One of the worst things you can do to your RPM-based system is to use the --force and --nodeps options when adding packages. You don't see much discussion of just how bad it can be for you though. It's made worse by some pre-packaged software coming from vendors who have installation instructions telling you to use --force instead of fixing their packages. So, before you use these flags, let me tell you about them...

The --force option to "rpm" is actually a short-hand for the options --replacepkgs, --replacefiles, and --oldpackage:

• --replacepkgs will install the package even if the system already has this package installed on the system. This leads to duplicate copies of packages being installed, which is almost never what you want to have happen. The exception to this is the kernel, where you may want multiple versions installed so you can back off to an old version if a new one breaks something. Note that kernel packages are built such that they do not require --replacepkgs.
• --replacefiles will overwrite files from other packages, ignoring conflicts between the packages. This is the primary reason that package installation fails, and simply using this option results in upgrades to the conflicting package breaking the package you are now trying to install. Never a good idea, but sometimes useful if you're lazy and willing to put up with the breakage.
• --oldpackage allows an upgrade to upgrade to an older version of a package. In other words, it provides a retrograde. Usually, RPM will not upgrade any packages which you already have the same or a newer version installed.

In short, --force will overwrite files from other packages, install the package even if it's already installed, and may result in down-grading a package already on your system.

In other words, it's used to install broken packages. This may be a package which isn't meant to be installed on your distribution at all, for example, installing a Mandrake package on a Fedora system. Or it may be that the packager of the software was too lazy to fix conflicts in the package when they were building it. If the package install instructions tell you to use "--force", it's almost certain that the packager knew of the problems but was being lazy.

If you feel the need to use --force, you probably want to try looking a little harder for a package that was meant for your distribution in the first place. Or, at the least try getting the .src.rpm version of the package and rebuild it with "rpmbuild --rebuild ". Rebuilding from a source package is extremely easy and builds the package for the exact set of software on your system. If there are problems building it or doing the final install, the package is probably broken, at least for your distro.

Why aren't RPMs transportable between distributions? The biggest reason is because of differing ideas about how the packages and file-system are to be laid out. Package naming differences cause dependencies to fail. For example, maybe one distro uses ucd-snmp, while another uses netsnmp. These two packages provide roughly the same capability, but there are two alternatives for that software package.

Because of these differences in distributions, you really should listen if rpm complains when installing a package. Using --force may get it working in the short term, but probably will result in breaking other parts of your system and may also lead to all sorts of problems down the line.

What about --nodeps? This causes RPM to install a package, even if other required packages aren't available. This usually won't break your system (unless used with --force), but probably means that the package won't work once you've installed it. The best resolution to these problems are to get the .src.rpm and rebuild it, if the dependencies aren't available for your system. If they are available, use a tool like "yum" to install the dependencies and any related ones. It's real easy.

Remember, --force can break your system. I've had to re-install systems that users have done --force on. In one particular case, the user had just gotten into the habit that if an rpm command didn't work, they would try it with --force, without really understanding why the base rpm command was failing. The results were a system that was totally broken, and it was easier to re-install than to try to surgically fix. It was time to upgrade to the latest release anyway.

So, be careful out there. If you're going to use --force, at least try to understand why it is that the package can't be installed without it.

Many people seem to believe that this is a problem with the rpm too or format itself, and that Debian's system is superior because of that. The real advantage Debian has is the huge package repository which is more or less tested to all work together. With the RPM distributions, few if any have a single repository of packages that are as large as Debian's. To even get close with Fedora, you need to use at least a couple of third-party repositories, maybe as many as 5. Sad but true.

However, Fedora seems to be moving in the right direction with getting more community involvement into getting a central package repository with many more packages. The repository is one of the biggest advantages of Debian, in my humble opinion. However, when a package is not available in Debian, it's much more likely to have an RPM than a DEB package.

comments powered by Disqus