Note: In a 64-bit environment, is possible that both 32-bit and 64-bit implementations of a package can co-exist together.
Created Tuesday 22/8/2006
Package management in the local environment for Fedora Core is managed by the Redhat Package Management tool rpm(1) and archive format (.rpm files). The rpm(1) tool is not the same as yum(1), even though though yum(1) does infact perform some rpm(1) actions on installation and removal.
The rpm tool is essentially the means by which .rpm archive files can be installed/removed/updated/viewed and etc. An .rpm archive is similar to a tarball except that it contains verioning, header and descriptive info. An rpm file can be viewd using the rpm(1) tool or with less(1) or converted to another format, e.g., with rpm2cpio(1) .
To list all rpm's installed in the local environment use the all (-a) query option to rpm's query (-q) command
bash $ rpm -qa ... curl-7.15.5-1.fc6 curl-7.15.5-1.fc6 curl-devel-7.15.5-1.fc6 curl-devel-7.15.5-1.fc6 ... etc
Note: In a 64-bit environment, is possible that both 32-bit and 64-bit implementations of a package can co-exist together.
In it's standard format, the rpm query command (-q) prints the package name, version and release, e.g., curl-7.15.5-1.fc6. However, the platform (e.g., i386/i586 or x86_64) is not included. The query command can take an optional output format specifier which allows the user to describe the output form. The output specifier is indicated with the --queryformat option, which takes a string in printf(3) form.
As rpm's query format suses the printf(3) function, be sure to include the newline metacharacter otherwise the output will appear on a single line. Any of printf(3)'s metacharacters are acceptable in the query format specifier (e.g., tab \t, hex character \x and etc).
Tip: Append the platform to the standard rpm query output:
bash $ rpm -aq --queryformat ""%{NAME}-%{VERSION}.%{RELEASE}.%{PLATFORM}\n"
Tip: rpm query output can be presented in 3-column form, including name, version and platform:
bash $ rpm -aq --queryformat "%-30{NAME} %-20{VERSION} %-10{RELEASE} %-20{PLATFORM}\n"
Note that %{PLATFORM} includes both the architecture and the hardware platform (e.g., x86_64-redhat-linux-gnu) whereas %{ARCH} is just the architecture (e.g., x86_64). Substituting %{ARCH} for %{PLATFORM} produces output that is just as useful.
The complete list of rpm(1) query format specifiers are given below. Note, that the RPMTAG_ component of each tag element is optional.
RPMTAG_NAME RPMTAG_VERSION RPMTAG_RELEASE RPMTAG_SERIAL RPMTAG_SUMMARY RPMTAG_DESCRIPTION RPMTAG_BUILDTIME RPMTAG_BUILDHOST RPMTAG_INSTALLTIME RPMTAG_SIZE RPMTAG_ARCH
Note, tags are not case sensitive unless the RPMTAG_ component is used, which is case senstive. So, the following are equivelent RPMTAG_arch, RPMTAG_ARCH. However rpmtag_arch is not equivelent and will result in an unknown tag.
The preferred method of package installation is to use yum(1) or apt(1). However, in some cases it is necessary to install an rpm manually. Use the rpm tool's -i or -U options to install new rpms. The -U (update) is preferred as it handles both new installations and updates to existing entries in the rpm database.
bash # rpm -Uhv foo.rpm
OR use the instasll option, not recommended, as in:
bash # rpm -i foo.rpm
The rpm(1) -e is used to uninstall a single rpm. It's generally a bad idea to ignore dependencies, but if you're absolutely sure about the consequences, then the --nodeps option can be useful as it forces rpm(1) to remove the installed package without whinging about dependencies.
bash # rpm -e foo.rpm
Occasionally the rpm(1) database can become a bit confused and multiple rpm's can be installed that show up in the rpm database under the same name. Use rpm(1)'s --allmatches can be used to remove all matching occurances within the database. E.g.,
bash # rpm -qa| grep freetype freetype-2.1.9-2 freetype-2.1.9-2
Shows two matches for freetype-2. Using "rpm -e freetype-2.1.9-2" results in "error: "freetype-2.1.9-2" specifies multiple packages". In this case, the "--allmatches" solves the problem:
bash # rpm -e --allmatches freetype-2.1.9-2
There maybe several dependencies on the rpm being removed. If this is the case, then the removal will fail with a list of the dependencies printed to stdout. If it's clear that the removal is temporary and a new rpm will be installed that will satisfy the dependencies, then the no dependencies option can be specified (USE WITH CAUTION)
bash # rpm --nodeps -e foo.rpm
The contents of an entry in the rpm database can be queried to show either information or the list of files that are contained within an rpm. To query for an rpm for info:
bash $ rpm -qi foo.rpm
The files packaged in the rpm can be listed with:
bash $ rpm -ql foo.rpm
Note the comments on --queryformat in #1B, above.
Source files can be converted to cpio(1) format by using rpm2cpio(1). The cpio(1) archive format can be extracted quite easily:
bash $ rpm2cpio some.rpm > some.cpio bash $ cpio -idmv < some.cpio
Or: ''' '''
bash $ rpm2cpio - < some.rpm > some.cpio bash $ cpio -idmv < some.cpio
Download the src rpm for the rpm to rebuild, then install it. See, for example, the rebuild of Freetype2, below. Before reinstalling the rebuilt rpm, the orignal must be removed. This may require the --nodeps option of rpm(1) as there maybe several dependencies. If the version being rebuilt is the same as the version of the rpm installed, then there's little chance of the finger.
Warning: See note #2 on required packages before running rpmbuild
Tip #1: The newer versions of the freetype.spec support setting the bytecode interpretted and subpixel rendering using the rpmbuild --with cmdline options.
bash # wget ftp://mirror.switch.ch/mirror/fedora/linux/releases/8/Fedora/source/SRPMS/freetype-2.3.5-3.fc8.src.rpm bash # rpm -Uvh freetype-2.3.5-3.fc8.src.rpm bash # cd /usr/src/redhat/SPECS bash # vi freetype.spec ◀— make changes, set both without_bytecode_interpreter=0 and without_subpixel_rendering=0 (1=disable, 0=enable) bash # rpmbuild -bb freetype.spec (OR specify --with options) e.g., rpmbuild -bb --with bytecode_interpreter --with subpixel_rendering --with xfree86 freetype.spec bash # cd /usr/src/redhat/RPMS/x86_64 (or /usr/src/redhat/RPMS/i386 for 32-bit) bash # rpm --nodeps -e freetype-2.2.1-16.fc6.rpm ◀— remove orignal + others (devel, utils, etc.) bash # rpm -Uvh freetype-2.3.5-3.fc8.rpm ◀— The newly built rpm + others (devel, utils, etc.)
Tips:
Notes: • #1: To build 32-bit rpm's on a 64-bit architecture, specify i386 as the target. E.g., for rpmbuild, this will be rpmbuild -bb --target i386 some.spec
Todos:
During a package upgrade, rpm(1) may install a new config file to .rpnnew instead of overwritting an existing modified config. There are three rpm backup file formats:
The .rpmsave extension is used to save modified, previously installed, contents. Some updates may involve default config file settings that were unsafe or made obsolete in a major rewrite. In such cases the new config might be installed and your old config renamed with an .rpmsave extension.
The .rpmnew is used to save incoming if %config(noreplace) was used, and previously installed contents are modified. Note that if previous contents are not modified, then previous versions of the file are simply replaced, not saved in in .rpmsave, incoming not saved in .rpmnew
If config changes have been made, then new config files are written to .rpmnew in the same location.
The .rpmorig extension is used to save copy of preexsiting file that is unpackaged file.
It's possible to define marcos for use by rpm(1). These macros can be system-wide, which are defined in any file in /etc/rpm or user-specific in which case they should be defined in ~/.rpmmacros
A simple use of an rpm macro is to change the output format of rpm query command (see more info in #1.B), include the architecture or hardware platform.
It is recommended that system-wide macros be named in files such as macro.*. For locally defined (non-upstream) macros the recommended file is /etc/rpm/macros.local and the same comments can apply to user-specific content, however user-specific marco filename is less important.
To change the query format so that it include the architecture for any invocation of the rpm query command, specify the following in /etc/rpm/macros.local:
%_query_all_fmt %%{name}-%%{version}-%%{release}.%%{arch}
add documentation on rpm pgp signatures. See also rpm#9, on rpm PGP Signatures.
In order to use the signature feature, rpm must be configured to run PGP and be able to find a public key ring with Red Hat (or other vendor) public keys. By default, rpm uses the same conventions as PGP to find key rings, namely the $PGPPATH environment variable. If your key rings are not located where PGP expects them to be, you will need to configure the macro %_pgp_path to be the location of the PGP key rings to use.
If you want to be able to sign packages you create yourself, you also need to create your own public and secret key pair (see the PGP manual). You will also need to configure the following macros (e.g., in /etc/rpm/macros.pgp):
# The signature type. Right now only pgp is supported. %_signature someSignatureType
# path to the key ring %_pgp_path someKeyRingPathname
# The name of the "user" whose key you wish to use to sign your packages. %_pgp_name somePgpKeyIdOrUser
% The path to the pgp executable %_pgpbin somePathname
Signature creation is the same as previous releases: just add a --sign to the rpm build command line. An rpm can be signed afer the package is built with:
bash $ rpm --resign <package>
Using --resign removes any previous signature in the package. To add a signature to a package, leaving all existing signatures use:
bash $ rpm --addsign <package>
rpm(1) always creates MD5 and SIZE signatures when it build packages, which means that packages built without --sign can be verified to some extent. The MD5 signature should catch problems like corrupt packages, faulty downloads, etc. Package signature verification is performed with:
bash $ rpm -K <package>
The rpm(1) command will verify every signature in the package, which may include more than one PGP signature. The output indicates what types of signatures are being checked. If any checks fail a message "NOT OK" is produced, which indicates the rpm is severly broken or malicously altered.
If an rpm exists with PGP signatures, but PGP is not installed, then it's still possible to perform limited verification with:
bash $ rpm -K --nopgp <package>
This causes rpm(1) to skip any PGP signatures, but to still check any other specified verifications (currently only MD5 and SIZE).
A debian package (.deb) can be converted to an .rpm using alien.
Stuart Moorfoot © 22 Aug 2006 foo@bund.com.au