Yum, Apt, and Repos
For dnf stuff, go to the Dnf page
Yum
Yum Cheatsheet: https://access.redhat.com/sites/default/files/attachments/rh_yum_cheatsheet_1214_jcs_print-1.pdf
- The configuration file for yum and related utilities is located at /etc/yum.conf. This file contains one mandatory [main] section, which allows you to set Yum options that have global effect, and can also contain one or more [repository] sections, which allow you to set repository-specific options.
- So /etc/yum.conf is a basic set of instructions used by yum to run, which includes some repository information because it is literally required to use yum.
$ cat /etc/yum.conf [main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=3 # This is the default, if you make this bigger yum won't see if the metadata # is newer on the remote and so you'll "gain" the bandwidth of not having to # download the new metadata and "pay" for it by yum not having correct # information. # It is esp. important, to have correct metadata, for distributions like # Fedora which don't keep old packages around. If you don't like this checking # interupting your command line usage, it's much better to have something # manually check the metadata once an hour (yum-updatesd will do this). # metadata_expire=90m # PUT YOUR REPOS HERE OR IN separate files named file.repo # in /etc/yum.repos.d
- Regarding yum.repos.d in particular: It is recommended to define individual repositories in new or existing .repo files in the /etc/yum.repos.d/ directory. The values you define in individual [repository] sections of the /etc/yum.conf file override values set in the [main] section.
- In short, /etc/yum.repos.d contains "extra" repository information and only that. This information can potentially override whatever is in yum.conf.
Listing packages with YUM
Use the following procedure to list installed and available packages.
$ yum list installed $ yum list installed <package>
To list information about all installed and available packages, use:
# yum list --all
To list all packages installed on your system, use:
# yum list --installed
To list all packages in all enabled repositories that are available to install, use:
# yum list --available
Note that you can filter the results by appending global expressions as arguments. See Specifying global expressions in yum input
Listing repositories with YUM
Use the following procedure to list enabled and disabled repositories.
To list all enabled repositories on your system, use:
# yum repolist
To list all disabled repositories on your system, use:
# yum repolist --disabled
To list both enabled and disabled repositories, use:
# yum repolist --all
To list additional information about the repositories, use:
# yum repoinfo
How to remove installed packages
$ yum remove <package>
How to look up the history of an installed package
Use yum history command like so:
$ sudo yum history info dos2unix
Loaded plugins: product-id, search-disabled-repos, subscription-manager
Transaction ID : 8
Begin time : Fri Nov 17 10:00:39 2023
Begin rpmdb : 354:1c04100a613a950c609f419b2b0a5f2cf2b1bf7d
End time : 10:00:43 2023 (4 seconds)
End rpmdb : 355:900b0a31f0938f4060ff3945e7804b68351f1c40
User : root <root>
Return-Code : Success
Command Line : -y install dos2unix
Transaction performed with:
Updated rpm-4.11.3-45.el7.x86_64 @anaconda/7.9
Updated subscription-manager-1.24.42-1.el7.x86_64 @anaconda/7.9
Installed yum-3.4.3-168.el7.noarch @anaconda/7.9
Packages Altered:
Install dos2unix-6.0.3-7.el7.x86_64 @rhel-7-server-rpms
history info
$ sudo yum history summary dos2unix Loaded plugins: product-id, search-disabled-repos, subscription-manager Login user | Time | Action(s) | Altered ------------------------------------------------------------------------------- root <root> | Last 3 months | Install | 1 history summary
How to install updates from Red Hat Security Advisory IDs
$ sudo yum -y update --advisory=RHSA-2023:7058
To list all available security updates without installing them, run:
# yum updateinfo list --security
Good doc: https://www.cyberciti.biz/faq/rhel-8-update-installed-packages-for-security/
Making (old) Amazon Linux AMIs Use the Latest Repos
If you want your (old) Amazon Linux to use the most recent repo, and to have the latest packages, follow these steps below. Thanks to m a v a n d e, we were able to get an old AL AMI (ami-0509cbef5247d8e4d), and get the latest version of glibc-2.17-292.180.amzn1.x86_64. By default it had 2.17-260.175.amzn1 version installed.
Original Package for glibc:
$ yum --showduplicates list glibc Loaded plugins: priorities, update-motd, upgrade-helper Installed Packages glibc.x86_64 2.17-260.175.amzn1 @amzn- updates/2018.03 Available Packages glibc.i686 2.17-196.172.amzn1 amzn-main glibc.x86_64 2.17-196.172.amzn1 amzn-main glibc.i686 2.17-222.173.amzn1 amzn-updates glibc.x86_64 2.17-222.173.amzn1 amzn- updates glibc.i686 2.17-260.175.amzn1 amzn-updates glibc.x86_64 2.17-260.175.amzn1
1) Modify /etc/yum.conf and ensure releasever=latest. According to doc [1], by default, the Amazon Linux AMI should have rreleasever=latest set. If not you must change it:
$ sudo vi /etc/yum.conf [main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log distroverpkg=system-release exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=3 deltarpm=0 timeout=5 retries=3 # by default the yum configuration will point to the latest release # of Amazon Linux AMI. If you prefer not to automatically move to # new releases, comment out this line. #releasever=2018.03 releasever=latest <<<<<<< Like so
2) Edit the /etc/yum.repos.d/amzn-updates.repo file, and remove the "-$guid" from the [amzn-updates] section, like so:
$ sudo vi /etc/yum.repos.d/amzn-updates.repo # Originally, it was like: [amzn-updates] name=amzn-updates-Base mirrorlist=http://repo.$awsregion.$awsdomain/$releasever/updates/mirror.list-$guid # Change it to: [amzn-updates] name=amzn-updates-Base mirrorlist=http://repo.$awsregion.$awsdomain/$releasever/updates/mirror.list
(In Amazon Linux 2, there is no "-$guid" in the /etc/yum.repos.d/amzn2-extras.repo)
3) Clear yum cache:
$ sudo yum clean all
4) Update:
$ sudo yum update -y
5) Check that the package list has updated:
$ yum --showduplicates list glibc Loaded plugins: priorities, update-motd, upgrade-helper amzn-updates/latest/primary_db FAILED http://packages.us-west-1.amazonaws.com/2018.03/updates/a7867d8d592e/x86_64/repodata/primary.sqlite.bz2?instance_id=i-086bf740f0950be9c®ion=us-west-2: [Errno -1] Metadata file does not match checksum Trying other mirror. amzn-updates/latest/primary_db | 2.9 MB 00:00:00 Installed Packages glibc.x86_64 2.17-292.180.amzn1 @amzn-updates Available Packages glibc.i686 2.17-196.172.amzn1 amzn-main glibc.x86_64 2.17-196.172.amzn1 amzn-main glibc.i686 2.17-222.173.amzn1 amzn-updates glibc.x86_64 2.17-222.173.amzn1 amzn-updates glibc.i686 2.17-260.175.amzn1 amzn-updates glibc.x86_64 2.17-260.175.amzn1 amzn-updates glibc.i686 2.17-292.178.amzn1 amzn-updates glibc.x86_64 2.17-292.178.amzn1 amzn-updates glibc.i686 2.17-292.180.amzn1 amzn-updates glibc.x86_64 2.17-292.180.amzn1 amzn-update
References:
[1] https://aws.amazon.com/amazon-linux-ami/faqs/
How to gather more info about a package
To get more information about a package, such as if you want to know what repository it is coming from, license/who owns it or developed it, version, URL, etc. you can run: yum info <package> like so:
$ yum info cuda-driver-devel-11-1.x86_64 . . . Available Packages Name : cuda-driver-devel-11-1 Version : 11.1.74 Release : 1 Architecture : x86_64 Size : 33 k Source : cuda-cudart-11-1-11.1.74-1.src.rpm Repository : CES-Virtual Summary : CUDA Driver native dev stub library URL : http://nvidia.com License : NVIDIA Proprietary Description : CUDA Driver native dev stub library
How to view YUM install job history
You can use yum history list:
$ sudo yum history list
Updating Subscription Management repositories.
ID | Command line | Date and time | Action(s) | Altered
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
9 | -y install google-chrome | 2024-11-21 10:13 | Install | 7 EE
8 | install firefox | 2024-11-21 10:12 | I, U | 7
7 | group install GNOME base-x Fonts | 2024-11-21 09:59 | I, U | 648
6 | | 2024-11-13 06:55 | I, U | 32 <
5 | -y install perl nscd | 2024-10-28 14:40 | Install | 157 >
4 | update -y | 2024-10-28 14:37 | I, U | 139
3 | remove containers-common -y | 2024-10-28 14:36 | Removed | 19
2 | -y install katello-host-tools katello-host-tools-tracer | 2024-10-28 14:36 | Install | 2 <
1 | | 2024-10-28 14:11 | Install | 664 >E
Add notes
https://access.redhat.com/solutions/265523 https://www.redhat.com/files/summit/session-assets/2018/S1359-Moving-your-physical-Red-Hat-Enterprise-Linux-servers-to-Azure-or-AWS-Distribution.pdf https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-setting_repository_options https://access.redhat.com/solutions/253273 https://serverfault.com/questions/892354/what-is-the-difference-between-base-url-and-mirrorlist-in-yum
Apt
(Debian and Ubuntu)
https://www.cyberciti.biz/faq/what-does-sudo-apt-get-update-command-do-on-ubuntu-debian/
apt-get update vs upgrade
apt-get update updates the list of available packages and their versions, but it does not install or upgrade any packages. apt-get upgrade actually installs newer versions of the packages you have. After updating the lists, the package manager knows about available updates for the software you have installed.
List of Repositories
For Debian and Ubuntu, the repositories will be in the file /etc/apt/sources.list.
Example:
- Debian9 by default:
admin@ip-172-31-27-85:~$ cat /etc/apt/sources.list deb http://cdn-aws.deb.debian.org/debian stretch main deb http://security.debian.org/debian-security stretch/updates main deb http://cdn-aws.deb.debian.org/debian stretch-updates main
- Ubuntu is pretty much the same.
How to find if a package is installed
Find out if a package is installed using the rpm command:
$ rpm -qa httpd httpd-2.4.46-1.amzn2.x86_64 $ rpm -qa | grep httpd httpd-2.4.46-1.amzn2.x86_64 httpd-filesystem-2.4.46-1.amzn2.noarch httpd-tools-2.4.46-1.amzn2.x86_64 generic-logos-httpd-18.0.0-4.amzn2.noarch
Find out if a package is installed using the yum command:
$ yum list installed httpd Loaded plugins: extras_suggestions, langpacks, priorities, update-motd 224 packages excluded due to repository priority protections Installed Packages httpd.x86_64 2.4.46-1.amzn2 @amzn2-core
How to query information about a package
$ rpm -qi httpd Name : httpd Version : 2.4.46 Release : 1.amzn2 Architecture: x86_64 Install Date: Tue 23 Feb 2021 03:56:26 PM UTC Group : System Environment/Daemons Size : 4185459 License : ASL 2.0 Signature : RSA/SHA256, Mon 14 Sep 2020 08:55:59 PM UTC, Key ID 11cf1f95c87f5b1a Source RPM : httpd-2.4.46-1.amzn2.src.rpm Build Date : Mon 24 Aug 2020 06:55:03 PM UTC Build Host : build.amazon.com Relocations : (not relocatable) Packager : Amazon Linux Vendor : Amazon Linux URL : https://httpd.apache.org/ Summary : Apache HTTP Server Description : The Apache HTTP Server is a powerful, efficient, and extensible web server.
How to search and download kernel-devel package that is not available in the repositories by using RPM
1) Use http://rpm.pbone.net/ to search for the package. Then click on the package you want based on your OS.
2) Right click on the package and copy link.
2) Use wget to download the package:
# wget ftp://ftp.pbone.net/mirror/vault.centos.org/6.8/updates/x86_64/Packages/kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm --2021-04-29 23:20:30-- ftp://ftp.pbone.net/mirror/vault.centos.org/6.8/updates/x86_64/Packages/kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm => “kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm” Resolving ftp.pbone.net... 93.179.225.212 Connecting to ftp.pbone.net|93.179.225.212|:21... connected. Logging in as anonymous ... Logged in! ==> SYST ... done. ==> PWD ... done. ==> TYPE I ... done. ==> CWD (1) /mirror/vault.centos.org/6.8/updates/x86_64/Packages ... done. ==> SIZE kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm ... 11105876 ==> PASV ... done. ==> RETR kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm ... done. Length: 11105876 (11M) (unauthoritative) 100%[==================================================================================================>] 11,105,876 4.32M/s in 2.5s 2021-04-29 23:20:34 (4.32 MB/s) - “kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm” saved [11105876]
4) Check to see if it downloaded:
# ls -al kern* -rw-r--r--. 1 root root 33393432 Apr 29 23:13 kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm
5) Use rpm to install the package:
# rpm -i kernel-devel-2.6.32-642.11.1.el6.x86_64.rpm
6) Check to see if it was installed:
# rpm -qa | grep kernel kernel-devel-2.6.32-642.11.1.el6.x86_64
7) To uninstall:
# rpm -e kernel-devel-2.6.32-642.11.1.el6.x86_64 # rpm -qa | grep kernel
How to install RPM packages that are older than the currently installed one
---
If you are trying to manually install an older RPM package than what is already installed, then follow the same steps above but use # rpm -ivh --oldpackage <rpmpackage. Example:
# wget ftp://ftp.pbone.net/mirror/vault.centos.org/7.7.1908/cr/x86_64/Packages/kernel-3.10.0-1127.el7.x86_64.rpm # rpm -ivh --oldpackage kernel-3.10.0-1127.el7.x86_64.rpm
Could not contact any CDS load balancers: rhui2-cds01.us-east-1.aws.ce.redhat.com, rhui2-cds02.us-east-1.aws.ce.redhat.com.
RHUI2 is the older version of RHUI client and hence we must update the version so that it can connect to the RHUI3 servers.
Red Hat migrated their Red Hat Update Infrastructure (RHUI) from RHUI version 2 to RHUI version 3.
https://access.redhat.com/articles/4599971
https://access.redhat.com/articles/5215331
https://access.redhat.com/articles/4720861
In this example, I used RHEL 7.1 (3.10.0-229.el7.x86_64) in us-east-1 using AMI "ami-12663b7a". To resolve this:
1) launch a new EC2 instance with latest version of RHEL 7 (I used latest 7.9 (ami-0051b1b2c5a166c8c)) and login to the new EC2 instance. Once you login to the instance, run the below command to download the latest rhui client package.
$ sudo yum install --downloadonly --downloaddir=/home/ec2-user/ rh-amazon-rhui-client.noarch $ ls -al /home/ec2-user total 48 drwx------. 3 ec2-user ec2-user 126 Aug 3 17:47 . drwxr-xr-x. 3 root root 22 Aug 3 17:46 .. -rw-r--r--. 1 ec2-user ec2-user 18 Oct 27 2021 .bash_logout -rw-r--r--. 1 ec2-user ec2-user 193 Oct 27 2021 .bash_profile -rw-r--r--. 1 ec2-user ec2-user 231 Oct 27 2021 .bashrc -rw-r--r--. 1 root root 34372 May 12 05:41 rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm drwx------. 2 ec2-user ec2-user 29 Aug 3 17:46 .ssh
2) Copy the downloaded rpm package to all the impacted EC2 instance (RHEL 7 only). Possible options:
- Rsync/scp from one host to the other
$ rsync -avpe "ssh -i /home/ec2-user/.ssh/ec2_nva_key.pem" /home/ec2-user/rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm ec2-user@34.229.152.120:/home/ec2-user/ or $ scp -i <keypair> <rhui client package name> ec2-user@<destination_public-or-private-ip>:/destination_path
- Download to your desktop then copy to the impacted instance
- Upload to S3, and download from S3
3) In the problematic instance, follow the below steps (To avoid dependencies while installing the packages use rpm utility with below options. )
$ sudo yum remove -y rh-amazon-rhui-client $ sudo yum localinstall rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm
4) Confirm installation:
$ rpm -qa | grep rhui rh-amazon-rhui-client-4.0.4-1.el7.noarch
5) Now if you try to run sudo yum update you may get the error curl#35 - "Peer reports incompatible or unsupported protocol version.". To resolve this:
5A) Move current RHEL repository to some other directory.
$ sudo mv /etc/yum.repos.d /etc/yum.repos.d.backup
5B) Create new repository directory.
$ sudo mkdir /etc/yum.repos.d
5C) Please copy the content of "Centos.repo" attached in this correspondence and paste inside repository directory.
$ sudo vi /etc/yum.repos.d/CentOS.repo [base] name=CentOS-$releasever - Base mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ gpgcheck=0 #released updates [updates] name=CentOS-$releasever - Updates mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=updates&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ gpgcheck=0 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras mirrorlist=http://mirrorlist.centos.org/?release=7&arch=$basearch&repo=extras&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ gpgcheck=0
5D) Update curl via Centos's "base" and "updates" repositories.
$ sudo yum update curl
5E) Move CentOS repository to some other directory (Later you may remove this).
$ sudo mv /etc/yum.repos.d /etc/yum.repos.d.centos
5F) Move RHEL repository back to original directory.
$ sudo mv /etc/yum.repos.d.backup /etc/yum.repos.d
6) Yum update should now work:
$ sudo yum update
https://rhui.us-east-1.aws.ce.redhat.com/pulp/content/rhui-client-config/rhel/server/7/x86_64/os/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found
If you get this error, the resolution steps is similar to the above. This can happen on RHEL 7.2+. This issue is also due to RHU2, which can be resolved by upgrading to RHUI3/4:
In this example, I used RHEL 7.2 in us-east-1 using AMI "ami-f8586892". To resolve this:
1) launch a new EC2 instance with latest version of RHEL 7 (I used latest 7.9 (ami-0051b1b2c5a166c8c)) and login to the new EC2 instance. Once you login to the instance, run the below command to download the latest rhui client package.
$ sudo yum install --downloadonly --downloaddir=/home/ec2-user/ rh-amazon-rhui-client.noarch $ ls -al /home/ec2-user total 48 drwx------. 3 ec2-user ec2-user 126 Aug 3 17:47 . drwxr-xr-x. 3 root root 22 Aug 3 17:46 .. -rw-r--r--. 1 ec2-user ec2-user 18 Oct 27 2021 .bash_logout -rw-r--r--. 1 ec2-user ec2-user 193 Oct 27 2021 .bash_profile -rw-r--r--. 1 ec2-user ec2-user 231 Oct 27 2021 .bashrc -rw-r--r--. 1 root root 34372 May 12 05:41 rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm drwx------. 2 ec2-user ec2-user 29 Aug 3 17:46 .ssh
2) Copy the downloaded rpm package to all the impacted EC2 instance (RHEL 7 only). Possible options:
- Rsync/scp from one host to the other
$ rsync -avpe "ssh -i /home/ec2-user/.ssh/ec2_nva_key.pem" /home/ec2-user/rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm ec2-user@34.229.152.120:/home/ec2-user/ or $ scp -i <keypair> <rhui client package name> ec2-user@<destination_public-or-private-ip>:/destination_path
- Download to your desktop then copy to the impacted instance
- Upload to S3, and download from S3
3) In the problematic instance, follow the below steps (To avoid dependencies while installing the packages use rpm utility with below options. )
$ sudo yum remove -y rh-amazon-rhui-client $ sudo yum localinstall rh-amazon-rhui-client-4.0.4-1.el7.noarch.rpm
4) Confirm installation:
$ rpm -qa | grep rhui rh-amazon-rhui-client-4.0.4-1.el7.noarch
5) Yum should now work.
How to view source code of a command
153 yumdownloader --source systemd-208-20.el7_1.5.x86_64 ...move it into some directory 157 rpm2cpio systemd-208-20.el7_1.5.src.rpm | cpio -idmv 159 xz -d systemd-208.tar.xz 161 tar -xf systemd-208.tar 163 grep -iR "ExecStart setting. Refusing." ./*
How to use the DVD of RHEL as repo
- You have to make the /mnt/rhel5dvd/ directory:
(not sure if mediaid is necessary as it seemed to have worked on my RHEL6.9 without it)
# cat /etc/yum.repos.d/dvd.repo [dvd-Server] mediaid=1409145026.642170 name=RHEL 5 Server DVD baseurl=file:///mnt/rhel5dvd/Server gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release enabled=1 gpgcheck=1
Enable EPEL on RHEL
sudo yum install epel-release
How to Lock a Specific Package
If you want to lock a package, such as the kernel so that you can prevent other kernels from getting installed, you can edit the following file and list the packages you want to lock:
$ dzdo cat /etc/dnf/dnf.conf | grep -i exclude exclude=kernel* kmod-kvdo