Shulou(Shulou.com)06/01 Report--

Upgrade of the package:

Upgrade the rpm package:

Format: rpm {- U |-- upgrade} [install-options] PACKAGE_FILE...

Options:

-U: indicates upgrade or installation

-F: upgrade only

Additional common options for upgrades:

-- oldpackage: downgrade

Why is it downgraded?

When a package is upgraded and found to be incompatible and unusable, we roll back. Restore the program to the original version. )

-- force: force upgrade

(why do I have to force an upgrade?

Sometimes when we upgrade to a newer version, because of the dependency problem, it is very likely that the old version of the package is dependent on other packages, but the new package cannot satisfy the previous dependency. because it depends on the function of the old program has, the new version of the program has not been replaced, so now the upgrade will have conflicts and even error reports Because the integrity of the dependency may be affected after the upgrade, if we want to ignore the mandatory upgrade of the calendar dependency, then we need to force the upgrade. )

The real use of upgrading the rpm package:

Rpm-Uvh PACKAGE_FILE. / / the ellipsis after it indicates that multiple packages can be installed at the same time.

Or

Rpm-Fvh [PACKAGE_FILE.

Note: the difference between the above two options-U and-F is that-U performs the installation operation when the package is not available, and the upgrade operation is performed when the package is not available, while option-F performs the upgrade if the original package is present, and nothing is done without it.

Note:

(1) do not upgrade the kernel

(for example, for kernel 4.0, you have to restart the system before upgrading, so once we upgrade the kernel, it means that we need to restart the system to enable the new kernel, or even if we don't restart now, the next reboot will enable the new kernel, what if the new kernel is not compatible with our version? Won't it start? So what should we do at this time? We need to get into rescue mode. Therefore, upgrading the kernel is not recommended. So if I don't upgrade, I can hopefully test the new version.

So there is a way that linux supports the coexistence of multiple kernel versions, so when we plan to upgrade the kernel, we can install the new kernel directly. )

(2) if the configuration file of an original package has been modified after installation, the same configuration file provided by the new version of the program will not overwrite the configuration file of the original version, but will be renamed and saved. The renamed format: FILENAME.rpmnew: the name of the original file is followed by ".rpmnew".

Demo operation of upgrade package: (on centos7)

(1) We go to Aliyun's mirror website to download a package, we upgrade the zsh installed last time his version is zsh-4.3.11-4.el6.centos.2.x86_64.rpm, to view the currently installed version of the program, we can use the command "rpm-ql the first character of the program" on the command line and then tab key to complete, we can view the version of a program we installed.

Let's go to the website "mirrors.aliyun.com" and then go to the following directory:

Http://mirrors.aliyun.com/centos/7.2.1511/updates/x86_64/Packages/ found the latest version of zsh to download.

(2) We copy this package to the linux system through Xshell as a remote connection tool.

We copy this package to the root user's home directory.

Second, when our system is a linux system, after we download the "zsh" program, and then if we need to send the program from one host to another for installation, then we need to use the Xshell tool to execute the following command on the command line:

[root@centos6 ~] # scp / root/zsh-5.0.2-14.el7_2.2.x86_64.rpm 192.168.178.131:/root/

The authenticity of host '192.168.178.131 (192.168.178.131)' can't be established.

RSA key fingerprint is64:8c:31:ff:e7:e2:58:31:1e:b7:b6:f2:75:fc:e0:8a.

Are you sure you want to continueconnecting (yes/no)? Y

Please type 'yes' or' no': yes

Warning: Permanently added'192.168.178.131' (RSA) to the list of known hosts.

Root@192.168.178.131's password: you need to enter the password of the host of the other party

Zsh-5.0.2-14.el7_2.2.x86_64.rpm 100% 2434KB 2.4MB/s 00:00

[root@centos6 ~] #

If we copy this package to an ordinary user's home directory on the other host: then the other host IP needs to add the ordinary user's name in front of it, and use @ connection to copy the ordinary user's home directory, we should note that it is / home/USERNAME

[root@centos6 ~] # scp zsh-5.0.2-14.el7_2.2.x86_64.rpm dong@192.168.178.131:/home/dong

Dong@192.168.178.131's password:

Zsh-5.0.2-14.el7_2.2.x86_64.rpm 100% 2434KB 2.4MB/s 00:00

[root@centos6 ~] #

(3) upgrade zsh

[root@centos7] # rpm-Uvh zsh-5.0.2-14.el7_2.2.x86_64.rpm

Warning: zsh-5.0.2-14.el7_2.2.x86_64.rpm: header V3 RSA/SHA256Signature, key ID f4a80eb5: NOKEY

Preparing. # # [100%]

Upgrading / installing...

1:zsh-5.0.2-14.el7_2.2 # # [50%]

Cleaning / deleting.

2:zsh-5.0.2-14.el7 # # [100%]

[root@centos7] # rpm-Q zsh

Zsh-5.0.2-14.el7_2.2.x86_64

[root@centos7 ~] #

Uninstall the rpm package:

Format: rpm {- e |-- erase} [--allmatches] [--nodeps] [--noscripts] [--notriggers] [--test] PACKAGE_NAME.

In most cases, the option "- e" completes the uninstall operation.

Note: we install, upgrade, and query followed by PACKAGE_FILE, which is the path to install the package; but uninstall is PACKAGE_NAME, which is the name of the package.

Options:

-- allmatches: uninstalls all versions of packages that match the specified name

-- nodeps: ignore dependencies

-- test: test unload, dry run dry run mode

Query: is a very important function

Format:

Rpm {- Q |-- query} [select-options] [query-options]

Rpm-Q is followed by a suboption of [select-options] or [query-options]

There are two types of options:

Note that the following options should be used in conjunction with the "- Q" option

(1) Common options for [select-options]:

PACKAGE_NAME: when querying, specify the package name directly. This indicates that the query queries whether the specified package has been installed and its version.

Query all packages that have been installed, so there is no need to give packages.

(this "- a" option is particularly useful when we want to query whether a package is installed, but we only remember a few characters, and we can look it up in conjunction with the "grep" command. )

This is followed by a file path: this indicates that the query specifies which package the file was generated by.

-GMAT: indicates which packages are included in the package group specified by the query.

-pmam Murray package: it means to query uninstalled packages. It needs to be used in conjunction with the options in [query-options] [select-options] for general query.

-- whatprovidesCAPABILITY: query the specified function and which package is installed.

-- whatrequiresCAPABILITY: query the specified function and who depends on it.

(2) [query-options] Common options:

-- changelog: query the changelog of the rpm package

-lmaine Meltel list: list of all files generated by the installation of the program

-i.info: package related information, version number, size, package group to which it belongs, etc.

-c,-- configfiles: query the specified package configuration file

-d,-- docfiles: query the documents provided by the specified package

-- provides: lists all the CAPABILITY (features) provided by the specified package

-R,-- requires: indicates the dependency of querying the specified package

-- scripts: query the script snippet that comes with the specified package

Usage:

-qi PACKAGE,-qf FILE,-qc PACKAGE,-ql PACKAGE,-qd PACKAGE.

-qpi PACKAGE_FILE.-qpl PACAGE_FILE.-qpc PACKAGE_FILE,..

Demonstrate the use of the "--provides" and "whatprovides" options:

[root@centos7] # rpm-Q-provides bash

/ bin/bash

/ bin/sh

Bash = 4.2.46-19.el7

Bash (x86-64) = 4.2.46-19.el7

Config (bash) = 4.2.46-19.el7

[root@centos7] # rpm-Q-whatprovides bash

Bash-4.2.46-19.el7.x86_64

[root@centos7 ~] # rpm-Q-- whatprovides' config (bash)'/ / because parentheses have a special meaning in shell, use single quotation marks to indicate strong references.

Bash-4.2.46-19.el7.x86_64

[root@centos7 ~] #

Check:

Format:

Rpm {- V |-- verify} [select-options] [verify-options]

What is the meaning of their performance when performing a verification operation?

-- verify test:

S file Size differs / / indicates that the file size has changed

M Mode differs (includes permissions and file type) / / indicates that the file permissions have changed

5 digest (formerly MD5 sum) differs / / indicates that the MD5 code has changed

D Device major/minor number mismatch / / indicates a mismatch between primary and secondary device numbers

L readLink (2) path mismatch

U User ownership differs / / indicates that the owner has changed.

G Group ownership differs / / indicates that the group has changed.

T mTime differs / / indicates that the recent timestamp has changed

P caPabilities differ / / indicates that the development function has changed.

[root@centos7] # rpm-ivh zsh-5.0.2-14.el7_2.2.x86_64.rpm

Warning: zsh-5.0.2-14.el7_2.2.x86_64.rpm: header V3 RSA/SHA256Signature, key ID f4a80eb5: NOKEY

Preparing. # # [100%]

Upgrading / installing...

1:zsh-5.0.2-14.el7_2.2 # # [100%]

[root@centos7] # rpm-V zsh / / We use the uppercase "- V" option to verify that no information is output, indicating that our package has been installed successfully

[root@centos7 ~] #

[root@centos7 ~] # rpm-ql zsh / / check how many files zsh has installed

[root@centos7 ~] # file / usr/share/zsh/5.0.2/functions/zfparams / / find any file and see what format it is

/ usr/share/zsh/5.0.2/functions/zfparams: ASCII text

[root@centos7 ~] # vim / usr/share/zsh/5.0.2/functions/zfparams / / Edit this file, and then just add a # to the inside

[root@centos7] # rpm-V zsh / / check again and report an error when you find it

S.5....T. / usr/share/zsh/5.0.2/functions/zfparams / / S.5....T. Each point in this indicates this attribute, and the dot indicates that the attribute has not been modified. If this attribute is changed, it means the property of this attribute, or that character, S means size. When S appears, it means that the size has changed. If it does not appear, it means that the size has not changed. For example, if we add a character, it means that the size has changed. If we change only one character, it may be that the size has not changed, but if any information is changed, then his MD5 code will be changed. This 5 represents the data fingerprint information.

Through the above demonstration example, we found that the role of validation: when we install a package, we find that a file has been modified, but we confirm that we have never changed, in fact, we should know by now that there is an important rule in linux, no news is the best news. He did not tell us that there was anything wrong, which means that we have succeeded in installing some more programs, but if it is not a message that appears in lowercase "- v", I will take a look at it, which usually has to be noticed.)

Package source validity verification and integrity verification:

Verification of source legitimacy:

Integrity verification:

Get and import the secret key of the trusted package author:

(in fact, we can also look for this public key file in the directory "/ etc/pki/rpm-gpg", because this will automatically copy the secret key to this directory after we install the installation system.)

For cenots distributions: import files:

Rpm--import / etc/pki/rpm-gpg/ RPM-GPG-KEY-CentOS-7

Verify:

(1) when a program signed by a secondary organization is installed, verification is performed automatically:

(2) Manual verification: rpm-K PACKAGE_FILE

All digital signatures use their own private keys to encrypt the corresponding digital signatures of their own packages.

Digital signatures can perform two functions:

(1) verify the legitimacy of the source

(2) verify the integrity of the package

We also found that one-way encryption and private key encryption do not keep files secret.

Now that we have a package, how do we verify that the package is legal?

First of all, the maker of this package should first trust him. This is the first point. After the trusted organization has made the package, it needs to affix its own signature on the package. In the program, this is called a digital signature.)

Digital signature:

(so how is the digital signature implemented?

We talked about an encryption method called asymmetric encryption, that is, his secret key appears in pairs, one is called the public key and the other is called the private key, and the public key encrypted can only be decrypted using the paired private key, and vice versa. Then an organization or individual can sign with its own private key after making a package, and the public key is public after the package, so we can decrypt it with this public key. It can be said that this is, what kind of data are we encrypting? We can't encrypt the whole file so that people can't see it. It's just a signature. We encrypt the check code of the package. What is the check code? The check code is that we first use one-way encryption to calculate the signature of this package. We know that the signature is a fixed length, no matter how big our package is.

So the maker of the package first calculates the signature of the package with one-way encryption, outputs it with a fixed length, and then encrypts the signature with his own private key, which is called a digital signature, and appends the signature to the back of the package.

Then who can decipher it? Get the public key to decrypt, so the private key here is not for encryption purposes, but for verification purposes. Encryption with the public key is for source authentication. Is the data decrypted by the public key useful?

Of course, we can use the same algorithm to calculate the signature of this file, and then compare it with the decrypted signature, which means that the package has not been changed.

In fact, we have to understand that when we only do the package, use one-way encryption to calculate the signature, and then use our private key to encrypt the signature. Then the third party can use our public key to decrypt our encrypted signature, the third party can change our package, and he can also change our signature, but why not generally change it? Because once the signature is changed, he can only use his own private key to encrypt, then when our customers use our public key to decrypt, they will find that the package is not sent by us, so they will not use our package, so it is very simple that the general signature is not changed. )

Obtaining the public key legally is actually the most important step:

In fact, this step is very difficult. There is no foolproof security in the world. On the Internet, it is actually achieved through CA. CA is called a visa authority, or a third-party certificate authority. We now know that we need to assume that we can get the public key through a legal channel. As for how to get it, I'll talk about it in detail later.

Integrity verification:

If we just verify the rpm package, we just need to import the public key of the rpm package. For the rpm package on the CD, the public key is on the CD. We switch to the mount directory of the CD, and the ls command will see a file "RPM-GPG-KEY-CentOS-7".

Then you just need to import this file into the rpm package, and you will not say "NOKEY" when you install the package in the future.

Demonstrate the operation:

[root@centos7] # rpm-ivh zsh-5.0.2-14.el7_2.2.x86_64.rpm

Warning: zsh-5.0.2-14.el7_2.2.x86_64.rpm: header V3 RSA/SHA256Signature, key ID f4a80eb5: NOKEY

Preparing. # # [100%]

Upgrading / installing...

1:zsh-5.0.2-14.el7_2.2 # # [100%]

[root@centos7] # rpm-e zsh

[root@centos7 ~] # rpm-- import / media/RPM-GPG-KEY-CentOS-7 / / Import with "--import" option

[root@centos7 ~] # rpm-ivh zsh-5.0.2-14.el7_2.2.x86_64.rpm / / if you install it again, NOKEY will not appear

Preparing. # # [100%]

Upgrading / installing...

1:zsh-5.0.2-14.el7_2.2 # # [100%]

[root@centos7 ~] #

The above verification operation is carried out automatically, and we can also carry out manual verification operation below:

[root@centos7 ~] # rpm-K zsh-5.0.2-14.el7_2.2.x86_64.rpm / / capitalize "- K" with the option

Zsh-5.0.2-14.el7_2.2.x86_64.rpm: rsa sha1 (md5) pgp md5 determines / / pgp: source validity; import the public key before MD5 package integrity authentication

[root@centos7 ~] #

Database Reconstruction:

This database cannot be destroyed or tested manually.

We knew that using the command "rpm-qa" would show which packages we installed, or using the "rpm-ql program name" would show the files generated when the program was installed, so we wondered how he knew that our program installed those files, and this rpm was defined through a database of local records.

For the rpm command, his database is "/ var/lib/rpm".

Rpm Manager database path: / rpm/lib/rpm

Query operation: through the database here.

Get help:

CentOS6:man rpm

CentOS7:man rpmdb

Take CentOS7 as an example:

Rpm {--initdb |-- rebuilddb} [- v] [--dbpathDIRECTORY] [--root DIRECTORY]

-- initdb: initializes the database. Currently, there is no database to initialize to create a new one. Currently, sometimes no action is performed.

-- rebuilddb: rebuild and recreate by reading all installed packages on the current system

-- dbpath DIRECTORY: indicates the path where the address creates the database

Demonstrate creating a rpm database under the specified path

[root@centos7 ~] # mkdir / tmp/rpm

[root@centos7] # rpm-- initdb-- dbpath=/tmp/rpm

[root@centos7 ~] # ls / tmp/rpm/

Basenames _ _ db.002 Group Obsoletename Requirename Triggername

Conflictname _ _ db.003 Installtid Packages Sha1header

_ _ db.001 Dirnames Name Providename Sigmd5

[root@centos7 ~] #

[root@centos7] # rpm-- rebuilddb-- dbpath=/tmp/rpm

[root@centos7] # ls / tmp/rpm/ after rebuilding, we found that the files _ _ db.002,__db.003,__db.001 are gone. In fact, these files are for transactional operations.

Basenames Group Obsoletename Requirename Triggername

Conflictname Installtid Packages Sha1header

Dirnames Name Providename Sigmd5

[root@centos7 ~] #

Blog assignment: complete solution of rpm package management function

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.