Linux software management involves installing, updating, querying, and removing packages while managing dependencies. Red Hat-based systems use RPM as the low-level package format and YUM/DNF as the high-level package managers. Understanding both layers is essential for RHCA administrators who must manage software at scale.
The RPM Package Format
An RPM file is a compressed archive that contains:
- Payload: The actual files to be installed (compressed with cpio or zstd)
- Signature: GPG signature to verify package authenticity
- Header: Metadata — name, version, release, architecture, description, license, dependencies, changelog, pre/post install scripts
RPM Package Naming Convention
# Format: name-version-release.architecture.rpm
# Example: httpd-2.4.37-43.el8.x86_64.rpm
# httpd = package name
# 2.4.37 = upstream version
# 43 = Red Hat release number (how many times they packaged this version)
# el8 = Enterprise Linux 8 (el7 = RHEL 7, fc = Fedora)
# x86_64 = architecture (x86_64, i686, aarch64, noarch)
# noarch = no architecture (scripts, docs, Java — runs on any CPU)RPM Database
RPM maintains a database at /var/lib/rpm/ that tracks all installed packages, their files, and their checksums. This database is used for:
- Verifying installed files haven't been modified
- Tracking what package owns each file
- Dependency resolution
- Generating reports of installed software
# Rebuild corrupt RPM database:
# rpm --rebuilddb # rebuilds the Berkeley DB files
# Verify all installed files:
# rpm -Va # check every file against RPM database
# Output: SM5DLUGT c /path/to/file
# S=size, M=mode/permissions, 5=MD5 checksum, D=device, L=symlink,
# U=user, G=group, T=timestamp, c=config fileRPM Commands — Complete Reference
# INSTALL:
# rpm -ivh package.rpm # install, verbose, hash progress bar
# rpm -ivh --nodeps package.rpm # install ignoring dependencies (dangerous)
# rpm -ivh --force package.rpm # force install even if already installed
# UPGRADE:
# rpm -Uvh package.rpm # upgrade (also installs if not present)
# rpm -Fvh package.rpm # freshen (only upgrades if installed, skips new)
# rpm -Uvh --oldpackage old.rpm # downgrade to older version
# ERASE:
# rpm -e packagename # remove package
# rpm -e --nodeps packagename # remove ignoring dependencies
# QUERY:
# rpm -qa # list ALL installed packages
# rpm -qa | grep http # search installed packages
# rpm -q httpd # query specific package (returns version)
# rpm -qi httpd # info: description, size, install date
# rpm -ql httpd # list all files in package
# rpm -qd httpd # documentation files only
# rpm -qc httpd # config files only
# rpm -qR httpd # requires (dependencies)
# rpm -q --provides httpd # what capabilities this package provides
# rpm -qf /etc/httpd/conf/httpd.conf # which package owns this file
# rpm -q --changelog httpd | head # package changelog
# Query a .rpm FILE (not installed):
# rpm -qip package.rpm # info from .rpm file
# rpm -qlp package.rpm # file list from .rpm file
# rpm -qRp package.rpm # dependencies from .rpm file
# VERIFY:
# rpm -V httpd # verify package files
# rpm -Va # verify all installed packagesYUM Architecture
YUM (Yellowdog Updater Modified) sits on top of RPM and adds:
- Dependency resolution: Automatically finds and installs required packages
- Repository management: Maintains indexes of available packages from configured repos
- Transaction history: Tracks what was installed/removed and when (with undo capability)
- Group management: Install related sets of packages (Development Tools, Web Server, etc.)
How YUM Resolves Dependencies
When you run yum install httpd:
- YUM downloads the repository metadata (package indexes)
- Looks up
httpd's requirements in the metadata - For each requirement, finds which available package provides it
- Recursively resolves dependencies of dependencies
- Presents the full installation list for approval
- Downloads and installs in dependency order
YUM Commands — Complete Reference
# INSTALL:
# yum install httpd # install with dependencies
# yum install httpd -y # without confirmation
# yum localinstall package.rpm # install local .rpm with dep resolution
# yum reinstall httpd # reinstall (useful for fixing corrupted install)
# REMOVE:
# yum remove httpd # remove package
# yum erase httpd # same as remove
# yum autoremove # remove unneeded orphan packages
# UPDATE:
# yum update # update all packages
# yum update httpd # update specific package
# yum check-update # list available updates (no install)
# yum update --security # install only security updates
# yum update-minimal --security # minimal security updates (bugfix only)
# SEARCH AND INFO:
# yum search httpd # search name and description
# yum search all "web server" # search all fields
# yum info httpd # detailed package information
# yum list installed # all installed packages
# yum list available # all packages available in repos
# yum list all # installed + available
# yum provides /usr/sbin/httpd # what package provides a file
# yum provides "webserver" # what package provides a capability
# yum deplist httpd # list all dependencies
# GROUPS:
# yum grouplist # list all available groups
# yum groupinfo "Web Server" # group description and packages
# yum groupinstall "Development Tools" # install all packages in group
# yum groupremove "Development Tools" # remove group
# yum groupupdate "Web Server"
# HISTORY:
# yum history # list transactions
# yum history info 5 # details of transaction 5
# yum history undo 5 # undo transaction 5
# yum history redo 5 # redo a previously undone transaction
# MAINTENANCE:
# yum clean all # clean cached packages, metadata, headers
# yum clean packages # clean downloaded packages only
# yum clean metadata # clean repository metadata
# yum makecache # pre-download metadata for all reposRepository Configuration
# Repository config files location:
# /etc/yum.repos.d/*.repo
# Standard repo file format:
[repoid]
name=Human readable repository name
baseurl=http://mirror.example.com/rhel7/x86_64/
# OR:
mirrorlist=http://mirrors.example.com/mirrorlist?repo=rhel7
enabled=1 # 0=disable without deleting
gpgcheck=1 # verify GPG signatures
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
priority=1 # lower number = higher priority (yum-priorities plugin)
exclude=kernel* php* # exclude specific packages from this repo
# Enable/disable repos:
# yum repolist all # show all repos and enabled/disabled status
# yum --enablerepo=epel install package
# yum --disablerepo=epel install package
# yum-config-manager --enable epel # permanently enable
# yum-config-manager --disable epel # permanently disable
# RHEL Subscription Manager repos:
# subscription-manager repos --list
# subscription-manager repos --enable rhel-7-server-rpmsCreating a Local YUM Repository
# Useful for: air-gapped systems, bandwidth-limited environments, standardised deployments
# Method 1: From RHEL DVD/ISO
# mount -o loop,ro rhel7.iso /mnt/dvd
# vim /etc/yum.repos.d/local-dvd.repo
[local-dvd]
name=RHEL 7 DVD
baseurl=file:///mnt/dvd/
enabled=1
gpgcheck=0
# Method 2: Sync from network and create local repo
# mkdir -p /var/repos/rhel7
# reposync -r rhel-7-server-rpms -p /var/repos/ # sync repo
# Create repo metadata:
# yum install createrepo -y
# createrepo /var/repos/rhel7/
# When packages change, update metadata:
# createrepo --update /var/repos/rhel7/
# Serve via Apache:
# cp /var/repos/rhel7/ /var/www/html/repos/rhel7/
# vim /etc/yum.repos.d/local-http.repo
[local-http]
name=Local RHEL 7 Repository
baseurl=http://reposerver.example.com/repos/rhel7/
enabled=1
gpgcheck=0DNF — Next Generation Package Manager (RHEL 8+)
# DNF replaces YUM in RHEL 8+, with better dependency solving and performance
# Most YUM commands work identically with dnf
# New DNF-specific features:
# Module streams (AppStream repository):
# dnf module list # list all module streams
# dnf module info php # details about php module
# dnf module enable php:7.4 # select specific version
# dnf module install php:7.4/default
# dnf module disable php # disable module stream
# dnf module reset php # reset to default
# Groups (improved):
# dnf group list --hidden # show all groups including hidden
# dnf group install "Server" --with-optional
# History with reasons:
# dnf history list
# dnf history userinstalled # what was explicitly installed by user
# Repository auto-metadata download:
# dnf repoquery --what-requires httpd # what depends on httpd?
# dnf repoquery --requires httpd # what does httpd require?
# Download without installing:
# dnf download httpd # download .rpm to current dir
# dnf download --resolve httpd # download with all dependencies