The Basics of RPM – Red Hat Package Management [Linux 101]

In previous articles, we’ve explored the system used to install software on Debian-based systems, including Ubuntu among others. RPM, or the “Red Hat Package Manager”, debuted in Red Hat Linux 2.0 in 1995, and is now the preferred package management system of distributions based on Red Hat, including CentOS and Oracle’s Linux distro, as well as SuSE.

Now we’ll see how this system compares to the “Ubuntu way” of managing software.

Note: If you’re using a DEB-based system, you may have the rpm command. However, you likely won’t have a package database, so some of the below commands may display some errors referencing this.

An RPM package, like DEBs, consists of an archive of files that the package manager will place on your computer when installed. It also contains the same type of information about other software it needs, so the system can download and install your dependencies for you. It just wraps all this up in a different way.

Like DEB files, an RPM package can contain either binary (or executable) code, source code that’s compiled into binary before installation, or architecture-independent files (like documentation). An RPM file is a cpio archive, which is an archive format that was originally used for tape backups. RPM’s contain three primary types of data:

  • Data identifying the file as an RPM package
  • A signature so the system can verify that the package hasn’t been tampered with (for example, an MD5 hash of the package)
  • The “Header,” which contains information about the package, such as name, version number, and summary
  • The “Payload,” or the files the package will install on your system

Unlike Debian packages, viewing some of this information isn’t quite as easy as unarchiving the package and looking at some text files. If we want to take a look at the signature, say to compare it against a signature in the system’s RPM database, we’d need to use the command-line RPM program as follows:

sudo rpm --checksig rpm-4.9.1.3-6.fc17.x86_64.rpm

To view the Header information, you can query the package with the following command:

sudo rpm -qip rpm-4.9.1.3-6.fc17.x86_64.rpm

Here, the “-q” flag tells RPM to query the package, the “i” to get info on it, and the “p” that you’ll indicate a package file as an argument. So in order to see what files are in the package, you’ll want a list instead of info, or the following:

sudo rpm -qlp rpm-4.9.1.3-6.fc17.x86_64.rpm

You can also open RPM files directly in many archive managers to see how the files in the package are organized.

As mentioned above, one of the main elements of the Red Hat package system is the RPM database. Stored in “/var/lib/rpm”, this directory contains a number of sub-directories and files containing information on the packages installed on the system. This database is normally set up during the installation of the system. Once initialized, any package installed on the system will get recorded in this database – for example, the majority of the packages installed with the system are done using RPM, so their records will be included.

In order to query the RPM database, you can use commands similar to the above, leaving the “p” flag out (because we’re not providing a package file argument). For example, the following command will search the RPM database and list all the files that are part of the rpm package (if it’s installed):

sudo rpm -ql rpm

In the same way, the following command will list all of the packages installed in the system:

sudo rpm -qa

There are a huge number of flags and options that can be used with the RPM tools to manage your software. One good reference is the documentation maintained by the Fedora project.