Linux Commands · October 7, 2021

RPM verify

[RHEL] Some Useful RPM Package Manager Commands

RPM is an acronym for RPM Package Manager. Just like with GNU (GNU is not Unix), it has a recursive name. RPM is also known as the Red Hat Package Manager. RPM is mainly used for package management in Red Hat Enterprise Linux. Since RPM is a free software, distributed under GPL license, some popular distros like CentOS (Community Enterprise Operating System) is also using RPM as a package manager.

First, we’ll download an RPM package to work on. Let’s get started with some examples. I’ll be using “wget” package for practice. You can download wget RPM package from here.

Install, upgrade, remove and freshen an RPM package

To install an RPM package, you can use -i or –install flag, followed by the package file:

[root@localhost ~]# ls
anaconda-ks.cfg  wget-1.14-18.el7_6.1.x86_64.rpm
[root@localhost ~]# rpm -i wget-1.14-18.el7_6.1.x86_64.rpm 
[root@localhost ~]# echo $?
0

Ummm… Is this thing on? Well, yes. We haven’t got any errors and our “echo $?” returned 0, we can say that our package has been installed successfully.

To remove an RPM package, simply use -e or –erase. Notice that this command requires the package name, not the package file itself:

[root@localhost ~]# rpm -e wget
[root@localhost ~]# wget
-bash: wget: command not found

Freshen is some kind of update. But it only works if an earlier version has already been installed. If the given package is newer than the installed one, RPM freshens the package:

[root@localhost ~]# rpm -F wget-1.14-18.el7_6.1.x86_64.rpm 
[root@localhost ~]# wget
-bash: wget: command not found

Since we’ve already removed the wget package, we couldn’t freshen it. Nothing has changed. Bottom line, RPM freshen means “update an already installed package”.

RPM upgrade works different than freshen. This command will check if the given RPM file has already been installed. If not, it’ll install it. If the package has already installed but given package file contains a newer version, rpm -U will upgrade the package:

[root@localhost ~]# wget
-bash: wget: command not found
[root@localhost ~]# rpm -U wget-1.14-18.el7_6.1.x86_64.rpm 
[root@localhost ~]# wget
wget: missing URL
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.

Since we didn’t have the wget package, rpm -U installed it.

If you want to see the progress of installation, you can use -h or –hash. This will display hashes during installation to inform you about progress:

[root@localhost ~]# rpm -e wget
[root@localhost ~]# rpm -ih wget-1.14-18.el7_6.1.x86_64.rpm 
################################# [100%]
Updating / installing...
################################# [100%]

List all installed RPM packages

To list all RPM packages installed on a system, we can combine RPM query (-q) with all (-a) flag:

[root@localhost ~]# rpm -qa
openssh-clients-7.4p1-21.el7.x86_64
setup-2.8.71-11.el7.noarch
audit-2.8.5-4.el7.x86_64
ncurses-base-5.9-14.20130511.el7_4.noarch
aic94xx-firmware-30-6.el7.noarch
dracut-config-rescue-033-572.el7.x86_64
.....................
crontabs-1.11-6.20121102git.el7.noarch
openssh-7.4p1-21.el7.x86_64
alsa-tools-firmware-1.1.0-1.el7.x86_64
teamd-1.29-3.el7.x86_64
python-pyudev-0.15-9.el7.noarch

Further, you can pipe this output to wc -l or nl to see how many RPM packages installed on a system:

[root@localhost ~]# rpm -qa | wc -l
302

What package did this file come from?

Let’s assume you’ve bumped into a configuration file, yet have no idea what package brought this file. You can use RPM to query this information. -q for query and -f for file:

[root@localhost ~]# ls /etc/crontab 
/etc/crontab
[root@localhost ~]# rpm -qf /etc/crontab
crontabs-1.11-6.20121102git.el7.noarch

As you can see, the “/etc/crontab” file came with the “crontabs” package.

Find dependencies of a package

If you need to find out dependencies of an RPM package, you can use -R (requires) flag in your queries. Note that this query requires the package name, not the package file:

[root@localhost ~]# rpm -qR wget-1.14-18.el7_6.1.x86_64.rpm 
package wget-1.14-18.el7_6.1.x86_64.rpm is not installed
[root@localhost ~]# rpm -qR wget
/bin/sh
/bin/sh
/sbin/install-info
/sbin/install-info
config(wget) = 1.14-18.el7_6.1
libc.so.6()(64bit)
libc.so.6(GLIBC_2.11)(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.15)(64bit)
libc.so.6(GLIBC_2.17)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.8)(64bit)
libcrypto.so.10()(64bit)
libcrypto.so.10(libcrypto.so.10)(64bit)
libdl.so.2()(64bit)
libidn.so.11()(64bit)
libidn.so.11(LIBIDN_1.0)(64bit)
libpcre.so.1()(64bit)
libssl.so.10()(64bit)
libssl.so.10(libssl.so.10)(64bit)
libuuid.so.1()(64bit)
libuuid.so.1(UUID_1.0)(64bit)
libz.so.1()(64bit)
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
rpmlib(PayloadIsXz) <= 5.2-1

List all the files came with a package

You’ve installed a package and you need to know the files came with this package. Like a configuration file, binaries or documentation. You can combine -l or –list with your query:

[root@localhost ~]# rpm -ql crontabs
/etc/cron.daily
/etc/cron.hourly
/etc/cron.monthly
/etc/cron.weekly
/etc/crontab
/etc/sysconfig/run-parts
/usr/bin/run-parts
/usr/share/man/man4/crontabs.4.gz
/usr/share/man/man4/run-parts.4.gz

Above, you’re looking at the list of files came with the “crontabs” package.

How to verify an RPM package?

Sometimes you might want to check if your package’s information is correct. rpm -V compares the installed files with the information on RPM database. Since we’ve already know which files came with crontabs, let’s change one of them:

[root@localhost ~]# rpm -V crontabs
[root@localhost ~]# ls -l /etc/crontab 
-rw-r--r--. 1 root root 451 Haz 10  2014 /etc/crontab
[root@localhost ~]# chmod 600 /etc/crontab 
[root@localhost ~]# ls -l /etc/crontab 
-rw-------. 1 root root 451 Haz 10  2014 /etc/crontab
[root@localhost ~]# rpm -V crontabs
.M.......  c /etc/crontab

What’s going on here? First, we’ve verified the crontabs package. It returned nothing, thus we can say package is verified. And we’ve checked the permissions of “/etc/crontab” file which belongs to crontabs package and changed it’s permissions. After that, package verification has failed. But what that output means?

See the last letter, “c“. That means this file is a configuration file. Some other file types are:

  • d for documentation file
  • l for license file
  • r for readme file

And look at the “M“. That means mode has changed like permissions or file type. Some other attributes are:

  • S for file size
  • 5 for digest (came from MD5)
  • U for user ownership
  • G for group ownership
  • T for modify time

Let’s play along with this values and see if we can change anything:

[root@localhost ~]# ls -l /etc/crontab 
-rw-------. 1 root root 451 Haz 10  2014 /etc/crontab
[root@localhost ~]# chown nobody:nobody /etc/crontab
[root@localhost ~]# echo "append this" >> /etc/crontab
[root@localhost ~]# rpm -V crontabs
SM5..UGT.  c /etc/crontab

We’ve change the user ownership, group ownership, file contents itself (therefore file size, modification time and digest) and we’ve got verification errors with file size, ownerships, digest, mTime and mode (already changed at previous example).

Fix an unverified RPM package

We can use a few things to fix out package. First, we can revert every change we made in that configuration file. This will change our digest and file size back. But not the modification time. To fix permissions and ownership, we can use “–setperms” and “–setugids“:

[root@localhost ~]# rpm --setperms crontabs
[root@localhost ~]# rpm --setugids crontabs
[root@localhost ~]# rpm -V crontabs
S.5....T.  c /etc/crontab
[root@localhost ~]# vi /etc/crontab 
[root@localhost ~]# rpm -V crontabs
.......T.  c /etc/crontab

If you’re uncomfortable with this situation, you can always reinstall your package. How about not break it in the first place?

Setting correct permissions and ownerships to an RPM package
Setting correct permissions and ownerships to an RPM package