Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better

RHCSA: Using yum

News  Notes on RHCSA Certification for RHEL 7 Recommended links Lecture notes for RHCSA certification for RHEL 7 RHEL7 documentation The tar pit of Red Hat overcomplexity Systemd Unix History with some Emphasis on Scripting Red Hat history
Understanding and using essential tools Access a shell prompt and issue commands with correct syntax Finding Help Managing files in RHEL Working with hard and soft links Working with archives and compressed files Using the Midnight Commander as file manager Text files processing Using redirection and pipes
Use grep and extended regular expressions to analyze text files Finding files and directories; mass operations on files Connecting to the server via ssh, using multiple consoles and screen command RHCSA: Managing local users and groups RHCSA: Introduction to Unix permissions model Introduction to Process Management Configuring network in RHEL7 Installation and configuration of KVM in RHEL7  
Managing Software Packages with yum and rpm Using yum Using rpm            
          Sysadmin Horror Stories Tips Humor Etc

Introduction

The default utility used to manage software packages on Red Hat Enterprise Linux is yum (Yellowdog update manager). Yum is written in Python and  works with repositories, which are online connection of software packages, assessable via HTTP and HTTPS.

All "standard" software on RHEL is provided in the RPM (Red Hat Package Manager) format. This cpio based format which is enhanced to provide package metadata as well.

Repositories can be Red Hat maintained or local clones. In both cases patching of the servers, which  is the most frequently used operation for production servers is done using yum the command:

yum update

The main advantage of yum over older rpm utility is that it attempts to resolve package dependencies (when it fails you have pproblem but you canresort to downloading and installing packages via locainstall option of Yum

NOTE:

Dependency problems induced by  libraries is known as "package hell" problem in Linux.

Dependencies typically are connected with libraries as very few executables in RHEL are statically links. Even bash is not statically links which is blunder on the part of Red Hat. This means that to is path to libraries is not available you OS became unusable. The simplest way to provide in RHEL 7 is to delete symbolic links existing in root directory.

Dependencies are specified within RPM format and are extracted by YUM.  The yum  command then try to find them in the repositories configured on this system. It finds them it fetches the dependencies automatically. If all goes well you will see the list of the dependencies that will be installed. If some dependencies are not found you are in troubles.  For system packages this happens rarely but for custom packages is a real problem.

Red Hat repositories are accessible only for registered instances on RHEL. Only after registering with RHN, you can install software packages from RHEL repositories. If you are using CentOS, you get access to the CentOS repositories automatically: they are configured during installation and can be used immediately without any registration.

Note that repositories are specific to an version of RHEL. Moreover using CentOS repositories in RHEL installation also creates problems. It is not recommended to  add CentOS repositories to an RHEL server. If you want to provide additional software should add the EPEL (Extra Packages for Enterprise Linux) and Extra repositories. On how to add EPEL repositories see https://fedoraproject.org/wiki/EPEL for more information.


Warning

Installation of EPEL or CentOS repository in RHEL formally breaks your RHEL support contract.


Specifying Which Repository to Use

To tell your server which repository to use, you need to create a file with a name that ends in .repo in the directory /etc/yum.repos.d

To define a new repository, you need to add a .repo file in the /etc/yum.repos.d/ directory.  It can be created manually or copied from other server which already has  this repository subscribed.

To add such a repository to your system and enable it automatically, you need to use the command yum-config-manager as root . This operation is called a subscription to the repository and the command to use in not yum, but  yum-config-manager For example

yum-config-manager --add rhel-7-server-optional-rpms
yum-config-manager --add rhel-7-server-supplementary-rpms

NOTE:

For CentOS all the necessary repo files are created during the installation. The default content the /etc/yum.repos.d/ directory is as following:

[0]d620@ROOT:/etc/yum.repos.d # ll
total 32K
-rw-r--r--. 1 root root 1.7K Nov 23 08:16 CentOS-Base.repo
-rw-r--r--. 1 root root 1.3K Nov 23 08:16 CentOS-CR.repo
-rw-r--r--. 1 root root  649 Nov 23 08:16 CentOS-Debuginfo.repo
-rw-r--r--. 1 root root  314 Nov 23 08:16 CentOS-fasttrack.repo
-rw-r--r--. 1 root root  630 Nov 23 08:16 CentOS-Media.repo
-rw-r--r--. 1 root root 1.3K Nov 23 08:16 CentOS-Sources.repo
-rw-r--r--. 1 root root 5.6K Nov 23 08:16 CentOS-Vault.repo
For RHEL7 self-support  the list is different:
b33:/etc/yum.repos.d # ll
total 88
-rw-r--r--.   1 root root 70660 Jan 25 08:18 redhat.repo

Each file in  /etc/yum.repos.d directory defines a set of repositories from a common provider and consists of section delineated with labels in square brackets. For example  [rhel-7-server-supplementary-rpms]  The .repo file can contain multiple repositories. In this vase there are multiple section with each section starting with a label that identifies the specific repository.

After the label there are three main fields:

There are multiple labels in this file but  the most important is the label [base]. In CentOS it defines mirrorlist and if you do not have a good mirror in vicinity you might have trouble with CentOS update. Mirrors for CentOS are provided voluntarily and mainly by educational institutions which often do not have great bandwidth to begin with.  So patching servers at night is a better deal for CentOS.

You can replace mirrorlist with the best repository in your vicinity. That requires some research, but if you have difficulties accessing repositories via mirrorlist (for example due to the proxy)  it pays off. 

# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#

[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra
#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

You can also have local repositories. To access them you need to creat .repo file. When creating a repository file, the baseurl parameter is the most important because it tells your server where to find the files that are to be installed. The baseurl takes as its argument the URL where files need to be installed from. This will often be an HTTP or FTP URL, but it can be a file-based URL as well.

When using a URL, two components are used. First, the URI identifies the protocol to be used and is in the format protocol://, such as http://, ftp://, or file:// or nfs://. Following the URI is the exact location on that URL. That can be the name of a web server or an FTP server, including the subdirectory where the files are found. If the URL is file based, the location on the file system starts with a / as well. Therefore, for a file system-based URL, there will be three slashes in the baseurl, such as baseurl:///repo, which refers to the directory /repo on the local file system.

To help you determine the status of packages provided, Red Hat (as well as CentOS) groups packages in different repositories. Each of these has a different support status, so it is important to know where you are installing software from if you are interested in keeping the support status of your server.

NOTE: When installing RHEL7 updates you typically will see systemd updates as well. This is the case of "The cowboys work is never done" ;-)  

[0]d620@ROOT:/etc/yum.repos.d # yum -y update
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base: mirror.trouble-free.net
 * extras: mirror.trouble-free.net
 * updates: mirror.trouble-free.net
base                                                                  | 3.6 kB  00:00:00
extras                                                                | 3.4 kB  00:00:00
updates                                                               | 3.4 kB  00:00:00
(1/2): extras/7/x86_64/primary_db                                     | 187 kB  00:00:00
(2/2): updates/7/x86_64/primary_db                                    | 3.3 MB  00:00:01
Resolving Dependencies
--> Running transaction check
---> Package NetworkManager.x86_64 1:1.12.0-8.el7_6 will be updated
---> Package NetworkManager.x86_64 1:1.12.0-10.el7_6 will be an update
---> Package NetworkManager-libnm.x86_64 1:1.12.0-8.el7_6 will be updated
---> Package NetworkManager-libnm.x86_64 1:1.12.0-10.el7_6 will be an update
---> Package NetworkManager-team.x86_64 1:1.12.0-8.el7_6 will be updated
---> Package NetworkManager-team.x86_64 1:1.12.0-10.el7_6 will be an update
---> Package NetworkManager-tui.x86_64 1:1.12.0-8.el7_6 will be updated
---> Package NetworkManager-tui.x86_64 1:1.12.0-10.el7_6 will be an update
---> Package NetworkManager-wifi.x86_64 1:1.12.0-8.el7_6 will be updated
---> Package NetworkManager-wifi.x86_64 1:1.12.0-10.el7_6 will be an update
---> Package bind-libs-lite.x86_64 32:9.9.4-72.el7 will be updated
---> Package bind-libs-lite.x86_64 32:9.9.4-73.el7_6 will be an update
---> Package bind-license.noarch 32:9.9.4-72.el7 will be updated
---> Package bind-license.noarch 32:9.9.4-73.el7_6 will be an update
---> Package containers-common.x86_64 1:0.1.31-7.gitb0b750d.el7.centos will be updated
---> Package containers-common.x86_64 1:0.1.31-8.gitb0b750d.el7.centos will be an update
---> Package cpp.x86_64 0:4.8.5-36.el7 will be updated
---> Package cpp.x86_64 0:4.8.5-36.el7_6.1 will be an update
---> Package dbus.x86_64 1:1.10.24-12.el7 will be updated
---> Package dbus.x86_64 1:1.10.24-13.el7_6 will be an update
---> Package dbus-libs.x86_64 1:1.10.24-12.el7 will be updated
---> Package dbus-libs.x86_64 1:1.10.24-13.el7_6 will be an update
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.2 will be updated
---> Package device-mapper.x86_64 7:1.02.149-10.el7_6.3 will be an update
---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.2 will be updated
---> Package device-mapper-event.x86_64 7:1.02.149-10.el7_6.3 will be an update
---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.2 will be updated
---> Package device-mapper-event-libs.x86_64 7:1.02.149-10.el7_6.3 will be an update
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.2 will be updated
---> Package device-mapper-libs.x86_64 7:1.02.149-10.el7_6.3 will be an update
---> Package docker.x86_64 2:1.13.1-88.git07f3374.el7.centos will be updated
---> Package docker.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos will be an update
---> Package docker-client.x86_64 2:1.13.1-88.git07f3374.el7.centos will be updated
---> Package docker-client.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos will be an update
---> Package docker-common.x86_64 2:1.13.1-88.git07f3374.el7.centos will be updated
---> Package docker-common.x86_64 2:1.13.1-94.gitb2f74b2.el7.centos will be an update
---> Package freetype.x86_64 0:2.8-12.el7 will be updated
---> Package freetype.x86_64 0:2.8-12.el7_6.1 will be an update
---> Package gcc.x86_64 0:4.8.5-36.el7 will be updated
---> Package gcc.x86_64 0:4.8.5-36.el7_6.1 will be an update
---> Package grub2.x86_64 1:2.02-0.76.el7.centos will be updated
---> Package grub2.x86_64 1:2.02-0.76.el7.centos.1 will be an update
---> Package grub2-common.noarch 1:2.02-0.76.el7.centos will be updated
---> Package grub2-common.noarch 1:2.02-0.76.el7.centos.1 will be an update
---> Package grub2-pc.x86_64 1:2.02-0.76.el7.centos will be updated
---> Package grub2-pc.x86_64 1:2.02-0.76.el7.centos.1 will be an update
---> Package grub2-pc-modules.noarch 1:2.02-0.76.el7.centos will be updated
---> Package grub2-pc-modules.noarch 1:2.02-0.76.el7.centos.1 will be an update
---> Package grub2-tools.x86_64 1:2.02-0.76.el7.centos will be updated
---> Package grub2-tools.x86_64 1:2.02-0.76.el7.centos.1 will be an update
---> Package grub2-tools-extra.x86_64 1:2.02-0.76.el7.centos will be updated
---> Package grub2-tools-extra.x86_64 1:2.02-0.76.el7.centos.1 will be an update
---> Package grub2-tools-minimal.x86_64 1:2.02-0.76.el7.centos will be updated
---> Package grub2-tools-minimal.x86_64 1:2.02-0.76.el7.centos.1 will be an update
---> Package kernel.x86_64 0:3.10.0-957.10.1.el7 will be installed
---> Package kernel-headers.x86_64 0:3.10.0-957.5.1.el7 will be updated
---> Package kernel-headers.x86_64 0:3.10.0-957.10.1.el7 will be an update
---> Package kernel-tools.x86_64 0:3.10.0-957.1.3.el7 will be updated
---> Package kernel-tools.x86_64 0:3.10.0-957.10.1.el7 will be an update
---> Package kernel-tools-libs.x86_64 0:3.10.0-957.1.3.el7 will be updated
---> Package kernel-tools-libs.x86_64 0:3.10.0-957.10.1.el7 will be an update
---> Package krb5-libs.x86_64 0:1.15.1-34.el7 will be updated
---> Package krb5-libs.x86_64 0:1.15.1-37.el7_6 will be an update
---> Package libblkid.x86_64 0:2.23.2-59.el7 will be updated
---> Package libblkid.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package libgcc.x86_64 0:4.8.5-36.el7 will be updated
---> Package libgcc.x86_64 0:4.8.5-36.el7_6.1 will be an update
---> Package libgomp.x86_64 0:4.8.5-36.el7 will be updated
---> Package libgomp.x86_64 0:4.8.5-36.el7_6.1 will be an update
---> Package libmount.x86_64 0:2.23.2-59.el7 will be updated
---> Package libmount.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package libsmartcols.x86_64 0:2.23.2-59.el7 will be updated
---> Package libsmartcols.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package libstdc++.x86_64 0:4.8.5-36.el7 will be updated
---> Package libstdc++.x86_64 0:4.8.5-36.el7_6.1 will be an update
---> Package libuuid.x86_64 0:2.23.2-59.el7 will be updated
---> Package libuuid.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package lvm2.x86_64 7:2.02.180-10.el7_6.2 will be updated
---> Package lvm2.x86_64 7:2.02.180-10.el7_6.3 will be an update
---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.2 will be updated
---> Package lvm2-libs.x86_64 7:2.02.180-10.el7_6.3 will be an update
---> Package nss.x86_64 0:3.36.0-7.el7_5 will be updated
---> Package nss.x86_64 0:3.36.0-7.1.el7_6 will be an update
---> Package nss-pem.x86_64 0:1.0.3-5.el7 will be updated
---> Package nss-pem.x86_64 0:1.0.3-5.el7_6.1 will be an update
---> Package nss-sysinit.x86_64 0:3.36.0-7.el7_5 will be updated
---> Package nss-sysinit.x86_64 0:3.36.0-7.1.el7_6 will be an update
---> Package nss-tools.x86_64 0:3.36.0-7.el7_5 will be updated
---> Package nss-tools.x86_64 0:3.36.0-7.1.el7_6 will be an update
---> Package nss-util.x86_64 0:3.36.0-1.el7_5 will be updated
---> Package nss-util.x86_64 0:3.36.0-1.1.el7_6 will be an update
---> Package oci-systemd-hook.x86_64 1:0.1.18-2.git3efe246.el7 will be updated
---> Package oci-systemd-hook.x86_64 1:0.1.18-3.git8787307.el7_6 will be an update
---> Package openldap.x86_64 0:2.4.44-20.el7 will be updated
---> Package openldap.x86_64 0:2.4.44-21.el7_6 will be an update
---> Package openssl.x86_64 1:1.0.2k-16.el7 will be updated
---> Package openssl.x86_64 1:1.0.2k-16.el7_6.1 will be an update
---> Package openssl-libs.x86_64 1:1.0.2k-16.el7 will be updated
---> Package openssl-libs.x86_64 1:1.0.2k-16.el7_6.1 will be an update
---> Package perl.x86_64 4:5.16.3-293.el7 will be updated
---> Package perl.x86_64 4:5.16.3-294.el7_6 will be an update
---> Package perl-Pod-Escapes.noarch 1:1.04-293.el7 will be updated
---> Package perl-Pod-Escapes.noarch 1:1.04-294.el7_6 will be an update
---> Package perl-libs.x86_64 4:5.16.3-293.el7 will be updated
---> Package perl-libs.x86_64 4:5.16.3-294.el7_6 will be an update
---> Package perl-macros.x86_64 4:5.16.3-293.el7 will be updated
---> Package perl-macros.x86_64 4:5.16.3-294.el7_6 will be an update
---> Package policycoreutils.x86_64 0:2.5-29.el7 will be updated
---> Package policycoreutils.x86_64 0:2.5-29.el7_6.1 will be an update
---> Package policycoreutils-python.x86_64 0:2.5-29.el7 will be updated
---> Package policycoreutils-python.x86_64 0:2.5-29.el7_6.1 will be an update
---> Package polkit.x86_64 0:0.112-18.el7 will be updated
---> Package polkit.x86_64 0:0.112-18.el7_6.1 will be an update
---> Package python-perf.x86_64 0:3.10.0-957.1.3.el7 will be updated
---> Package python-perf.x86_64 0:3.10.0-957.10.1.el7 will be an update
---> Package rear.x86_64 0:2.4-2.el7 will be updated
---> Package rear.x86_64 0:2.4-4.el7_6 will be an update
---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.6 will be updated
---> Package selinux-policy.noarch 0:3.13.1-229.el7_6.9 will be an update
---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.6 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-229.el7_6.9 will be an update
---> Package shadow-utils.x86_64 2:4.1.5.1-25.el7 will be updated
---> Package shadow-utils.x86_64 2:4.1.5.1-25.el7_6.1 will be an update
---> Package systemd.x86_64 0:219-62.el7 will be updated
---> Package systemd.x86_64 0:219-62.el7_6.5 will be an update
---> Package systemd-libs.x86_64 0:219-62.el7 will be updated
---> Package systemd-libs.x86_64 0:219-62.el7_6.5 will be an update
---> Package systemd-sysv.x86_64 0:219-62.el7 will be updated
---> Package systemd-sysv.x86_64 0:219-62.el7_6.5 will be an update
---> Package tuned.noarch 0:2.10.0-6.el7 will be updated
---> Package tuned.noarch 0:2.10.0-6.el7_6.3 will be an update
---> Package tzdata.noarch 0:2018g-1.el7 will be updated
---> Package tzdata.noarch 0:2018i-1.el7 will be an update
---> Package util-linux.x86_64 0:2.23.2-59.el7 will be updated
---> Package util-linux.x86_64 0:2.23.2-59.el7_6.1 will be an update
---> Package xfsprogs.x86_64 0:4.5.0-18.el7 will be updated
---> Package xfsprogs.x86_64 0:4.5.0-19.el7_6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================
 Package                     Arch      Version                              Repository  Size
=============================================================================================
Installing:
 kernel                      x86_64    3.10.0-957.10.1.el7                  updates     48 M
Updating:
 NetworkManager              x86_64    1:1.12.0-10.el7_6                    updates    1.7 M
 NetworkManager-libnm        x86_64    1:1.12.0-10.el7_6                    updates    1.4 M
 NetworkManager-team         x86_64    1:1.12.0-10.el7_6                    updates    159 k
 NetworkManager-tui          x86_64    1:1.12.0-10.el7_6                    updates    239 k
 NetworkManager-wifi         x86_64    1:1.12.0-10.el7_6                    updates    187 k
 bind-libs-lite              x86_64    32:9.9.4-73.el7_6                    updates    741 k
 bind-license                noarch    32:9.9.4-73.el7_6                    updates     87 k
 containers-common           x86_64    1:0.1.31-8.gitb0b750d.el7.centos     extras      21 k
 cpp                         x86_64    4.8.5-36.el7_6.1                     updates    5.9 M
 dbus                        x86_64    1:1.10.24-13.el7_6                   updates    245 k
 dbus-libs                   x86_64    1:1.10.24-13.el7_6                   updates    169 k
 device-mapper               x86_64    7:1.02.149-10.el7_6.3                updates    292 k
 device-mapper-event         x86_64    7:1.02.149-10.el7_6.3                updates    188 k
 device-mapper-event-libs    x86_64    7:1.02.149-10.el7_6.3                updates    188 k
 device-mapper-libs          x86_64    7:1.02.149-10.el7_6.3                updates    320 k
 docker                      x86_64    2:1.13.1-94.gitb2f74b2.el7.centos    extras      18 M
 docker-client               x86_64    2:1.13.1-94.gitb2f74b2.el7.centos    extras     3.9 M
 docker-common               x86_64    2:1.13.1-94.gitb2f74b2.el7.centos    extras      96 k
 freetype                    x86_64    2.8-12.el7_6.1                       updates    380 k
 gcc                         x86_64    4.8.5-36.el7_6.1                     updates     16 M
 grub2                       x86_64    1:2.02-0.76.el7.centos.1             updates     31 k
 grub2-common                noarch    1:2.02-0.76.el7.centos.1             updates    728 k
 grub2-pc                    x86_64    1:2.02-0.76.el7.centos.1             updates     31 k
 grub2-pc-modules            noarch    1:2.02-0.76.el7.centos.1             updates    846 k
 grub2-tools                 x86_64    1:2.02-0.76.el7.centos.1             updates    1.8 M
 grub2-tools-extra           x86_64    1:2.02-0.76.el7.centos.1             updates    995 k
 grub2-tools-minimal         x86_64    1:2.02-0.76.el7.centos.1             updates    172 k
 kernel-headers              x86_64    3.10.0-957.10.1.el7                  updates    8.0 M
 kernel-tools                x86_64    3.10.0-957.10.1.el7                  updates    7.1 M
 kernel-tools-libs           x86_64    3.10.0-957.10.1.el7                  updates    7.0 M
 krb5-libs                   x86_64    1.15.1-37.el7_6                      updates    803 k
 libblkid                    x86_64    2.23.2-59.el7_6.1                    updates    181 k
 libgcc                      x86_64    4.8.5-36.el7_6.1                     updates    102 k
 libgomp                     x86_64    4.8.5-36.el7_6.1                     updates    157 k
 libmount                    x86_64    2.23.2-59.el7_6.1                    updates    182 k
 libsmartcols                x86_64    2.23.2-59.el7_6.1                    updates    140 k
 libstdc++                   x86_64    4.8.5-36.el7_6.1                     updates    305 k
 libuuid                     x86_64    2.23.2-59.el7_6.1                    updates     82 k
 lvm2                        x86_64    7:2.02.180-10.el7_6.3                updates    1.3 M
 lvm2-libs                   x86_64    7:2.02.180-10.el7_6.3                updates    1.1 M
 nss                         x86_64    3.36.0-7.1.el7_6                     updates    835 k
 nss-pem                     x86_64    1.0.3-5.el7_6.1                      updates     74 k
 nss-sysinit                 x86_64    3.36.0-7.1.el7_6                     updates     62 k
 nss-tools                   x86_64    3.36.0-7.1.el7_6                     updates    515 k
 nss-util                    x86_64    3.36.0-1.1.el7_6                     updates     78 k
 oci-systemd-hook            x86_64    1:0.1.18-3.git8787307.el7_6          extras      34 k
 openldap                    x86_64    2.4.44-21.el7_6                      updates    356 k
 openssl                     x86_64    1:1.0.2k-16.el7_6.1                  updates    493 k
 openssl-libs                x86_64    1:1.0.2k-16.el7_6.1                  updates    1.2 M
 perl                        x86_64    4:5.16.3-294.el7_6                   updates    8.0 M
 perl-Pod-Escapes            noarch    1:1.04-294.el7_6                     updates     51 k
 perl-libs                   x86_64    4:5.16.3-294.el7_6                   updates    688 k
 perl-macros                 x86_64    4:5.16.3-294.el7_6                   updates     44 k
 policycoreutils             x86_64    2.5-29.el7_6.1                       updates    916 k
 policycoreutils-python      x86_64    2.5-29.el7_6.1                       updates    456 k
 polkit                      x86_64    0.112-18.el7_6.1                     updates    168 k
 python-perf                 x86_64    3.10.0-957.10.1.el7                  updates    7.1 M
 rear                        x86_64    2.4-4.el7_6                          updates    637 k
 selinux-policy              noarch    3.13.1-229.el7_6.9                   updates    483 k
 selinux-policy-targeted     noarch    3.13.1-229.el7_6.9                   updates    6.9 M
 shadow-utils                x86_64    2:4.1.5.1-25.el7_6.1                 updates    1.1 M
 systemd                     x86_64    219-62.el7_6.5                       updates    5.1 M
 systemd-libs                x86_64    219-62.el7_6.5                       updates    407 k
 systemd-sysv                x86_64    219-62.el7_6.5                       updates     84 k
 tuned                       noarch    2.10.0-6.el7_6.3                     updates    254 k
 tzdata                      noarch    2018i-1.el7                          updates    490 k
 util-linux                  x86_64    2.23.2-59.el7_6.1                    updates    2.0 M
 xfsprogs                    x86_64    4.5.0-19.el7_6                       updates    897 k

Transaction Summary
=============================================================================================
Install   1 Package
Upgrade  68 Packages

Total download size: 168 M

Finding software packages in attached repositories

To install packages with yum, you first need to know the exact name of the package. The yum search  command can help to determine  this name and typically is the frost stage in installation of the package.

When you use yum search, it first gets in touch with the online repositories (which might take a minute), after which it downloads the most recent repository metadata to the local machine. Then, yum search  looks in the package name and description for the string you have been looking for. In Listing 11.4, you can see what the result looks like after using yum search user.

[0]d620@ROOT:/etc/yum.repos.d # yum search documentation | grep -viP 'header|generat|developer' | wc -l
648

You can also use command

yum search user

Because the yum search  command looks in the package name and summary only, it often does not show what you need. You often need to look for packages containing a specific file. To do this, the yum whatprovides  or yum provides  command will help you. (There is no functional difference between these two commands.) To make it clear that you are looking for packages containing a specific file, you need to specify the filename as */filename, or use the full path name to the file you want to use. So if you need to look for the package containing the file semanage, for example, use yum whatprovides */semanage. It will show the name of the package as a result.

Getting information about packages

Before installing a package, it is a good idea to get some more information about the package. Because the yum  command was developed to be intuitive, it is almost possible to guess how that works. Just use yum info, followed by the name of the package.

Often example use the nmap package (which is a very useful tool). It is a network sniffer that allows you to find ports that are open on other hosts. Just use nmap 192.168.4.100  to give it a try, but be aware that some network administrators really do not like nmap and might consider this a hostile attack.

[0]d620@ROOT:/etc/yum.repos.d # yum info nmap
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.trouble-free.net
 * extras: mirror.trouble-free.net
 * updates: mirror.trouble-free.net
Installed Packages
Name        : nmap
Arch        : x86_64
Epoch       : 2
Version     : 6.40
Release     : 16.el7
Size        : 16 M
Repo        : installed
From repo   : base
Summary     : Network exploration tool and security scanner
URL         : http://nmap.org/
License     : GPLv2 and LGPLv2+ and GPLv2+ and BSD
Description : Nmap is a utility for network exploration or security auditing.  It supports
            : ping scanning (determine which hosts are up), many port scanning techniques
            : (determine what services the hosts are offering), and TCP/IP fingerprinting
            : (remote host operating system identification). Nmap also offers flexible target
            : and port specification, decoy scanning, determination of TCP sequence
            : predictability characteristics, reverse-identd scanning, and more. In addition
            : to the classic command-line nmap executable, the Nmap suite includes a flexible
            : data transfer, redirection, and debugging tool (netcat utility ncat), a utility
            : for comparing scan results (ndiff), and a packet generation and response
            : analysis tool (nping).

Installing and removing software packages

If after looking at the yum info  output you are happy with the package, the next step is to install it. As anything else you are doing with yum, it is not hard to guess how to do that: Just use yum install nmap. When used in this way, the yum  command asks for confirmation. If when you type the yum install  command you are sure about what you are doing, you might as well use the -y  option, which passes a “yes” to the confirmation prompt that yum  normally issues.

yum  starts by analyzing what is going to be installed. Once that is clear, it gives an overview of the package that is going to be installed, including its dependencies. Then, the package itself is installed to the system.

To remove software packages from a machine, use the yum remove  command. This command also will do a dependency analysis, which means that it will not only remove the selected package but also all packages that depend on it. This may sometimes lead to a long list of software packages that are going to be removed. To avoid unpleasant surprises, you should never use yum remove  with the -y  option.

NOTE

Some packages are protected. Therefore, you cannot easily remove them. If yum remove  encounters protected packages, it refuses to remove them.

Listing installed packages

When working with yum, you may also use the yum list  command to show lists of packages. Used without arguments, yum list  shows a list of all software packages that are available, including the repository they were installed from.

If a repository name is shown, the package is available in that specific repository. If @anaconda is listed, the package has already been installed on this system.

If you want to see which packages are installed on your server, you can use the yum list installed  command. The yum list  command can also prove useful when used with the name of a specific package as its argument. For instance, type yum list kernel  to show which version of the kernel is actually installed and which version is available as the most recent version in the repositories. For example

yum list kernel

Updating packages

One of the major benefits of working with yum  repositories is that repositories make it easy to update packages. The maintainer of the repositories copies updated packages to the repositories. The index in the repository always contains the current version of a package in the repository. On the local machine also, a database is available with the current versions of the packages that are used. When using the yum update  command, current versions of packages that are installed are compared to the version of these packages in the repositories.

From this overview, type y  to install the updates or d to simply down then without installation (this is new option in yum available only in RHEL7 and above)

Notice that while updating packages the old version of the package is replaced with a newer version of the package.

There is one exception, which is for the kernel package. Even if you are using the yum update kernel  command, the kernel package is not updated, but the newer kernel is installed beside the old kernel, so that during booting you can select the kernel that you want to use.

This is useful because you may find that because of hardware compatibility issues the new kernel will not work. In that case, you can interfere on the GRUB 2 boot prompt

yum update

Working with yum package groups

While managing specific services on a Linux machine, you often need several different packages. If, for instance, you want to make your machine a virtualization host, you need the KVM packages, but also all supporting packages such as qemu, libvirt, and the client packages. Or while configuring your server as a web server, you need to install additional packages like PHP as well in many cases.

To make it easier to manage specific functionality, instead of specific packages, you can work with package groups as well. A package group is defined in the repository, and yum offers the group management commands to work with these groups. For an overview of all current groups, use yum groups list.

[0]d620@ROOT:/etc/yum.repos.d # yum group list
Loaded plugins: fastestmirror
There is no installed groups file.
Maybe run: yum groups mark convert (see man yum)
Loading mirror speeds from cached hostfile
 * base: mirror.trouble-free.net
 * extras: mirror.trouble-free.net
 * updates: mirror.trouble-free.net
Available Environment Groups:
   Minimal Install
   Compute Node
   Infrastructure Server
   File and Print Server
   Basic Web Server
   Virtualization Host
   Server with GUI
   GNOME Desktop
   KDE Plasma Workspaces
   Development and Creative Workstation
Available Groups:
   Compatibility Libraries
   Console Internet Tools
   Development Tools
   Graphical Administration Tools
   Legacy UNIX Compatibility
   Scientific Support
   Security Tools
   Smart Card Support
   System Administration Tools
   System Management
Done

Notice that some yum groups are not listed by default. To show those as well, type yum groups list hidden. You see the list of groups that is displayed is considerably longer. The difference is that yum groups list  shows environment groups, which contain basic functionality. Within an environment group, different subgroups can be used; these are displayed only when using yum groups list hidden.

To get information about packages available in a group, you use yum groups info. Because group names normally contain spaces, do not forget to put the entire group name between quotes. So, type yum groups info "Basic Web Server"  to see what is in the Basic Web Server group.

Using yum History

While working with yum, all actions are logged to the /var/log/yum.log file. You can use the yum history  command to get an overview of all actions that have been issued. From the history file, it is possible to undo specific actions; use yum history undo  followed by the number of the specific action you want to undo.

[0]d620@ROOT:/etc/yum.repos.d # yum history
Loaded plugins: fastestmirror
ID     | Command line             | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
    22 | -y update                | 2019-03-20 14:59 | I, U           |   16 PP
    21 | -y update                | 2019-03-20 14:56 | I, U           |   69 **
    20 | install at               | 2019-03-10 21:04 | Install        |    1
    19 | install psmisc.x86_64    | 2019-03-01 15:28 | Install        |    1
    18 | install gcc.x86_64       | 2019-03-01 15:20 | I, U           |    9
    17 | install wget             | 2019-03-01 15:17 | Install        |    1
    16 | install mlocate          | 2019-02-21 09:51 | Install        |    1
    15 | install tree             | 2019-02-19 00:25 | Install        |    1
    14 | install tcpdump          | 2019-01-30 16:31 | Install        |    1
    13 | install net-tools        | 2019-01-30 11:30 | Install        |    1
    12 | install bash-completion  | 2019-01-30 11:28 | Install        |    1
    11 | install traceroute.x86_6 | 2019-01-30 11:25 | Install        |    1
    10 | install dos2unix         | 2019-01-28 20:48 | Install        |    1
     9 | install syslinux-extlinu | 2019-01-27 15:02 | Install        |    1
     8 | install rear             | 2019-01-27 14:13 | Install        |    7
     7 | install httpd            | 2018-12-13 13:45 | Install        |    5
     6 | install nmap             | 2018-12-13 13:28 | Install        |    3
     5 | update                   | 2018-12-13 13:18 | I, O, U        |  156 EE
     4 | install docker           | 2018-12-13 12:52 | I, U           |   44
     3 | install vim              | 2018-12-07 01:45 | Install        |    3

To undo any action  type yum history undo <number>.

Understanding security issues connected with package management

Using external Web-based repositories allows you  install software packages from the Internet. This is convenient, but it also involves a security risk. When installing RPM packages, you do that with root permissions, and if in the RPM package script code is executed, that is executed as root as well. For that reason, you want to make sure that you can trust the software packages you are trying to install.

This is why repositories in general use keys for package signing. This is also why on Red Hat Enterprise Linux it is a good idea to use repositories provided though RHN only.

To secure packages in a repository, they are signed with a GPG key. This makes it possible to check whether packages have been changed since the owner of the repository provided them. The GPG key used to sign the software packages is typically made available through the repository as well. The users of the repository can download that key and store it locally so that the package signature check can be performed automatically each time a package is downloaded from the repository.

If repository security is compromised and an intruder manages to hack the repository server and put some fake packages on it, the GPG key signature will not match, and the yum  command will complain while installing new packages. This is why it is highly recommended to use GPG keys when using Internet repositories.

If you are using a repository where GPG package signing has been used, on first contact with that repository the RPM command will propose to download the key that was used for package signing.  That's what you have to do if you add EPEL repository. This is a transparent procedure that requires no further action.

The GPG keys that were used for package signing are installed to the /etc/pki/rpm-gpg directory by default.

The GPG keys that were used for package signing are installed to the /etc/pki/rpm-gpg directory by default.

TIP

For using internal repositories, the security risks are less. For that reason, you can use not signed packages.

Summary



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: April 11, 2019