures OK

• (3) display attributes [root@server30 Packages]# rpm -V zsh

Lab 9-2: Query and Erase Packages

As user1 with sudo on server3,

• make sure the RHEL 9 ISO image is attached to the VM and mounted.
• Use the rpm command to perform the following:
• (1) check whether the setup package is installed

[root@server30 Packages]# rpm -q setup
setup-2.13.7-10.el9.noarch

• (2) display the list of configuration files in the setup package

[root@server30 Packages]# rpm -qc setup
/etc/aliases
/etc/bashrc
/etc/csh.cshrc
/etc/csh.login
/etc/environment
/etc/ethertypes
/etc/exports
/etc/filesystems
/etc/fstab
/etc/group
/etc/gshadow
/etc/host.conf
/etc/hosts
/etc/inputrc
/etc/motd
/etc/networks
/etc/passwd
/etc/printcap
/etc/profile
/etc/profile.d/csh.local
/etc/profile.d/sh.local
/etc/protocols
/etc/services
/etc/shadow
/etc/shells
/etc/subgid
/etc/subuid
/run/motd
/usr/lib/motd

• (3) show information for the zlib-devel package on the ISO image

[root@server30 Packages]# rpm -qi ./zlib-devel-1.2.11-40.el9.x86_64.rpm
Name        : zlib-devel
Version     : 1.2.11
Release     : 40.el9
Architecture: x86_64
Install Date: (not installed)
Group       : Unspecified
Size        : 141092
License     : zlib and Boost
Signature   : RSA/SHA256, Tue 09 May 2023 05:31:02 AM MST, Key ID 199e2f91fd431d51
Source RPM  : zlib-1.2.11-40.el9.src.rpm
Build Date  : Tue 09 May 2023 03:51:20 AM MST
Build Host  : x86-64-03.build.eng.rdu2.redhat.com
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : https://www.zlib.net/
Summary     : Header files and libraries for Zlib development
Description :
The zlib-devel package contains the header files and libraries needed
to develop programs that use the zlib compression and decompression
library.

• (4) reinstall the zsh package (–reinstall -vh),

[root@server30 Packages]# rpm -hv --reinstall ./zsh-5.8-9.el9.x86_64.rpm
Verifying...                         ################################# [100%])
Preparing...                         ################################# [100%])
Updating / installing...
   1:zsh-5.8-9.el9                   ################################# [ 50%])
Cleaning up / removing...
   2:zsh-5.8-9.el9                   ################################# [100%])

• (5) remove the zsh package. [root@server30 Packages]# rpm -e zsh