Linux Services Organization

Our goal, introduce Linux services to the enterprise world.
Contact us in contact@linuxsv.org

Linux Services Organization : Linux Server Package Management

RPM Package Management

RHEL6 has PackageKit Package Manager as GUI tool to install and update packages on the system. PackageKit is the graphical version of yum which is used to install packages from a repository. All these tools are using the core tool to install precompiled RPM Packages (.rpm) the RPM Packet Manager : rpm.

RPM installation

There are two main methods to install RPMs packages on a RHEL6, the first on is install a new package:

$ rpm -ihv package.rpm

Another way is update an installed package (or install the package if it is not installed):

$ rpm -Uhv ftp://site1.example.com/rpms/package.rpm

A mention must be done about Kernel Update action: always install the new kernel (rpm -ihv kernel-new.rpm) instead of upgrade the kernel (rpm -Uhv kernel-new.rpm) because if the kernel is upgraded the old kernel is removed and in case of error the old kernel will not be available resulting an unbootable system:

rpm -ihv kernel-new.rpm

In order to remove a package the following command must be used:

rpm -e package.rpm

RPM Info

Every action performed by rpm commands is registered on the rpm database on /var/lib/rpm. This database contains the information about what packages are installed, what versions each package is, and any changes to any files in the package since installation, etc . Using the rpm query mode (rpm -q) this information can be queried:

rpm -qa
Lists all installed packages.

rpm -qf file
Identifies the package that installed file.

rpm -q --whatprovides file
Identifies the package that provides file.

rpm -qc package.rpm
Lists configuration files from package.

rpm -qd package.rpm
List documentation files from package.

rpm -qi package.rpm
Displays package general information.

rpm -ql package.rpm
Lists all files installed from package.

rpm -qR package.rpm
Lists package dependencies: these packages must be installed in order to get package working correctly.

RPM Package Signature

RPM uses md5sum to verify that the content of the RPM has not been modified (integrity) and GPG to verify the authenticity of the rpm.

rpm -K --nosignature package.rpm
Verifies only the rpm md5sum to be sure that the package is intact. The message 'md5 OK' is displayed if package has not been modified.

rpm --checksig package.rpm
Verifies the package authenticity and integrity. Previously the package GPG keys must be imported with 'rpm --import'.

RPM Verification

Once the package has been installed rpm can verify that the files installed by the package have not been modified on the system. Verifying an installed package compares information about that package with information from the RPM database when rpm is executed in verify mode (rpm --verify):

rpm --verify -a
Verify all files within a package against a downloaded RPM.

rpm --verify -p package.rpm
Verify all files associated with a particular package.

rpm --verify --file file
Verify a file associated with a particular package.

In the verification process if everything is verified properly, there is no output. If there are any discrepancies, they are reported. The format of the report is a string of eight characters and a file name. The eight characters show the result of a comparison of one attribute of the file to the value recorded in the RPM database. A single period (.) means the test passed. The eight checking are the following:

5 MD5 checksum
S File size
L Symbolic link
T File modification time
D Device
U User
G Group
M Mode
? unreadable file


For example:

$ rpm --verify --file /etc/ntp.conf
S.5....T c /etc/ntp.conf


It means that the ntp.conf file size (S) md5sum (5) and file time modification (T) has been changed since the installation of the package.

Building RPMs

Because of Linux provides the packages software source code in tar.gz or .srpm source-rpm format , binary rpms can be built compiling the source code with the rpmbuild command. Letīs see how an rpm package can be created from the source-rpm package:

rpm -ihv package.src.rpm
installs the content of the SRPMS (software source code) in the /root/rpmbuild which directory structure is the following:

SOURCES
Contains the original software source code.

SPECS
Contains spec files, which defines how the RPM build process is done.

BUILD
In this directory the software source code is unpacked and built.

RPMS
The binary RPM result is copied here.

SRPMS
Contains the SRPM created by the build process, if required.


Once the source-rpm is installed the source code is copied to SOURCES dir and a spec file is copied on /root/rpmbuild/SPECS/package.spec. This file contains the package compilation instructions and what actions are performed on the system when the package is installed or removed. The content of the spec file is the following:

%preamble
Includes general information about the package that is shown with an rpm -qi command.

%description
The package description.

%pre
Macro for preinstallation scripts.

%prep
Preparatory commands required before building the source code, such as cleaning directories, unpacking tars, etc.

%build
The commands used in the compile and build sources.

%install
Commands to install/uninstall the software on the system. Also contains the scripts that can be executed before/after installation/uninstallation process.

%verify
Additional scripts for extra checks.

%clean
Scripts to perform any cleanup tasks.

%post
Macro that cleans up after installation.

%preun
Scripts to get ready the uninstallation.

%postun
Macro that cleans up after uninstallation.

%files
List of files in the package.

%changelog
Logs that form the package history changes.

Once the spec file has been modified the build of a new binary rpm can be executed with 'rpmbuild -b' command than calls the scripts specified in the %prep, %build, and %install:

$ rpmbuild -bb package.spec
The software source code on SOURCES dir is compiled following the instructions on the spec file on SPECS directory and a binary ready-to-install RPM is generated on RPMS directory.

Questions

1.- Which command must be used in order to update the Linux Kernel ?

2.- In which system directory is located the RPM database ?

3.- RPM can only get information about installed rpms (true/false)

4.- The command 'rpm -Uhv package.rpm' can not be used to install new packages on the system (true/false)

5.- Which command can be used to list all installed packages on the system ?

6.- In which directory must be located the spec file in order to build a binary rpm from the source code ?

7.- The command 'rpmbuild package.spec' will start the package.rpm compilation and building from his source code (true/false)

8.- The result of running 'rpm -V --file /usr/bin/ssh' is : ..5...... What it means ?

9.- Which command can be used to find what package owns the file /etc/ntp.conf :
A - rpm -qp /etc/ntp.conf
B - rpm -qf /etc/ntp.conf
C - rpm -ql /etc/ntp.conf

10.- Which command can be used to verify that the files installed by package.rpm has not been modified :
A - rpm --checksig package.rpm
B - rpm -V package.rpm
C - rpm --import package.rpm
D - rpm -K package.rpm

Labs

1.- Download 'cacti' source rpm from official web site. Once verified the package authenticity and integrity compile and build the binary RPM for your system.

2.- List all system files that have been changed since they have been installed. Analyze the result.

3.- Update your CentOS5 Kernel with a new kernel available on CentOS site. Verify the files added by this new kernel and the configuration changes applied.

-- This page is part of Linux Server online tutorial --