The RedHat Package Manager (RPM) has been around for a while now. Here's some thoughts about rpm and a list of commands I use with the rpm command line:
I have heard a number of folks over the years talk about “RPM hell” where the rpm database gets in a totally messed up state and their machine is unusable. I have seldom had problems with rpm in all the time I have been using it. I think this boils down to a few simple rules:
If you try and install a package with rpm and it complains about something (missing dependency, conflict with an existing package, newer version installed, etc), FIX the underlying issue. Install the dependency, remove the package with the conflict, fix the package that you are trying to install. Even if you think you know what you are doing '–force' and '–nodeps' are almost always a BAD IDEA. I think this is the number one way people get messed up rpm databases.
Always use a binary rpm for your exact distribution. If you are running Fedora Core 3, don't install the mandrake binary rpm and expect things to work. If you can't find a binary rpm for your EXACT distribution, look for a src.rpm and use 'rpm –rebuild' on it. This will build it for your setup and libraries and have a much better chance of working with it.
Some versions of rpm had an issue with it's backend db4 database. It would think that the database was locked, but it really wasn't. The way to fix that issue is to: Kill all rpm instances that are running, do a 'rm -f /var/lib/rpm/__db*' and then run your command again. Luckily, this issue seems to no longer occur on modern distributions.
With that being said, rpm has a ton of command line options. Here's some of them that I use pretty often and you might not know about:
'rpm –help | less' will show you most of the rpm command line arguments. I have found that this is always more up to date than the man page or rpm.org.
'rpm –import GPG-KEY' will import a gpg key into your rpm database. This allows you to check packages that are signed with that gpg key. You should import in the KRUD key and the FEDORA key and keys from any 3rd party repository you use.
'rpm -Va' will run a full verify all all the files in installed rpm packages, doing a md5sum and checking it against the database. This can show you files that have been overwritten, tampered with, or corrupted on disk.
'rpm -Va –nofiles' will run a verify of all the packages installed, but not do an md5sum on the files. This takes a lot less time than the above verify, and can show you packages that don't have dependencies installed, or are conflicting. This is nice to do after a upgrade to make sure nothing got messed up.
'rpmbuild -tb file.tar.gz' will look at the file file.tar.gz and look for a .spec file in the top level, it will then use that spec file to build a binary rpm from it. Many packages that don't appear to have rpms, have a .spec and this will let you build it for your particular machine.
'rpmbuild –rebuild foo.src.rpm' will rebuild the foo.src.rpm source rpm into a binary rpm package on your machine.
'rpm -K package.rpm' will do a gpg check on package.rpm and check it with installed gpg keys (see –import). You (or yum if you are using it) should always do this check to make sure the binary package you are about to install is signed by a trusted key.
'rpm -qi packagename' will give you the short description and some information on the installed package 'packagename'. This is handy if you see an update for something and don't know what the package does. It can also be useful to check the 'Install Date' to see when a package was installed.
'rpm -qf /path/to/file' will tell you what package owns the file /path/to/file.
'rpm –test …' will just 'test' the command you pass to rpm. If it's an upgrade/install it will check and make sure you have all the right dependences. It's nice to do this before a big install or upgrade to make sure it's not going to pull in some other update that you didn't anticipate.
'rpm -q –changelog packagename | less' will display the changelog from the installed package packagename. You can often see what updates were done to a package with this. You can add a -p and use it on a binary rpm file to see what the changelog of a package you haven't installed yet is.
'rpm -q –scripts packagename' will show the preinstall/postinstall scripts that an rpm runs when it's installed or removed. You can add a -p and get this information from a binary rpm file you haven't yet installed. This is nice to see whats causing a problem in install/removal.
'rpm –noscripts …' will tell rpm to ignore the install/removal scripts associated with a package. Nice if one of them is causing a problem on your system for some reason. Keep in mind you will need to manually do any steps that the postinstall/preinstall scripts normally do.
There are tons more command line options. Overall rpm is a pretty nice package manager and handles things pretty well.