Skip to content

Some Useful RPM Package Manager Commands

RPM is an acronym for RPM Package Manager. Just like with GNU (GNU is not Unix), it has a recursive name. RPM is also known as the Red Hat Package Manager. RPM is mainly used for package management in Red Hat Enterprise Linux. Since RPM is a free software, distributed under GPL license, some popular distros like CentOS (Community Enterprise Operating System) is also using RPM as a package manager.

First, we'll download an RPM package to work on. Let's get started with some examples. I'll be using wget package for practice. You can download wget RPM package from here

Install, Upgrade, Remove and Freshen an RPM Package

To install an RPM package, you can use -i or --install flag, followed by the package file:

install package with rpm
root@localhost ~]# ls
anaconda-ks.cfg  wget-1.14-18.el7_6.1.x86_64.rpm
root@localhost ~]# rpm -i wget-1.14-18.el7_6.1.x86_64.rpm 
root@localhost ~]# echo $?
0

Ummm... Is this thing on? Well, yes. We haven't got any errors and our echo $? returned 0, we can say that our package has been installed successfully.

To remove an RPM package, simply use -e or --erase. Notice that this command requires the package name, not the package file itself:

remove package with rpm
root@localhost ~]# rpm -e wget
root@localhost ~]# wget
-bash: wget: command not found

Freshen is some kind of update. But it only works if an earlier version has already been installed. If the given package is newer than the installed one, RPM freshens the package:

freshen package with rpm
rpm -F wget-1.14-18.el7_6.1.x86_64.rpm 
root@localhost ~]# wget
-bash: wget: command not found

Since we've already removed the wget package, we couldn't freshen it. Nothing has changed. Bottom line, RPM freshen means "update an already installed package".

RPM upgrade works different than freshen. This command will check if the given RPM file has already been installed. If not, it'll install it. If the package has already installed but given package file contains a newer version, rpm -U will upgrade the package:

upgrade package with rpm
root@localhost ~]# wget
-bash: wget: command not found
root@localhost ~]# rpm -U wget-1.14-18.el7_6.1.x86_64.rpm 
root@localhost ~]# wget
wget: missing URL

Since we didn't have the wget package, rpm -U installed it.

If you want to see the progress of installation, you can use -h or --hash. This will display hashes during installation to inform you about progress:

rpm installation progress
root@localhost ~]# rpm -e wget
root@localhost ~]# rpm -ih wget-1.14-18.el7_6.1.x86_64.rpm 
Updating / installing...
################################# 100%]

List All Installed RPM Packages

To list all RPM packages installed on a system, we can combine RPM query (-q) with all (-a) flag:

red hat list all installed packages
root@localhost ~]# rpm -qa
openssh-clients-7.4p1-21.el7.x86_64
setup-2.8.71-11.el7.noarch
audit-2.8.5-4.el7.x86_64
ncurses-base-5.9-14.20130511.el7_4.noarch
aic94xx-firmware-30-6.el7.noarch
dracut-config-rescue-033-572.el7.x86_64
.....................
crontabs-1.11-6.20121102git.el7.noarch
openssh-7.4p1-21.el7.x86_64
alsa-tools-firmware-1.1.0-1.el7.x86_64
teamd-1.29-3.el7.x86_64
python-pyudev-0.15-9.el7.noarch

Further, you can pipe this output to wc -l or nl to see how many RPM packages installed on a system:

red hat list number of packages
root@localhost ~]# rpm -qa | wc -l
302

What Package Did This File Come From?

Let's assume you've bumped into a configuration file, yet have no idea what package brought this file. You can use RPM to query this information. -q for query and -f for file:

red hat query a file
root@localhost ~]# ls /etc/crontab 
/etc/crontab
root@localhost ~]# rpm -qf /etc/crontab
crontabs-1.11-6.20121102git.el7.noarch

As you can see, the /etc/crontab file came with the crontabs package.

Find Dependencies of a Package

If you need to find out dependencies of an RPM package, you can use -R (requires) flag in your queries. Note that this query requires the package name, not the package file:

red hat list dependencies
root@localhost ~]# rpm -qR wget-1.14-18.el7_6.1.x86_64.rpm 
package wget-1.14-18.el7_6.1.x86_64.rpm is not installed
root@localhost ~]# rpm -qR wget
/bin/sh
/bin/sh
/sbin/install-info
/sbin/install-info
config(wget) = 1.14-18.el7_6.1
libc.so.6()(64bit)
libc.so.6(GLIBC_2.11)(64bit)
libc.so.6(GLIBC_2.14)(64bit)
libc.so.6(GLIBC_2.15)(64bit)
libc.so.6(GLIBC_2.17)(64bit)
libc.so.6(GLIBC_2.2.5)(64bit)
libc.so.6(GLIBC_2.3)(64bit)
libc.so.6(GLIBC_2.3.4)(64bit)
libc.so.6(GLIBC_2.4)(64bit)
libc.so.6(GLIBC_2.8)(64bit)
libcrypto.so.10()(64bit)
libcrypto.so.10(libcrypto.so.10)(64bit)
libdl.so.2()(64bit)
libidn.so.11()(64bit)
libidn.so.11(LIBIDN_1.0)(64bit)
libpcre.so.1()(64bit)
libssl.so.10()(64bit)
libssl.so.10(libssl.so.10)(64bit)
libuuid.so.1()(64bit)
libuuid.so.1(UUID_1.0)(64bit)
libz.so.1()(64bit)
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1
rtld(GNU_HASH)
rpmlib(PayloadIsXz) <= 5.2-1

List All The Files Came With a Package

You've installed a package and you need to know the files came with this package. Like a configuration file, binaries or documentation. You can combine -l or --list with your query:

red hat list package files
root@localhost ~]# rpm -ql crontabs
/etc/cron.daily
/etc/cron.hourly
/etc/cron.monthly
/etc/cron.weekly
/etc/crontab
/etc/sysconfig/run-parts
/usr/bin/run-parts
/usr/share/man/man4/crontabs.4.gz
/usr/share/man/man4/run-parts.4.gz

Above, you're looking at the list of files came with the crontabs package.

How to Verify an RPM Package?

Sometimes you might want to check if your package's information is correct. rpm -V compares the installed files with the information on RPM database. Since we've already know which files came with crontabs, let's change one of them:

red hat verify package
root@localhost ~]# rpm -V crontabs
root@localhost ~]# ls -l /etc/crontab 
-rw-r--r--. 1 root root 451 Haz 10  2014 /etc/crontab
root@localhost ~]# chmod 600 /etc/crontab 
root@localhost ~]# ls -l /etc/crontab 
-rw-------. 1 root root 451 Haz 10  2014 /etc/crontab
root@localhost ~]# rpm -V crontabs
.M.......  c /etc/crontab

What's going on here? First, we've verified the crontabs package. It returned nothing, thus we can say package is verified. And we've checked the permissions of /etc/crontab file which belongs to crontabs package and changed it's permissions. After that, package verification has failed. But what that output means?

See the last letter, "c". That means this file is a configuration file. Some other file types are:

  • "d" for documentation file
  • "l" for license file
  • "r" for readme file

And look at the "M". That means mode has changed like permissions or file type. Some other attributes are:

  • S for file size
  • 5 for digest (came from MD5)
  • U for user ownership
  • G for group ownership
  • T for modify time

Let's play along with this values and see if we can change anything:

red hat package verification
root@localhost ~]# ls -l /etc/crontab 
-rw-------. 1 root root 451 Haz 10  2014 /etc/crontab
root@localhost ~]# chown nobody:nobody /etc/crontab
root@localhost ~]# echo "append this" >> /etc/crontab
root@localhost ~]# rpm -V crontabs
SM5..UGT.  c /etc/crontab

We've change the user ownership, group ownership, file contents itself (therefore file size, modification time and digest) and we've got verification errors with file size, ownerships, digest, mTime and mode (already changed at previous example).

How to Fix an Unverified RPM Package?

We can use a few things to fix out package. First, we can revert every change we made in that configuration file. This will change our digest and file size back. But not the modification time. To fix permissions and ownership, we can use --setperms and --setugids:

red hat fix unverified package
root@localhost ~]# rpm --setperms crontabs
root@localhost ~]# rpm --setugids crontabs
root@localhost ~]# rpm -V crontabs
S.5....T.  c /etc/crontab
root@localhost ~]# vi /etc/crontab 
root@localhost ~]# rpm -V crontabs
.......T.  c /etc/crontab

If you're uncomfortable with this situation, you can always reinstall your package. How about not break it in the first place?