The ability to search for, install, inspect, and remove software through built-in package management solutions is fundamental to operating a GNU/Linux system. The following will focus on the package management systems used in the Debian and Fedora GNU/Linux distributions.
Note: If you are not familiar with the GNU/Linux command line interface, review the Conventions page before proceeding.
Package Management
GNU/Linux distributions have low-level and high-level package managers.
Low-level package managers, (e.g., dpkg, RPM) manage the unpacking of individual packages, running their associated scripts, and getting the software correctly installed.
High-level package managers (e.g., APT, DNF) work with groups of packages, download packages from a vendor, and manage dependencies.
Packages
Different GNU/Linux distributions use different package formats.
.deb (Debian)
Debian binary packages are .deb
packages. They have names that indicate the software contained within them and their version:
liferea_1.12.6-1_amd64.deb
The filename above contains the liferea
program's 1.12.6
version. In particular, this is the first release (-1
) of this package within the distribution. Packages that have been specifically developed for Debian do not include a Debian release number.
The amd64
indicates that the package contains architecture-specific parts for Intel and AMD x86 processors (and compatibles) in 64-bit mode. 32-bit packages use i386, and packages that contain only documentation or architecture-independent scripts use all
, instead.
A Debian .deb
binary package is an archive created using the ar
command (this command is part of the binutils
package and will likely need to be installed on your distribution, e.g., # apt install binutils
) and generally contains three components:
- The
debian-binary
file contains the version number of the package format (currently2.0
for the example below). control.tar.xz
contains Debian-specific scripts and control files.data.tar.xz
has the actual package files.
$ apt download liferea
Get:1 http://deb.debian.org/debian buster/main amd64 liferea amd64 1.12.6-1 [220 kB]
Fetched 220 kB in 0s (454 kB/s)
$ ar t liferea_1.12.6-1_amd64.deb
debian-binary
control.tar.xz
data.tar.xz
During installation, control.tar.xz
is unpacked first. This makes it possible for a preinst
script to be executed prior to unpacking the actual package files. After that, data.tar.xz
is unpacked and the package is configured, if necessary, by executing the postinst
script from control.tar.xz
.
ar
is used to create these packages, versus a command like tar, because ar
archives only contain flat sets of files. This makes ar
suitable for building sets of assembled object code in separate files, while tar
is more suitable for packaging up a directory for distribution.
Source Code Archives (Debian)
In addition to a .deb
binary package, each Debian package has several source code files associated with it. The .deb
binary package is created from the source code files of the package. A basic principle of the Debian project is to clearly distinguish between the original source code and any Debian-specific changes.
You can obtain a Debian package's source code from the repository with the following command:
apt-get source ex_package...
Before running apt-get source
, you may need to install the dpkg-dev
package (# apt install dpkg-dev
).
A Debian package's source code is contained in a .orig.tar.gz
archive (e.g., liferea_1.12.6-1.orig.tar.gz
). All changes for each package version's source code are placed in a separate .debian.tar.xz
archive (e.g., liferea_1.12.6-1.debian.tar.xz
). These .debian.tar.xz
files include fixes and customizations to the software itself.
For each package version's source code, there is also a Debian Source Control file (using the .dsc
suffix) containing checksums for the original source code archive (e.g., liferea_1.12.6-1.orig.tar.gz
) and the changes archive (e.g., liferea_1.12.6-1.debian.tar.xz
). The .dsc
file is signed by the Debian maintainer in charge of the package.
$ apt-get source liferea
Reading package lists... Done
NOTICE: 'liferea' packaging is maintained in the 'Git' version control system at:
https://salsa.debian.org/debian/liferea.git
Please use:
git clone https://salsa.debian.org/debian/liferea.git
to retrieve the latest (possibly unreleased) updates to the package.
Need to get 1,551 kB of source archives.
Get:1 http://deb.debian.org/debian buster/main liferea 1.12.6-1 (dsc) [1,919 B]
Get:2 http://deb.debian.org/debian buster/main liferea 1.12.6-1 (tar) [1,527 kB]
Get:3 http://deb.debian.org/debian buster/main liferea 1.12.6-1 (diff) [22.0 kB]
Fetched 1,551 kB in 1s (1,388 kB/s)
dpkg-source: info: extracting liferea in liferea-1.12.6
dpkg-source: info: unpacking liferea_1.12.6.orig.tar.gz
dpkg-source: info: unpacking liferea_1.12.6-1.debian.tar.xz
dpkg-source: info: using patch list from debian/patches/series
dpkg-source: info: applying debian-example-feeds.patch
dpkg-source: info: applying www-browser.patch
dpkg-source: info: applying fix-FTBFS-on-missing-file-POTFILES.IN.patch
$ ls -l liferea_*
-rw-r--r-- 1 amnesia amnesia 21960 Dec 9 2018 liferea_1.12.6-1.debian.tar.xz
-rw-r--r-- 1 amnesia amnesia 1919 Dec 9 2018 liferea_1.12.6-1.dsc
-rw-r--r-- 1 amnesia amnesia 1526678 Dec 9 2018 liferea_1.12.6.orig.tar.gz
From above, you can see that the original source code archive does not change for all of the 1.12.6
releases of the program (i.e., it does not contain a Debian release number). Every new release of the Debian package of liferea
's 1.12.6
version comes with new .debian.tar.xz
and .dsc
files. Each new .debian.tar.xz
file contains all of the changes relative to the original archive (i.e., liferea_1.12.6.orig.tar.gz
).
To summarize, a given Debian package will have the additional source code files associated with it:
- An original source code archive (
ex_program_version.number.orig.tar.gz
). - A Debian-specific changes archive (
ex_program_version.number-release_number.debian.tar.xz
). - A source control file (
ex_program_version.number-release_number.dsc
), which provides checksums for the above two archives and is signed by the Debian package's maintainer.
Previously, the Debian project used a less complicated structure where there was a single file (created with diff
) containing all Debian-specific changes (in the above example, hypothetically liferea_1.12.6-1.diff.gz
). This approach is still supported, and you may find this structure with older packages. The new structure does have the advantage that different changes can be more cleanly separated, which simplifies maintaining the package within the Debian project.
.rpm (Fedora)
Fedora binary packages are RPM Package Manager (RPM) packages (.rpm
). RPM packages are compiled for a specific architecture and, sometimes, a specific GNU/Linux distribution.
RPM packages have compound filenames (e.g., liferea-1.12.7-3.fc31.x86_64.rpm
). The package names contain the following information:
- Package name (e.g.,
liferea
) - Version number (e.g.,
1.12.7
) - Release number (e.g.,
3
) - Compatible distribution (e.g.,
fc31
; this is optional) - Architecture type (e.g.,
x86_64
)
Usually, the name consists of the package name, the architecture, and the .rpm
suffix. The package name is used to internally identify the package once it has been installed. It contains the name of the software and the software version as assigned by its original developers, followed by a release number assigned by the package builder (i.e., the distributor).
Essentially, RPM packages are cpio archives with a prepended header. This fact can be used to extract individual files from an RPM package without having to install the package first. To do so, you can convert a RPM package into a cpio
archive using the rpm2cpio
program, and feed the archive into cpio
.
$ dnf download liferea
Fedora Modular 31 - x86_64 719 kB/s | 5.2 MB 00:07
Fedora Modular 31 - x86_64 - Updates 206 kB/s | 4.2 MB 00:21
Fedora 31 - x86_64 - Updates 354 kB/s | 27 MB 01:18
Fedora 31 - x86_64 513 kB/s | 71 MB 02:21
Last metadata expiration check: 0:00:01 ago on Wed 09 Sep 2020 06:16:35 PM PDT.
liferea-1.12.7-3.fc31.x86_64.rpm 926 kB/s | 943 kB 00:01
$ rpm2cpio liferea-1.12.7-3.fc31.x86_64.rpm | cpio -div ./usr/share/man/man1/liferea.1.gz
./usr/share/man/man1/liferea.1.gz
6561 blocks
$ zcat usr/share/man/man1/liferea.1.gz | head
.TH LIFEREA "1" "Dec 26, 2015"
.SH NAME
Liferea \- GTK desktop news aggregator
.SH SYNOPSIS
.B liferea
.RI [\fIOPTIONS\fR]
.SH DESCRIPTION
\fBLiferea\fP (Linux Feed Reader) is an aggregator for online
Low-Level Package Management
dpkg (Debian)
Low-level package management on Debian is handled by Debian Package (dpkg).
/var/lib/dpkg/
- dpkg database directory.
/etc/dpkg/dpkg.cfg
- dpkg configuration file.
Options for dpkg
can be given on the command line or else placed in /etc/dpkg/dpkg.cfg
. For options placed in the /etc/dpkg/dpkg.cfg
file, dashes (-
) at the start of option names must be omitted.
Debian Package Priorities
These are the Debian package priorities, from highest to lowest:
required
- Packages that are necessary for proper operation of the system (usually because dpkg depends on them).
important
- Encompasses packages one would expect to be available on a GNU/Linux system.
standard
- Adds those packages that make sense for a networked system (but not an overly restrictive system) running in text mode. This priority describes what you get if you install Debian without selecting any additional packages.
optional
- This is the default priority for the majority of the archive. Applies to everything you might want to install if you have no particular requirements (e.g., the X11 Graphical User Interface, or GUI). Packages with a priority of
optional
may conflict with each other. extra
- This priority is deprecated. Use the
optional
priority instead. This priority should be treated as equivalent tooptional
.
Packages may not depend on packages of lower priority. For this to hold in all cases, the priorities of some packages have been deliberately adjusted.
Debian Package Dependencies
Debian package dependencies include:
Depends
- This declares an absolute dependency. The named packages must be configured for the package in question to be configured. Specific versions of the packages may be called for.
Recommends
- This declares a strong, but not absolute, dependency (i.e., a non-absolute, but obvious dependency). Named packages should nearly always be installed along with this package, unless there are unusual circumstances.
Suggests
- This is used to declare that one package may be more useful with one or more other packages (i.e., the named packages are useful in connection with the package, but not required).
Enhances
- Like
Suggests
, but in reverse. It is used to declare that a package can enhance the functionality of another package. Pre-Depends
- Like
Depends
, except the named packages must be completely installed before installation of the package in question can begin. For example, this type of dependency is used if the package's installation scripts absolutely require software from the other package(s). Breaks
- When one binary package declares that it breaks another, dpkg will refuse to allow the package which declares
Breaks
to be unpacked unless the broken package is deconfigured first, and it will refuse to allow the broken package to be reconfigured. - In short, this package cannot be installed until the named package(s) is uninstalled.
Conflicts
- When one binary package declares a conflict with another using a
Conflicts
field, dpkg will refuse to allow them to be unpacked on the system at the same time. This is a stronger restriction thanBreaks
, which prevents the broken package from being configured while the breaking package is in theUnpacked
state, but allows both packages to be unpacked at the same time. - In short, this package cannot be installed at the same time as the named package(s).
Debian Package Integrity
The Debian project ensures the integrity of complete packages (and, based on this, the integrity of the whole distribution) as follows:
- Every Debian package is cryptographically signed by a Debian developer. This means that the recipient of the package can use the developer's public key to verify that they received the package in the state it was in when the developer released it.
- The Debian infrastructure only accepts packages for publication that have been signed by a Debian developer.
- On the Debian server (and all servers mirroring Debian), there is a file (or several files) called
Packages.xz
for each current Debian distribution. This file contains the SHA256 checksum of all packages in the distribution, as they are on the server. Since the server only accepts packages from approved developers, these are authentic. - For each current Debian distribution on the server there is also a file called
Release
, which contains the SHA256 checksums of thePackages.xz
file(s) involved for that given Debian distribution. This file is cryptographically signed (the signature is in a file calledRelease.gpg
).
Keep in mind, a developer's signature does not guarantee that there is no malicious code in a package, but only that the developer signed the package. Most other GNU/Linux distributions share this weakness.
With Debian's chain of checksums and signatures, the integrity of packages in the distribution can be checked:
- With the checksum from the
Release
file, we can verify the integrity of the actualPackages.xz
file. - The SHA256 checksum of the package given in
Packages.xz
must match that of the downloaded file.
If the SHA256 checksum of the downloaded file does not match the nominal value from Packages.xz
, the system administrator is made aware of this fact and the package is not installed.
dpkg Commands
dpkg -l
,dpkg --list
- List all packages in the dpkg database. The
-l
option can be passed the name of a package to only see a listing for that package. - Shell search patterns are supported.
- The first three columns of output show the desired action, package status, and errors.
-
Desired Action:
u
Unknowni
Installh
Holdr
Removep
Purge
-
Package Status:
n
Not-installedc
Config-filesH
Half-installedU
UnpackedF
Half-configuredW
Triggers-awaitingt
Triggers-pendingi
Installed
-
Error Flags
<empty>
(none)R
Reinst-required
-
Packages with version
<none>
are part of the distribution, but are either not installed on the current system (i.e., statusun
), or have been removed (i.e., statuspn
). dpkg --get-selections > ex_file.txt
- List all package selections and save to a file.
# dpkg --set-selections < ex_file.txt
- Set package selections using a file read from the standard input. This can be used to install dpkg packages from a file.
ex_file.txt
contains a list of package names, one package per line. You can make such a file with thedpkg --get-selections > ex_file.txt
command.dpkg -L ex_package...
,dpkg --listfiles ex_package...
- List the files in a dpkg package.
dpkg -S ex_filename_string...
,dpkg --search ex_filename_string...
- Search the dpkg database for a filename string.
- This command's output gives you the file path for the file, as well as the package that it is associated with. It can be used to see which package (if any) is associated with a given file.
- Shell search patterns are supported.
- If you are looking for the package for a file that is not on your system, you can use the search form on https://www.debian.org/distrib/packages#search_contents. This allows you to search all Debian distributions and architectures, as well as to search for exact filename matches and filenames containing certain search terms.
dpkg --info ex_package.deb
- Display information about a
.deb
package, including its dependencies. dpkg -s ex_package...
,dpkg --status ex_package...
- Display information about a dpkg package, including its dependencies.
- Aside from the package name, this command's output includes information about the package's status and priority, and its approximate area of interest (i.e.,
Section:
). TheMaintainer:
is the person that is in charge of the package on behalf of the Debian project. # dpkg -i ex_package.deb...
,# dpkg --install ex_package.deb...
- Install a
.deb
package. After running this command, run# apt-get install -f
to resolve any broken dependencies (-f
is short for--fix-broken
). - A dpkg package can be reinstalled from a
.deb
package with the# apt-get reinstall ex_package.deb
command. # dpkg --unpack ex_package.deb...
- Unpack a
.deb
package. # dpkg --configure ex_package.deb...
- Configure a
.deb
package. dpkg --force-help
- Display
dpkg
forcing options. # dpkg -i --force-depends ex_package.deb...
,# dpkg --install --force-depends ex_package.deb...
- Force install a
.deb
package with dependency errors. Turns all dependency problems into warnings. - This can be used when a package requires one or more other packages that either have not yet been installed, or that are not included in the same installation operation.
- Sometimes, packages do not depend on a particular other package, but on a virtual package that can be provided by any of several other packages. A list of virtual package names can be found at https://www.debian.org/doc/packaging-manuals/virtual-package-names-list.yaml (direct download link).
# dpkg -i --force-overwrite ex_package.deb...
,# dpkg --install --force-overwrite ex_package.deb...
- Force install a
.deb
package that tries to unpack a file that already exists on the system and belongs to a different package (i.e., overwrite a file from one package with another). # dpkg -i --force-conflicts ex_package.deb...
,# dpkg --install --force-conflicts ex_package.deb...
- Force install a
.deb
package that conflicts with other packages. # dpkg -r ex_package...
,# dpkg --remove ex_package...
- Remove a dpkg package.
- The package's configuration files (i.e., all the files listed in the
conffiles
file withincontrol.tar.gz
) are kept in order to facilitate a subsequent re-installation of the package. # dpkg -r --force-remove-reinstreq ex_package...
,# dpkg --remove --force-remove-reinstreq ex_package...
- Force removal of a dpkg package that requires re-installation.
# dpkg -r --force-remove-essential ex_package...
,# dpkg --remove --force-remove-essential ex_package...
- Force removal of a dpkg package that that is essential for other packages.
# dpkg -P ex_package...
,# dpkg --purge ex_package...
- Remove a dpkg package, along with its configuration files.
# dpkg -i ex_package.deb...
,# dpkg --install ex_package.deb...
- Upgrade a dpkg package from a
.deb
package. - The older version of
ex_package
is uninstalled before configuration of the new version. If an error occurs during installation, the old version can often be restored. - If an earlier version of the package is installed and set to
hold
(e.g., using a tool likeaptitude
), newer versions of the package will be prevented from being installed. dpkg-source -x ex_package.dsc
,dpkg-source --extract ex_package.dsc
- Reconstruct a
.deb
package's source code. The package's source control file is provided to the-x
option as an argument. The.deb
package's original source archive (ex_package.orig.tar.gz
) and Debian-specific changes archive (ex_package.debian.tar.xz
) must be in the same directory as the source control file. - If a directory location is not provided to the command as a second argument (if provided, this directory must not yet exist, as
dpkg-source
will create it), the source package is extracted into a directory namedsource-version
under the current working directory. dpkg-source
is also used when generating source archives and Debian change files during Debian package preparation. This command is installed as part of thedpkg-dev
package, which may need to manually installed from Debian's repository on your system (# apt install dpkg-dev
).# dpkg-reconfigure ex_package...
- Reconfigure an already installed dpkg package.
alien --to-deb ex_package...
- Convert a non-
.deb
package to a.deb
package.--to-deb
is the default option and can be left out if that is the desired outcome. alien
does not deal with dependencies, so those must be manually addressed (i.e., run# apt-get install -f
). To assemble and disassemble.rpm
files, therpm
program must be installed (which is available as a package for Debian in its repository (# apt install rpm
).- There is no guarantee that the resulting package created by this command will be viable. The farther down a package sits in the system, the smaller the probability that
alien
will create a working package for your GNU/Linux distribution. debsums ex_package...
- Verify a dpkg package.
- This command compares the SHA256 checksums of the individual files with the content of the corresponding file in
/var/lib/dpkg/info
(e.g.,liferea.sha256sums
). If an actual file's checksum does not match the set value,FAILED
is displayed in place ofOK
.
RPM (Fedora)
Low-level package management on Fedora is handled by RPM, which uses the rpm
command, followed by a basic mode. There are a number of global options, as well as supplementary, mode-specific options.
Since some modes and supplementary options are identical, the mode must be specified first. Global options include -v
and -vv
, which increases the verbosity of RPM's output.
/var/lib/rpm/
- RPM database directory.
/usr/lib/rpm/
- RPM configuration directory.
RPM Commands
rpm -q -a
,rpm --query --all
- List all packages in the RPM database. By default, this only lists the full package names.
rpm -q ex_package_name...
,rpm --query ex_package_name...
- List RPM database entry for a specific package. If provided an abbreviated internal package name, the full package name will be output, if it is installed.
rpm -q -l -p ex_package.rpm
,rpm --query --list --package ex_package.rpm
- List the files in a
.rpm
package. rpm -q -l ex_package...
,rpm --query --list ex_package...
- List the files in a RPM package.
- The files listed are only those that appear in the RPM database, i.e., those that a package brought with it when it was installed. This does not include files that were generated during installation or during system operation.
- The
-c
(--configfiles
) and-d
(--docfiles
) options behave like-l
, except that they can be used to view only configuration and documentation files, respectively. rpm -q -f ex_file...
,rpm --query --file ex_file...
- Determine which RPM package a file belongs to.
- This command lets you relate unknown files to a package.
rpm -q -a | grep 'ex_package_name_string'
,rpm --query --all | grep 'ex_package_name_string'
- Search the RPM database for a package name string.
rpm -q -i -p ex_package.rpm
,rpm --query --info --package ex_package.rpm
- Display information about a
.rpm
package. The output does not include dependency information. When used with-q
,-i
is short for--info
. rpm -q -i ex_package...
,rpm --query --info ex_package...
- Display information about a RPM package. The output does not include dependency information.
rpm -q -R -p ex_package.rpm
,rpm --query --requires --package ex_package.rpm
- List capabilities on which this
.rpm
package depends. - This command displays the files and capabilities (e.g.,
web_browser
) that a package requires. Letting packages depend on capabilities, instead of specific dependencies, gives RPM flexibility. rpm -q -R ex_package...
,rpm --query --requires ex_package...
- List capabilities on which a RPM package depends.
rpm -q --provides ex_package...
,rpm --query --provides ex_package...
- Display capabilities that a RPM package offers.
rpm -q --whatprovides ex_capability
,rpm --query --whatprovides ex_capability
- Display RPM package(s) providing a specific capability.
rpm -q --whatrequires ex_capability
,rpm --query --whatrequires ex_capability
- Display RPM packages that require a specific capability for proper functioning.
rpm -q --changelog ex_package...
,rpm --query --changelog ex_package...
- Show changelog for a RPM package.
# rpm -i ex_package.rpm...
,# rpm --install ex_package.rpm...
- Install a
.rpm
package. rpm
automatically checks to see if dependent software is installed before installing a new package.- Shell search patterns are supported.
- The
--test
and-h
(--hash
) options can be added to# rpm -i ex_package.rpm...
to check for conflicts before installation and to add a progress bar, respectively. - Instead of providing a
.rpm
package as an argument, an HTTP or FTP URL can be substituted in order to install package files from a remote server. # rpm -i --nodeps ex_package.rpm...
,# rpm --install --nodeps ex_package.rpm...
- Do not do a dependency check before installing or upgrading a package (i.e., force install a
.rpm
package with dependency errors). - You can also use other options to influence the installation itself (rather than just the security checks), e.g., to specify a different installation directory for a program, so you can have two different versions of it installed at the same time.
# rpm -i --replacefiles ex_package.rpm...
,# rpm --install --replacefiles ex_package.rpm...
- Install the package(s) even if it replaces files from other, already installed, packages (i.e., force install a
.rpm
package that will overwrite files). # rpm -i --force ex_package.rpm...
,# rpm --install --force ex_package.rpm...
- Same as using the
--replacepkgs
,--replacefiles
, and--oldpackage
options (i.e., force install a.rpm
package that requires safety overrides, including overwriting files). - Conflicts arise if:
-
- An already-installed package is to be installed again.
- A package is to be installed, even though it is already installed in a different version (mode
-i
) or a more current version (mode-U
). - The installation would overwrite a file belonging to a different package.
- A package requires a different package that is not already installed or about to be installed.
# rpm --reinstall -f ex_package.rpm...
,# rpm --reinstall --file ex_package.rpm...
- Reinstall a RPM package from a
.rpm
package file. An alternative is# rpm -U --replacepkgs ex_package.rpm...
, where-U
is short for--upgrade
. # rpm -e ex_package...
,# rpm --erase ex_package...
- Remove a RPM package. The provided package name can be abbreviated, as long as it stays unique (e.g.,
liferea-1.12.7-3.fc31.x86_64.rpm
versusliferea
). - The
--test
and--nodeps
options can be added to check for conflicts and disable dependency checks (i.e., the package will be removed even if other packages are depending on it), respectively. The--allmatches
option can be added to remove all versions of a RPM package. - When removing a RPM package, all of the package's installed files will be removed, unless they are configuration files that you have changed. The changed files will not be removed, but renamed by appending the
.rpmsave
suffix (the RPM package determines which of its files will be considered configuration files). # rpm -U ex_package.rpm...
,# rpm --upgrade ex_package.rpm...
- Upgrade a RPM package from a
.rpm
package. - This command removes any older versions of
ex_package.rpm
and installs the new one. Ifex_package.rpm
is not already installed, it will be installed. # rpm -F ex_package.rpm...
,# rpm --freshen ex_package.rpm...
- Freshen a RPM package from a
.rpm
package. - This command installs
ex_package.rpm
only if an earlier version is already installed (which is subsequently removed), i.e., it is like a stricter version of# rpm -U ex_package.rpm...
. alien --to-rpm ex_package.deb...
- Convert a
.deb
package to a.rpm
package. - To assemble a
.deb
package, thegcc
,make
,debhelper
,dpkg-dev
, anddpkg
packages must be installed (# dnf install gcc make debhelper dpkg-dev dpkg
). - There is no guarantee that the resulting package created by this command will be viable. The farther down a package sits in the system, the smaller the probability that
alien
will create a working package for your GNU/Linux distribution. # rpm --rebuilddb
- Rebuild the RPM Database.
rpmkeys -K ex_package.rpm...
,rpmkeys --checksig ex_package.rpm...
- Verify a
.rpm
package. - This command compares a checksum of the package to the checksum contained in the
ex_package.rpm
itself. This guarantees the proper transmission of the package. - The signature within
ex_package.rpm
, which was created using the private PGP or GPG key of the package preparer, is checked using the package preparer's public key, which must be available on your GNU/Linux system. This guarantees that the correct package has arrived. rpm -V ex_package...
,rpm --verify ex_package...
- Verify a RPM package.
- This command's output will contain all files for which at least one required value from the database differs from the actual value within the file system. A
.
signifies agreement, while a letter indicates a deviation. - The following checks are performed:
-
- Access mode and file type (
M
) - User owner and group owner (
U
,G
) - For symbolic links, the path of the referenced file (
L
) - For device files, major and minor device numbers (
D
) - For plain files, the size (
S
) - Modification time (
T
) - Content (
5
), i.e., the digest (formerly MD5 sum) differs
- Access mode and file type (
-
Configuration files are unlikely to remain in their original state, so they are labeled with a
c
. -
Add the
-a
(--all
) and-c
(--configfiles
) options to verify all RPM packages or package(s) configuration files, respectively.$ rpm -V openssh .......T c /etc/init.d/sshd S.5....T c /etc/pam.d/sshd S.5....T c /etc/ssh/ssh_config SM5....T c /etc/ssh/sshd_config .M...... /usr/bin/ssh
rpm -q gpg-pubkey --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
,rpm --query gpg-pubkey --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\t%{SUMMARY}\n'
- View trusted keys.
rpm -q -i ex_gpg-pubkey...
,rpm --query --info ex_gpg-pubkey...
- Inspect a specific key (e.g.,
rpm -q -i gpg-pubkey-3c3359c4-5c6ae44d
). # rpm -e ex_gpg-pubkey...
,# rpm --erase ex_gpg-pubkey...
- Remove a specific key (e.g.,
# rpm -e gpg-pubkey-3c3359c4-5c6ae44d
).
High-Level Package Management
APT (Debian)
High-level package management on Debian is handled by the Advanced Package Tool (APT).
/var/lib/apt/
- APT database directory (contrast this to the
/var/lib/dpkg
database directory for dpkg). /etc/apt/apt.conf.d/
- APT configuration directory (contrast this to the
/etc/dpkg/dpkg.cfg
configuration file for dpkg). /etc/apt/sources.list
- APT repository sources file.
/etc/apt/sources.list.d/
- APT repository sources directory.
Binary packages are fetched from http://ftp.de.debian.org/, as is the corresponding source code.
Numerous auxiliary tools allow for setting up caching proxy servers for Debian packages, installing packages on systems that are not connected to the Internet, or retrieving a list of bugs for a package before actually installing it (e.g., apt-listbugs
). With apt-build
, you can compile packages with specific optimizations for your GNU/Linux system and create a local package repository containing such packages.
APT's installation history can be viewed by running less /var/log/apt/history.log
.
The APT infrastructure only trusts package sources for which a public GPG key has been placed in the /etc/apt/trusted.gpg.d/
directory. The apt-key
program is used to maintain the files in this directory. The current public keys for Debian package sources are contained in the debian-archive-keyring
package and can be renewed by updating the files in /etc/apt/trusted.gpg.d/
(Debian rotates the keys on a yearly basis).
APT Commands
apt-cache policy
- List the priorities of configured APT repositories. If provided a package as an argument, prints out detailed information about the priority selection of the provided package.
apt list ex_package...
- List an APT package. Shell search patterns are supported.
- Contrast this to
dpkg -l
(--list
) fordpkg
. apt search ex_reg_ex
- Search APT repositories for a given regular expression.
- Contrast this to
dpkg -S ex_string...
(--search
) fordpkg
. apt show ex_package...
- Display APT package information, including its dependencies, installation and download size, sources the package is available from, the description of the package's content, and more.
- Contrast this to
dpkg --info ex_package.deb
anddpkg -s ex_package...
(--status
) fordpkg
. apt depends ex_package...
- Display all dependencies of an APT package.
- This command shows all the dependencies of an APT package, as well as the names of packages fulfilling that dependency. A vertical bar in a line indicates that the dependency in that line, or the one in the following line, must be fulfilled.
- Contrast this to
dpkg --info ex_package.deb
anddpkg -s ex_package...
(--status
) fordpkg
. apt rdepends ex_package...
- Display all packages depending on an APT package.
- If a package occurs several times in the output, it is probably because the original package specified it several times, typically with version numbers.
apt-cache stats
- Display an overview of the contents of the package cache.
# apt install ex_package...
- Install an APT package.
- This command will also install or upgrade all packages mentioned in
Depends:
dependencies, as well as any packages that these packages depend upon. apt install
can be used to simultaneously install and remove packages (e.g.,# apt install liferea- python python-django+
removesliferea
and installspython
andpython-django
; the+
is optional).- Contrast to
# dpkg -i ex_package.deb...
(--install
) fordpkg
. # apt-get install -f
,# apt-get install --fix-broken
- Attempt to correct a system with broken dependencies in place.
apt-mark showmanual > ex_file.txt
- List manually installed APT packages and save to a file.
- Contrast this to
dpkg --get-selections > ex_file.txt
fordpkg
. # apt install "$(cat ex_file.txt)"
- Install APT packages listed in a file.
- Contrast this to
# dpkg --set-selections < ex_file.txt
fordpkg
. # apt-get reinstall ex_package...
- Reinstall an APT package.
apt download ex_package
- Download an APT package's
.deb
file to the current directory. apt-get source ex_package
- Download an APT package's source code to the current directory.
- This command also works if
ex_package
is one of several that have been created from a differently named source package. # apt remove ex_package...
- Remove an APT package.
- Contrast to
# dpkg -r ex_package...
(--remove
) fordpkg
. # apt purge ex_package...
- Remove an APT package and its configuration files.
- Contrast to
# dpkg -P ex_package...
(--purge
) fordpkg
. # apt-get autoclean
- Clears out the local repository of retrieved package files. Only removes package files that can no longer be downloaded, and are largely useless.
# apt-get autoremove
- Remove packages that were automatically installed to satisfy dependencies for other packages and are no longer needed.
# apt update
- Update APT repositories (i.e., download package information from all configured sources).
- This command updates the local package availability database. It consults all package sources and integrates the results into a common package list.
apt list --upgradeable
- List APT packages with available upgrades.
# apt upgrade
- Conservatively upgrade APT packages. A single APT package can be upgraded by providing its name to this command as an argument.
- This command installs the newest available versions of all packages installed on the system. It will not remove installed packages, nor install new packages. Packages that cannot be updated without such action (because dependencies have changed) remain at their present state.
- Contrast to
# dpkg -i ex_package.deb
(--install
) fordpkg
. # apt full-upgrade
- Liberally upgrade APT packages, with removals.
- This command enables a conflict resolution scheme that tries to resolve changed dependencies by judiciously removing and installing packages. It prefers more important packages (according to their priority) over less important ones.
apt-key list
- List trusted keys with fingerprints. Can be used to obtain
key_id
values. - This command lists the keys associated with the GNU/Linux system's packaging system, APT, which are used to authenticate packages. It lists the key values in the
/etc/apt/trusted.gpg.d/
directory's files. # apt-key del ex_key_id
- Remove a key.
DNF (Fedora)
High-level package management on Fedora is handled by Dandified YUM (dnf).
/var/lib/dnf/
- DNF database directory (contrast this to the
/var/lib/rpm/
database directory forrpm
). /etc/dnf/dnf.conf
- DNF configuration file (contrast this to the
/usr/lib/rpm/
configuration directory forrpm
). /etc/dnf/dnf.conf
may contain software repository URLs and their names, the directory where downloaded packages will be saved, and where the DNF log file will be saved./etc/yum.repos.d/
- DNF repository sources directory.
- This directory contains repository information for
dnf
. Each repository has its own file in the format ofex_repo.repo
. Each file may contain multiple repositories, which are grouped according to function. - For example, the main distribution repository is in one file along with the repository for the source packages and a repository for the debugging symbols. Another file contains the repositories for the updates, source for the updates, and the debugging symbols for the updates.
- A repository either has a
baseurl
, which is a link to the repository, or it has ametalink
, which returns a list of mirrors for the repository.
DNF Commands
dnf repolist
- List enabled DNF repositories.
- This command can be used to find repo IDs. Only enabled repositories are searched with the
dnf
command. dnf repolist disabled
- List disabled repositories.
# dnf --enablerepo=ex_repo_id repolist
- Enable a DNF repository.
ex_repo
will be enabled until a system reboot. --enablerepo
can accept a comma-separated list of repositories (e.g.,--enablerepo=ex_repo_id_1,ex_repo_id_2,ex_repo_id_3
).# dnf --disablerepo=ex_repo_id repolist
- Disable a DNF repository.
ex_repo
will be disabled until a system reboot. --disablerepo
can accept a comma-separated list of repositories (e.g.,--disablerepo=ex_repo_id_1,ex_repo_id_2,ex_repo_id_3
).# dnf config-manager --set-enabled ex_repo_id
- Permanently enable a DNF repository.
--set-enabled
can accept a space-separated list of repositories (e.g.,--set-enabled ex_repo_id_1 ex_repo_id_2 ex_repo_id_3
).# dnf config-manager --set-disabled ex_repo_id
- Permanently disable a DNF repository.
--set-disabled
can accept a space-separated list of repositories (e.g.,--set-disabled ex_repo_id_1 ex_repo_id_2 ex_repo_id_3
).dnf list ex_package...
- List DNF package in RPM database, in a repository, or both.
- This command just gives a line for the package, including its full name. Installed packages are installed on the local system. Available packages can be fetched from repositories. The repository offering the package is displayed on the far right.
- Shell search patterns are accepted.
- Contrast to
rpm -q ex_package...
(--query
) forrpm
. dnf list installed
- List locally installed DNF packages.
- This command only shows packages installed in the RPM database.
- Contrast to
rpm -q -a
(--query --all
) forrpm
. dnf list updates
- List installed DNF packages that have updates available.
- This command is comparable to
dnf check-update
. dnf list extras
- List locally installed DNF packages that are not available from any repository.
dnf list available
- List locally uninstalled (but available, i.e., from a repository) DNF packages.
dnf list recent
- List DNF packages that have recently arrived in the repository.
dnf search ex_string
- Search repositories for a given string. This command lists all packages whose name or description (i.e., its metadata) contains a given string.
- Shell search patterns are supported.
- Contrast this to
rpm -q -a | grep 'ex_string'
(--query --all
) forrpm
. dnf info ex_package...
- Display DNF package information. This command displays a description and summary information about installed and available packages.
- Contrast this to
rpm -q -i -p ex_package.rpm
(--query --info --package
) andrpm -q -i ex_package...
(--query --info
) forrpm
. dnf info installed
- Display information for all installed DNF packages.
dnf deplist ex_package...
- Display a DNF package's dependencies. This command produces a list of all direct dependencies and what packages provide those dependencies for the given package(s).
- Contrast this to
rpm -q -R -p ex_package.rpm
(--query --requires --package
) andrpm -q -R ex_package...
(--query --requires
) forrpm
. # dnf install ex_package...
- Install a DNF package.
dnf
checks whether the active repositories contain an appropriately-named package, resolves any dependencies the package may have, downloads the package and possibly other packages that it depends on, and installs all of them.dnf
accepts not just simple package names, but also package names with architecture specifications, version numbers, and release numbers. Seeman 8 dnf
for the allowable formats.- Contrast this to
# rpm -i ex_package.rpm...
(--install
) forrpm
. # dnf reinstall ex_package...
- Reinstall a DNF package.
- Contrast to
# rpm --reinstall -f ex_package.rpm
(--force
) forrpm
. # dnf install --downloadonly ex_package...
- Download a DNF package to the cache.
dnf download ex_package...
- Download a DNF package's
.rpm
file to the current directory. # dnf remove ex_package...
- Remove a DNF package.
- This command will also remove packages that
ex_package
depends on, as long as these are not required by another installed package. - Contrast to
# rpm -e ex_package...
(--erase
) forrpm
. # dnf autoremove
- Remove all leaf packages from the system that were originally installed as dependencies of user-installed packages, but which are no longer required by any such package.
# dnf clean all
- Perform cleanup of temporary files for the currently enabled repositories.
dnf check-update
- Update DNF repositories (i.e., checks whether any updates at all are available for your system).
- This command will also list the packages that have updates available, i.e., it is equivalent to
dnf list updates
. # dnf upgrade
- Upgrade DNF packages. A single DNF package can be upgraded by providing its name to this command as an argument.
dnf
takes care that all dependencies are resolved. - The
--obsoletes
option ensures thatdnf
tries to handle the case where one package has been replaced by another of a different name. This makes full upgrades of the whole dsitribution easier to perform. This option is implied by default. - Contrast to
# rpm -U ex_package.rpm...
(--upgrade
) forrpm
. # dnf upgrade --refresh
- Update DNF repositories and upgrade DNF packages.
--refresh
sets repository metadata as expired before running theupgrade
mode, which causes it to refresh the repository metadata before upgrading packages.# dnf history | head
- List recent DNF transactions. Can be used to obtain transaction ID numbers.
# dnf history undo last
- Undo last DNF transaction (i.e., perform the opposite operation to all operations performed in the specified transaction).
# dnf history rollback ex_transaction_id
- Undo all transactions performed after the specified transaction.
ex_transaction_id
is the transaction ID number before the problematic transaction. ex_transaction_id
's can be obtained from the# dnf history
command.dnf grouplist
- Display package groups.
- Package Groups are packages that, together, are useful for a certain task. A group is considered installed if all of its mandatory packages are installed. Also, there are default packages and optional packages.
dnf groupinfo ex_package_group...
- Show which packages a package group consists of.
# dnf groupinstall ex_package_group...
- Install the packages of a group.
- The configuration option
group_package_types
determines which class package will be installed, i.e., it tellsdnf
which type of packages in groups will be installed whengroupinstall
is called. The default is:default, mandatory
. Seeman 5 dnf.conf
for more information. # dnf groupremove ex_package_group...
- Remove the packages of a group.
- This command does not take into account package classes (i.e.,
group_package_types
is ignored). Keep in mind, packages can belong to more than one group at a time, so they may be missing from groupA
after having been removed along with groupB
.
Documentation
You can find more information on the commands discussed above by examining the Linux User's Manual, either at the command line or online.
Also, you can find more information on GNU/Linux package managers via their official project sites: