Introduction to RPM package management

Time:2020-8-12

API:application program interface

ABI:application binary interface

ABI file of Linux system is elf format

ABI files of windows system are in the format of exe and MSI

System level development language: C / C++

Works: httpd, vsftpd, nginx

Application level development: Java / Python / PHP

Java works: Hadoop, HBase

Python work: openstack

It’s very hard to install software in Linux, including source code compilation and installation, and binary installation

  • Compile and install: you need to have a compilation environment, such as GCC.

    Source code > binary format (executable program, library file, configuration file, help file) under the target system is organized into one or more “package” files

  • Binary installation (the source code has been compiled into a program that can be executed directly)

Package manager

  • Debian:dpt,dpkg。 The file name suffix is “. DEB”
  • redhat:rpm。 The file name suffix is “. RPM”
  • S.U.S.E:rpm。 The file name suffix is “. RPM”
  • Gentoo:ports
  • ArchLinux

Source code file name interpretation: name- version.tar.gz

  • version:major.minor.release

    Major: major version number. When there is a big change, the major version number will be updated

    Minor: add some small functions and update the small version number

    Release: fix the bug and update this number

RPM file name interpretation: name version- release.arch.rpm

  • version:major.minor.release (same as source code)

  • Release: the release number of the RPM package.

    Although the source code is the same, but the packaging method is different, update this number

    release.OS : applicable operating system. 2.el7.i386.rmp

  • Arch: CPU architecture. I386 represents a 32-bit system; x64 (AMD64) represents a 64 bit system

    PPC (Power PC); noarch (applicable to all architectures)

  • Example: redis-3.0.2-1.centos7.x64.rpm

    Redis is name; 3.0.2 is version; 1 is release number of RPM package; centos7 is applicable operating system; x64 is CPU architecture

Package composition

Many programs are composed of the main program and many components. Some users only want to use the main program, while others use the main program and other components.

Therefore, in order to achieve on-demand installation, the package is divided into many sub packages. The installation package of the main program is the main package; the installation package of other parts is the sub package.

  • Name of the main package: name version- release.arch.rpm

  • Name of the package: name function version- release.arch.rpm

    Function: devel, utils, LIBS, etc. It’s actually the name of the part.

Dependence

The philosophy of Linux is that the program should be as small as possible to form multiple small programs to complete complex functions. Therefore, when you want to install a, a depends on B, etc.

In order to automatically install dependencies, a front-end tool is created.

Front end tools: automatically resolve dependencies

  • Yum: RHEL, the front-end tool of RPM package manager on CentOS
  • Apt get (APT cache): the front-end tool of DEB package manager
  • Zypper: SUSE’s front-end tool for RPM package manager
  • DNF: frontend tool of RPM package manager on centos8, Fedora 22 +

Package manager

Function: the application program with compile number is packed into one or several packages to realize convenient installation, upgrade, unload, query and other management operations.

1. List of package components (each package is implemented separately)

  • List of documents
  • Script to run when installing or uninstalling

2. Public database: stored in / var / lib / RPM directory

  • The name and version of the package
  • Dependence
  • Function description
  • File path and check code information of each file generated by installation
  • wait
# ls /var/lib/rpm
Basenames     __db.001  __db.003  Group       Name          Packages     Requirename  Sigmd5
Conflictname  __db.002  Dirnames  Installtid  Obsoletename  Providename  Sha1header   Triggername

Group: after the packages are grouped, you can manage the group, install and uninstall the group units.

Sigmd5: check code

Trigger name: trigger name

Conflictname: version conflict of package

Access to packages

1. CD or official file server (or image site) of system distribution

  • https://mirrors.tuna.tsinghua.edu.cn/
  • http://mirrors.163.com/
  • http://mirrors.sohu.com/
  • http://mirrors.aliyun.com/

2, develop the official site of this program

For example, the official site of nginx

3. Third party organizations

  • EPEL
  • RPM search site
    • https://pkgs.org/
    • http://rpmfind.net/
    • http://rpmfind.net/

Be sure to verify the acquired package to prevent it from being modified by others.

Generally, do official packages have corresponding MD5 check? Use MD5 checker to check the downloaded package. If the generated MD5 check code is the same as that provided by the official, it indicates that the package has not been modified and can be used safely.

RPM command management package on CentOS

General options:

  • -v: Show details
  • -VV: more detailed

Management includes: installation, upgrade, uninstall, query and verification, and database maintenance

Installation: RPM {- i| install} [install options] package_ FILE …

  • example:rpm -ivh Packagename

    # rpm -ivh  zsh-5.0.2-33.el7.x86_64.rpm
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:zsh-5.0.2-33.el7                 ################################# [100%]
  • Display installation progress: – H

    Enter ා, each represents 2% progress

  • Test installation: – – Test

    Check for conflicts:

    Display: error: failed dependencies, indicating that the package cannot be installed because the dependency is not installed.

    # rpm -ivh --test php-common-7.3.5-3.module_el8.1.0+252+0d4e049c.x86_64.rpm
    warning: php-common-7.3.5-3.module_el8.1.0+252+0d4e049c.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
    error: Failed dependencies:
            libcrypto.so.1.1()(64bit) is needed by php-common-7.3.5-3.module_el8.1.0+252+0d4e049c.x86_64
            libcrypto.so.1.1(OPENSSL_1_1_0)(64bit) is needed by php-common-7.3.5-3.module_el8.1.0+252+0d4e049c.x86_64
            libssl.so.1.1()(64bit) is needed by php-common-7.3.5-3.module_el8.1.0+252+0d4e049c.x86_64
            libssl.so.1.1(OPENSSL_1_1_0)(64bit) is needed by php-common-7.3.5-3.module_el8.1.0+252+0d4e049c.x86_64
  • Ignore dependencies, force install: – – nodeps

    It is not recommended to use. The punishment depends on the help document.

  • Re install: – replacekgs

    Purpose: when the configuration file used by the program is damaged and cannot be repaired to the state after installation, first delete the file, and then use — replacekgs to re install the configuration file, which will restore the configuration file to the state after installation. Note that if you do not delete this file, even if you use — replacekgs, there will be no job, and the original configuration file will be retained.

    # rpm -ivh --replacepkgs zsh-5.0.2-33.el7.x86_64.rpm
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:zsh-5.0.2-33.el7                 ################################# [100%]
  • Install and uninstall scripts: there are 4 scripts

    • Script to run before installation starts: preinstall. This script can’t run: – nopre
    • Script to run after installation: postinstall. No way to run this script: — nopost
    • The script that runs before the uninstall starts: preinstall. No way to run this script: — noprun
    • Script to run after the uninstall is complete: postinstall. No way to run this script: – nopostun
    • None of the four scripts run: — noscripts
  • Do not check package integrity during installation: — nodigest

    Don’t verify package or header digests when reading.

    # rpm -ivh --nodigest zsh-5.0.2-33.el7.x86_64.rpm
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:zsh-5.0.2-33.el7                 ################################# [100%]
  • During installation, do not check the signature information of the package, do not check the source legitimacy: — nosignature

    Don’t verify package or header signatures when reading.

    # rpm -ivh --nosignature zsh-5.0.2-33.el7.x86_64.rpm
    Preparing...                          ################################# [100%]
    Updating / installing...
       1:zsh-5.0.2-33.el7                 ################################# [100%]

Upgrade: use the same options as the installation

  • Install or upgrade: RPM {- u– upgrade} [install options] package_ FILE …

    # rpm -Uvh --nodigest zsh-5.0.2-33.el7.x86_64.rpm
    Preparing...                          ################################# [100%]
            package zsh-5.0.2-33.el7.x86_64 is already installed
  • Can only upgrade: RPM {- f– fresen} [install options] package_ FILE …

    # rpm -Fvh --nodigest zsh-5.0.2-33.el7.x86_64.rpm
  • Options specific to upgrade

    • –Oldpack age: degraded. There is a problem with the new version, so you need to downgrade back to the original version
    • –Force: ignore dependency and force upgrade
  • be careful:

    • Do not upgrade the kernel. Linux supports the coexistence of multiple cores, so install the new kernel directly.
    • If the configuration file has been modified, the new version will not cover the original file, but will rename the new file to filename.rpmnew Later.

Uninstall:rpm {-e|--erase} [--allmatches][--justdb] [--nodeps][--noscripts] [--test] PACKAGE_NAME ...

When uninstalling, package is specified_ Name, file is specified when installing / upgrading_ name

# rpm -e zsh
# rpm -ql zsh
package zsh is not installed
  • Uninstall all versions of package_ name:–allmatches
  • Ignore dependencies: – nodeps

Query:rpm {-q|--query} [select-options][query-options]

select-options:

  • View all packages installed: – A, – all

    # rpm -qa
  • To see which package a file belongs to: – f file

    # rpm -qf /usr/share/doc/zsh-5.0.2
    zsh-5.0.2-33.el7.x86_64

query-options:

  • Check the changelog of the RPM package (not the source code): — changelog

    # rpm -q --changelog zsh
  • Check which files are generated after the installation of the RPM package: – L

    # rpm -ql zsh
  • Check the version number, size, package group, etc. of this package: – I

    # rpm -qi zsh
  • Configuration file used by query package: – C

    # rpm -qc bash
    /etc/skel/.bash_logout
    /etc/skel/.bash_profile
    /etc/skel/.bashrc
  • Help file provided by query package: – D

    # rpm -qd bash 
    /usr/share/doc/bash-4.2.46/COPYING
    /usr/share/info/bash.info.gz
    /usr/share/man/man1/..1.gz
    /usr/share/man/man1/:.1.gz
    /usr/share/man/man1/[.1.gz
    ...
  • Query the capabilities provided by the package: — provides

    # rpm -qd bash | less
    [[email protected] ~]# rpm -q --provides zsh
    config(zsh) = 5.0.2-33.el7
    zsh = 5.0.2-33.el7
    zsh(x86-64) = 5.0.2-33.el7
    # rpm -q --provides bash
    /bin/bash
    /bin/sh
    bash = 4.2.46-31.el7
    bash(x86-64) = 4.2.46-31.el7
    config(bash) = 4.2.46-31.el7

    According to the name of the capability, query which package the capability is provided by: – – whatprovides

    # rpm -q --provides bash
    /bin/bash
    /bin/sh
    bash = 4.2.46-31.el7
    bash(x86-64) = 4.2.46-31.el7
    config(bash) = 4.2.46-31.el7
    # rpm -q --whatprovides bash
    bash-4.2.46-31.el7.x86_64
    #RPM - Q -- whatprovides' config (bash) ා note: you need to use quotation marks because there are brackets.
    bash-4.2.46-31.el7.x86_64

    According to the name of the capability, query which packages the capability depends on: – – whatrequires

    No packages depend on Zsh, but many depend on bash.

    There are n-packet dependencies in sending messages libc.so .6()(64bit)

    # rpm -q --whatrequires zsh
    no package requires zsh
    # rpm -q --whatrequires bash
    bash-completion-2.1-6.el7.noarch
    dracut-033-554.el7.x86_64
    initscripts-9.49.46-1.el7.x86_64
    lvm2-2.02.180-8.el7.x86_64
    autofs-5.0.7-99.el7.x86_64
    jline-1.0-8.el7.noarch
    rsyslog-8.24.0-34.el7.x86_64
    PackageKit-command-not-found-1.1.10-1.el7.centos.x86_64
    kpatch-0.6.1-1.el7.noarch
    # rpm -q --whatrequires 'libc.so.6()(64bit)'
  • To see which capabilities a package depends on: – R

    see

    # rpm -qR bash
    /bin/sh
    config(bash) = 4.2.46-31.el7
    libc.so.6()(64bit)
    libc.so.6(GLIBC_2.11)(64bit)
    libc.so.6(GLIBC_2.14)(64bit)
    libc.so.6(GLIBC_2.15)(64bit)
    libc.so.6(GLIBC_2.2.5)(64bit)
    libc.so.6(GLIBC_2.3)(64bit)
    libc.so.6(GLIBC_2.3.4)(64bit)
    libc.so.6(GLIBC_2.4)(64bit)
    libc.so.6(GLIBC_2.8)(64bit)
    libdl.so.2()(64bit)
    libdl.so.2(GLIBC_2.2.5)(64bit)
    libtinfo.so.5()(64bit)
    rpmlib(BuiltinLuaScripts) <= 4.2.2-1
    rpmlib(CompressedFileNames) <= 3.0.4-1
    rpmlib(FileDigests) <= 4.6.0-1
    rpmlib(PayloadFilesHavePrefix) <= 4.0-1
    rtld(GNU_HASH)
    rpmlib(PayloadIsXz) <= 5.2-1
  • Query the scripts in the package: – – scripts

    Found that the Zsh package contains: postinstall, preinstall, postuninstall

    # rpm -q --scripts zsh
    postinstall scriptlet (using /bin/sh):
    if [ ! -f /etc/shells ] ; then
        echo "/bin/zsh" > /etc/shells
    else
        grep -q "^/bin/zsh$" /etc/shells || echo "/bin/zsh" >> /etc/shells
    fi
    
    if [ -f /usr/share/info/zsh.info.gz ]; then
    # This is needed so that --excludedocs works.
    /sbin/install-info /usr/share/info/zsh.info.gz /usr/share/info/dir \
      --entry="* zsh: (zsh).                        An enhanced bourne shell."
    fi
    
    :
    preuninstall scriptlet (using /bin/sh):
    if [ "$1" = 0 ] ; then
        if [ -f /usr/share/info/zsh.info.gz ]; then
        # This is needed so that --excludedocs works.
        /sbin/install-info --delete /usr/share/info/zsh.info.gz /usr/share/info/dir \
          --entry="* zsh: (zsh).                    An enhanced bourne shell."
        fi
    fi
    :
    postuninstall scriptlet (using /bin/sh):
    if [ "$1" = 0 ] ; then
        if [ -f /etc/shells ] ; then
            TmpFile=`/bin/mktemp /tmp/.zshrpmXXXXXX`
            grep -v '^/bin/zsh$' /etc/shells > $TmpFile
            cp -f $TmpFile /etc/shells
            rm -f $TmpFile
        fi
    fi
  • To query information about packages installed for, the above options all apply, but package cannot be used_ Name, to use package_ file

    # rpm -ql zsh
    package zsh is not installed
    # rpm -qpl zsh-5.0.2-33.el7.x86_64.rpm
    /bin/zsh
    /etc/skel/.zshrc
    /etc/zlogin
    /etc/zlogout
    ...
    # rpm -qpR zsh-5.0.2-33.el7.x86_64.rpm
    # rpm -qp --scripts zsh-5.0.2-33.el7.x86_64.rpm

Calibration:rpm {-V|--verify} [select-options][verify-options]

#RPM - V Zsh ා does not echo, indicating that no one has tampered with it
# rpm -ql zsh | less
# file /etc/zlogin
/etc/zlogin: ASCII text
#Emacs - NW / etc / zlogin ා
#RPM - V Zsh ා is checked again, and the following information is displayed
S.5....T.  c /etc/zlogin

Interpretation of calibration results:

  • S file size changed
  • M mode changed
  • 5 file content changed, resulting in MD5 check, and the previous is not the same
  • The primary / secondary device numbers of device d do not match
  • L readLink(2) path mismatch
  • U has changed
  • The G-group has changed
  • T mtime has changed
  • P capabilities have changed

Check the integrity and source validity of the packet

The location of the public key is usually in the CA of the organization, but there is a public key on the CD-ROM. after installing the system, the public key on the CD-ROM will be stored in the / etc / PKI / RPM GPG / directory.

# ls /etc/pki/rpm-gpg/
RPM-GPG-KEY-CentOS-7  RPM-GPG-KEY-CentOS-Debug-7  RPM-GPG-KEY-CentOS-Testing-7

Import public key:# rpm --import file

# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

After the public key is imported, the integrity and source legitimacy of the package will be checked automatically at the same time of installation

Manual verification of RMP package: if the public key has been imported

# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
# rpm -K zsh-5.0.2-33.el7.x86_64.rpm
zsh-5.0.2-33.el7.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

Where to find the public key of a third-party organization (such as EPEL) and download it from the official website of EPEL.

RPM database

Think about it. When RPM queries and checks, where is the information read?

When the RPM package is installed, the details of the package will be inserted into the local database, so that future query and verification operations can be implemented.

Database path of local RPM package / var / lib / rpm

# ls /var/lib/rpm
Basenames     __db.001  __db.003  Group       Name          Packages     Requirename  Sigmd5
Conflictname  __db.002  Dirnames  Installtid  Obsoletename  Providename  Sha1header   Triggername

Therefore, the RPM database is too important. If it is damaged, it needs to be rebuilt.

Database Reconstruction:rpm {--initdb|--rebuilddb} [-v][--dbpath DIRECTORY] [--root DIRECTORY]

Centos6 getting help: man rpm

Centos7 getting help: man rpmdb

Create database from 0: – – initdb

According to the RPM header file in the system, the database is rebuilt: – – rebuildb

Create / update database in specified path: — dbpath directory

# rpm --initdb --dbpath=/tmp/rpmdb
# ls /tmp/rpmdb/
Basenames     __db.001  __db.003  Group       Name          Packages     Requirename  Sigmd5
Conflictname  __db.002  Dirnames  Installtid  Obsoletename  Providename  Sha1header   Triggername
# rpm --rebuilddb --dbpath=/tmp/rpmdb
# ls /tmp/rpmdb/
Basenames     Dirnames  Installtid  Obsoletename  Providename  Sha1header  Triggername
Conflictname  Group     Name        Packages      Requirename  Sigmd5

QQ group of C / C + + Learning mutual aid: 877684253

Introduction to RPM package management

My wechat: xiaoshitou5854