YUM/DNF Package Management: Advanced Software Management in CentOS/RHEL
YUM (Yellowdog Updater Modified) and its successor DNF (Dandified YUM) provide powerful package management for CentOS/RHEL systems. This guide covers repository management, package operations, and advanced techniques.
Package Management Fundamentals
Basic DNF/YUM Commands
Essential package operations:
# Search for packages
dnf search nginx
yum search postgresql
# Get package information
dnf info httpd
yum info mariadb-server
# List installed packages
dnf list installed
dnf list installed | grep kernel
# List available packages
dnf list available
dnf list available 'php*'
# Check for updates
dnf check-update
yum check-update
Package Installation and Removal
Manage software packages:
# Install packages
dnf install nginx
dnf install httpd mariadb-server php
# Install specific version
dnf install postgresql-13.5
# Install from RPM file
dnf install ./local-package.rpm
# Remove packages
dnf remove httpd
dnf erase nginx
# Autoremove unused dependencies
dnf autoremove
# Reinstall package
dnf reinstall kernel
Repository Management
Configure YUM/DNF Repositories
Manage software repositories:
# List enabled repositories
dnf repolist
dnf repolist all
# Enable/disable repositories
dnf config-manager --enable powertools
dnf config-manager --disable epel-testing
# Add new repository
dnf config-manager --add-repo https://example.com/repo.repo
# Create custom repo file
cat > /etc/yum.repos.d/custom.repo <<EOF
[custom-repo]
name=Custom Repository
baseurl=https://repo.example.com/centos/\$releasever/\$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.example.com/RPM-GPG-KEY-custom
EOF
EPEL and Third-Party Repositories
Configure additional repositories:
# Install EPEL repository
dnf install epel-release
# Install RPM Fusion
dnf install https://download1.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
dnf install https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-8.noarch.rpm
# Configure repository priorities
dnf install dnf-plugins-core
cat >> /etc/yum.repos.d/custom.repo <<EOF
priority=10
EOF
# Configure FastestMirror
echo 'fastestmirror=1' >> /etc/dnf/dnf.conf
echo 'max_parallel_downloads=10' >> /etc/dnf/dnf.conf
Package Groups and Modules
Group Management
Install software groups:
# List available groups
dnf group list
dnf group list hidden
# Get group information
dnf group info "Development Tools"
# Install group
dnf group install "Development Tools"
dnf groupinstall "Server with GUI"
# Remove group
dnf group remove "Web Server"
# Update group
dnf group update "Development Tools"
Module Streams (AppStream)
Manage modular content:
# List available modules
dnf module list
# List nodejs streams
dnf module list nodejs
# Enable module stream
dnf module enable nodejs:14
# Install module stream
dnf module install nodejs:14/development
# Switch module streams
dnf module reset nodejs
dnf module enable nodejs:16
dnf module install nodejs:16
# Get module info
dnf module info nodejs:14
Advanced Package Operations
Package Dependencies
Manage dependencies:
# Show package dependencies
dnf repoquery --requires httpd
dnf repoquery --whatrequires openssl
# List dependency tree
dnf repoquery --deplist nginx
# Check broken dependencies
dnf check
package-cleanup --problems
# Install build dependencies
dnf builddep nginx
# Download dependencies
dnf download --resolve nginx
Transaction History
Manage DNF/YUM history:
# View transaction history
dnf history
dnf history list
# Get transaction details
dnf history info 42
# Undo transaction
dnf history undo 42
# Redo transaction
dnf history redo 42
# Rollback to transaction
dnf history rollback 40
# Clean history database
dnf history clean
Package Caching and Performance
Cache Management
Optimize package caching:
# Clean cache
dnf clean all
dnf clean packages
dnf clean metadata
dnf clean expire-cache
# Make cache
dnf makecache
dnf makecache fast
# Configure cache settings
cat >> /etc/dnf/dnf.conf <<EOF
keepcache=1
metadata_expire=7d
EOF
# Download packages only
dnf download nginx
dnf download --destdir=/tmp/packages httpd
Performance Optimization
Speed up package operations:
# Configure parallel downloads
echo 'max_parallel_downloads=10' >> /etc/dnf/dnf.conf
echo 'fastestmirror=1' >> /etc/dnf/dnf.conf
# Deltarpm configuration
echo 'deltarpm=1' >> /etc/dnf/dnf.conf
echo 'deltarpm_percentage=75' >> /etc/dnf/dnf.conf
# Configure timeout settings
echo 'timeout=300' >> /etc/dnf/dnf.conf
echo 'retries=10' >> /etc/dnf/dnf.conf
Security and Package Verification
GPG Key Management
Manage package signing:
# Import GPG keys
rpm --import https://repo.example.com/RPM-GPG-KEY-example
# List imported keys
rpm -qa gpg-pubkey*
rpm -qi gpg-pubkey-xxxxxxxx-xxxxxxxx
# Verify package signatures
rpm -K package.rpm
rpm --checksig package.rpm
# Configure GPG checking
echo 'gpgcheck=1' >> /etc/dnf/dnf.conf
echo 'repo_gpgcheck=1' >> /etc/dnf/dnf.conf
Security Updates
Manage security patches:
# List security updates
dnf updateinfo list security
dnf list-sec
# Install security updates only
dnf update --security
# Get security advisory info
dnf updateinfo info RHSA-2023-1234
# Automatic security updates
dnf install dnf-automatic
systemctl enable dnf-automatic-install.timer
Creating and Managing Local Repositories
Create Local Repository
Build custom repositories:
# Install repository tools
dnf install createrepo_c
# Create repository structure
mkdir -p /var/www/html/repo/centos/8/{x86_64,SRPMS}
cp *.rpm /var/www/html/repo/centos/8/x86_64/
# Generate repository metadata
createrepo_c /var/www/html/repo/centos/8/x86_64/
# Update repository
createrepo_c --update /var/www/html/repo/centos/8/x86_64/
# Sign repository metadata
gpg --detach-sign --armor repodata/repomd.xml
Mirror Remote Repositories
Create repository mirrors:
# Install mirroring tools
dnf install yum-utils
# Sync repository
reposync --repo=base --download-path=/var/www/html/mirror/
# Sync with filters
reposync --repo=epel \
--download-path=/var/www/html/mirror/ \
--newest-only \
--download-metadata
# Create mirror configuration
cat > /etc/yum.repos.d/local-mirror.repo <<EOF
[local-base]
name=Local Base Mirror
baseurl=file:///var/www/html/mirror/base
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
EOF
Package Building and RPM Management
Query RPM Packages
Extract package information:
# Query installed package
rpm -qi nginx
rpm -ql nginx # List files
rpm -qd nginx # List documentation
rpm -qc nginx # List config files
# Query package file
rpm -qip package.rpm
rpm -qlp package.rpm
# Find package owning file
rpm -qf /usr/sbin/nginx
dnf provides /usr/sbin/nginx
# Extract RPM contents
rpm2cpio package.rpm | cpio -idmv
Build Custom RPMs
Create RPM packages:
# Install build tools
dnf install rpm-build rpmdevtools
# Set up build environment
rpmdev-setuptree
# Create spec file
cd ~/rpmbuild/SPECS
rpmdev-newspec myapp
# Build RPM
rpmbuild -ba myapp.spec
# Build from SRPM
rpmbuild --rebuild package.src.rpm
# Sign RPM packages
rpm --addsign ~/rpmbuild/RPMS/x86_64/*.rpm
Automation and Scripting
DNF Automatic Updates
Configure automatic updates:
# Install dnf-automatic
dnf install dnf-automatic
# Configure update policy
vi /etc/dnf/automatic.conf
# [commands]
# upgrade_type = security
# random_sleep = 3600
# download_updates = yes
# apply_updates = yes
# Enable automatic updates
systemctl enable --now dnf-automatic.timer
# Check timer status
systemctl list-timers dnf-automatic.timer
Scripting Package Management
Automate package operations:
#!/bin/bash
# Package management script
# Function to check if package is installed
is_installed() {
dnf list installed "$1" &>/dev/null
}
# Function to ensure package is installed
ensure_package() {
local package=$1
if ! is_installed "$package"; then
echo "Installing $package..."
dnf install -y "$package"
else
echo "$package is already installed"
fi
}
# Install required packages
packages=(
"nginx"
"mariadb-server"
"php"
"php-mysqlnd"
)
for pkg in "${packages[@]}"; do
ensure_package "$pkg"
done
# Update all packages
echo "Checking for updates..."
dnf check-update
if [ $? -eq 100 ]; then
echo "Updates available. Installing..."
dnf update -y
fi
Troubleshooting
Common Issues
Resolve package management problems:
# Fix broken dependencies
dnf check
package-cleanup --problems
package-cleanup --dupes
# Rebuild RPM database
rpm --rebuilddb
# Clear DNF cache issues
rm -rf /var/cache/dnf/*
dnf clean all
dnf makecache
# Fix corrupted repository
dnf clean metadata
dnf clean dbcache
# Skip broken packages
dnf update --skip-broken
# Force package installation
dnf install --allowerasing package
rpm -ivh --force --nodeps package.rpm
Debug Package Issues
# Enable debug output
dnf -v install package
dnf --debuglevel=10 update
# Check package verification
rpm -V nginx
package-cleanup --verify
# Trace dependency resolution
dnf debuginfo-install package
dnf debug-dump
dnf debug-restore dump.txt
Best Practices
Repository Management Strategy
- Use official repositories when possible
- Verify third-party repository trustworthiness
- Implement repository priorities
- Maintain local mirrors for critical environments
- Regular repository metadata updates
Security Considerations
# Security audit script
#!/bin/bash
echo "=== Package Security Audit ==="
# Check for security updates
updates=$(dnf updateinfo list security | grep -c "Security")
echo "Security updates available: $updates"
# Verify GPG keys
echo "Installed GPG keys:"
rpm -qa gpg-pubkey* --qf "%{name}-%{version}-%{release} %{summary}\n"
# Check package signatures
echo "Checking package signatures..."
rpm -qa --qf '%{name}-%{version}-%{release} %{SIGPGP:pgpsig}\n' | grep -v "Key ID"
# List packages from unknown vendors
echo "Packages from unknown vendors:"
rpm -qa --qf '%{name} %{vendor}\n' | grep -v "CentOS\|Red Hat"
Conclusion
YUM and DNF provide comprehensive package management capabilities for CentOS/RHEL systems. Master these tools to efficiently manage software, maintain system security, and automate package operations in enterprise environments.