Yum/Dnf & Rpm
yum/dnf
套件庫管裡
# 已啟用的套件庫清單
dnf repolist enabled
# 列出所有的套件庫包含 disabled 與 enabled
dnf repolist all
dnf repolist -v
# 已啟用套件庫的詳細資訊
dnf repoinfo
# 啟用指定的套件庫
dnf install yum-utils
dnf config-manager --enable <repositoryID>
# 停用指定的套件庫
dnf config-manager --disable <repositoryID>
系統更新
# 查詢所有可更新的套件
yum list updates
yum check-update
yum check-update --security
# 更新所有套件
yum update
yum update --disablerepo=epel
# 更新至指定的 release 版號
subscription-manager release --list
yum clean all
yum --releasever=8.6 update
# 更新與安全性相關的套件
yum update --security
yum update-minimal --security
# 更新指定套件
yum update sudo
yum --security update sudo
yum --security update-minimal sudo
# 系統更新驗證 (不做實際更新異動)
# NOTE: 這個驗證仍會下載更新檔至 cache 目錄,但不會有套件異動
yum update -y --setopt tsflags=test
yum clean packages
# 修補與 RHSA-XXX 相關的套件
yum update --advisory=RHSA-2019:0997
檢視套件清單
dnf list --all
dnf list --installed
dnf list --available
安裝/檢視指定版本套件
dnf --showduplicates list <package-name>
dnf list <package-name>-<version>
dnf install <package-name>-<version>
歷史更新紀錄
# To display a list of all the latest yum transactions, use:
dnf history
# To display a list of all the latest operations for a selected package, use:
dnf history list <package-name>
# To examine a particular transaction, use:
dnf history info <transactionID>
# dnf history list
Updating Subscription Management repositories.
ID | Command line | Date and time | Action(s) | Altered
---------------------------------------------------------------------------------------------------------------------------------------
12 | update | 2022-03-18 16:57 | I, U | 328 EE
11 | install haproxy | 2021-11-17 15:37 | Install | 1
10 | install chrony | 2021-11-10 17:44 | Install | 2
9 | install vim-enhanced | 2021-11-10 17:44 | Install | 4
8 | install sysstat | 2021-11-10 17:43 | Install | 1
7 | install yum-utils | 2021-11-10 17:43 | Install | 1
6 | install net-snmp-utils | 2021-11-10 17:43 | Install | 1
5 | install bind-utils net-snmp | 2021-11-10 17:42 | Install | 30
4 | install rsync mailx | 2021-11-10 17:42 | Install | 1
3 | install tmux | 2021-11-10 17:41 | Install | 1
2 | install redhat-lsb-core | 2021-11-10 17:38 | Install | 26
1 | | 2021-11-10 17:27 | Install | 396 EE
凍結套件版本
凍結特定套件版本可以避免在執行 yum update
系統更新時,特定套件也會被一起被更新。
# Install yum plugin: yum-versionlock
# The /etc/yum/pluginconf.d/versionlock.list will be created on the system.
# For RHEL 7.9
yum install yum-plugin-versionlock
# For RHEL 8 and 9
yum install python3-dnf-plugin-versionlock
# To install or lock the version of the gcc group of packages, run
yum versionlock gcc-*
# To display the list of locked packages, use:
yum versionlock list
# To discard the list of locked packages, use:
yum versionlock clear
# To discard the lock on a specific package, use:
yum versionlock delete <package_name>
凍結系統版本 (Release)
# To determine which releases are available:
subscription-manager release --list
# Temporary Setting
yum clean all
yum --releasever=8.6 update
# Permanent Setting
subscription-manager release --set=8.6
yum clean all
subscription-manager repos --list-enabled
# To determine which releases system is set to:
subscription-manager release --show
# To unset a specific release:
subscription-manager release --unset
yum clean all
subscription-manager repos
各種舊版本的套件庫位址
清除套件庫清單及暫存的套件檔
dnf clean all
搜尋套件
搜尋檔案 libstdc++.so.6
dnf whatprovides "*/libstdc++.so.6"
dnf provides "*/libstdc++.so.6"
搜尋套件
dnf search mypackage
dnf search --all mypackage
套件的相依性
dnf deplist <package-name>
repoquery --requires <package-name>
下載 RPM 套件
yum -y install yum-utils.noarch
yumdownloader <package-name>
yumdownloader --destdir /path/to/download <package-name>
# Includ all dependencies
yumdownloader --resolve --alldeps <package-name>
# Extract downloaded RPM
rpm2cpio dekiwiki-10.0.1-3.1.noarch.rpm | cpio -idmv
yum -y install --downloadonly --downloaddir=/tmp/packages NetworkManager
一次性啟用套件庫位址
dnf --enablerepo=elrepo-kernel install kernel-ml kernel-ml-devel
使用光碟 ISO方式來安裝套件
# vi /etc/yum.repo.d/CentOS-Media.repo
[c6-local]
name=CentOS-$releasever - Media
baseurl=file:///mnt/disc/
gpgcheck=0
enabled=0
NOTE: enabled=0,不是 1。將 DVD 掛載為 /mnt/disc。
# yum --disablerepo="*" --enablerepo=c6-local list available
# yum --disablerepo="*" --enablerepo=c6-local install nfs-utils
安裝本機端的 RPM 套件
dnf --nogpgcheck install htop-1.0.2-1.el5.rf.x86_64.rpm
匯出已安裝套件列表
yum list installed
yum list installed |tail -n +3|cut -d' ' -f1 > installed_packages.lst
# 或
rpm -qa > installed_packages.lst
yum -y install $(cat installed_packages.lst)
安裝 EPEL 套件庫
rpm -ivh http://mirror01.idc.hinet.net/EPEL/5/i386/epel-release-5-4.noarch.rpm
rpm -ivh http://mirror01.idc.hinet.net/EPEL/6/i386/epel-release-6-8.noarch.rpm
TIPs:
錯誤: Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again
解決: sed -i "s/mirrorlist=https/mirrorlist=http/" /etc/yum.repos.d/epel.repo
安裝 ELRepo 套件庫
ELRepo - The Community Enterprise Linux Repository
rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org
# for RHEL-5, CENTOS-5
rpm -Uvh http://elrepo.org/elrepo-release-5-2.el5.elrepo.noarch.rpm
# for RHEL-6, CENTOS-6
rpm -Uvh http://elrepo.org/elrepo-release-6-3.el6.elrepo.noarch.rpm
安裝 RPMforge/RepoForge 套件庫
RPMforge 是由 Dag 及其他包裝者合作維護的。他們為 CentOS 提供超過 5000 個套件,包括 wine、vlc、mplayer、xmms-mp3 及其他受歡迎的媒體工具。它並不是 Red Hat 或 CentOS 的一部份,但卻是為那些發行版本而設計的。
http://repoforge.org/use/
如何補安裝套件組
系統在第一次安裝時,都可以選擇要安裝哪些套件組,假使之後系統要補裝某套件組,例如 GNOME 視窗套件,可以使用這些指令,而不用一一找出有哪些相依性的套件名稱。
# 列出有哪些套件組可安裝
yum grouplist
# 安裝 GNOME 視窗套件組
yum groupinstall "GNOME Desktop Environment"
# 移除套件組
yum groupremove "Office Suite and Productivity" "Dial-up Networking Support"
# 顯示被隱藏的套件群組
yum grouplist hidden
Yum 設定
編輯 /etc/yum.conf
# Set Proxy
# proxy=http://<username>:<password>@<this.is.proxy.ip:<port>/
proxy=http://windowsad\username:password@proxy.server:port/
# Set Timeout
timeout=600
安裝本機上的 RPM
yum localinstall my.rpm
建立 YUM 套件庫主機 (with ISO)
安裝套件 createrepo
CetOS 5:
createrepo /source/path/reas5
createrepo -g /source/path/reas5/repodata/comps.xml
CetOS 6/7:
# 建立套件索引
createrepo /yum-repo-packages/centos_6.4_x86_64
# 建立套件群組索引
# CentOS 6.4
createrepo -g /yum-repo-packages/centos_6.4_x86_64/repodata/2727...cab6f72-c6-x86_64-comps.xml /yum-repo-packages/centos_6.4_x86_64
# RedHat 7.9
createrepo -g /mnt/yum-repo/redhat_7.9_x86_64/repodata/3df90817a193baef023d53222cc4ce8f4d15209e593bee361bf72016022008fb-comps-Server.x86_64.xml /mnt/yum-repo/redhat_7.9_x86_64
RHEL 8:
# for RHEL 8 only
yum install createrepo_c
cp -r /mnt/iso/* /mnt/yum-repo/redhat_8.3_x86_64
createrepo /mnt/yum-repo/redhat_8.3_x86_64
rhel-local.repo:
[LocalRepo_BaseOS]
name=LocalRepo_BaseOS
metadata_expire=-1
enabled=1
gpgcheck=1
baseurl=ftp://10.1.115/LINUX_REPO/redhat_8.3_x86_64/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
[LocalRepo_AppStream]
name=LocalRepo_AppStream
metadata_expire=-1
enabled=1
gpgcheck=1
baseurl=ftp://10.10.1.115/LINUX_REPO/redhat_8.3_x86_64/AppStream/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
RPM
安裝套件
rpm -ivh vim-enhanced-*.x86_64.rpm
# Dry-run only without any changes
rpm -ivh --test vim-enhanced-*.x86_64.rpm
查詢指令
# 查詢已安裝的套件的詳細資訊
rpm -qi <package-name>
# 查詢已安裝套件是 32 或 64 bit
rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n" | grep -i <package-name>
# 查詢未安裝的套件資訊
rpm -qpi your.rpm
less your.rpm
# 列出已安裝套件的相依性
rpm -q --requires <package-name>
# 列出未安裝的 RPM 的相依性
rpm -qp --requires your.rpm
# 列出一個尚未安裝的 RPM 所包含的檔案列表
rpm -qlp your.rpm
# 查詢檔案所屬的套件名稱
rpm -qf /usr/bin/ksh
# 查詢 RPM Public Key
rpm -q gpg-pubkey | sort | uniq -c | sort -nr
列出指定套件的相依性清單
# list the dependencies required for the git rpm
# -q: query the RPM package
# -p: specify the package file
# -R: list the dependencies required for the package
rpm -qpR git-1.8.3.1-20.el7.x86_64.rpm
# the command will output a list of dependencies required for Git. For example:
/bin/bash
/bin/sh
/lib/ld-linux-x86-64.so.2
/lib64/ld-linux-x86-64.so.2
libc.so.6(GLIBC_2.14)(64bit)
libcurl.so.4()(64bit)
libexpat.so.1()(64bit)
libssl.so.10()(64bit)
libz.so.1()(64bit)
perl(:MODULE_COMPAT_5.16.3)
perl(Error)
perl(Exporter)
perl(Fcntl)
... (more dependencies)
# get the RPM package names for these dependencies
rpm -q --whatprovides "libcurl.so.4()(64bit)"
清查所有已安裝套件的名稱、版本、架構等資訊
rpm -qa --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n'| sort &> /tmp/rpm-qa.prod.output.txt
檢查指定套件的 Changelog
rpm -q --changelog sudo | grep -i cve-2021-3156
rpm -q --changelog -p sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm | grep -F CVE-2021
Rebuild source-rpm
yum install rpm-build
rpmbuild --rebuild something.src.rpm
GPG
# List all GPG keys
rpm -q gpg-pubkey | sort | uniq -c
# Get the information of a key
rpm -qi gpg-pubkey-2f86d6a1-5cf7cefb
清除 cache
yum clean all
rm /var/cache/yum/* -rf
常用管理工具安裝
使用 minimal ISO 安裝後,有些常用工具必須手動安裝。
RedHat 6
yum install setuptool system-config-network* system-config-securitylevel-tui system-config-keyboard \
lvm2 lsof nfs-utils sysstat net-snmp net-snmp-utils vim-enhanced rsync mailx bind-utils vim-enhanced \
net-tools
RedHat 7/8
yum install chrony tmux vim-enhanced rsync mailx bind-utils net-snmp net-snmp-utils \
yum-utils sysstat nfs-utils redhat-lsb-core lsof net-tools
# for VMware guest OS
yum install open-vm-tools
桌面環境安裝
RHEL 8 & 9
yum group install GNOME base-x Fonts
#or
yum groupinstall "Server with GUI"
RHEL 7
yum groupinstall gnome-desktop x11 fonts
# Or
yum groupinstall "Server with GUI"
RHEL 6
# Recommended
yum groupinstall Desktop "General Purpose Desktop" "Desktop Platform" "X Window System" "Internet Browser" "Graphical Administration Tools" Fonts
# Minimal
yum groupinstall Desktop "X Window System" Fonts
RHEL 5
# Recommended
yum groupinstall gnome-desktop base-x graphical-internet admin-tools
# Minimal
yum groupinstall gnome-desktop base-x
CVE 相關指令
查詢目前系統是否有 CVE 的危害 (需要官網訂閱連線)
# 沒有內容輸出,表示沒有這個 CVE 的危害
yum updateinfo info --cve CVE-2023-48795
# With RHSA
yum updateinfo info --advisory RHSA-2023:7549
查詢目前系統的特定套件更新紀錄有無包含 CVE 編號
# rpm -q --changelog [package-name] | grep [CVE-NUMBER]
rpm -q --changelog openssl | grep CVE-2021-3450
查詢所有可用的安全性更新 (RHSA 通報資訊)
# 未安裝的
yum updateinfo list updates security
# 已安裝的
yum updateinfo list security --installed
# 顯示特定 RHSA 號碼的詳細資訊
yum updateinfo info <RHSA ID>
更新指定的 RHSA-ID
yum check-update --advisory=RHSA-2024:1249
yum update --advisory=RHSA-2024:1249
FAQ
About EPEL Repository
Important Notice
- The following information has been provided by Red Hat, but is outside the scope of the posted Service Level Agreements and support procedures.
- Installing unsupported packages does not necessarily make a system unsupportable by Red Hat Global Support Services
- However, Red Hat Global Support Services will be unable to support or debug problems with packages not shipped in standard RHEL channels.
- Installing packages from EPEL is done at the user's own risk.
- The EPEL repository is a community supported repository hosted by the Fedora Community project.
- The EPEL repository is not a part of Red Hat Enterprise Linux and does not fall under Red Hat's Production Support Scope of Coverage. The repository is considered an optional repository and is not tested by Red Hat quality engineers.
(https://access.redhat.com/solutions/3358 )
What is the difference between yum update vs yum update-minimal
https://access.redhat.com/solutions/3620411
How to Upgrade RHEL 8 to RHEL 9
RHEL 4 沒有 yum 指令
RHEL 4 沒有官方的 yum 套件,需要安裝社群版的。
解開下方 zip 檔,安裝所有 *.rpm。
No Comments