rpm {-q|--query} [select-options] [query-options]
rpm {-V|--verify} [select-options] [verify-options]
rpm --import PUBKEY ...
rpm {-K|--checksig} [--nosignature] [--nodigest]
PACKAGE_FILE ...
rpm {-i|--install} [install-options] PACKAGE_FILE ...
rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...
rpm {-F|--freshen} [install-options] PACKAGE_FILE ...
rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts]
[--notriggers] [--test] PACKAGE_NAME ...
rpm {--initdb|--rebuilddb}
rpm {--addsign|--resign} PACKAGE_FILE ...
rpm {--querytags|--showrc}
rpm {--setperms|--setugids} PACKAGE_NAME ...
[PACKAGE_NAME] [-a,--all] [-f,--file FILE]
[-g,--group GROUP] {-p,--package PACKAGE_FILE]
[--fileid MD5] [--hdrid SHA1] [--pkgid MD5] [--tid TID]
[--querybynumber HDRNUM] [--triggeredby PACKAGE_NAME]
[--whatprovides CAPABILITY] [--whatrequires CAPABILITY]
[--changelog] [-c,--configfiles] [-d,--docfiles] [--dump]
[--filesbypkg] [-i,--info] [--last] [-l,--list]
[--provides] [--qf,--queryformat QUERYFMT]
[-R,--requires] [--scripts] [-s,--state]
[--triggers,--triggerscripts]
[--nodeps] [--nofiles] [--noscripts]
[--nodigest] [--nosignature]
[--nolinkto] [--nofiledigest] [--nosize] [--nouser]
[--nogroup] [--nomtime] [--nomode] [--nordev]
[--nocaps]
[--aid] [--allfiles] [--badreloc] [--excludepath OLDPATH]
[--excludedocs] [--force] [-h,--hash]
[--ignoresize] [--ignorearch] [--ignoreos]
[--includedocs] [--justdb] [--nodeps]
[--nodigest] [--nosignature] [--nosuggest]
[--noorder] [--noscripts] [--notriggers]
[--oldpackage] [--percent] [--prefix NEWPATH]
[--relocate OLDPATH=NEWPATH]
[--replacefiles] [--replacepkgs]
[--test]
rpm is a powerful Package Manager, which can be used to build, install, query, verify, update, and erase individual software packages. A package consists of an archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file attributes, and descriptive information about the package. Packages come in two varieties: binary packages, used to encapsulate software to be installed, and source packages, containing the source code and recipe necessary to produce binary packages.
One of the following basic modes must be selected: Query, Verify, Signature Check, Install/Upgrade/Freshen, Uninstall, Initialize Database, Rebuild Database, Resign, Add Signature, Set Owners/Groups, Show Querytags, and Show Configuration.
These options can be used in all the different modes.
In these options, PACKAGE_FILE can be either rpm binary file or ASCII package manifest (see PACKAGE SELECTION OPTIONS), and may be specified as an ftp or http URL, in which case the package will be downloaded before being installed. See FTP/HTTP OPTIONS for information on rpm's internal ftp and http client support.
The general form of an rpm install command is
rpm {-i|--install} [install-options] PACKAGE_FILE ...
This installs a new package.
The general form of an rpm upgrade command is
rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...
This upgrades or installs the package currently installed to a newer version. This is the same as install, except all other version(s) of the package are removed after the new package is installed.
rpm {-F|--freshen} [install-options] PACKAGE_FILE ...
This will upgrade packages, but only ones for which an earlier version is installed.
--nopre --nopost --nopreun --nopostun
and turns off the execution of the corresponding %pre, %post, %preun, and %postun scriptlet(s).
--notriggerin --notriggerun --notriggerpostun
and turns off execution of the corresponding %triggerin, %triggerun, and %triggerpostun scriptlet(s).
The general form of an rpm erase command is
rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts] [--notriggers] [--test] PACKAGE_NAME ...
The following options may also be used:
--nopreun --nopostun
and turns off the execution of the corresponding %preun, and %postun scriptlet(s).
--notriggerun --notriggerpostun
and turns off execution of the corresponding %triggerun, and %triggerpostun scriptlet(s).
The general form of an rpm query command is
rpm {-q|--query} [select-options] [query-options]
You may specify the format that package information should be printed in. To do this, you use the
--qf|--queryformat QUERYFMT
option, followed by the QUERYFMT format string. Query formats are modified versions of the standard printf(3) formatting. The format is made up of static strings (which may include standard C character escapes for newlines, tabs, and other special characters) and printf(3) type formatters. As rpm already knows the type to print, the type specifier must be omitted however, and replaced by the name of the header tag to be printed, enclosed by {} characters. Tag names are case insensitive, and the leading RPMTAG_ portion of the tag name may be omitted as well.
Alternate output formats may be requested by following the tag with :typetag. Currently, the following types are supported:
For example, to print only the names of the packages queried, you could use %{NAME} as the format string. To print the packages name and distribution information in two columns, you could use %-30{NAME}%{DISTRIBUTION}. rpm will print a list of all of the tags it knows about when it is invoked with the --querytags argument.
There are two subsets of options for querying: package selection, and information selection.
path size mtime filedigest mode owner group isconfig isdoc rdev symlink
The general form of an rpm verify command is
rpm {-V|--verify} [select-options] [verify-options]
Verifying a package compares information about the installed files in the package with information about the files taken from the package metadata stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner and group of each file. Any discrepancies are displayed. Files that were not installed from the package, for example, documentation files excluded on installation using the "--excludedocs" option, will be silently ignored.
The package selection options are the same as for package querying (including package manifest files as arguments). Other options unique to verify mode are:
The format of the output is a string of 8 characters, a possible attribute marker:
c %config configuration file. d %doc documentation file. g %ghost file (i.e. the file contents are not included in the package payload). l %license license file. r %readme readme file.
from the package header, followed by the file name. Each of the 8 characters denotes the result of a comparison of attribute(s) of the file to the value of those attribute(s) recorded in the database. A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading). Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test:
S file Size differs M Mode differs (includes permissions and file type) 5 MD5 sum differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs P caPabilities differ
The general forms of rpm digital signature commands are
rpm --import PUBKEY ...
rpm {--checksig} [--nosignature] [--nodigest]
PACKAGE_FILE ...
The --checksig option checks all the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package. Note that signatures are now verified whenever a package is read, and --checksig is useful to verify all of the digests and signatures associated with a package.
Digital signatures cannot be verified without a public key. An ASCII armored public key can be added to the rpm database using --import. An imported public key is carried in a header, and key ring management is performed exactly like package management. For example, all currently imported public keys can be displayed by:
rpm -qa gpg-pubkey*
Details about a specific public key, when imported, can be displayed by querying. Here's information about the Red Hat GPG/DSA key:
rpm -qi gpg-pubkey-db42a60e
Finally, public keys can be erased after importing just like packages. Here's how to remove the Red Hat GPG/DSA key
rpm --addsign|--resign PACKAGE_FILE ...
Both of the --addsign and --resign options generate and insert new signatures for each package PACKAGE_FILE given, replacing any existing signatures. There are two options for historical reasons, there is no difference in behavior currently.
In order to sign packages using GPG, rpm must be configured to run GPG and be able to find a key ring with the appropriate keys. By default, rpm uses the same conventions as GPG to find key rings, namely the $GNUPGHOME environment variable. If your key rings are not located where GPG expects them to be, you will need to configure the macro %_gpg_path to be the location of the GPG key rings to use.
For compatibility with older versions of GPG, PGP, and rpm, only V3 OpenPGP signature packets should be configured. Either DSA or RSA verification algorithms can be used, but DSA is preferred.
If you want to be able to sign packages you create yourself, you also need to create your own public and secret key pair (see the GPG manual). You will also need to configure the rpm macros
For example, to be able to use GPG to sign packages as the user "John Doe <jdoe@foo.com>" from the key rings located in /etc/rpm/.gpg using the executable /usr/bin/gpg you would include
%_signature gpg %_gpg_path /etc/rpm/.gpg %_gpg_name John Doe <jdoe@foo.com> %__gpg /usr/bin/gpg
in a macro configuration file. Use /etc/rpm/macros for per-system configuration and ~/.rpmmacros for per-user configuration. Typically it's sufficient to set just %_gpg_name.
The general form of an rpm rebuild database command is
rpm {--initdb|--rebuilddb} [-v] [--dbpath DIRECTORY] [--root DIRECTORY]
Use --initdb to create a new database if one doesn't already exist (existing database is not overwritten), use --rebuilddb to rebuild the database indices from the installed package headers.
The command
rpm --showrc
shows the values rpm will use for all of the options are currently set in rpmrc and macros configuration file(s).
rpm can act as an FTP and/or HTTP client so that packages can be queried or installed from the internet. Package files for install, upgrade, and query operations may be specified as an ftp or http style URL:
ftp://USER:PASSWORD@HOST:PORT/path/to/package.rpm
If the :PASSWORD portion is omitted, the password will be prompted for (once per user/hostname pair). If both the user and password are omitted, anonymous ftp is used. In all cases, passive (PASV) ftp transfers are performed.
rpm allows the following options to be used with ftp URLs:
rpm allows the following options to be used with http URLs:
The build modes of rpm are now resident in the /usr/bin/rpmbuild executable. Install the package containing rpmbuild (usually rpm-build) and see rpmbuild(8) for documentation of all the rpm build modes.
/usr/lib/rpm/rpmrc /usr/lib/rpm/redhat/rpmrc /etc/rpmrc ~/.rpmrc
/usr/lib/rpm/macros /usr/lib/rpm/redhat/macros /etc/rpm/macros ~/.rpmmacros
/var/lib/rpm/Basenames /var/lib/rpm/Conflictname /var/lib/rpm/Dirnames /var/lib/rpm/Filemd5s /var/lib/rpm/Group /var/lib/rpm/Installtid /var/lib/rpm/Name /var/lib/rpm/Packages /var/lib/rpm/Providename /var/lib/rpm/Provideversion /var/lib/rpm/Pubkeys /var/lib/rpm/Removed /var/lib/rpm/Requirename /var/lib/rpm/Requireversion /var/lib/rpm/Sha1header /var/lib/rpm/Sigmd5 /var/lib/rpm/Triggername
popt(3), rpm2cpio(8), rpmbuild(8),
rpm --help - as rpm supports customizing the options via popt aliases it's impossible to guarantee that what's described in the manual matches what's available.
http://www.rpm.org/ <URL:http://www.rpm.org/>
Marc Ewing <marc@redhat.com> Jeff Johnson <jbj@redhat.com> Erik Troan <ewt@redhat.com>