1. Home
  2. Tutorials
  3. SysAdmin
  4. Red Hat RPM and YUM
Yolinux.com Tutorial

Red Hat Package Management

Red Hat / CentOS RPM and YUM package management.

This tutorial covers installing, updating, removing and managing application packages for Linux distributions using the Red Hat Package Management (RPM) and the Yellowdog Updater, Modified (YUM) commands. Distributions using this system include Red Hat Enterprise Linux, older releases of Fedora, CentOS and Suse.

YoLinux admin tux graphic



RPM - Redhat Package Manager:

The rpm command is used to manage software applications and system modules for Red Hat, Fedora, CentOS, Suse and many other Linux distributions.

Step One: Import Red Hat and Fedora GPG signature keys:

View your public key: (RHEL5)

[root@yoserver2 ~]# rpm -qa gpg-pubkey
[root@yoserver2 ~]# rpm -qi gpg-pubkey-ed555983-3457f7f3
(Thus already installed. Your system is ready.)

Remove your public key: (RHEL5)

[root@yoserver2 ~]# rpm -e gpg-pubkey-ed555983-3457f7f3

Install public key: (Red Hat package up2date - now depricated. Use YUM.)

[root@yoserver2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY
[root@yoserver2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora
Do this once to configure RPM so that you won't constantly get the warning message that the signature is "NOKEY".
The purpose is to protect you from using a corrupt or hacked RPM.
Once these command are performed, you are ready to use the RPM command. (This is also required for the YUM commands below.)

Note: Many GPG public keys for other RPM packages (i.e. MySQL: 0x5072E1F5), can be obtained from http://www.keyserver.net/.
(The following RPM installation warning will inform you of the key to obtain: warning: MySQL-XXXX.rpm: V3 DSA signature: NOKEY, key ID 5072e1f5)
Importing a new key from key server:

  1. gpg --keyserver keyserver.veridis.com --recv-key 5072e1f5
  2. gpg --export -a 5072e1f5 > pubkey_mysql.asc
  3. rpm --import pubkey_mysql.asc

Step Two: RPM commands and their use

RPM Command Description
rpm -qilp program_package-ver.rpm Query for information on package and list destination of files to be installed by the package.
You can also use the Gnome GUI program file-roller to view and read the contents of an RPM. Great tool for inspecting an RPM package and reading the package documentation before you decide to install the package.
rpm2cpio - < program_package-ver.rpm | cpio -id ./path/and/file-name Extract a single file (with path) from the RPM package to the local directory.
rpm -Uvh program_package-ver.rpm Upgrade the system with the RPM package
rpm -ivh program_package-ver.rpm New Install
rpm -Fvh program_package-ver.rpm Freshen install. Removes all files (including config files) of older version during upgrade.
rpm -q program_package Query system RPM database (/var/lib/rpm), to see if package is installed.
rpm -qi program_package Query system RPM database for info/description on package (if installed)
rpm -ql program_package List all files on the system associated with the package.
rpm -qf file Identify the package to which this file belongs.
rpm -e program_package Uninstall package from your system
rpm -qa List ALL packages on your system. Use this with grep to find families of packages.
rpm -qp --requires program_package-ver.rpm List dependancies (files and packages) of RPM. List prerequisites.
rpm -q --whatrequires program_package List dependant packages of RPM. What packages will break if this RPM is removed.
rpm -K --nogpg *.rpm Non sure if RPM downloaded ok? Verify md5 sum.

RPM Flag Description
--nodeps RPM flag to force install even if dependency requirements are not met.
--force Overwrite of other packages allowed.
--notriggers Don't execute scripts which are triggered by the installation of this package.
--root /directory-name Use the system chrooted at /directory-name. This means the database will be read or modified under /directory-name. (Used by developers to maintain multiple environments)
--ignorearch Allow installation even if the architectures of the binary RPM and host don't match. This is often required for RPM's which were assembled incorrectly


  • Fedora RPM downloads: http://archives.fedoraproject.org/pub/archive/fedora/linux/releases/##/Fedora/arch/os/Packages/
    Use your browser, wget, curl (downloads using http, https, ftp, ...) or ftp the site download.fedora.redhat.com (login: anonymous, password: your-email-address).

  • Many times, (like with glibc library or Netscape RPMs etc) it is necessary to mention two or more packages on the command line. The rpm command will account for the co-dependency of the packages. i.e.:
    rpm -ivh abc-package1-i386.rpm abc-package2-i386.rpm abc-package3-i386.rpm

  • Configuration information is stored in /var/lib/rpm

  • Database of descriptive package info. RPM package rpmdb-redhat. Installs database of all packages in distributions to make RPM more informative.

  • When installing additional RPM's from the Red Hat CD, cd to the RPMS directory on the CD which contains the packages to be installed.

  • Building from a "src" (source) RPM: rpmbuild --rebuild package-name.src.rpm
    The source will be placed in /usr/src/redhat/RPMS/....
    The command then performs a prep, compile, install and finally creates a new binary RPM package. Use option --clean for cleanup.
    The command rpmbuild --showrc package-name.src.rpm shows options to be used as specified in rpmrc and macros configuration file(s).
    The source RPMs are not in the RPM database and will not be seen with "rpm -qa

  • [Potential Pitfall]: If you get the errors:
    error: cannot get exclusive lock on /var/lib/rpm/Packages
    error: cannot open Packages index using db3 - Operation not permitted (1)
    error: cannot open Packages database in /var/lib/rpm
    then you must check:
    • Who are you logged in as?: whoami
      You must be root.
    • File permissions: ls -l /var/lib/rpm/Packages
      File must be owned by root.
    • Command to kill processes locking file: fuser -k /var/lib/rpm/Packages
      It is best to terminate processes by exiting program (like glint) normally if possible.

  • [Potential Pitfall]: If you get the errors:
    [root]# rpm -e package-name
    error: "package-name-X.X.X-X" specifies multiple packages
    This is because a package is doubly listed: (Often due to dual 32/64 bit architectures such as the AMD Athelon/Opteron and Intel EM64T - Extended Memory 64 Technology)
    [root]# rpm -q package-name
    Fix: rpm -e --allmatches package-name

  • [Potential Pitfall]: You try and install an RPM but you can not get the appropriate version of the run time libraries because they are too old and not present on your system or you get a runtime error:
    /usr/bin/ld: cannot find /lib/libxx.so.1.0.4

    Here is how to install some old libraries on your newer system without corrupting your current installation.

    1. First force the installation of the RPM without the dependency requirement: rpm --nodeps -ivh xxxx-...rmp.
    2. Next download an old RPM of the appropriate library, i.e. glibc-x.x.x.rpm
    3. Extract the libraries from the RPM: rpm2cpio glibc-x.x.x.rpm | cpio -idv
      This will install to your current directory: ./usr/lib/.. and ./lib/...
    4. Manually copy the library file to the library directory or path accessible by LD_LIBRARY_PATH or ldconfig: i.e.
      cp ./lib/libxx.so.1.0.4 /lib/libxx.so.1.0.4

Useful man pages:

  • rpm - Red Hat Package Manager
  • rpmbuild - Build/create an RPM package.
  • redhat-config-packages - RH 8.0 GUI

Also see:

  • RPM HowTo.
  • RPM.org Home Page
  • Alien - package converter between rpm, dpkg, stampede slp, and slackware tgz file formats.
  • CheckInstall - Create packages for RPM (Red Hat, Fedora, Suse), Debian or Slackware for install and uninstall.

Automated System Updates: up2date (Red Hat 7.1 and later)

Select the red dot and exclamation mark icon on the toolbar to launch up2date and follow the GUI. One may also use the command line if managing a remote server.

Red Hat up2date tool bar icon

Execute the following commands (in order given) to perform an automatic system update:

  1. /usr/bin/rhn_register :You must first register your system with the Red Hat database. This command will perform a hardware inventory and reporting of your system so that Red Hat knows which software to load to match your needs.
  2. /usr/bin/up2date-config :This allows you to configure the "up2date" process. It allows you to define directories to use, actions to take (i.e. download updates, install or not install, keep RPM's after install or not), network access (i.e. proxy configuration), use of GPG for package verification, packages or files to skip, etc. Use of GPG requires the Red Hat public key: rpm -import /usr/share/rhn/RPM-GPG-KEY
  3. /usr/sbin/up2date :This command will perform an audit of RPM's on your system and discover what needs to be updated. It gives you a chance to unselect packages targeted for upgrade. It will download RPM packages needed, resolve dependencies and perform a system update if requested.

[Potential Pitfall]: This works quite well but it is not perfect. Red Hat 7.1 Apache upgrade to 1.3.22 changed the configuration completely. (Beware. manual clean-up and re-configuration is required). When up2date finds the first messed up dependency it stops to tells you. You then have to unselect the package. It then starts again from the beginning.

Installing a new package with up2date: up2date package-name
The package name is given without the version number. If the package is not currently installed, it will be downloaded and installed, along with any dependencies that package requires.

Command line options (partial list) for up2date:

Option Description
--nox Do not display the GUI interface.
Completely update the system
Display command line arguments
Print more info about what up2date is doing
--showall Show a list of all packages available for your release of Red Hat Linux, including those not currently installed.

Also see man pages for:

  • up2date-gnome
  • rhn_register-gnome


  • Update in console mode (no GUI): up2date --nox --update
  • Configuration file for up2date: /etc/sysconfig/rhn/up2date
  • System id and configuration info held in XML format for up2date: /etc/sysconfig/rhn/systemid
  • The default download directory for up2date is /var/spool/up2date/. RPM packages and support files are downloaded to this directory.
  • An automated alert to the need to update utilizes the rhnsd which can be started by issuing the command: /etc/rc.d/init.d/rhnsd start


YUM (Yellowdog Updater, Modified) is a client command line application for updating an RPM based system from an internet repository (YUM "yum-arch" server) accessible by URL (http://xxx, ftp://yyy or even file://zzz local or NFS). The YUM repository has a directory of the headers with RPM info and directory path information. YUM will resolve RPM package dependencies and manage the importation and installation of dependencies.

YUM is also capable of upgrading across releases. One can upgrade Red Hat Linux 7 and 8 to 9. Red Hat 8 and 9 can be upgraded to Fedora Core. See Fedora YUM release upgrades or upgrade Redhat 6 to 7. Note that RHEL6 is the first release of the enterprise product which can be upgraded to the next release.

Yum Configuration:

YUM config file: /etc/yum.conf (CentOS 5)


# Note: yum-RHN-plugin doesn't honor this.

installonly_limit = 5

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
You may list packages you wish NOT to update (Space delimited list. '*' wildcards allowed.): exclude=package-name
(i.e. On x86_64 I do not update firefox or mozplugger with the 64 bit version, I use the 32 bit version so that 32 bit plugins will work.)
Set "gpgcheck=0" to avoid the signature check.
For the option "gpgcheck=1" to work, use the "rpm --import GPG-KEY commands as detailed above in section one of the RPM tutorial.
[root@server2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY
[root@server2 ~]# rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora

File: /etc/yum.repos.d/CentOS-Base.repo (CentOS 5)

name=CentOS-$releasever - Base

#released updates 
name=CentOS-$releasever - Updates

Mirror site/sites which contain base configuration RPM's are listed.
Other protocols such as ftp can be used as well as http.


  • releasever: Release Version - current version of Fedora.
  • basearch: Base Architecture - system hardware architecture i.e. i386

Add other repositories: (not included in default install)

  • EPEL: Extra Packages for Enterprise Linux
    Create file: /etc/yum.repos.d/epel.repo
    name=Extra Packages for Enterprise Linux 5 - $basearch
    name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
    name=Extra Packages for Enterprise Linux 5 - $basearch - Source
    Adding FreshRPM GPG signature key:
    [root@server2 ~]# rpm --import http://download.fedora.redhat.com/pub/fedora/linux/extras/RPM-GPG-KEY-Fedora-Extras

  • Add FreshRPM repository site to your list for downloads of non-standard Fedora software.
    (Software not released by Red Hat like DVD players, audio encoders/rippers, etc)
    Create file: /etc/yum.repos.d/freshrpms.repo
    name=Fedora Linux $releasever - $basearch - freshrpms
    To directly enable a particular repository which is currently disabled (enabled=0): yum -y --enablerepo=freshrpms install kino

    Adding FreshRPM GPG signature key:

    [root@server2 ~]# rpm --import http://freshrpms.net/packages/builds/yum/RPM-GPG-KEY.freshrpms

  • Add: RpmForge.org (add by installing RPM with RpmForge configuration: rpmforge-release-xxxx.rpm)
    Installs file: /etc/yum.repos.d/rpmforge.repo
    name = RHEL $releasever - RPMforge.net - dag
    baseurl = http://apt.sw.be/redhat/el6/en/$basearch/rpmforge
    mirrorlist = http://apt.sw.be/redhat/el6/en/mirrors-rpmforge
    enabled = 1
    protect = 0
    gpgkey = file:///etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag
    gpgcheck = 1
    Required keys and support files are included in the RPM.

    Adding GPG signature key:
    [root@server2 ~]# rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt

  • Add: Macromedia.mplug.org
    Create file: /etc/yum.repos.d/flash.repo
    name=Macromedia Flash plugin
    To directly enable a particular repository which is currently disabled (enabled=0): yum -y --enablerepo=flash install flash-plugin

  • Fedora examples (more repositories: Jpackage, ...)

Registering Red Hat Enterprise Linux to enable YUM repository use:

  • rhn_register: GUI to enter user account and "Installation Number". Must purchase a license to get this.
  • rhnreg_ks: Register a login/user account
Data is stored in /etc/sysconfig/rhn/

Yum Examples And Use:

Using YUM and YUM examples:

  • Update:
    • List packages which will be updated: yum check-update
      (Does not perform an update)
    • Update all packages on your system: yum update
    • Update a package: yum update package-name
    • Update all with same prefix: yum update package-name-prefix\*
      This command will update your system. It will interactively ask permission. i.e. "Is this ok [y/N]:"
    • To avoid the prompt/questions use the command: yum -y update Sample session:
      # yum -y update
      Setting up Update Process
      Setting up Repos
      base                      100% |=========================| 1.1 kB    00:00
      updates-released          100% |=========================|  951 B    00:00
      Reading repository metadata in from local files
      base      : ################################################## 2852/2852
      primary.xml.gz            100% |=========================| 367 kB    00:02
      MD Read   : ################################################## 927/927
      updates-re: ################################################## 927/927
      Excluding Packages in global exclude list
      Resolving Dependencies
      --> Populating transaction set with selected packages. Please wait.
      ---> Downloading header for mod_dav_svn to pack into transaction set.
      mod_dav_svn-1.1.4-1.1.x86 100% |=========================| 8.9 kB    00:00
      ---> Package mod_dav_svn.x86_64 0:1.1.4-1.1 set to be updated
      ---> Downloading header for initscripts to pack into transaction set.
      initscripts-7.93.7-1.x86_ 100% |=========================|  87 kB    00:00
      ---> Package initscripts.x86_64 0:7.93.7-1 set to be updated
      ---> Downloading header for gtk2 to pack into transaction set.
      --> Running transaction check
      Dependencies Resolved
      Transaction Listing:
        Install: aqhbci.x86_64 0:1.0.2beta-0.fc3 - updates-released
        Install: aqhbci-devel.x86_64 0:1.0.2beta-0.fc3 - updates-released
        Install: kernel.x86_64 0:2.6.11-1.14_FC3 - updates-released
      Performing the following to resolve dependencies:
        Install: aqbanking-devel.x86_64 0:1.0.4beta-0.fc3 - updates-released
        Install: gwenhywfar-devel.x86_64 0:1.7.2-0.fc3 - updates-released
      Total download size: 431 M
      Downloading Packages:
      (1/168): mod_dav_svn-1.1. 100% |=========================|  54 kB    00:00
      (2/168): initscripts-7.93 100% |=========================| 1.1 MB    00:03
      Running Transaction Test
      Finished Transaction Test
      Transaction Test Succeeded
      Running Transaction
      Updating: libgcc 100 % done 1/333
      Updating: libgcc 100 % done 2/333
      Completing update for mod_dav_svn  - 169/333
      Completing update for initscripts  - 170/333
      Completing update for gtk2  - 171/333
      Installed: aqhbci.x86_64 0:1.0.2beta-0.fc3 aqhbci-devel.x86_64 0:1.0.2beta-0.fc3 kernel.x86_64 0:2.6.11...
      Dependency Installed: aqbanking-devel.x86_64 0:1.0.4beta-0.fc3 gwenhywfar-devel.x86_64 0:1.7.2-0.fc3
      Updated: ImageMagick.i386 0: ImageMagick.x86_64 0: ImageMagick-c++.i386 ...
      Obsoleted: openhbci.x86_64 0:0.9.17-1 openhbci.i386 0:0.9.17-1 openhbci-devel.x86_64 0:0.9.17-1

      [Potential Pitfall]: Many times I have found that I can get the following errors:

      Setting up Update Process
      Setting up repositories
      Reading repository metadata in from local files
      Could not find update match for package-name ... ... --> Finished Dependency Resolution Error: Missing Dependency: package-name
      I find that the error is traced to having two version of a package installed at once. The following command will reveal if this is true: rpm -q package-name. If there are two versions of the same package installed, I find that removing the newer version and re-running YUM to install an upgrade gets past these errors.
  • To install a single package: yum -y install package-name
    This will also resolve package dependencies.
  • Remove a package: yum remove package-name
  • Info:
    • List available packages, version and state (base, installed, updates-released): yum list
    • List the packages installed which are not available in repository listed in config file: yum list extras
    • List packages which are obsoleted by packages in yum repository: yum list obsoletes
  • Clean local cache of headers and RPM's: yum clean all
    (See: /var/cache/yum/)

Yum Commands:

YUM Command Description
yum -y install package-name Install package.
yum -y install package-name.arch Install package of specified architecture. This is common when installing Firefox "i386" on a "x86_64" platform.
i.e.: yum -y install firefox.i386
yum check-update Show which packages are available to be updated.
yum -y update package-name
yum -y update
yum -y --exclude=package-name update
Update package.
Update all packages on system for which updates are available.
Update all packages which have available updates excluding the specified package.
yum remove package-name
yum remove package-name-1 package-name
yum remove package-name-2
Remove package.
Remove packages.
yum clean headers
yum clean cache
yum clean all
Remove RPM header files.
Remove files from YUM cache: /var/cache/yum/
Clean up all YUM files left over from previous installations.
yum list package-name
yum list regex
List information about available packages from configured YUM repository. Will also list those which contain the specified regular expression search pattern.
yum list installed [regex-optional] List installed packages. Same as rpm -qa
yum list available [regex-optional] List all available packages.
yum search partial-package-name List all packages which match the string specied in the package name or description.
yum grouplist
yum groupinstall group-name
yum groupremove group-name
yum groupupdate group-name
List available package groups.
Install default packages in specified group.
Remove packages in group.
Update packages in group.
rhn_register Register to a Red Hat Network hosted server. Typically useful for licensed Red Hat Enterprise Linux.
See yum man page for a full listing of commands and command arguments.


  • yum man page
  • yum.conf man page
  • You can set up your own YUM server for your own cluster or intranet. Set up a web server with the same paths as used in the configuration files and point your configuration files to your server. See YoLinux web server tutorial for configuration information.
  • Fedora configures YUM as a daily cron job: /etc/cron.daily/yum.cron

    if [ -f /var/lock/subsys/yum ]; then
    /usr/bin/yum -R 10 -e 0 -d 0 -y update yum
    /usr/bin/yum -R 120 -e 0 -d 0 -y update


Yum Groups:

Groups go beyond packages and dependancies. It is a collective group of supporting (not dependent) packages and tools.

List Yum groups available for installation:
# yum grouplist
Installed Groups:
   Administration Tools
   Authoring and Publishing
   Cluster Storage
   DNS Name Server
   Development Tools
Available Groups:
   Development Libraries
   Educational Software
   Electronic Lab
   Fedora Packager
   FreeNX and NX

Install a group (eg Web Server): yum groupinstall "Web Server"

Remove: yum groupremove "Web Server"

YumEx GUI:

YumEx: (Yum Extender) GUI interface to YUM commands and configuration

YumEx will allow you to manage the RPM packages on your system. It allows the administrator to install/update packages from internet repositories as well as un-install RPMs from the system.

Linux Yumex GUI tool
Linux Yumex GUI package tool

Linux Yumex GUI tool
Linux Yumex GUI tool


Book imageBooks:

Amazon book image "Red Hat Enterprise Linux 7: Desktops and Administration"
by Richard Petersen
Surfing Turtle Press, ISBN# 1936280620
(Jan 13, 2017)

Amazon book image "Fedora 18 Desktop Handbook"
by Richard Petersen
Surfing Turtle Press, ISBN# 1936280639
(Mar 6, 2013)

Amazon book image "Fedora 18 Networking and Servers"
by Richard Petersen
Surfing Turtle Press, ISBN# 1936280698
(March 29, 2013)

Amazon book image "Fedora 14 Desktop Handbook"
by Richard Petersen
Surfing Turtle Press, ISBN# 1936280167
(Nov 30, 2010)

Amazon book image "Fedora 14 Administration and Security"
by Richard Petersen
Surfing Turtle Press, ISBN# 1936280221
(Jan 6, 2011)

Amazon book image "Fedora 14 Networking and Servers"
by Richard Petersen
Surfing Turtle Press, ISBN# 1936280191
(Dec 26, 2010)

Amazon book image "Fedora 10 and Red Hat Enterprise Linux Bible"
by Christopher Negus
Wiley, ISBN# 0470413395

Book image "Red Hat Fedora 6 and Enterprise Linux Bible"
by Christopher Negus
Sams, ISBN# 047008278X

Book image "Fedora 7 & Red Hat Enterprise Linux: The Complete Reference"
by Richard Petersen
Sams, ISBN# 0071486429

Book image "Red Hat Fedora Core 6 Unleashed"
by Paul Hudson, Andrew Hudson
Sams, ISBN# 0672329298

Book image "Red Hat Linux Fedora 3 Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672327082

Book image "Red Hat Linux 9 Unleashed"
by Bill Ball, Hoyt Duff
Sams, ISBN# 0672325888
May 8, 2003

I have the Red Hat 6 version and I have found it to be very helpful. I have found it to be way more complete than the other Linux books. It is the most complete general Linux book in publication. While other books in the "Unleashed" series have disappointed me, this book is the best out there.