NAME

rpm - RPM 軟件包管理器  

SYNOPSIS

查詢和校驗軟件包：

rpm {-q|--query} [select-options] [query-options]

rpm {-V|--verify} [select-options] [verify-options]

rpm --import PUBKEY ...

rpm {-K|--checksig} [--nosignature] [--nodigest]
    PACKAGE_FILE ...

安裝，升級和卸載軟件包：

rpm {-i|--install} [install-options] PACKAGE_FILE ...

rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...

rpm {-F|--freshen} [install-options] PACKAGE_FILE ...

rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts]
    [--notriggers] [--repackage] [--test] PACKAGE_NAME ...

其他：

rpm {--initdb|--rebuilddb}

rpm {--addsign|--resign} PACKAGE_FILE ...

rpm {--querytags|--showrc}

rpm {--setperms|--setugids} PACKAGE_NAME ...

選擇選項

 [PACKAGE_NAME] [-a,--all] [-f,--file FILE]
 [-g,--group GROUP] {-p,--package PACKAGE_FILE]
 [--fileid MD5] [--hdrid SHA1] [--pkgid MD5] [--tid TID]
 [--querybynumber HDRNUM] [--triggeredby PACKAGE_NAME]
 [--whatprovides CAPABILITY] [--whatrequires CAPABILITY]

查詢選項

 [--changelog] [-c,--configfiles] [-d,--docfiles] [--dump]
 [--filesbypkg] [-i,--info] [--last] [-l,--list]
 [--provides] [--qf,--queryformat QUERYFMT]
 [-R,--requires] [--scripts] [-s,--state]
 [--triggers,--triggerscripts]

校驗選項

 [--nodeps] [--nofiles] [--noscripts]
 [--nodigest] [--nosignature]
 [--nolinkto] [--nomd5] [--nosize] [--nouser]
 [--nogroup] [--nomtime] [--nomode] [--nordev]

安裝選項

 [--aid] [--allfiles] [--badreloc] [--excludepath OLDPATH]
 [--excludedocs] [--force] [-h,--hash]
 [--ignoresize] [--ignorearch] [--ignoreos]
 [--includedocs] [--justdb] [--nodeps]
 [--nodigest] [--nosignature] [--nosuggest]
 [--noorder] [--noscripts] [--notriggers]
 [--oldpackage] [--percent] [--prefix NEWPATH]
 [--relocate OLDPATH=NEWPATH]
 [--repackage] [--replacefiles] [--replacepkgs]
 [--test]

DESCRIPTION

rpm 是一個強大的 軟件包管理器，可以用來構建，安裝，查詢，校驗，升級和卸載單獨的軟件打包。一個 打包 包括文件的歸檔，以及用來安裝和卸載歸檔文件的元信息。元信息包括輔助腳本，文件屬性以及打包的描述性信息。打包 有兩種，二進制打包，用來封裝要安裝的軟件；源代碼打包，包含源代碼以及為生成二進制打包，必要的文件。

必須選擇下列模式之一： Query 查詢, Verify 校驗, Signature Check 檢查簽名, Install/Upgrade/Freshen 安裝/升級/更新, Uninstall 卸載, Initialize Database 初始化數據庫, Rebuild Database 重構數據庫, Resign 重簽名, Add Signature 添加簽名, Set Owners/Groups 設置屬主, Show Querytags 顯示查詢標記, 以及 Show Configuration 顯示配置.  

一般選項

這些選項可以用在所有不同的模式中。

-?, --help

輸出更長的幫助信息。

--version

輸出一行信息，包括使用的 rpm 的版本號。

--quiet

輸出盡可能少的信息 - 通常只有錯誤會顯示。

-v

輸出冗余信息 - 通常，常規的進度信息將顯示。

-vv

輸出大量丑陋的調試信息。

--rcfile FILELIST

FILELIST 中冒號分隔的每個文件名都被 rpm 按順序讀取，從中獲得配置信息。只有列表的第一個文件必須存在，波浪線將被替換為 $HOME。默認的 FILELIST 是 /usr/lib/rpm/rpmrc:/usr/lib/rpm/redhat/rpmrc:/etc/rpmrc:~/.rpmrc

--pipe CMD

將 rpm 的輸出通過管道送到命令 CMD。

--dbpath DIRECTORY

使用 DIRECTORY 中的數據庫，而不是默認的路徑 /var/lib/rpm

--root DIRECTORY

以 DIRECTORY 作為根文件系統，進行所有操作。這意味著將使用 DIRECTORY 中的數據庫來進行依賴性檢測，任何小程序 (也就是安裝中的 %post 和構建中的 %prep) 都將在一個 chroot(2) 到 DIRECTORY 之后執行。

安裝和升級選項

安裝命令的一般形式是

rpm {-i|--install} [install-options] PACKAGE_FILE ...

這樣安裝了一個新軟件包。

升級命令的一般形式是

rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...

這樣安裝或升級已安裝的軟件包到新版本。它與安裝類似，只是所有其他版本的打包在新軟件包安裝后都將移除。

rpm {-F|--freshen} [install-options] PACKAGE_FILE ...

僅當系統中存在更早的版本時，這樣會升級軟件包。PACKAGE_FILE 必須指定為 ftp 或 http URL，這樣軟件包可以在安裝之前去下載。參見 FTP/HTTP OPTIONS 中有關 rpm 的內嵌 ftp 和 http 客戶端支持。

--aid

需要時將建議的軟件包加入事務集。

--allfiles

安裝或升級軟件包中所有 missingok 文件，哪怕它們已經存在。

--badreloc

與 --relocate 搭配使用，允許所有文件的重定位，而不僅僅是在二進制打包中，重定位提示包含的那些 OLDPATH。

--excludepath OLDPATH

不安裝名稱以 OLDPATH 開始的文件。

--excludedocs

不安裝任何標記為文檔的文件 (包括手冊頁和 texinfo)。

--force

與使用 --replacepkgs, --replacefiles, 以及 --oldpackage 相同。

-h, --hash

在打包被解壓時，輸出 50 個 hash 符號 (#)，用來與 -v|--verbose 配合，得到漂亮一點的輸出。

--ignoresize

安裝前不檢測已掛載文件系統的空閑空間。

--ignorearch

允許安裝或升級，即使二進制打包的體系結構與主機不匹配。

--ignoreos

允許安裝或升級，即使二進制打包的操作系統與主機不匹配。

--includedocs

安裝文檔文件。這是默認的行為。

--justdb

只更新數據庫，不更新文件系統。

--nodigest

讀取時不校驗打包或頭部校驗。

--nosignature

讀取時不校驗打包或頭部簽名。

--nodeps

在安裝或升級前，不進行依賴性檢測。

--nosuggest

不建議提供了所需依賴關系的軟件包。

--noorder

不為安裝重排序。通常軟件包列表會被重排序，以滿足依賴性關系。

--noscripts

--nopre

--nopost

--nopreun

--nopostun

不執行對應的小程序。--noscripts 選項與

--nopre --nopost --nopreun --nopostun

等價，將 %pre, %post, %preun, 和 %postun 小程序全部關閉。

--notriggers

--notriggerin

--notriggerun

--notriggerpostun

不執行任何對應的觸發小程序。--notriggers 選項與

--notriggerin --notriggerun --notriggerpostun

等價，將 %triggerin, %triggerun, 和 %triggerpostun 小程序全部關閉。

--oldpackage

允許用舊軟件包替換一個新軟件包。

--percent

打印從軟件包中解壓文件的百分比。這是為了使 rpm 在其他工具中運行時簡單一些。

--prefix NEWPATH

對于可重定位的包，將以軟件包重定位提示的安裝前綴開始的所有文件路徑轉換為以 NEWPATH 開始。

--relocate OLDPATH=NEWPATH

對于克重定位的二進制打包，將軟件包重定位提示中，以 OLDPATH 開始的文件路徑轉換為以 NEWPATH 開始。這一選項可以使用多次，如果軟件包中多個 OLDPATH 要重定位的話。

--repackage

在卸載前重新打包文件。過去安裝的打包將根據宏 %_repackage_name_fmt 命名，將創建于宏 %_repackage_dir 指定的目錄中 (默認值是 /var/spool/repackage)。

--replacefiles

安裝軟件包，即使他們替換了其他已安裝的軟件包的文件。

--replacepkgs

安裝軟件包，即使其中有些軟件包已經被安裝到了系統中。

--test

不安裝軟件包，僅僅檢測并報告可能的沖突。

卸載選項

卸載命令的一般形式是

rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts] [--notriggers] [--repackage] [--test] PACKAGE_NAME ...

同時還可以用下列選項：

--allmatches

刪除匹配 PACKAGE_NAME 的軟件包的所有版本。通常情況下，如果 PACKAGE_NAME 匹配多個軟件包將導致錯誤。

--nodeps

在卸載前不檢測依賴關系。

--noscripts

--nopreun

--nopostun

不執行相應的小程序。--noscripts 選項在卸載過程中等價于

--nopreun --nopostun

將 %preun, 和 %postun 小程序的執行關閉。

--notriggers

--notriggerun

--notriggerpostun

不執行相應的觸發小程序。--notriggers 選項等價于

--notriggerun --notriggerpostun

將 %triggerun, 和 %triggerpostun 小程序的執行關閉。

--repackage

卸載前重新打包文件。過去安裝的軟件包將根據宏 %_repackage_name_fmt 命名，存放到宏 %_repackage_dir 定義的目錄中 (默認值是 /var/spool/repackage)。

--test

不真正卸載任何東西，僅僅嘗試它們。與 -vv 選項聯合使用，在調試時很有用。

查詢選項

查詢命令的一般形式是

rpm {-q|--query} [select-options] [query-options]

可以指定輸出時軟件包信息的格式。為此，使用選項

 --qf|--queryformat QUERYFMT

附帶 QUERYFMT 格式化字符串。查詢命令是標準的 printf(3) 格式的修改版本。格式包括靜態字符串 (可能包括標準的 C 轉義字符，新行符，跳格以及其他特殊字符) 以及 printf(3) 類型標記。由于 rpm 已知輸出類型，因此應當忽略類型標記，使用頭部字段名來代替，包含在 {} 中。字段名是大小寫不敏感的，起始的 RPMTAG_ 部分可以被忽略。

可選的輸出格式是用 :typetag 表示。當前，支持的類型有：

:armor

將公鑰以 ASCII 包裝。

:base64

以 base64 編碼二進制數據。

:date

使用 strftime(3) "%c" 格式。

:day

使用 strftime(3) "%a %b %d %Y" 格式。

:depflags

格式化依賴性標志。

:fflags

格式化文件標志。

:hex

以十六進制格式化。

:octal

以八進制格式化。

:perms

格式化文件權限。

:shescape

轉義單引號，用于腳本。

:triggertype

顯示觸發的后綴。

例如，要只輸出所查詢的軟件包的名稱，可以使用 %{NAME} 作為格式化字符串。要分兩列輸出軟件包名稱和發行版信息，可以用 %-30{NAME}%{DISTRIBUTION}。如果執行時使用 --querytags 參數，rpm 將輸出它已知的所有標記列表。

查詢的選項有兩個子集：軟件包選擇和信息選擇。  

軟件包選擇選項：

PACKAGE_NAME

查詢名稱為 PACKAGE_NAME 的已安裝軟件包。

-a, --all

查詢所有已安裝軟件包。

-f, --file FILE

查詢包含 FILE 的軟件包。

--fileid MD5

查詢包含給定文件描述字的軟件包，例如，文件內容的 MD5 校驗和。

-g, --group GROUP

查詢屬主為 GROUP 的軟件包。

--hdrid SHA1

查詢包含給定頭部描述字的軟件包，例如，不可變頭部區域的 SHA1 校驗和。

-p, --package PACKAGE_FILE

查詢 (未安裝的) 軟件包 PACKAGE_FILE。這個文件可以指定為一個 ftp 或 http 樣式的 URL，這時軟件包頭部將被下載并查詢。參見 FTP/HTTP OPTIONS 中有關 rpm 的內部 ftp 和 http 客戶端支持信息。參數 PACKAGE_FILE 如果不是一個二進制文件，將被解釋為一個 ASCII 軟件包說明。其中可以有以 '#' 開始的注釋，其他的每行都可以包含以空格分隔的匹配表達式，如果是遠程的地址，也包括 URL。這些將被擴展為路徑，替換 manifest 參數的位置，作為 PACKAGE_FILE 參數的附加查詢內容。

--pkgid MD5

查詢含有給定軟件包描述字的軟件包，例如，包的頭部以及有效內容的 MD5 校驗和。

--querybynumber HDRNUM

直接查詢第 HDRNUM 個數據庫入口；這只在調試時有用。

--specfile SPECFILE

解釋并查詢 SPECFILE，就好像它是一個軟件包。盡管并非所有信息都可獲得，但這種查詢允許 rpm 從 spec 文件中抽取信息，而不必寫一個解釋器。

--tid TID

查詢包含給定 TID 事務描述字的軟件包。當前使用 unix 時間戳作為事務描述字。任何在一次事務中安裝或卸載的軟件包擁有相同的描述字。

--triggeredby PACKAGE_NAME

查詢被軟件包 PACKAGE_NAME 觸發的軟件包。

--whatprovides CAPABILITY

查詢提供了 CAPABILITY 能力的軟件包。

--whatrequires CAPABILITY

查詢所有需要 CAPABILITY 才能運作的軟件包。

軟件包查詢選項：

--changelog

顯示軟件包的修改信息。

-c, --configfiles

只顯示配置文件 (暗含了 -l).

-d, --docfiles

只顯示文檔文件 (暗含了 -l).

--dump

轉儲文件信息：

path size mtime md5sum mode owner group isconfig isdoc rdev symlink
        

這個選項必須與至少下列之一聯合使用 -l, -c, -d.

--filesbypkg

列出所選每個軟件包中的文件。

-i, --info

顯示軟件包信息，包括名稱，版本，描述。如果指定了 --queryformat 就使用它。

--last

列出軟件包時，以安裝時間排序，最新的在上面。

-l, --list

列出軟件包中的文件。

--provides

列出軟件包提供的特性。

-R, --requires

列出軟件包依賴的其他軟件包。

--scripts

列出軟件包自定義的小程序，他們是安裝和卸載等等過程的一部分。

-s, --state

顯示軟件包中文件的狀態 states (暗含了 -l)。每個文件的狀態是 normal, not installed, 或 replaced 其中之一。

--triggers, --triggerscripts

顯示軟件包中包含的觸發腳本，如果有的話。

校驗選項

校驗命令的一般形式是

rpm {-V|--verify} [select-options] [verify-options]

校驗軟件包，是將已安裝的文件的信息，與從軟件包中獲取的保存在 rpm 數據庫中的有關文件的元數據進行比較。校驗比較的內容有每個文件的大小，MD5 校驗和，許可，類型，屬主。任何不對的地方都回顯示出來。如果軟件包中文件未安裝，例如在安裝過程中使用 "--excludedocs" 選項跳過的文檔，將被跳過。

軟件包選擇選項與軟件包查詢是相同的 (包括以說明文件作為參數)。其他獨有的選項包括：

--nodeps

不校驗軟件包的依賴關系。

--nodigest

讀取時不校驗軟件包或頭部校驗。

--nofiles

不校驗文件的任何屬性。

--noscripts

不執行 %verifyscript 小程序，如果有的話。

--nosignature

讀取時不校驗軟件包或頭部簽名。

--nolinkto

--nomd5

--nosize

--nouser

--nogroup

--nomtime

--nomode

--nordev

不校驗相應的文件屬性。

輸出是 8 個字符的字符串，可能的屬性標記為：

c %config 配置文件
d %doc 文檔
g %ghost 占位文檔 (就是說，文件內容不包含在軟件包有效內容里面)
l %license 許可文件
r %readme 說明文件

從頭部開始，接下來是文件名，每 8 個字符表示將文件屬性與數據庫中記錄的值進行一次比較的結果。一個單獨的 "." (句點) 表示測試通過了，而一個單獨的 "?" (問號) 表示測試可能無法進行 (例如，文件許可禁止了讀權限)。最后，加重的字母表示相應的 --verify 測試失敗了。

S file Size 大小不一致
M Mode 模式不一致 (包括許可和文件類型)
5 MD5 sum 校驗和不一致
D Device 主從設備號不匹配
L readLink(2) 路徑不匹配
U User 屬主不一致
G Group 組屬主不一致
T mTime 時間不一致

數字簽名和校驗

數字簽名命令的一般形式是

rpm --import PUBKEY ...

rpm {--checksig} [--nosignature] [--nodigest]
    PACKAGE_FILE ...

選項 --checksig 用來檢測 PACKAGE_FILE 中所有的簽名和摘要，保證打包的完整性和來源。注意在讀取打包時總會檢測簽名，而 --checksig 在校驗與某個打包關聯的所有簽名和摘要時有用。

沒有公鑰就無法校驗數字簽名?？梢杂?--import 來向 rpm 數據庫添加 ASCII 文本化的公鑰。每個導入的公鑰都有一個頭部，鑰匙環的管理與軟件包管理完全類似。例如，要顯示所有已導入的公鑰，使用：

rpm -qa gpg-pubkey*

已導入的公鑰的細節，可以查詢并顯示。下面是有關 Redhat GPG/DSA 公鑰的信息：

rpm -qi gpg-pubkey-db42a60e

最后，已導入的公鑰可以像軟件包一樣被刪除。下面是如何卸載 Redhat GPG/DSA 公鑰：

rpm -e gpg-pubkey-db42a60e  

簽署軟件包

rpm --addsign|--resign PACKAGE_FILE ...

選項 --addsign 與 --resign 都可以為每個軟件包 PACKAGE_FILE 生成并插入新的簽名，替換任何已有的簽名。存在兩個選項，是由于歷史的原因，現在它們的行為沒有區別。  

使用 GPG 來簽署軟件包

為使用 GPG 來簽署軟件包，必須配置 rpm 運行 GPG，并且要能找到包含合適密鑰的鑰匙環。默認情況下，rpm 使用與 GPG 相同的約定來查找鑰匙環，也就是 $GNUPGHOME 環境變量。如果你的鑰匙環不在 GPG 要求的位置，就必須配置宏 %_gpg_path 為要使用的 GPG 鑰匙環的位置。

為了與老版本的 GPG, PGP 和 rpm 兼容，只應配置 V3 OpenPGP 簽名的打包?？梢允褂?DSA 或者 RSA 校驗算法，但是推薦用 DSA。

如果想簽署自己創建的打包，還需要創建自己的公鑰和私鑰對 (參見 GPG 手冊)。還需要配置 rpm 宏：

%_signature

簽名類型。當前只支持 gpg 和 pgp。

%_gpg_name

用來簽署打包的密鑰的所有者 "用戶" 的名稱

例如，要使用 GPG 來簽署打包，用戶是 "John Doe <jdoe@foo.com>"，鑰匙環位置在 /etc/rpm/.gpg，使用可執行文件 /usr/bin/gpg，可以將這一段

%_signature gpg
%_gpg_path /etc/rpm/.gpg
%_gpg_name John Doe <jdoe@foo.com>
%_gpgbin /usr/bin/gpg

包含在宏配置文件中。對于系統范圍的設置，使用 /etc/rpm/macros，對于個人設置，使用 ~/.rpmmacros。  

重建數據庫選項

重建數據庫的命令的一般形式是

rpm {--initdb|--rebuilddb} [-v] [--dbpath DIRECTORY] [--root DIRECTORY]

使用 --initdb 來創建新的數據庫，使用 --rebuilddb 來重建數據庫索引，根據已安裝的軟件包頭部。  

顯示配置

命令

rpm --showrc

將顯示 rpm 使用的，在 rpmrc 和 macros 配置文件中定義的選項的值。  

FTP/HTTP 選項

rpm 可以作為一個 FTP 和/或 HTTP 客戶端，可以查詢或安裝互聯網上的軟件包包。要安裝、升級和查詢的軟件包文件可以以 ftp 或 http 樣式的 URL 指定：

ftp://USER:PASSWORD@HOST:PORT/path/to/package.rpm

如果忽略了 :PASSWORD 選項，將提示密碼，每個用戶名/主機組合提示一次。如果忽略了用戶名和密碼，將使用匿名 ftp。在所有情況下，都會使用被動 ftp (PSAV)。

rpm 允許在使用 ftp URL 時使用下面的選項：

--ftpproxy HOST

使用主機 HOST 作為所有 ftp 傳輸的代理服務器，允許用戶通過代理系統防火墻訪問 ftp。這個選項也可以用宏 %_ftpproxy 指定。

--ftpport PORT

連接到 ftp 代理服務器的 TCP PORT 端口，而不是默認的端口。這個選項也可以用宏 %_ftpport 指定。

rpm 允許在使用 http URL 時使用下面的選項：

--httpproxy HOST

使用主機 HOST 作為所有 http 傳輸的代理服務器，允許用戶通過代理系統防火墻訪問 http。這個選項也可以用宏 %_httpproxy 指定。

--httpport PORT

連接到 http 代理服務器的 TCP PORT 端口，而不是默認的端口。這個選項也可以用宏 %_httpport 指定。

LEGACY ISSUES

執行 rpmbuild

rpm 的構建模式，現在由 /usr/bin/rpmbuild 命令完成。盡管使用下面的 popt 別名提供的兼容性已經夠用，但是不夠完美；因此通過 popt 別名提供的構建兼容性將從 rpm 中移除。安裝 rpmbuild 軟件包，參見 rpmbuild(8) 中，有關過去記錄在 rpm(8) 中的，rpm 構建模式的文檔。

將下面的這些添加到 /etc/popt 中，如果想使用 rpm 命令行運行 rpmbuild的話：

rpm     exec --bp               rpmb -bp
rpm     exec --bc               rpmb -bc
rpm     exec --bi               rpmb -bi
rpm     exec --bl               rpmb -bl
rpm     exec --ba               rpmb -ba
rpm     exec --bb               rpmb -bb
rpm     exec --bs               rpmb -bs 
rpm     exec --tp               rpmb -tp 
rpm     exec --tc               rpmb -tc 
rpm     exec --ti               rpmb -ti 
rpm     exec --tl               rpmb -tl 
rpm     exec --ta               rpmb -ta
rpm     exec --tb               rpmb -tb
rpm     exec --ts               rpmb -ts 
rpm     exec --rebuild          rpmb --rebuild
rpm     exec --recompile        rpmb --recompile
rpm     exec --clean            rpmb --clean
rpm     exec --rmsource         rpmb --rmsource
rpm     exec --rmspec           rpmb --rmspec
rpm     exec --target           rpmb --target
rpm     exec --short-circuit    rpmb --short-circuit

FILES

rpmrc 配置文件

/usr/lib/rpm/rpmrc
/usr/lib/rpm/redhat/rpmrc
/etc/rpmrc
~/.rpmrc

Macro 宏定義文件

/usr/lib/rpm/macros
/usr/lib/rpm/redhat/macros
/etc/rpm/macros
~/.rpmmacros

Database 數據庫

/var/lib/rpm/Basenames
/var/lib/rpm/Conflictname
/var/lib/rpm/Dirnames
/var/lib/rpm/Filemd5s
/var/lib/rpm/Group
/var/lib/rpm/Installtid
/var/lib/rpm/Name
/var/lib/rpm/Packages
/var/lib/rpm/Providename
/var/lib/rpm/Provideversion
/var/lib/rpm/Pubkeys
/var/lib/rpm/Removed
/var/lib/rpm/Requirename
/var/lib/rpm/Requireversion
/var/lib/rpm/Sha1header
/var/lib/rpm/Sigmd5
/var/lib/rpm/Triggername

Temporary 臨時文件

/var/tmp/rpm*  

SEE ALSO

popt(3),
rpm2cpio(8),
rpmbuild(8),

#p#

NAME

rpm - RPM Package Manager  

SYNOPSIS

QUERYING AND VERIFYING PACKAGES:

rpm {-q|--query} [select-options] [query-options]

rpm {-V|--verify} [select-options] [verify-options]

rpm --import PUBKEY ...

rpm {-K|--checksig} [--nosignature] [--nodigest]
    PACKAGE_FILE ...

INSTALLING, UPGRADING, AND REMOVING PACKAGES:

rpm {-i|--install} [install-options] PACKAGE_FILE ...

rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...

rpm {-F|--freshen} [install-options] PACKAGE_FILE ...

rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts]
    [--notriggers] [--repackage] [--test] PACKAGE_NAME ...

MISCELLANEOUS:

rpm {--initdb|--rebuilddb}

rpm {--addsign|--resign} PACKAGE_FILE ...

rpm {--querytags|--showrc}

rpm {--setperms|--setugids} PACKAGE_NAME ...

select-options

 [PACKAGE_NAME] [-a,--all] [-f,--file FILE]
 [-g,--group GROUP] {-p,--package PACKAGE_FILE]
 [--fileid MD5] [--hdrid SHA1] [--pkgid MD5] [--tid TID]
 [--querybynumber HDRNUM] [--triggeredby PACKAGE_NAME]
 [--whatprovides CAPABILITY] [--whatrequires CAPABILITY]

query-options

 [--changelog] [-c,--configfiles] [-d,--docfiles] [--dump]
 [--filesbypkg] [-i,--info] [--last] [-l,--list]
 [--provides] [--qf,--queryformat QUERYFMT]
 [-R,--requires] [--scripts] [-s,--state]
 [--triggers,--triggerscripts]

verify-options

 [--nodeps] [--nofiles] [--noscripts]
 [--nodigest] [--nosignature]
 [--nolinkto] [--nomd5] [--nosize] [--nouser]
 [--nogroup] [--nomtime] [--nomode] [--nordev]

install-options

 [--aid] [--allfiles] [--badreloc] [--excludepath OLDPATH]
 [--excludedocs] [--force] [-h,--hash]
 [--ignoresize] [--ignorearch] [--ignoreos]
 [--includedocs] [--justdb] [--nodeps]
 [--nodigest] [--nosignature] [--nosuggest]
 [--noorder] [--noscripts] [--notriggers]
 [--oldpackage] [--percent] [--prefix NEWPATH]
 [--relocate OLDPATH=NEWPATH]
 [--repackage] [--replacefiles] [--replacepkgs]
 [--test]

DESCRIPTION

rpm is a powerful Package Manager, which can be used to build, install, query, verify, update, and erase individual software packages. A package consists of an archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file attributes, and descriptive information about the package. Packages come in two varieties: binary packages, used to encapsulate software to be installed, and source packages, containing the source code and recipe necessary to produce binary packages.

One of the following basic modes must be selected: Query, Verify, Signature Check, Install/Upgrade/Freshen, Uninstall, Initialize Database, Rebuild Database, Resign, Add Signature, Set Owners/Groups, Show Querytags, and Show Configuration.  

GENERAL OPTIONS

These options can be used in all the different modes.

-?, --help

Print a longer usage message then normal.

--version

Print a single line containing the version number of rpm being used.

--quiet

Print as little as possible - normally only error messages will be displayed.

-v

Print verbose information - normally routine progress messages will be displayed.

-vv

Print lots of ugly debugging information.

--rcfile FILELIST

Each of the files in the colon separated FILELIST is read sequentially by rpm for configuration information. Only the first file in the list must exist, and tildes will be expanded to the value of $HOME. The default FILELIST is /usr/lib/rpm/rpmrc:/usr/lib/rpm/redhat/rpmrc:/etc/rpmrc:~/.rpmrc.

--pipe CMD

Pipes the output of rpm to the command CMD.

--dbpath DIRECTORY

Use the database in DIRECTORY rather than the default path /var/lib/rpm

--root DIRECTORY

Use the file system tree rooted at DIRECTORY for all operations. Note that this means the database within DIRECTORY will be used for dependency checks and any scriptlet(s) (e.g. %post if installing, or %prep if building, a package) will be run after a chroot(2) to DIRECTORY.

INSTALL AND UPGRADE OPTIONS

The general form of an rpm install command is

rpm {-i|--install} [install-options] PACKAGE_FILE ...

This installs a new package.

The general form of an rpm upgrade command is

rpm {-U|--upgrade} [install-options] PACKAGE_FILE ...

This upgrades or installs the package currently installed to a newer version. This is the same as install, except all other version(s) of the package are removed after the new package is installed.

rpm {-F|--freshen} [install-options] PACKAGE_FILE ...

This will upgrade packages, but only if an earlier version currently exists. The PACKAGE_FILE may be specified as an ftp or http URL, in which case the package will be downloaded before being installed. See FTP/HTTP OPTIONS for information on rpm's internal ftp and http client support.

--aid

Add suggested packages to the transaction set when needed.

--allfiles

Installs or upgrades all the missingok files in the package, regardless if they exist.

--badreloc

Used with --relocate, permit relocations on all file paths, not just those OLDPATH's included in the binary package relocation hint(s).

--excludepath OLDPATH

Don't install files whose name begins with OLDPATH.

--excludedocs

Don't install any files which are marked as documentation (which includes man pages and texinfo documents).

--force

Same as using --replacepkgs, --replacefiles, and --oldpackage.

-h, --hash

Print 50 hash marks as the package archive is unpacked. Use with -v|--verbose for a nicer display.

--ignoresize

Don't check mount file systems for sufficient disk space before installing this package.

--ignorearch

Allow installation or upgrading even if the architectures of the binary package and host don't match.

--ignoreos

Allow installation or upgrading even if the operating systems of the binary package and host don't match.

--includedocs

Install documentation files. This is the default behavior.

--justdb

Update only the database, not the filesystem.

--nodigest

Don't verify package or header digests when reading.

--nosignature

Don't verify package or header signatures when reading.

--nodeps

Don't do a dependency check before installing or upgrading a package.

--nosuggest

Don't suggest package(s) that provide a missing dependency.

--noorder

Don't reorder the packages for an install. The list of packages would normally be reordered to satisfy dependencies.

--noscripts

--nopre

--nopost

--nopreun

--nopostun

Don't execute the scriptlet of the same name. The --noscripts option is equivalent to

--nopre --nopost --nopreun --nopostun

and turns off the execution of the corresponding %pre, %post, %preun, and %postun scriptlet(s).

--notriggers

--notriggerin

--notriggerun

--notriggerpostun

Don't execute any trigger scriptlet of the named type. The --notriggers option is equivalent to

--notriggerin --notriggerun --notriggerpostun

and turns off execution of the corresponding %triggerin, %triggerun, and %triggerpostun scriptlet(s).

--oldpackage

Allow an upgrade to replace a newer package with an older one.

--percent

Print percentages as files are unpacked from the package archive. This is intended to make rpm easy to run from other tools.

--prefix NEWPATH

For relocatable binary packages, translate all file paths that start with the installation prefix in the package relocation hint(s) to NEWPATH.

--relocate OLDPATH=NEWPATH

For relocatable binary packages, translate all file paths that start with OLDPATH in the package relocation hint(s) to NEWPATH. This option can be used repeatedly if several OLDPATH's in the package are to be relocated.

--repackage

Re-package the files before erasing. The previously installed package will be named according to the macro %_repackage_name_fmt and will be created in the directory named by the macro %_repackage_dir (default value is /var/spool/repackage).

--replacefiles

Install the packages even if they replace files from other, already installed, packages.

--replacepkgs

Install the packages even if some of them are already installed on this system.

--test

Do not install the package, simply check for and report potential conflicts.

ERASE OPTIONS

The general form of an rpm erase command is

rpm {-e|--erase} [--allmatches] [--nodeps] [--noscripts] [--notriggers] [--repackage] [--test] PACKAGE_NAME ...

The following options may also be used:

--allmatches

Remove all versions of the package which match PACKAGE_NAME. Normally an error is issued if PACKAGE_NAME matches multiple packages.

--nodeps

Don't check dependencies before uninstalling the packages.

--noscripts

--nopreun

--nopostun

Don't execute the scriptlet of the same name. The --noscripts option during package erase is equivalent to

--nopreun --nopostun

and turns off the execution of the corresponding %preun, and %postun scriptlet(s).

--notriggers

--notriggerun

--notriggerpostun

Don't execute any trigger scriptlet of the named type. The --notriggers option is equivalent to

--notriggerun --notriggerpostun

and turns off execution of the corresponding %triggerun, and %triggerpostun scriptlet(s).

--repackage

Re-package the files before erasing. The previously installed package will be named according to the macro %_repackage_name_fmt and will be created in the directory named by the macro %_repackage_dir (default value is /var/spool/repackage).

--test

Don't really uninstall anything, just go through the motions. Useful in conjunction with the -vv option for debugging.

QUERY OPTIONS

The general form of an rpm query command is

rpm {-q|--query} [select-options] [query-options]

You may specify the format that package information should be printed in. To do this, you use the

 --qf|--queryformat QUERYFMT

option, followed by the QUERYFMT format string. Query formats are modified versions of the standard printf(3) formatting. The format is made up of static strings (which may include standard C character escapes for newlines, tabs, and other special characters) and printf(3) type formatters. As rpm already knows the type to print, the type specifier must be omitted however, and replaced by the name of the header tag to be printed, enclosed by {} characters. Tag names are case insensitive, and the leading RPMTAG_ portion of the tag name may be omitted as well.

Alternate output formats may be requested by following the tag with :typetag. Currently, the following types are supported:

:armor

    Wrap a public key in ASCII armor.

:base64

Encode binary data using base64.

:date

Use strftime(3) "%c" format.

:day

Use strftime(3) "%a %b %d %Y" format.

:depflags

Format dependency flags.

:fflags

Format file flags.

:hex

Format in hexadecimal.

:octal

Format in octal.

:perms

Format file permissions.

:shescape

Escape single quotes for use in a script.

:triggertype

Display trigger suffix.

For example, to print only the names of the packages queried, you could use %{NAME} as the format string. To print the packages name and distribution information in two columns, you could use %-30{NAME}%{DISTRIBUTION}. rpm will print a list of all of the tags it knows about when it is invoked with the --querytags argument.

There are two subsets of options for querying: package selection, and information selection.  

PACKAGE SELECTION OPTIONS:

PACKAGE_NAME

Query installed package named PACKAGE_NAME.

-a, --all

Query all installed packages.

-f, --file FILE

Query package owning FILE.

--fileid MD5

Query package that contains a given file identifier, i.e. the MD5 digest of the file contents.

-g, --group GROUP

Query packages with the group of GROUP.

--hdrid SHA1

Query package that contains a given header identifier, i.e. the SHA1 digest of the immutable header region.

-p, --package PACKAGE_FILE

Query an (uninstalled) package PACKAGE_FILE. The PACKAGE_FILE may be specified as an ftp or http style URL, in which case the package header will be downloaded and queried. See FTP/HTTP OPTIONS for information on rpm's internal ftp and http client support. The PACKAGE_FILE argument(s), if not a binary package, will be interpreted as an ASCII package manifest. Comments are permitted, starting with a '#', and each line of a package manifest file may include white space separated glob expressions, including URL's with remote glob expressions, that will be expanded to paths that are substituted in place of the package manifest as additional PACKAGE_FILE arguments to the query.

--pkgid MD5

Query package that contains a given package identifier, i.e. the MD5 digest of the combined header and payload contents.

--querybynumber HDRNUM

Query the HDRNUMth database entry directly; this is useful only for debugging.

--specfile SPECFILE

Parse and query SPECFILE as if it were a package. Although not all the information (e.g. file lists) is available, this type of query permits rpm to be used to extract information from spec files without having to write a specfile parser.

--tid TID

Query package(s) that have a given TID transaction identifier. A unix time stamp is currently used as a transaction identifier. All package(s) installed or erased within a single transaction have a common identifier.

--triggeredby PACKAGE_NAME

Query packages that are triggered by package(s) PACKAGE_NAME.

--whatprovides CAPABILITY

Query all packages that provide the CAPABILITY capability.

--whatrequires CAPABILITY

Query all packages that requires CAPABILITY for proper functioning.

PACKAGE QUERY OPTIONS:

--changelog

Display change information for the package.

-c, --configfiles

List only configuration files (implies -l).

-d, --docfiles

List only documentation files (implies -l).

--dump

Dump file information as follows:

path size mtime md5sum mode owner group isconfig isdoc rdev symlink
        

This option must be used with at least one of -l, -c, -d.

--filesbypkg

List all the files in each selected package.

-i, --info

Display package information, including name, version, and description. This uses the --queryformat if one was specified.

--last

Orders the package listing by install time such that the latest packages are at the top.

-l, --list

List files in package.

--provides

List capabilities this package provides.

-R, --requires

List packages on which this package depends.

--scripts

List the package specific scriptlet(s) that are used as part of the installation and uninstallation processes.

-s, --state

Display the states of files in the package (implies -l). The state of each file is one of normal, not installed, or replaced.

--triggers, --triggerscripts

Display the trigger scripts, if any, which are contained in the package.

VERIFY OPTIONS

The general form of an rpm verify command is

rpm {-V|--verify} [select-options] [verify-options]

Verifying a package compares information about the installed files in the package with information about the files taken from the package metadata stored in the rpm database. Among other things, verifying compares the size, MD5 sum, permissions, type, owner and group of each file. Any discrepancies are displayed. Files that were not installed from the package, for example, documentation files excluded on installation using the "--excludedocs" option, will be silently ignored.

The package selection options are the same as for package querying (including package manifest files as arguments). Other options unique to verify mode are:

--nodeps

Don't verify dependencies of packages.

--nodigest

Don't verify package or header digests when reading.

--nofiles

Don't verify any attributes of package files.

--noscripts

Don't execute the %verifyscript scriptlet (if any).

--nosignature

Don't verify package or header signatures when reading.

--nolinkto

--nomd5

--nosize

--nouser

--nogroup

--nomtime

--nomode

--nordev

Don't verify the corresponding file attribute.

The format of the output is a string of 8 characters, a possible attribute marker:

c %config configuration file.
d %doc documentation file.
g %ghost file (i.e. the file contents are not included in the package payload).
l %license license file.
r %readme readme file.

from the package header, followed by the file name. Each of the 8 characters denotes the result of a comparison of attribute(s) of the file to the value of those attribute(s) recorded in the database. A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading). Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test:

S file Size differs
M Mode differs (includes permissions and file type)
5 MD5 sum differs
D Device major/minor number mismatch
L readLink(2) path mismatch
U User ownership differs
G Group ownership differs
T mTime differs

DIGITAL SIGNATURE AND DIGEST VERIFICATION

The general forms of rpm digital signature commands are

rpm --import PUBKEY ...

rpm {--checksig} [--nosignature] [--nodigest]
    PACKAGE_FILE ...

The --checksig option checks all the digests and signatures contained in PACKAGE_FILE to ensure the integrity and origin of the package. Note that signatures are now verified whenever a package is read, and --checksig is useful to verify all of the digests and signatures associated with a package.

Digital signatures cannot be verified without a public key. An ASCII armored public key can be added to the rpm database using --import. An imported public key is carried in a header, and key ring management is performed exactly like package management. For example, all currently imported public keys can be displayed by:

rpm -qa gpg-pubkey*

Details about a specific public key, when imported, can be displayed by querying. Here's information about the Red Hat GPG/DSA key:

rpm -qi gpg-pubkey-db42a60e

Finally, public keys can be erased after importing just like packages. Here's how to remove the Red Hat GPG/DSA key

rpm -e gpg-pubkey-db42a60e  

SIGNING A PACKAGE

rpm --addsign|--resign PACKAGE_FILE ...

Both of the --addsign and --resign options generate and insert new signatures for each package PACKAGE_FILE given, replacing any existing signatures. There are two options for historical reasons, there is no difference in behavior currently.  

USING GPG TO SIGN PACKAGES

In order to sign packages using GPG, rpm must be configured to run GPG and be able to find a key ring with the appropriate keys. By default, rpm uses the same conventions as GPG to find key rings, namely the $GNUPGHOME environment variable. If your key rings are not located where GPG expects them to be, you will need to configure the macro %_gpg_path to be the location of the GPG key rings to use.

For compatibility with older versions of GPG, PGP, and rpm, only V3 OpenPGP signature packets should be configured. Either DSA or RSA verification algorithms can be used, but DSA is preferred.

If you want to be able to sign packages you create yourself, you also need to create your own public and secret key pair (see the GPG manual). You will also need to configure the rpm macros

%_signature

The signature type. Right now only gpg and pgp are supported.

%_gpg_name

The name of the "user" whose key you wish to use to sign your packages.

For example, to be able to use GPG to sign packages as the user "John Doe <jdoe@foo.com>" from the key rings located in /etc/rpm/.gpg using the executable /usr/bin/gpg you would include

%_signature gpg
%_gpg_path /etc/rpm/.gpg
%_gpg_name John Doe <jdoe@foo.com>
%_gpgbin /usr/bin/gpg

in a macro configuration file. Use /etc/rpm/macros for per-system configuration and ~/.rpmmacros for per-user configuration.  

REBUILD DATABASE OPTIONS

The general form of an rpm rebuild database command is

rpm {--initdb|--rebuilddb} [-v] [--dbpath DIRECTORY] [--root DIRECTORY]

Use --initdb to create a new database, use --rebuilddb to rebuild the database indices from the installed package headers.  

SHOWRC

The command

rpm --showrc

shows the values rpm will use for all of the options are currently set in rpmrc and macros configuration file(s).  

FTP/HTTP OPTIONS

rpm can act as an FTP and/or HTTP client so that packages can be queried or installed from the internet. Package files for install, upgrade, and query operations may be specified as an ftp or http style URL:

ftp://USER:PASSWORD@HOST:PORT/path/to/package.rpm

If the :PASSWORD portion is omitted, the password will be prompted for (once per user/hostname pair). If both the user and password are omitted, anonymous ftp is used. In all cases, passive (PASV) ftp transfers are performed.

rpm allows the following options to be used with ftp URLs:

--ftpproxy HOST

The host HOST will be used as a proxy server for all ftp transfers, which allows users to ftp through firewall machines which use proxy systems. This option may also be specified by configuring the macro %_ftpproxy.

--ftpport PORT

The TCP PORT number to use for the ftp connection on the proxy ftp server instead of the default port. This option may also be specified by configuring the macro %_ftpport.

rpm allows the following options to be used with http URLs:

--httpproxy HOST

The host HOST will be used as a proxy server for all http transfers. This option may also be specified by configuring the macro %_httpproxy.

--httpport PORT

The TCP PORT number to use for the http connection on the proxy http server instead of the default port. This option may also be specified by configuring the macro %_httpport.

LEGACY ISSUES

Executing rpmbuild

The build modes of rpm are now resident in the /usr/bin/rpmbuild executable. Although legacy compatibility provided by the popt aliases below has been adequate, the compatibility is not perfect; hence build mode compatibility through popt aliases is being removed from rpm. Install the rpmbuild package, and see rpmbuild(8) for documentation of all the rpm build modes previously documented here in rpm(8).

Add the following lines to /etc/popt if you wish to continue invoking rpmbuild from the rpm command line:

rpm     exec --bp               rpmb -bp
rpm     exec --bc               rpmb -bc
rpm     exec --bi               rpmb -bi
rpm     exec --bl               rpmb -bl
rpm     exec --ba               rpmb -ba
rpm     exec --bb               rpmb -bb
rpm     exec --bs               rpmb -bs 
rpm     exec --tp               rpmb -tp 
rpm     exec --tc               rpmb -tc 
rpm     exec --ti               rpmb -ti 
rpm     exec --tl               rpmb -tl 
rpm     exec --ta               rpmb -ta
rpm     exec --tb               rpmb -tb
rpm     exec --ts               rpmb -ts 
rpm     exec --rebuild          rpmb --rebuild
rpm     exec --recompile        rpmb --recompile
rpm     exec --clean            rpmb --clean
rpm     exec --rmsource         rpmb --rmsource
rpm     exec --rmspec           rpmb --rmspec
rpm     exec --target           rpmb --target
rpm     exec --short-circuit    rpmb --short-circuit

FILES

rpmrc Configuration

/usr/lib/rpm/rpmrc
/usr/lib/rpm/redhat/rpmrc
/etc/rpmrc
~/.rpmrc

Macro Configuration

/usr/lib/rpm/macros
/usr/lib/rpm/redhat/macros
/etc/rpm/macros
~/.rpmmacros

Database

/var/lib/rpm/Basenames
/var/lib/rpm/Conflictname
/var/lib/rpm/Dirnames
/var/lib/rpm/Filemd5s
/var/lib/rpm/Group
/var/lib/rpm/Installtid
/var/lib/rpm/Name
/var/lib/rpm/Packages
/var/lib/rpm/Providename
/var/lib/rpm/Provideversion
/var/lib/rpm/Pubkeys
/var/lib/rpm/Removed
/var/lib/rpm/Requirename
/var/lib/rpm/Requireversion
/var/lib/rpm/Sha1header
/var/lib/rpm/Sigmd5
/var/lib/rpm/Triggername

Temporary

/var/tmp/rpm*  

SEE ALSO

popt(3),
rpm2cpio(8),
rpmbuild(8),