fbpx To work with the CentOS RPM package manager
24/7/365 Support

Working with the CentOS RPM package manager

All software on a CentOS 7 system is distributed through RPM packages. Most of the time the YUM package manager is the first choice of any system administrator, performing software installation and maintenance, and is highly recommended whenever possible as it provides system integrity checks and has excellent package dependency resolution. In this process, we will show you an alternative way to manage your packages. We will be exploring the RPM package manager, which is a powerful tool used to build, install, query, verify, update, and erase individual RPM software packages. Though it is not as intelligent as YUM, as it cannot resolve package dependencies or work with repositories, it can be still relevant today since it provides very useful querying options that are not available in YUM, and it can be used to install single software packages manually.

To Start With: What Do You Need?

To complete this process, you will require a working installation of the CentOS 7 operating system with root privileges, a console-based text editor of your choice, and a connection to the Internet in order to facilitate the download of additional RPM packages.

The Process

We start this process by downloading a rpm package from the Internet, which we will use to show you an example of how the rpm command works:

  1. We will begin by logging in as root into the root’s home directory and downloading the pipe view program from the EPEL repository, which cannot be found in the official CentOS repository:
    Note
    cd ~;curl -O http://dl.fedoraproject.org/pub/epel/7/x86_64/p/pv-1.4.61.el7.x86_64.rpm
    Please note that while you are reading this, the package URL may have changed.
  2. After the download has been completed, we will install this package using the following rpm command:
    rpm -Uvh ~/pv-1.4.6-1.el7.x86_64.rpm
  3. If the installation has finished, let’s check if the installation of the package was successful by querying the RPM database:
    rpm -qa | grep "pv-"
  4. You can also test the pv program directly (press Ctrl+C keys to quit):
    dd if=/dev/urandom | pv | dd of=/dev/null
  5. We can now use the rpm command’s rich querying options to show useful information of the installed package:
    rpm -qi pv
    rpm -ql pv
    rpm -qd pv
  6. Finally, let’s remove the package if you don’t like or need it anymore:
    rpm -e pv

How it works…

Here, in this process, we introduced you to the RPM package manager, which is the original program to manage RPM packages. The RPM package is a packaging standard for the distribution of software and contains useful metadata in the file to verify the authorship (for example, using signature verification with PGP) and integrity of the software included. The installation of packages containing binary programs instead of manually compiling and building them from scratch is much easier and more consistent, but RPM packages can also contain any type of file, such as source code or just documentation files. As said in the introduction, the rpm command has six different modes of operation: building, installing, uninstalling, updating, querying, and verifying rpm packages. Here, in this process, we showed you how to use the most important five operations (we don’t show building RPM’s).

So, what have we learned from this experience?

We started by logging in as root and downloading the pv (pipe viewer) rpm package example from the non-official EPEL CentOS repository (EPEL contains high-quality add-on packages, thoroughly checked and officially conformed; see the Using a third-party repository process to learn more about the EPEL repository) manually using curl, because it is not available in the official repository but can be a very useful tool.

Note

Although there are many RPM repositories and download sources on the Internet, for security and compatibility reasons, on productive systems you should consider installing only official CentOS 7 RPM packages from valid and reputable repositories and sources. In general, the packages contained are best tested and reviewed by many experts and users.

The downloaded package file’s name can be read the following way, which follows the following non-mandatory naming convention for RHEL/CentOS packages:
pv-1.4.6-1.x86_64.rpm = package name (pv)-version number (1.4.6)release(1)-CPU architecture (x86_64)

Next, we installed the downloaded pv package using the RPM package manager, which can be executed using the rpm command on the command line. We used it with the -Uvh command parameters together with the full name of the downloaded package rpm file.

Note

If using the rpm command for installing or upgrading rpm software packages, you should always use -Uvh with one exception; which are kernel packages. -U will remove old packages while updating, and this is not what you want if you install a new kernel. Use -i (for installing) here instead, as this will keep the old kernel files so that you can go back to an earlier version if you run into some problems.

-U is the parameter for installing or upgrading a package. If the package is not installed on the system, it will get installed; otherwise, rpm tries to upgrade it if it the RPM package version is newer than the one installed. The -v parameter prints a more verbose output, while -h displays a nice progress bar. Installing the pv package when you have not enabled the EPEL repository on your system will get the following warning message:
pv-1.6.0-1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 3fc56f51: NOKEY

RPM will automatically check the validity of the package’s signature before installing to make sure that the package’s content has not been modified since it has been signed. Also, it checks that an RPM package is trustworthy, as it should be signed by an official third-party authority vendor using an encrypted key. You can ignore this message, as packages from the EPEL repository are from a secure source. To permanently trust EPEL sources, you can install its gpg public key on your system using the following command and getting rid of all future signature warning messages:
rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7

Having successfully installed the package, we now have a nice command line tool called pv to show the progress of data going through a Unix pipe, which can be useful if you are transferring huge amounts of data through pipelines where you normally never know the current state of progress. Afterward, we queried the RPM database that stores information about all installed packages on a CentOS 7 system, using the rpm command with the -q flag. Working on the RPM database, we must use the true package name (pv) instead of the filename (pv-1.4.6-1.x86_64.rpm) that we used when we installed the packages in the first place. The same is true when removing an installed package; please specify the package name and not the version number or full filename.

To get detailed information about the installed package, pv, we used -qi (i for information), with the -ql parameter; we showed the full filename and path of all files in the package. -qd showed all the files in the package containing documentation. To read about more querying options, type man rpm and look under the PACKAGE QUERY OPTIONS section.

In summary, we can say that there are situations in a system administrator’s life where one needs to install a piece of software that is not distributed through an official repository (for example, non-open-source, cutting-edge program or beta versions, software that has a license disallowing the ability to put it into a repository such as Java, or software from independent developers), and where one will have to download individual RPM packages and install them manually. Under the hood, YUM also depends and uses the RPM package manager in the background, so you are also able to use the YUM program to install rpm files (yum install <filename.rpm>). However, when it comes to querying your downloaded rpm files or installed packages on your system, there are situations where it’s better to use the older rpm command without having to install additional YUM-based software such as yum-utils.

The biggest weakness of RPM is that it does not support repositories and is missing a dependency management system. If you work with RPM alone to install all your software on a CentOS system, you will easily run into package dependency problems where you cannot install a specific package because it relies on some other packages. Often, when you try to install the dependent packages, you need other packages that they depend on and so on. This can be very tedious work and should always be avoided by using YUM instead.

There's more…

The rpm command can not only be used to query the rpm database for information about installed packages, you can also use it to query rpm files that you downloaded. For example, use the -qlp parameter to show all files in a local rpm package file:
rpm -qlp ~/pv-1.4.6-1.el7.x86_64.rpm

To get detailed information about the package from the rpm file, use the -qip parameter, as shown here:
rpm -qip ~/pv-1.4.6-1.el7.x86_64.rpm

If you want to install an RPM package that you have downloaded locally and that has dependencies, you can use the yum localinstall command. This will install the local package once supplied with its filename, and will try to resolve all the dependencies from remote sources, for example:

wget http://location/to/a/rpm/package_name.rpm
yum localinstall package_name.rpm

 

Help Category:

What Our Clients Say