Yum/Dnf & Rpm

yum/dnf

套件庫管裡
# 已啟用的套件庫清單
dnf repolist enabled

# 列出所有的套件庫包含 disabled 與 enabled
dnf repolist all
dnf repolist -v

# 已啟用套件庫的詳細資訊
dnf repoinfo

# 啟用指定的套件庫
dnf install yum-utils
dnf config-manager --enable <repositoryID>
# 停用指定的套件庫
dnf config-manager --disable <repositoryID>
系統更新
# 查詢所有可更新的套件
yum list updates
yum check-update
yum check-update --security

# 更新所有套件
yum update
yum update --disablerepo=epel

# 更新至指定的 release 版號
subscription-manager release --list
yum clean all
yum --releasever=8.6 update

# 更新與安全性相關的套件
yum update --security
yum update-minimal --security

# 更新指定套件
yum update sudo
yum --security update sudo
yum --security update-minimal sudo

# 系統更新驗證 (不做實際更新異動)
# NOTE: 這個驗證仍會下載更新檔至 cache 目錄,但不會有套件異動
yum update -y --setopt tsflags=test
yum clean packages

# 修補與 RHSA-XXX 相關的套件
yum update --advisory=RHSA-2019:0997
檢視套件清單
dnf list --all
dnf list --installed
dnf list --available
安裝/檢視指定版本套件
dnf --showduplicates list <package-name>
dnf list <package-name>-<version>
dnf install <package-name>-<version> 
歷史更新紀錄
# To display a list of all the latest yum transactions, use:
dnf history

# To display a list of all the latest operations for a selected package, use:
dnf history list <package-name>

# To examine a particular transaction, use:
dnf history info <transactionID>
# dnf history list
Updating Subscription Management repositories.
ID     | Command line                                                                     | Date and time    | Action(s)      | Altered
---------------------------------------------------------------------------------------------------------------------------------------
    12 | update                                                                           | 2022-03-18 16:57 | I, U           |  328 EE
    11 | install haproxy                                                                  | 2021-11-17 15:37 | Install        |    1
    10 | install chrony                                                                   | 2021-11-10 17:44 | Install        |    2
     9 | install vim-enhanced                                                             | 2021-11-10 17:44 | Install        |    4
     8 | install sysstat                                                                  | 2021-11-10 17:43 | Install        |    1
     7 | install yum-utils                                                                | 2021-11-10 17:43 | Install        |    1
     6 | install net-snmp-utils                                                           | 2021-11-10 17:43 | Install        |    1
     5 | install bind-utils net-snmp                                                      | 2021-11-10 17:42 | Install        |   30
     4 | install rsync mailx                                                              | 2021-11-10 17:42 | Install        |    1
     3 | install tmux                                                                     | 2021-11-10 17:41 | Install        |    1
     2 | install redhat-lsb-core                                                          | 2021-11-10 17:38 | Install        |   26
     1 |                                                                                  | 2021-11-10 17:27 | Install        |  396 EE
凍結套件版本

凍結特定套件版本可以避免在執行 yum update 系統更新時,特定套件也會被一起被更新。

# Install yum plugin: yum-versionlock
# The /etc/yum/pluginconf.d/versionlock.list will be created on the system.
# For RHEL 7.9
yum install yum-plugin-versionlock

# For RHEL 8 and 9
yum install python3-dnf-plugin-versionlock

# To install or lock the version of the gcc group of packages, run
yum versionlock gcc-*

# To display the list of locked packages, use:
yum versionlock list

# To discard the list of locked packages, use:
yum versionlock clear

# To discard the lock on a specific package, use:
yum versionlock delete <package_name>
凍結系統版本 (Release)
# To determine which releases are available:
subscription-manager release --list

# Temporary Setting
yum clean all
yum --releasever=8.6 update

# Permanent Setting
subscription-manager release --set=8.6
yum clean all
subscription-manager repos --list-enabled

# To determine which releases system is set to:
subscription-manager release --show

# To unset a specific release:
subscription-manager release --unset
yum clean all
subscription-manager repos

各種舊版本的套件庫位址

http://vault.centos.org/ 

清除套件庫清單及暫存的套件檔
dnf clean all
搜尋套件

搜尋檔案 libstdc++.so.6

dnf whatprovides "*/libstdc++.so.6" 
dnf provides "*/libstdc++.so.6"

搜尋套件

dnf search mypackage
dnf search --all mypackage
套件的相依性
dnf deplist <package-name>

repoquery --requires <package-name>
下載 RPM 套件
yum -y install yum-utils.noarch
yumdownloader <package-name>
yumdownloader --destdir /path/to/download <package-name>
# Includ all dependencies
yumdownloader --resolve --alldeps <package-name>

# Extract downloaded RPM
rpm2cpio dekiwiki-10.0.1-3.1.noarch.rpm | cpio -idmv 

yum -y install --downloadonly --downloaddir=/tmp/packages NetworkManager
一次性啟用套件庫位址
dnf --enablerepo=elrepo-kernel install kernel-ml kernel-ml-devel
使用光碟 ISO方式來安裝套件
# vi /etc/yum.repo.d/CentOS-Media.repo

[c6-local]
name=CentOS-$releasever - Media
baseurl=file:///mnt/disc/
gpgcheck=0
enabled=0

NOTE: enabled=0,不是 1。將 DVD 掛載為 /mnt/disc。 

# yum --disablerepo="*" --enablerepo=c6-local list available
# yum --disablerepo="*" --enablerepo=c6-local install nfs-utils
安裝本機端的 RPM 套件
dnf --nogpgcheck install htop-1.0.2-1.el5.rf.x86_64.rpm
匯出已安裝套件列表
yum list installed
yum list installed |tail -n +3|cut -d' ' -f1 > installed_packages.lst
# 或
rpm -qa > installed_packages.lst

yum -y install $(cat installed_packages.lst) 
安裝 EPEL 套件庫

EPEL - Extra Packages for Enterprise Linux

rpm -ivh http://mirror01.idc.hinet.net/EPEL/5/i386/epel-release-5-4.noarch.rpm
rpm -ivh http://mirror01.idc.hinet.net/EPEL/6/i386/epel-release-6-8.noarch.rpm 

TIPs:

錯誤: Error: Cannot retrieve metalink for repository: epel. Please verify its path and try again
解決: sed -i "s/mirrorlist=https/mirrorlist=http/" /etc/yum.repos.d/epel.repo

安裝 ELRepo 套件庫

ELRepo - The Community Enterprise Linux Repository

rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org

# for RHEL-5, CENTOS-5
rpm -Uvh http://elrepo.org/elrepo-release-5-2.el5.elrepo.noarch.rpm

# for RHEL-6, CENTOS-6
rpm -Uvh http://elrepo.org/elrepo-release-6-3.el6.elrepo.noarch.rpm
安裝 RPMforge/RepoForge 套件庫

RPMforge 是由 Dag 及其他包裝者合作維護的。他們為 CentOS 提供超過 5000 個套件,包括 wine、vlc、mplayer、xmms-mp3 及其他受歡迎的媒體工具。它並不是 Red Hat 或 CentOS 的一部份,但卻是為那些發行版本而設計的。

http://repoforge.org/use/

如何補安裝套件組

系統在第一次安裝時,都可以選擇要安裝哪些套件組,假使之後系統要補裝某套件組,例如 GNOME 視窗套件,可以使用這些指令,而不用一一找出有哪些相依性的套件名稱。

# 列出有哪些套件組可安裝
yum grouplist
# 安裝 GNOME 視窗套件組
yum groupinstall "GNOME Desktop Environment"
# 移除套件組
yum groupremove "Office Suite and Productivity" "Dial-up Networking Support"
Yum 設定

編輯 /etc/yum.conf

# Set Proxy
# proxy=http://<username>:<password>@<this.is.proxy.ip:<port>/
proxy=http://windowsad\username:password@proxy.server:port/

# Set Timeout
timeout=600


安裝本機上的 RPM
yum localinstall my.rpm

建立 YUM 套件庫主機 (with ISO)

安裝套件 createrepo
CetOS 5:

createrepo /source/path/reas5
createrepo -g  /source/path/reas5/repodata/comps.xml

CetOS 6/7:

# 建立套件索引
createrepo /yum-repo-packages/centos_6.4_x86_64
 
 # 建立套件群組索引
 # CentOS 6.4
 createrepo -g /yum-repo-packages/centos_6.4_x86_64/repodata/2727...cab6f72-c6-x86_64-comps.xml /yum-repo-packages/centos_6.4_x86_64
 # RedHat 7.9
 createrepo -g /mnt/yum-repo/redhat_7.9_x86_64/repodata/3df90817a193baef023d53222cc4ce8f4d15209e593bee361bf72016022008fb-comps-Server.x86_64.xml /mnt/yum-repo/redhat_7.9_x86_64

RHEL 8:

# for RHEL 8 only
yum install createrepo_c

cp -r /mnt/iso/* /mnt/yum-repo/redhat_8.3_x86_64 
createrepo /mnt/yum-repo/redhat_8.3_x86_64

rhel-local.repo:

[LocalRepo_BaseOS]
name=LocalRepo_BaseOS
metadata_expire=-1
enabled=1
gpgcheck=1
baseurl=ftp://10.1.115/LINUX_REPO/redhat_8.3_x86_64/BaseOS/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

[LocalRepo_AppStream]
name=LocalRepo_AppStream
metadata_expire=-1
enabled=1
gpgcheck=1
baseurl=ftp://10.10.1.115/LINUX_REPO/redhat_8.3_x86_64/AppStream/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release

RPM

安裝套件

rpm -ivh vim-enhanced-*.x86_64.rpm

# Dry-run only without any changes
rpm -ivh --test vim-enhanced-*.x86_64.rpm

查詢指令

# 查詢已安裝的套件的詳細資訊
rpm -qi <package-name>

# 查詢已安裝套件是 32 或 64 bit
rpm -qa --qf "%{n}-%{v}-%{r}.%{arch}\n" | grep -i <package-name>

# 查詢未安裝的套件資訊
rpm -qpi your.rpm
less your.rpm

# 列出已安裝套件的相依性
rpm -q --requires <package-name>

# 列出未安裝的 RPM 的相依性
rpm -qp --requires your.rpm

# 列出一個尚未安裝的 RPM 所包含的檔案列表
rpm -qlp your.rpm

# 查詢檔案所屬的套件名稱
rpm -qf /usr/bin/ksh

# 查詢 RPM Public Key
rpm -q gpg-pubkey | sort | uniq -c | sort -nr

清查所有已安裝套件的名稱、版本、架構等資訊

rpm -qa --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n'| sort &> /tmp/rpm-qa.prod.output.txt

檢查指定套件的 Changelog

rpm -q --changelog sudo | grep -i cve-2021-3156
rpm -q --changelog -p sudo-1.8.6p3-29.0.2.el6_10.3.x86_64.rpm | grep -F CVE-2021

Rebuild source-rpm

yum install rpm-build
rpmbuild --rebuild something.src.rpm

GPG

# List all GPG keys
rpm -q gpg-pubkey | sort | uniq -c

# Get the information of a key
rpm -qi gpg-pubkey-2f86d6a1-5cf7cefb

清除 cache

yum clean all
rm /var/cache/yum/* -rf

常用管理工具安裝

使用 minimal ISO 安裝後,有些常用工具必須手動安裝。

RedHat 6
yum install setuptool system-config-network* system-config-securitylevel-tui system-config-keyboard \
  lvm2 lsof nfs-utils sysstat net-snmp net-snmp-utils vim-enhanced rsync mailx bind-utils vim-enhanced \
  net-tools
RedHat 7/8
yum install chrony tmux vim-enhanced rsync mailx bind-utils net-snmp net-snmp-utils \
  yum-utils sysstat nfs-utils redhat-lsb-core lsof net-tools

# for VMware guest OS
yum install open-vm-tools

桌面環境安裝

RHEL 8 & 9
yum group install GNOME base-x Fonts

#or 

yum groupinstall "Server with GUI"
RHEL 7
yum groupinstall gnome-desktop x11 fonts

# Or

yum groupinstall "Server with GUI"
RHEL 6
RHEL 5

CVE 相關指令

查詢目前系統是否有 CVE 的危害 (需要官網訂閱連線)

# 沒有內容輸出,表示沒有這個 CVE 的危害
yum updateinfo info --cve CVE-2023-48795

# With RHSA
yum updateinfo info --advisory RHSA-2023:7549

查詢目前系統的特定套件更新紀錄有無包含 CVE 編號

# rpm -q --changelog [package-name] | grep [CVE-NUMBER]
rpm -q --changelog openssl | grep CVE-2021-3450

查詢所有可用的安全性更新 (RHSA 通報資訊)

# 未安裝的
yum updateinfo list updates security

# 已安裝的
yum updateinfo list security --installed

# 顯示特定 RHSA 號碼的詳細資訊
yum updateinfo info <RHSA ID>

FAQ

About EPEL Repository

Important Notice

(https://access.redhat.com/solutions/3358 )

What is the difference between yum update vs yum update-minimal

https://access.redhat.com/solutions/3620411

How to Upgrade RHEL 8 to RHEL 9
RHEL 4 沒有 yum 指令

RHEL 4 沒有官方的 yum 套件,需要安裝社群版的。

解開下方 zip 檔,安裝所有 *.rpm。

Yum_rhel4.zip


Revision #77
Created 16 August 2020 04:46:11 by Admin
Updated 16 April 2024 14:01:54 by Admin