\input{beamer-slide-header}% \usepackage{calc,key,array,textcomp,varioref} %\usepackage{longtable} \usepackage{supertabular} \errorcontextlines=99 \title{RPM and Yum}% <=== FILL THIS IN \date{}% <=== FILL THIS IN \author[Nick Urbanik]{Nick Urbanik \texttt{}\\ {\scriptsize This document Licensed under GPL---see section~\ref{sec:license}}}% \subtitle{How to manage your packages without UPS}% <=== FILL THIS IN %\mode
{\chead{}}% \begin{document} \maketitle \mode
{\thispagestyle{empty}} \begin{frame} \frametitle{Outline} \mode {% %\footnotesize \begin{multicols}{2} \tableofcontents \end{multicols} % You might wish to add the option [pausesections] }% \mode
{% \tableofcontents }% \end{frame} %[<+->] \section{What is RPM?} \label{sec:} \begin{frame}[<+->] \frametitle{What is RPM?} \begin{itemize} \item RPM stands for The RPM Package Manager. \begin{itemize} \item It used to stand for Red Hat Package Manager \end{itemize} \item It is used to manage \alert{packages}. \begin{itemize} \item ``Oh, I \alert{see}.'' \item \ldots{} no I don't\ldots \end{itemize} \end{itemize} \end{frame} \subsection{What is a Package?} \label{sec:what-is-a-package} \begin{frame} \frametitle{What is an RPM Package?} \begin{itemize} \item It's a piece of software, all put in one RPM file \item \raggedright For example, I am using the\ldots{} let's see\ldots\linebreak \cmd{rpm -q evince}\linebreak \texttt{evince-0.5.1-3}\linebreak \ldots{}software package to display these notes. \item The \alert{name} of the package is \texttt{evince}. \item The \alert{version} of the package is 0.5.1 \item The \alert{release} is 3. \end{itemize} \end{frame} % \item \ldots{}But this software won't work without some other stuff: \begin{frame} \frametitle{An RPM Package usually contains files} \begin{itemize} \item \raggedright My \texttt{evince} package has files inside:\linebreak% \cmd{rpm -ql evince}\linebreak% \texttt{/etc/gconf/schemas/evince-thumbnailer.schemas\linebreak% /etc/gconf/schemas/evince.schemas\linebreak% /usr/bin/evince\linebreak% \ldots\linebreak% /usr/share/omf/evince/evince-sr.omf\linebreak% /usr/share/omf/evince/evince-uk.omf } \end{itemize} \end{frame} \subsection{Why should I have packages? Why not just zip files or something?} \label{sec:why-packages} \begin{frame} \frametitle{Why should I have packages? Why not just zip files or something?} \begin{itemize} \item We could just have zip files, or tar balls, or something like that, with just the files inside? \item It could work. \item So why have RPM packages? \end{itemize} \end{frame} \subsection{Advantages of RPM packages} \label{sec:advantages} \begin{frame} \frametitle{Advantages of RPM packages} \begin{itemize} \item You can install a new package easily with one operation \item You can uninstall a package just as easily \item the package can contain information about what else it needs to work properly \item RPM won't clobber configuration files, and does sensible things with them \item The RPM system includes a database with lots of information about how the files should be installed, their size, owner, type,\ldots \end{itemize} \end{frame} \section{RPM Commands} \begin{frame} \frametitle{RPM Commands}% There are seven main RPM operations: \begin{itemize} \item For installing software packages: \begin{itemize} \item \alert{update}, \alert{install}, \alert{freshen} \end{itemize} \item For making \alert{queries} \item for \alert{erasing} packages \item for \alert{verifying} that a software package is correctly installed \item for \alert{checking signatures} --- verifying that an RPM package file is really from the people you trust, and not from Joe Trojan Cracker \end{itemize} \end{frame} \subsection{Queries} \begin{frame} \frametitle{Queries} \begin{itemize} \item You saw above that I can list the files with\linebreak% \cmd{rpm -ql evince} \item I can also see information about the package with \linebreak% \cmd{rpm -qi evince} \item Try it now! \end{itemize} \end{frame} \mode
\section{Mount the NFS disk} \label{sec:mount} \begin{enumerate} \item I have put some RPM packages on our NFS server, ``\texttt{gw}'' \item I would like you to ``mount'' the directory \path{/inst_disk/ppracer} from that server \item To do that: \begin{enumerate} \item Set up \texttt{sudo} (see my handout on \texttt{sudo}) \item Create a directory to mount this directory on:\linebreak% \cmd{mkdir $\sim$/mnt} \item Now mount the NFS directory on the directory you just made:\linebreak% \cmd{sudo mount gw:/inst\_disk/ppracer $\sim$/mnt} \item Now change to that directory and list the files:\linebreak% \cmd{cd $\sim$/mnt}\linebreak% \cmd{ls -l} \item What do you see? \end{enumerate} \end{enumerate} \mode \subsection{Install} \begin{frame} \frametitle{Install} \begin{itemize} \item This will install a software package, regardless of whether there is a previous version installed \item This is always the right thing to do for kernels. \end{itemize} \end{frame} \mode
\subsection{Installing a Kernel} \label{sec:installing-kernel} \begin{enumerate} \item See what kernels are installed:\linebreak% \cmd{rpm -q kernel} \item Change to where you mounted your NFS disk \item list the files to see if you can find the kernel RPM \item install it with:\linebreak \cmd{sudo rpm -ihv kernel-2.6.16-1.2069\_FC4.i686.rpm} \item See what kernels are installed again:\linebreak% \cmd{rpm -q kernel} \end{enumerate} \mode \subsection{Update} \begin{frame} \frametitle{Update} \begin{itemize} \item Install a package if it is not installed, or \item install a newer version if there is a newer version available\ldots \item \ldots{} otherwise, do nothing. \item Let's use this command to install the wonderful Planet Penguin Racer game: \item \cmd{cd $\sim$/mnt} \item \cmd{ls -l} \item \cmd{sudo rpm -Uhv \$(ls|grep -v kernel)} \end{itemize} \end{frame} \subsection{Freshen} \begin{frame} \frametitle{Freshen} \begin{itemize} \item Install a new version of a package only if an older one is already installed, otherwise do nothing. \end{itemize} \end{frame} \subsection{Erasing} \begin{frame} \frametitle{Erasing} \begin{itemize} \item Remove a package:\linebreak% \cmd{sudo rpm -e ppracer} \end{itemize} \end{frame} \subsection{Verfying} \begin{frame} \frametitle{Verfying} \begin{itemize} \item Checking the files in a package all match the original data \item If it doesn't match, then flags show this: \renewcommand*{\extrarowheight}{0pt}% {\mode{\footnotesize}% \par\noindent% \begin{tabular}[t]{@{}ll@{}} \toprule% \emph{flag} & \emph{what it means}\\ \midrule% S &file \alert{S}ize differs\\ M &\alert{M}ode differs (includes permissions and file type)\\ 5 &MD\alert{5} sum differs\\ D &\alert{D}evice major/minor number mismatch\\ L & symbolic \alert{L}ink points to wrong place\\ U &\alert{U}ser ownership differs\\ G &\alert{G}roup ownership differs\\ T &m\alert{T}ime differs\\ C &selinux security \alert{C}ontext differs\\ \bottomrule% \end{tabular}% }% \end{itemize} \cmd{\$ rpm -V setup}\linebreak% \mode{\footnotesize\par\vspace*{-3ex}\par}% \texttt{S.5....T. c /etc/aliases\linebreak% S.5....TC c /etc/bashrc\linebreak% ........C c /etc/exports\linebreak% S.5....T. c /etc/printcap\linebreak% S.5....TC c /etc/profile\linebreak% S.?....T. c /etc/securetty} \end{frame} \subsection{Checking Digital Signatures} \begin{frame} \frametitle{Checking Digital Signatures} \begin{itemize} \item First, you need to \alert{import} the public keys that are provided by Fedora:\linebreak% \cmd{sudo rpm -{}-import /etc/pki/rpm-gpg/RPM-GPG-KEY*} \item \cmd{rpm -K \meta{package-file.rpm}} \end{itemize} \end{frame} \mode
\subsection{Exercise with signatures} \label{sec:signature-exercises} \begin{enumerate} \item Go to the NFS mounted directory:\linebreak% \cmd{cd $\sim$/mnt}\linebreak% \ldots{} and check the file are there:\linebreak% \cmd{ls} \item Check the signatures on all the files:\linebreak% \cmd{rpm -K *.rpm} \item If you get messages about keys missing, then \alert{import} them:\linebreak% \cmd{sudo rpm -{}-import /etc/pki/rpm-gpg/RPM-GPG-KEY*} \item \ldots{} then check the signatures again:\linebreak% \cmd{rpm -K *.rpm} \end{enumerate} \mode \section{RPM Command Examples} \begin{frame} \frametitle{RPM Command Examples} \mode{\small}% \noindent% \begin{tabularx}{\linewidth}{@{}>{\ttfamily}lY@{}} \toprule% \textnormal{command} & effect\\ \midrule% rpm -qa \textbar{} less & list all installed software packages\\ rpm -q httpd & show the version of the httpd package, if it is installed \\ rpm -qa \textbar{} grep httpd & show all installed packages that have \emph{httpd} in their name\\ rpm -ql httpd & \textbf{\textit{l}}ist all files in the httpd package \\ rpm -qd httpd & list all \textbf{\textit{d}}ocumentation files in the httpd package \\ rpm -qc httpd & list all \textbf{\textit{c}}onfiguration files in the httpd package \\ rpm -qi httpd & display \textbf{\textit{i}}nformation about the package \\ rpm -V httpd & \textbf{\textit{v}}erify that the \texttt{httpd} package is correctly installed\\ rpm -qf /etc/passwd & determine which package the \texttt{/etc/passwd} \textbf{\textit{f}}ile belongs to\\ \bottomrule \end{tabularx}% \end{frame} \subsection{A quick comparison with \texttt{dpkg}} \begin{frame} \frametitle{A quick comparison with \texttt{dpkg}} \noindent% \begin{tabularx}{\linewidth}{@{}>{\ttfamily}lY@{}} \toprule% \textnormal{command} & effect\\ \midrule% dpkg --list \textbar{} less & list all installed software packages\\ dpkg -l httpd & show the version of the \texttt{httpd} package, if it is installed \\ dpkg --list \textbar{} grep httpd & show all installed packages that have \emph{httpd} in their name\\ dpkg --listfiles httpd & list all files in the \texttt{httpd} package \\ %% dpkg -qld apache & list all documentation files in the apache package \\ %% dpkg -qlc apache & list all configuration files in the apache %% package \\ dpkg --print-avail httpd & display information about the package \\ %% dpkg -V apache & verify that the apache package is correctly %% installed\\ dpkg -S /etc/passwd & determine which package the \texttt{/etc/passwd} file belongs to\\ \bottomrule \end{tabularx}% \end{frame} \section{Yum --- Sounds delicious!} \begin{frame} \frametitle{Yum} \begin{itemize} \item Yum is a high level wrapper for RPM \item Uses the information in the RPM packages to figure out what things to install \item downloads the files you need, and installs them, lovingly taking care of which packages depend on what. \end{itemize} \end{frame} \subsection{Why not stick with RPM?} \begin{frame} \frametitle{Why not stick with RPM?} \begin{itemize} \item RPM is good, but it's too low level to easily manage all the packages on the system \item Yum uses the information in the RPM database, and the RPM files themselves to make sure that each software package has everything it needs. \end{itemize} \end{frame} \subsection{What's all this primative text stuff?} \begin{frame} \frametitle{What's all this primative text stuff?} \begin{itemize} \item There are many GUI programs that use yum as their backend \item I have never used any of them, so your exercise is to Google for them! \end{itemize} \end{frame} \section{Updates} \begin{frame} \frametitle{Updates} \begin{itemize} \item Software has bugs \item Fedora particularly has many new versions of software that are being made available, since it aims to provide the current version of most pieces of software. \item Fedora has more updates than any other stable distribution I know of. \item Only a few are for security reasons, most are for updates. \end{itemize} \end{frame} \subsection{Why update? Why not update?} \begin{frame} \frametitle{Why update? Why not update?} \begin{block}{Why update?} \begin{itemize} \item The easiest systems to crack have no updates. \end{itemize} \end{block} \begin{block}{Why not update?} \begin{itemize} \item Updating can break a working system \item But that doesn't stop me from keeping my systems updated! \item \ldots{} but not good if your business loses thousands of dollars per second of downtime. \begin{itemize} \item In such cases, you have a test system where you test the updates first, check they don't stop your applications from working \end{itemize} \end{itemize} \end{block} \end{frame} \subsection{How to update} \begin{frame} \frametitle{How to update} \begin{block}{Do this once only:} \begin{itemize} \item Ensure your own account is in the \texttt{sudoers} file \begin{itemize} \item see the \texttt{sudo} handout \end{itemize} \item set your \texttt{http\_proxy} environment variable \begin{itemize} \item See the next section: \vref{sec:setting-http_proxy} \end{itemize} \end{itemize} \end{block} \begin{block}{Do this for each update:} \begin{itemize} \item then do:\linebreak% \cmd{sudo yum -y update} \item and watch it go. \end{itemize} \end{block} \end{frame} \subsection{Setting \texttt{http\_proxy}} \label{sec:setting-http_proxy} \begin{frame} \frametitle{Setting \texttt{http\_proxy}} If access to web servers on the Internet is blocked by a firewall, and a proxy server is required, such as here in the TAFE: \begin{itemize} \item You need to set the \texttt{http\_proxy} environment variable. \item The proxy server here has the DNS name ``\texttt{gw}'', and listens on port 5865 \ldots \item \ldots\ so set the \texttt{http\_proxy} like this:\linebreak% \texttt{export http\_proxy=http://gw:5865/} \item The best thing to do is to edit your login script $\sim$\texttt{/.bash\_profile} and add it at the end:\linebreak% \texttt{emacs $\sim$/.bash\_profile \&} \item Then log out and log in\ldots \item You should be able to see the value now:\linebreak% \cmd{echo \$http\_proxy}\linebreak% \texttt{http://gw:5865/} \end{itemize} \end{frame} \section{The ``repos'': repositories} \begin{frame} \frametitle{The ``repos'': repositories} \begin{itemize} \item In the \path{/etc/yum.repos.d} directory are some files that end with ``\texttt{.repo}'' \item You can change these, add other repos (such as dag, freshrpms, atrpms, livna) \item You can also change the \texttt{baseurl} to a local Australian mirror (see \url{http://fedora.redhat.com/Download/mirrors.html} for a list of Australian mirrors) \end{itemize} \end{frame} \subsection{Adding extras} \begin{frame} \frametitle{Adding extras} \begin{itemize} \item Well, the fedora extras repository is already enabled, so nothing to do here. \end{itemize} \end{frame} \subsection{Digital signatures} \begin{frame} \frametitle{} \begin{itemize} \item If you add the \texttt{dag}, \texttt{freshrpms}, \texttt{atrpms} or \texttt{livna} repositories, you should import their public keys, and enable checking the GPG signatures of the packages. \item For example, here is my \path{/etc/yum.repos.d/dag.repos} file: \texttt{[dag]\linebreak% name=Dag RPM Repository for Fedora Core\linebreak% baseurl=http://apt.sw.be/fedora/\$releasever/en/\$basearch/dag/\linebreak% enabled=1\linebreak% gpgcheck=1 } \end{itemize} \end{frame} \section{Some Things to Read} \label{sec:things-to-read} \begin{frame}%[allowframebreaks] \mode{\frametitle{Resources}}% \begin{thebibliography}{5} % None of these affects how cite appears, only how the bibitem appears. % \beamertemplatebookbibitems makes little pictures of books in bib. \beamertemplatebookbibitems % \beamertemplatearticlebibitems makes little pictures of text in bib. % \beamertemplatearticlebibitems % \beamertemplatetextbibitems uses [1], [2] or [optional] in bib. % \beamertemplatetextbibitems % \beamertemplatearrowbibitems make little arrows (like ordinary items) % \beamertemplatearrowbibitems \bibitem{Wil2002} Dr. Peter Salus. \newblock% \emph{The Daemon, the GNU \& the Penguin}. \newblock% Grocklaw 2006. \newblock% \url{http://www.groklaw.net/staticpages/index.php?page=20051013231901859}. \beamertemplatearticlebibitems% % \bibitem{GPL2} % GNU General Public License. % \newblock% % \url{http://www.gnu.org/copyleft/gpl.html} \bibitem{rpmefj} Eric Foster-Johnson. \newblock% \emph{RPM Guide}. \newblock% \url{http://fedora.redhat.com/docs/drafts/rpm-guide-en/} \bibitem{rpm.org} \emph{The RPM Package Manager}. \newblock% \url{http://rpm.org/} \bibitem{yumwiki} Wikipedia entry. \newblock% \emph{Yellow dog Updater, Modified}. \newblock% \url{http://en.wikipedia.org/wiki/Yellow_dog_Updater,_Modified} \end{thebibliography} \end{frame} \mode {% \begin{frame} \frametitle{Topics Covered} \footnotesize %\begin{multicols}{2} \tableofcontents[pausesections,pausesubsections] %\end{multicols} % You might wish to add the option [pausesections] \end{frame} } \section{License Of This Document} \label{sec:license} \begin{frame} \frametitle{License Of This Document} \raggedright% Copyright \copyright\ 2006 Nick Urbanik \par You can redistribute modified or unmodified copies of this document provided that this copyright notice and this permission notice are preserved on all copies under the terms of the GNU General Public License as published by the Free Software Foundation---either version 2 of the License or (at your option) any later version. \end{frame} \end{document}