Lab 7: Managing and installing software¶
Objectives¶
After completing this lab, you will be able to:
- Query packages for information
- Install software from binary packages
- Resolve some basic dependency issues
- Compile and install software from the source
Estimated time to complete this lab: 90 minutes
Binary files and source files¶
The applications installed on your system depend on a few factors. The major factor depends on the software package groups selected during the operating system installation. The other factor depends on what has been done to the system since its use.
You will find that one of your routine tasks as a Systems Administrator is software management. This often involves:
- installing new software
- uninstalling software
- updating already installed software
Installing software on Linux based systems uses several methods. You can install from source or precompiled binaries. The latter method is the easiest way, but it is also the least customizable. When you install from precompiled binaries, most of the work is already done for you. Still, you do need to know the name and where to find the particular software you want.
Almost all software originally come as C or "C++" programming language source files. The source programs are usually distributed as archives of source files. Usually tar’ed or gzip’ed d or bzip2’ed files. This means they come compressed or as a single bundle.
Most developers have made their source code conform to GNU standards, making sharing easier. It also means that the packages will compile on any UNIX or UNIX-like system (e.g., Linux).
RPM is the underlying tool for managing applications (packages) on Red Hat based distributions such as Rocky Linux, Fedora, Red Hat Enterprise Linux (RHEL), openSuSE, Mandrake, and so on.
The applications used for managing software on Linux distributions are called package managers. Examples are:
- The Red Hat Package Manager (
rpm
). The packages have the suffix “ .rpm” - The Debian package management system (
dpkg
). The packages have the suffix “ .deb”
Some popular command-line options and syntax for the RPM command are listed next:
rpm
¶
Usage: rpm [OPTION...]
QUERYING PACKAGES
Query options (with -q or --query):
-c, --configfiles list all configuration files
-d, --docfiles list all documentation files
-L, --licensefiles list all license files
-A, --artifactfiles list all artifact files
--dump dump basic file information
-l, --list list files in package
--queryformat=QUERYFORMAT use the following query format
-s, --state display the states of the listed files
VERIFYING PACKAGES
Verify options (with -V or --verify):
--nofiledigest don't verify digest of files
--nofiles don't verify files in package
--nodeps don't verify package dependencies
--noscript don't execute verify script(s)
INSTALLING, UPGRADING, AND REMOVING PACKAGES
Install/Upgrade/Erase options:
--allfiles install all files, even configurations that might otherwise be skipped
-e, --erase=<package>+ erase (uninstall) package
--excludedocs do not install documentation
--excludepath=<path> skip files with leading component <path>
--force shorthand for --replacepkgs --replacefiles
-F, --freshen=<packagefile>+ upgrade package(s) if already installed
-h, --hash print hash marks as package installs (good with -v)
--noverify shorthand for --ignorepayload --ignoresignature
-i, --install install package(s)
--nodeps do not verify package dependencies
--noscripts do not execute package scriptlet(s)
--percent print percentages as package installs
--prefix=<dir> relocate the package to <dir>, if relocatable
--relocate=<old>=<new> relocate files from path <old> to <new>
--replacefiles ignore file conflicts between packages
--replacepkgs reinstall if the package is already present
--test don't install, but tell if it would work or not
-U, --upgrade=<packagefile>+ upgrade package(s)
--reinstall=<packagefile>+ reinstall package(s)
Exercise 1¶
Installing, querying and uninstalling packages¶
In this Lab, you will learn how to use the RPM system and install a sample application.
Tip
You have lots of options for where to obtain Rocky Linux packages from. You can manually download them from trusted [or untrusted] repositories. You can get them from the distribution ISO. You can get them from a centrally shared location using protocols such as - nfs, git, https, ftp, smb, cifs and so on. If you are curious you can view the following official website and browse through the applicable repository for the desired package(s):
https://download.rockylinux.org/pub/rocky/8.8/
To query packages for information¶
To see a list of all the packages currently installed on your local system type:
$ rpm -qa python3-gobject-base-* NetworkManager-* rocky-repos-* ...<OUTPUT TRUNCATED>...
You should see a long list.
Let us delve a little deeper and learn more about one of the packages installed on the system. We will examine NetworkManager. We will use the --query (-q) and --info (-i) options with the
rpm
command. Type:$ rpm -qi NetworkManager Name : NetworkManager Epoch : 1 ...<OUTPUT TRUNCATED>...
That is a great deal of information (metadata)!
Let us say we are only interested in the Summary field of the previous command. We can use rpm's --queryformat option to filter the information that we get back from the query option.
For example, to view only the Summary field, type:
rpm -q --queryformat '%{summary}\n' NetworkManager
The name of the field is case-insensitive.
To view both the Version and Summary fields of the installed NetworkManager package type:
rpm -q --queryformat '%{version} %{summary}\n' NetworkManager
Type the command to view information about the bash package that is installed on the system.
rpm -qi bash
Note
The previous exercises were querying and working with packages already installed on the system. In the following exercises, we'll start working with packages that have not yet installed. We'll use the DNF application to download the packages we'll use in the following steps.
First, ensure the
wget
application is not already installed on the system. Type:rpm -q wget package wget is not installed
It looks like
wget
is not installed on our demo system.As of Rocky Linux 8.x, the
dnf download
command will allow you to get the latestrpm
package forwget
. Type:dnf download wget
Use the
ls
command to ensure that the package was downloaded into your current directory. Type:ls -lh wg*
Use the
rpm
command to query for information about the downloaded wget-*.rpm. Type:rpm -qip wget-*.rpm Name : wget Architecture: x86_64 Install Date: (not installed) Group : Applications/Internet ...<TRUNCATED>...
Question
From your output in the previous step, what exactly is the
wget
package? Hint: you can use therpm
query format option to view the description field for the download package.If you are interested in the
wget files-.rpm
package, you could list all the files included in the package by typing:rpm -qlp wget-*.rpm | head /etc/wgetrc /usr/bin/wget ...<TRUNCATED>... /usr/share/doc/wget/AUTHORS /usr/share/doc/wget/COPYING /usr/share/doc/wget/MAILING-LIST /usr/share/doc/wget/NEWS
Let us view the contents of the
/usr/share/doc/wget/AUTHORS
file listed as part of thewget
package. We will use thecat
command. Type:cat /usr/share/doc/wget/AUTHORS cat: /usr/share/doc/wget/AUTHORS: No such file or directory
wget
has not [yet] been installed on our demo system! And so, we can't view the AUTHORS file that is packaged with it!View the list of files that come with another package (curl) that is already installed on the system. Type:
$ rpm -ql curl /usr/bin/curl /usr/lib/.build-id /usr/lib/.build-id/fc ...<>...
Note
You will notice that you did not have to refer to the full name of the
curl
package in the previous command. This is becausecurl
is already installed.
Extended knowledge about package name¶
Full package name : When you download a package from a trusted source (for example - vendor website, developer repository), the name of the downloaded file is the full package name, such as -- htop-3.2.1-1.el8.x86_64.rpm. When using the
rpm
command to install/update this package, the object operated by the command must be the full name (or matching wildcard equivalent) of the package, such as:rpm -ivh htop-3.2.1-1.el8.x86_64.rpm
rpm -Uvh htop-3.2.1-1.*.rpm
rpm -qip htop-3.*.rpm
rpm -qlp wget-1.19.5-11.el8.x86_64.rpm
The full name of the package follows a naming convention similar to this ——
[Package_Name]-[Version]-[Release].[OS].[Arch].rpm
or[Package_Name]-[Version]-[Release].[OS].[Arch].src.rpm
Package name: Because RPM uses a database to manage software, the database will have corresponding records once the package installation completes. Currently, the operating object of the
rpm
command only needs to type the package name. such as:rpm -qi bash
rpm -q systemd
rpm -ql chrony
Exercise 2¶
Package integrity¶
It is possible to download or end up with a corrupted or tainted file. Verify the integrity of the
wget
package that you downloaded. Type:rpm -K wget-*.rpm wget-1.19.5-10.el8.x86_64.rpm: digests signatures OK
The "digests signatures OK" message in the output shows the package is fine.
Let us be malicious and deliberately alter the downloaded package. This can be done by adding anything to, or removing something from, the original package. Anything that changes the package in a way the original packagers did not intend will corrupt the package. We will alter the file using the
echo
command to add the string "haha" to the package. Type:echo haha >> wget-1.19.5-10.el8.x86_64.rpm
Now try to verify the integrity of the package again using rpm's -K option.
$ rpm -K wget-*.rpm wget-1.19.5-10.el8.x86_64.rpm: DIGESTS SIGNATURES NOT OK
It is a very different message now. The output "DIGESTS SIGNATURES NOT OK" clearly warns you should not try using or installing the package. It should no longer be trusted.
Use the
rm
command to delete the corruptedwget
package file and download a fresh copy usingdnf
. Type:rm wget-*.rpm && dnf download wget
Check one more time that the newly downloaded package passes RPMs integrity checks.
Exercise 3¶
Installing packages¶
While installing software on your system, you might stumble on “failed dependencies” issues. This is especially common when using the low-level RPM utility to manage applications on a system manually.
For example, if you try to install package “abc.rpm” the RPM installer might complain about some failed dependencies. It might tell you that package “abc.rpm” requires another package, “xyz.rpm” to first be installed. The dependencies issue arises because software applications almost always depend on another software or library. If a required program or shared library is not already on the system, that prerequisite must be satisfied before installing the target application.
The low-level RPM utility often knows about the inter-dependencies between applications. But it does not usually know how or where to obtain the application or library needed to resolve the issue. Stated another way, RPM knows the what and how but does not have the built-in ability to answer the where question. This is where tools like dnf
, yum
, and so on shine.
To install packages¶
In this exercise you will try to install the wget
package (wget-*.rpm).
Try installing the
wget
application. Use RPM's -ivh command line options. Type:rpm -ivh wget-*.rpm error: Failed dependencies: libmetalink.so.3()(64bit) is needed by wget-*
Right away - a dependency problem! The sample output shows that
wget
needs some kind of library file named "libmetalink.so.3"Note
According to the output of the test above, the wget-.rpm package requires that the libmetalink-.rpm package be installed. In other words, libmetalink is a prerequisite for installing wget-.rpm. You can forcefully install wget-.rpm package using the “nodeps” option if you absolutely know what you are doing, but this is generally a BAD practice.
RPM has helpfully given us a hint for what is missing. You will remember that
rpm
knows the what and how but does not necessarily know the where. Let us use thednf
utility to determine the package name that provides the missing library. Type:$ dnf whatprovides libmetalink.so.3 ...<TRUNCATED>... libmetalink-* : Metalink library written in C Repo : baseos Matched from: Provide : libmetalink.so.3
From the output, we need to download the
libmetalink
package that provides the missing library. Specifically, we want the 64bit version of the library. Let us call on a separate utility (dnf
) to help us find and download the package for our demo 64-bit (x86_64) architecture. Type:dnf download --arch x86_64 libmetalink
You should now have at least 2 rpm packages in your working directory. Use the
ls
command to confirm this.Install the missing
libmetalink
dependency. Type:sudo rpm -ivh libmetalink-*.rpm
With the dependency now installed, we can now revisit our original objective of installing the
wget
package. Type:sudo rpm -ivh wget-*.rpm
Note
RPM supports transactions. In the previous exercises, we could have performed a single rpm transaction that included the original package we wanted to install and all the packages and libraries it depended on. A single command such as the one below would have sufficed:
```bash rpm -Uvh wget-*.rpm libmetalink-*.rpm ```
Moment of truth now. Try running the
wget
program without any option to see if it is installed. Type:wget
Let us see
wget
in action. Usewget
to download a file from the internet from the command line. Type:wget https://kernel.org
This will download the default index.html from kernel.org website!
Use
rpm
to view a list of all the files included with thewget
application.Use
rpm
to view any documentation packaged withwget
.Use
rpm
to view the list of all the binaries installed with thewget
package.You had to install the
libmetalink
package to installwget
. Try running or executinglibmetalink
from the command-line. Type:libmetalink -bash: libmetalink: command not found
Attention
What gives? Why can't you run or execute
libmetalink
?
To import a public key via rpm
¶
Tip
The GPG keys used for signing packages used in the Rocky Linux project can be obtained from various sources such as - the Project website, ftp site, distribution media, local source and so on. Just in case the proper key is missing on your RL system's keyring, you can use the rpm
's --import
option to import Rocky Linux’s public key from your local RL system by running: sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
Question
When installing packages, what is the difference between rpm -Uvh
and rpm -ivh
? Consult the man page for rpm
.
Exercise 4¶
Uninstalling packages¶
Uninstalling packages is as easy as installing with Red Hat’s package manager (RPM).
In this exercise, you will try to use rpm
to uninstall some packages from the system.
To uninstall packages¶
Uninstall the
libmetalink
package from your system. Type:sudo rpm -e libmetalink
Question
Explain why you couldn’t remove the package?
The clean and proper way to remove packages using RPM is to remove the package(s) along with their dependencies. To remove
libmetalink
package we will also have to remove thewget
package that depends on it. Type:sudo rpm -e libmetalink wget
Note
If you want to break the package that relies on libmetalink and forcefully remove the package from your system, you can use rpm's
--nodeps
option like this:$ sudo rpm -e --nodeps libmetalink
.i. The “nodeps” option means No dependencies. I.e., ignore all dependencies. ii. The above shows you how to remove a package from your system forcefully. Sometimes you need to do this, but it is generally not a good practice. iii. Forcefully removing a package “xyz” that another installed package “abc” relies on effectively makes package “abc” unusable or somewhat broken.
Exercise 5¶
DNF - package manager¶
DNF is a package manager for RPM-based Linux distributions. It is the successor to the popular YUM utility. DNF maintains compatibility with YUM. Both utilities share similar command-line options and syntax.
DNF is one of the many tools for managing RPM-based software such as Rocky Linux. Compared to rpm
, these higher-level tools help simplify installing, uninstalling, and querying packages. It is important to note that these tools use the underlying framework provided by the RPM system. This is why it is helpful to understand how to use RPM.
DNF (and other tools like it) acts as a sort of wrapper around RPM and provides additional functionality not offered by RPM. DNF knows how to deal with package and library dependencies and also knows how to use configured repositories to resolve most issues automatically.
Common options used with the dnf
utility are:
usage: dnf [options] COMMAND
List of Main Commands:
alias List or create command aliases
autoremove remove all unneeded packages that were originally installed as dependencies
check check for problems in the packagedb
check-update check for available package upgrades
clean remove cached data
deplist [deprecated, use repoquery --deplist] List package's dependencies and what packages provide them
distro-sync synchronize installed packages to the latest available versions
downgrade Downgrade a package
group display, or use, the groups information
help display a helpful usage message
history display, or use, the transaction history
info display details about a package or group of packages
install install a package or packages on your system
list list a package or groups of packages
makecache generate the metadata cache
mark mark or unmark installed packages as installed by user.
module Interact with Modules.
provides find what package provides the given value
reinstall reinstall a package
remove remove a package or packages from your system
repolist display the configured software repositories
repoquery search for packages matching keyword
repository-packages run commands on top of all packages in given repository
search search package details for the given string
shell run an interactive DNF shell
swap run an interactive DNF mod for remove and install one spec
updateinfo display advisories about packages
upgrade upgrade a package or packages on your system
upgrade-minimal upgrade, but only 'newest' package match which fixes a problem that affects your system
To use dnf
for package installation¶
Assuming you have already uninstalled the wget
utility from an exercise, we will use DNF to install the package in the following steps. The 2-3 steps process needed earlier when we installed wget
via rpm
is now a one step process using dnf
. dnf
will quietly resolve any dependencies.
First, let us ensure that
wget
andlibmetalink
are uninstalled from the system. Type:sudo rpm -e wget libmetalink
After removing, if you try running
wget
from the CLI you see a message like wget: command not foundNow use
dnf
to installwget
. Type:sudo dnf -y install wget Dependencies resolved. ...<TRUNCATED>... Installed: libmetalink-* wget-* Complete!
Tip
The "-y" option used in the preceding command suppresses the "[y/N]" prompt to confirm the action that
dnf
is about to perform. This means that all confirmation actions (or interactive responses) will be "yes" (y).DNF provides an "Environment Group" option that makes adding a new feature set to a system easy. To add the feature, you would typically have to install a few packages individually, but using
dnf
, all you need to know is the name or description of the feature you want. Usednf
to display a list of available groups. Type:dnf group list
We are interested in the "Development Tools" group/feature. Let us get more information about that group. Type:
bash dnf group info "Development Tools"
Later, we will need some programs with the "Development Tools" group. Install the "Development Tools" group using
dnf
by running:sudo dnf -y group install "Development Tools"
To use dnf
for uninstalling packages¶
To use
dnf
to uninstall thewget
package type:sudo dnf -y remove wget
Use
dnf
to ensure the package has indeed been removed from the system. Type:sudo dnf -y remove wget
Try using/running
wget
. Type:wget
To use dnf
for package update¶
DNF can check for and install the latest version of individual packages available in repositories. It can also be used to install specific versions of packages.
Use the list option with
dnf
to view your system's available versions of thewget
program. Type:dnf list wget
If you only want to see if there are updated versions available for a package, use the check-update option with
dnf
. For example, for thewget
package type:dnf check-update wget
Now, list all the available versions for the kernel package for your system. Type:
sudo dnf list kernel
Next, check if any updated packages are available for the installed kernel package. Type:
dnf check-update kernel
Package updates might be due to bug fixes, new features, or security patches. To view if there are any security related updates for the kernel package, type:
dnf --security check-update kernel
To use dnf
for system updates¶
DNF can be used to check for and install the latest versions all packages installed on a system. Periodically checking for installing updates is an important aspect of system administration.
To check if there are any updates for the packages you currently have installed on your system, type:
dnf check-update
To check if there are any security related updates for all packages installed on your system, type:
dnf --security check-update
To update the entire packages installed on your system to the most up-to-date versions available for your distribution run:
dnf -y check-update
Exercise 6¶
Building software from source¶
All software/applications/packages originate from plain human-readable text files. The files are collectively known as source code. The RPM packages that are installed on Linux distributions are born from source code.
In this exercise, you will download, compile, and install a sample program from its source files. For convenience, source files are usually distributed as a single compressed file called a tar-ball (pronounced tar-dot-gee-zee).
The following exercises will be based on the venerable Hello project source code. hello
is a simple command-line application written in C++, that does nothing more than print "hello" to the terminal. You can learn more about the project here
To download the source file¶
Use
curl
to download the latest source code for thehello
application. Let us download and save the file in the Downloads folder.https://ftp.gnu.org/gnu/hello/hello-2.12.tar.gz
To un-tar the file¶
Change to the directory on your local machine where you downloaded the hello source code.
Unpack (un-tar) the tarball using the
tar
program. Type:tar -xvzf hello-2.12.tar.gz
OUTPUT:
hello-2.12/ hello-2.12/NEWS hello-2.12/AUTHORS hello-2.12/hello.1 hello-2.12/THANKS ...<TRUNCATED>...
Use the
ls
command to view the contents of your pwd.A new directory named hello-2.12 should have been created for you during the un-taring.
Change to that directory and list its contents. Type:
cd hello-2.12 ; ls
Reviewing any special installation instructions that might come with the source code is always good practice. Those files usually have names like: INSTALL, README and so on.
Use a pager to open up the INSTALL file and read it. Type:
less INSTALL
Exit the pager when you are done reviewing the file.
To configure the package¶
Most applications have features that can be enabled or disabled by the user. This is one of the benefits of having access to the source code and installing from the same. You have control over the application's configurable features. This is in contrast to accepting everything a package manager installs from pre-compiled binaries.
The script that usually lets you configure the software is usually aptly named “configure”
Tip
Make sure that you have the "Development Tools" package group installed before attempting to complete the following exercises.
sudo dnf -y group install "Development Tools"
Use the
ls
command again to ensure that you indeed have a file named configure in your pwd.To see all the options, you can enable or disable in the
hello
program type:./configure --help
Question
From the output of the command what does the “--prefix” option do?
If you are happy with the default options that the configure script offers. Type:
./configure
Note
Hopefully the configure stage went smoothly and you can go on to the compilation stage.
If you get some errors during the configure stage, you should carefully look through the output's tail-end to see the error's source. The errors are sometimes self-explanatory and easy to fix. For example, you might see an error like:
configure: error: no acceptable C compiler found in $PATH
The above error simply means that you don’t have a C Compiler (e.g.,
gcc
) installed on the system or the compiler is installed somewhere that is not in your PATH variable.
To compile the package¶
You will build the hello application in the following steps. This is where some of the programs that come with the Development Tools group that you installed earlier using DNF come in handy.
Use the make command to compile the package after running the “configure” script. Type:
make
OUTPUT:
gcc -g -O2 -o hello src/hello.o ./lib/libhello.a make[2]: Leaving directory '/home/rocky/hello-2.12' ...<OUTPUT TRUNCATED>... make[1]: Leaving directory '/home/rocky/hello-2.12'
If all goes well - this important
make
step is the step that will help generate the finalhello
application binary.List the files in your current working directory again. You should see some newly created files in there including the
hello
program.
To install the application¶
Amongst other housekeeping tasks, the final installation step also involves copying any application binaries and libraries over to the proper folders.
To install the hello application run the make install command. Type:
sudo make install
This will install package into the location specified by the default prefix (--prefix) argument that may have been used with the “configure” script earlier. If no --prefix was set, a default prefix of
/usr/local/
will be used.
To run the hello program¶
Use the
whereis
command to see where thehello
program is on your system. Type:whereis hello
Try running the
hello
application to see what it does. Type:hello
Run
hello
again, with the--help
option to see the other things it can do.Now using
sudo
, runhello
again as a superuser. Type:sudo hello
OUTPUT:
sudo: hello: command not found
Question
Investigate what causes the error when you try running
hello
withsudo
. Fix the issue and make sure thehello
program can be used withsudo
.Tip
It is good practice to test a program as a regular user to ensure that regular users can indeed use the program. It is possible that the permissions on the binary are set incorrectly such that only the super-user can use the programs. This of course assumes that you indeed want regular users to be able to use the program.
That's it. This exercise is complete!
Exercise 7¶
Checking file integrity after package installation¶
After installing relevant packages, in some cases, we need to determine whether the associated files have been modified to prevent malicious modifications by others.
File verification¶
Using the "-V" option of the rpm
command.
Take the time synchronization program chrony
as an example to illustrate the meaning of its output.
To demonstrate how the
rpm
package verification works, make a modification to chrony's configuration file -/etc/chrony.conf
. (It is assumed that you have installed chrony). Add 2 harmless comment##
symbols to the end of the file. Type:echo -e "##" | sudo tee -a /etc/chrony.conf
Now run the
rpm
command with the--verify
option. Type:rpm -V chrony
OUTPUT:
S.5....T. c /etc/chrony.conf
The output is broken down into 3 separate columns.
First Column (S.5....T.)
The sample output -
S.5....T.
indicates the 9 fields that are used to indicate useful information about the validity of files in an RPM package. Any field or characteristic that passed a given check/test is indicated by a ".".These 9 different fields or checks are described here:
- S: Whether the size of the file has been modified.
- M: Whether the type of file or file permissions (rwx) have been modified.
- 5: Whether the file MD5 checksum has modified.
- D: Whether the number of the device has been modified.
- L: Whether the path to the file has been modified.
- U: Whether the owner of the file has been modified.
- G: Whether the group to which the file belongs has been modified.
- T: Whether the mTime (modify time) of the file has been modified.
- P: Whether the program function has been modified.
Second Column (c)
- c: Indicates modifications to the configuration file. It can also be the following values:
- d: documentation file.
- g: ghost file. Very few can be seen.
- l: license file.
- r: readme file.
Third column (/etc/chrony.conf)
- /etc/chrony.conf: Represents the path of the modified file.
Author: Wale Soyinka
Contributors: Steven Spencer, tianci li, Ganna Zhyrnova