3. Package management#
3.1. Outline#
Discuss software installation workflow.
Debian and Ubuntu packages.
Advanced Package Tool (APT) for package installation, removal, search, and query.
Debian package tool (dpkg) for package installation, removal, and query.
Redhat packages.
Yellowdog Updater Modified and Dandified (YUM and DNF) for package installation, removal, search, and query.
Redhat Package Manager (RPM) for package installation, removal, and query
3.2. The purpose of Linux packages#
All software in Linux distros come in the form of packages available in online mirrors. Packages are used for the following tasks:
Install software.
Remove software.
Update installed software.
Fix broken or partly removed software files.
Reconfigure installed software.
Verify the integrity of the installed files.
3.3. Package format and tools in various Linux distributions#
Debian and Ubuntu: deb, apt
Redhat: rpm, dnf
Arch and Monjaro: packman
Gentoo: portage (emerge)
Modern tools, including snap and flatpack:
Universal software packaging (Ubuntu, Fedora, Monjaro).
Sandboxing.
All dependencies are included in the sandboxes.
Limited use: works for specific application installations.
3.4. Linux package management#
Fig. 3.1 Debian and Redhat package installation flow#
3.5. Ubuntu (Debian) packages#
Ubuntu OS components and most of the GNU software are available in form of packages. A package file contains:
Software
Info (control) file
Scripts (pre/post install/remove)
md5sum file hashes
Naming convention:
(package-name)_(source version)-(package-version)_(architecture).deb
For example:
make_4.4.1-3_amd64.deb
Package name is make. The source version is 4.4.1 of GNU Make 4.4.1 series, package version (revision): 3 from Debian, architecture: amd64.
The official Ubuntu distribution located in the Ubuntu archive, folder main and Restricted. In folder Restricted, there are packages with restricted vendor licensing, for example, nvidia-driver-595.
Universe Is free software available from the network, but not officialy maintained by Ubuntu development team. For example, a2ps (“Anything to PS”), xemacs21. No guarantee of security fixes and support.
Multiverse Packages in the archive have some onerous license condition restricting use or redistribution of the software. For example, dvd-slideshow.
Developers may offer their own package repositories, called package personal archives (PPA).
You can run command apt-cache show on a package on Ubuntu system to see what folder the package belongs to:
Debian system APT folders
main
contrib
non-free
non-free-firmware
3.6. Deploy kvm3 VM (Exercise)#
Clone kvm1 into kvm3:
virsh shutdown kvm1
virt-clone -o kvm1 -n kvm3 -f /home/hostadm/KVM/kvm3.qcow2
Start kvm3 VM and login to its console via virsh:
virsh start kvm3
virsh console kvm3
Fix the hostname by editing file /etc/hostname with nano editor:
sudo -s
nano /etc/hostname
change kvm1 for kvm3.
Run script
vm_id_reset.sh
Reboot the VM:
reboot
3.7. Installing Ubuntu packages with APT (Exercises)#
Login to kvm3.
Try executing command make, which doesn’t exist on the VM yet:
make
The system error comes: The program ‘make’ is currently not installed.
You can install it by typing: sudo apt install make
Install recommended package make by running apt install:
apt install make
You should be able to run command make now.
Simulate package installation by using option -s:
apt install -s netpbm
Notice the prerequisite library package that would get installed, libnetpbm10 Download the package without installation:
apt install -d netpbm
Notice the deb files with the packages in the apt cache directory:
ls -l /var/cache/apt/archives
Another way to download a package and get it in the current working directory:
apt download netpbm
Install the package:
apt install netpbm
Updating all the installed packages
apt update
apt upgrade
The APT repository and software folders are defined in file
/etc/apt/sources.list and optionally in directory /etc/apt/sources.list.d
3.8. Removing Ubuntu packages with APT (Exercises)#
Remove package make by running apt remove:
apt remove make
Simulate package removal by using option -s:
apt remove -s netpbm
Notice package libnetpbm10 won’t be removed Simulate package removal with the dependencies:
apt autoremove -s netpbm
Notice the both packages would be removed. Remove the package with the dependencies:
apt autoremove netpbm
Both netpbm and libnetpbm10 should be gone now.
3.9. Search and quiry Ubuntu packages with APT (Exercises)#
First, update the available package list from the Ubuntu repository:
apt update
Search for packages containing string make in their name or description:
apt-cache search make
Narrow down the search results for the names containing make:
apt-cache search --names-only make
Filter the output for word make
apt-cache search --names-only make | grep -w ^make
Get the information about package make:
apt-cache show make
List the packages that depend on package make. Forcefully removing make would break these packages.
apt-cache showpkg make
Show the packages a given package depends on:
apt-cache depends make
3.10. Query package repository folder (Exercises).#
apt-cache show on a package reveals what folder the package belongs to.
It can be main, restricted, universe, and multiverse.
apt-cache show make | grep Filename
Filename: pool/main/m/make-dfsg/make_4.4.1-3_amd64.deb
apt-cache show nvidia-driver-595 | grep Filename
Filename: pool/restricted/n/nvidia-graphics-drivers-595/nvidia-driver-595_595.71.05-0ubuntu0.26.04.1_amd64.deb
Filename: pool/restricted/n/nvidia-graphics-drivers-595/nvidia-driver-595_595.58.03-0ubuntu2_amd64.deb
apt-cache show a2ps | grep Filename
Filename: pool/universe/a/a2ps/a2ps_4.15.7-5_amd64.deb
apt-cache show dvd-slideshow | grep Filename
Filename: pool/multiverse/d/dvd-slideshow/dvd-slideshow_0.8.6.1-2build1_all.deb
3.10.1. APT security (Exercise)#
Packages spooled into /var/cache/apt/archives/ directory before installation.
File
Packages(catalog) contains the MD5, SHA1, SHA256, SHA512 hashes, which are presented viaapt-cache showcommand.apt installverifies the hash of the installable package file with the published one.The cached
Packagesfile content is stored in /var/lib/apt/ directory.The
Packagesfile is signed with the maintainer’s Gnu Privacy Guard (GPG) key.The maintainers public GPG keys are stored in directory /usr/share/keyrings/
On Ubuntu 26.04, the maintainers gpg public keys are stored in directory /usr/share/keyrings/. On older Ubuntu distributions, there were only two GPG keys for any distro stored in directory /etc/apt/trusted.gpg.d/.
Let’s see what happens to APT when the GPG keys are removed. Remove the gpg public keys:
rm /usr/share/keyrings/*
Run command below and see the error messages about unverifiable signature:
apt update
Restore the public keys:
apt install ubuntu-keyring --reinstall
Run apt update again.
3.10.2. Adding APT repository (Exercise)#
New apt lists should be either added to file /etc/apt/sources.list or added as new files in directory /etc/apt/sources.list.d
For example, lets add the repository for BeeGFS file system.
Download file beegfs-noble.list from the vendor’s web site into directory /etc/apt/sources.list.d:
cd /etc/apt/sources.list.d
wget https://www.beegfs.io/release/beegfs_8.3/dists/beegfs-noble.list
Download the vendor public key, dearmor, and store it in directory /etc/apt/keyrings:
cd /tmp
wget https://www.beegfs.io/release/beegfs_8.3/gpg/GPG-KEY-beegfs
cat GPG-KEY-beegfs | sudo gpg --dearmor -o /etc/apt/keyrings/GPG-KEY-beegfs.gpg
Reference the key in file /etc/apt/sources.list.d/beegfs-noble.list:
content of beegfs-noble.list file
deb [signed-by=/etc/apt/keyrings/GPG-KEY-beegfs.gpg] https://www.beegfs.io/release/beegfs_8.3 noble non-free
Update apt caches:
apt update
Install a package from the newly added repository:
apt install beegfs-tools
3.10.3. Install a specific version of a package with APT (Exercise)#
There maybe several versions of the same package available in a repository.
You can see them all with command apt-cache show followed by the package name.
For example, for the kernel package linux-image-virtual we can see several versions:
apt-cache show linux-image-virtual
Let’s install version 7.0.0-22.22 with command below:
apt install linux-image-virtual=7.0.0-22.22
3.10.4. APT logs#
The history of all apt commands is stored in file /var/log/apt/history.log
To browse through the apt history:
less /var/log/apt/history.log
To see the last 20 lines of the history:
tail -20 /var/log/apt/history.log
3.10.5. Quiry Ubuntu packages with dpkg (Exercises)#
What packages are installed on the system?
dpkg -l
Quiry package status with dpkg:
dpkg -s make
dpkg -s tzdata
List the files contained in the package:
dpkg -L tzdata
What package contains a file? For example, command /bin/ls
dpkg -S /bin/ls
Reconfigure a package with command dpkg-reconfigure after installation:
dpkg-reconfigure tzdata
To see the current package configuration, command debconf-show can be used, for example:
debconf-show tzdata
If there is no package dependencies, then a package can be installed with command dpkg. Otherwise, use APT. Install package make:
apt download make
dpkg -i make_4.4.1-3_amd64.deb
To see the list of the files, contained in the deb package file:
dpkg --contents make_4.4.1-3_amd64.deb
Verify the consistency of installed files from a package:
dpkg -V make
There is nothing in the output.
Let’s modify a content of one of the files that comes with the package, /usr/include/gnumake.h:
echo '/* last line */' >> /usr/include/gnumake.h
Remove file /usr/share/man/man1/make.1.gz:
rm /usr/share/man/man1/make.1.gz
Run the package consistency check and see the tampered and removed files in the list:
dpkg -V make
Remove package make by using command dpkg:
dpkg --purge make
Extract the package content into new directory PKGdir:
dpkg -X make_4.4.1-3_amd64.deb PKGdir
Install package tree:
apt install tree
Browse the directory tree with command tree:
tree PKGdir
3.10.6. RedHat packages#
RPM Package naming convention:
(package-name)-(source version)-(package release).(architecture).rpm
For example,
nano-8.1-3.el10.x86_64.rpm
Package name is nano. The source version is 8.1. The package release is 3.el10 (Release 3 for RedHat Enterprise Linux 10). Architecture is x86_64.
3.10.7. Deploy rocky10-1 VM (Exercise)#
Clone your rocky10 VM into rocky10-1,
virt-clone -o rocky10 -n rocky10-1 -f /home/hostadm/KVM/rocky10-1.qcow2
Start rocky10-1 and login to its console via command virsh console:
virsh start rocky10-1
virsh console rocky10-1
Fix the hostname in file /etc/hostname for the correct one, rocky10-1
Run the following commands to reset the machine-id or rocky10-1 and release its DHCP IP address:
sudo dnf install dbus-tools
sudo rm -f /etc/machine-id
sudo dbus-uuidgen --ensure=/etc/machine-id
sudo dbus-uuidgen --ensure
sudo ip addr flush dev enp1s0
Reboot the VM:
sudo reboot
3.10.8. Installing and removing RedHat packages with DNF (Exercises)#
DNF or Dandified YUM is the next-generation version of the Yellowdog Updater, Modified (yum), a package manager for .rpm-based Linux distributions such as RedHat, Fedora, and Rocky.
Clean the dnf cache:
dnf clean all
Install package netpbm on it:
dnf install netpbm
Reinstall package netpbm:
dnf reinstall netpbm
You can download packages without installation, for example:
dnf download make
ls -l make*
Check available updates for installed packages:
dnf check-update
Update package tzdata
dnf update tzdata
Updating all the installed packages:
dnf update
To remove an installed package:
dnf remove netpbm
The same can be accomplished with:
dnf erase netpbm
3.10.9. Search and quiry RPM packages with DNF (Exercises)#
List the installed package and the package available for installation
dnf list gsl
dnf list coreutils
The output shows three columns - the package name and architecture, the package version, and the repository. The latter package showes up as installed (@ in front of the repo), and the former as available for installation.
To see just installed packages:
dnf list --installed
dnf repoquery --installed
To see packages available for installation:
dnf list --available
dnf repoquery
Search for packages containing string make in their name or description:
dnf search make
Get the information about package make:
dnf info make
List the packages that package make depends upon:
dnf deplist make
Identify the package that contains a specific file, for example /bin/ls:
dnf provides /usr/bin/ls
3.10.10. DNF repositories (Exercises)#
Like in Ubuntu, the Redhat packages are sorted in repositories.
The dnf repositores are defined in directory /etc/yum.repos.d/*.repo
To see the available package repositories:
dnf repolist
BaseOSAppStreamExtras
See disabled repositories:
dnf repolist --disabled
Packages can be installed only from enabled repositories.
To enable, for example repository baseos-source:
dnf config-manager --enable baseos-source
Check the list of available repos:
dnf repolist
To see the packages in repo baseos-source:
dnf list --repo baseos-source
Add an external vendor repo, for example, BeeGFS with the .repo file in URL:
dnf config-manager --add-repo https://www.beegfs.io/release/beegfs_8.3/dists/beegfs-rhel10.repo
Import the vendor key:
rpm --import https://www.beegfs.io/release/beegfs_8.3/gpg/GPG-KEY-beegfs
Check the list of available repos:
dnf repolist
See repo file beegfs-rhel10.repo in directory /etc/yum.repos.d:
ls /etc/yum.repos.d
Install a package from the new repo:
dnf install beegfs-tools
To disable the repo:
dnf config-manager --disable beegfs
Check the list of available repos:
dnf repolist
To remove the repo completely from the system:
rm /etc/yum.repos.d/beegfs-rhel10.repo
3.10.11. Advanced DNF functionalities#
History of DNF transactions:
dnf history
It is possible to revert dnf installation or upgrade in case the old pkgs are still available in thge repos. For example to revert transaction 10:
dnf history undo 10
Roll back to transaction 9:
dnf history rollback 9
DNF also provides bundles of packages by groups:
dnf group list
The detailed info on dnf can be found in the RedHat docs:
3.10.12. Query RPM packages with rpm (Exercises)#
What packages are installed on the system?
rpm -qa
A friendly readable list comes after sorting the output:
rpm -qa | sort | less
If there is no package dependencies or the dependencies have already been resolved, then a package can be simply installed with command rpm from its file. Otherwise, use DNF. Install package make from its rpm file:
rpm -ivh make-4.4.1-9.el10.x86_64.rpm
Quiry package status with rpm:
rpm -q make
Display information about the installed package:
rpm -qi make
List the files contained in the package:
rpm -ql make
Which package owns a file? For example, command /bin/ls
rpm -qf /bin/ls
RPM dependencies:
rpm -qR make
Verify the consistency of installed files from a package:
rpm -V make
There is nothing in the output.
Let’s modify a content of one of the files that comes with the package, /usr/include/gnumake.h:
echo '/* last line */' >> /usr/include/gnumake.h
Remove file /usr/share/man/man1/make.1.gz:
rm /usr/share/man/man1/make.1.gz
Run the package consistency check and see the tampered and removed files in the list:
rpm -V make
Try to remove package make by using command rpm:
rpm -e make
Quiry the package file:
rpm -qp make-4.4.1-9.el10.x86_64.rpm
rpm -qlp make-4.4.1-9.el10.x86_64.rpm
rpm -qip make-4.4.1-9.el10.x86_64.rpm
The second command above shows the files contained in the package file, and the third command displays the info about the package. More info about command rpm can be found in the man pages:
man rpm
3.10.13. References on APT and YUM#
Package Management table for rpm and deb packages