Ch 9 Managing Software

Question 1

RPM stands for what?

Answer 1

Red Hat Package Manager

Question 2

What do EUS, E4S, and ELS before the RPM stand for?

Answer 2

Extended Update Support(2 yrs and 4 yrs), Extended Life Cycle Support

Question 3

What are some benefits of dnf?

Answer 3

1. The way it handles package dependencies

Question 4

What does dnf stand for?

Answer 4

dandified yum (yum is its predecessor)

Question 5

Why use software repos?

Answer 5

Helps when you’re installing and need dependencies

Question 5

Name 3 file compression/archiving tools

Answer 5

.tar, .zip, .gz

Question 6

Name 4 package formats for installing software

Answer 6

.exe (Windows), .rpm (Linux - redhat), .deb (Linux - debian), .pkg (MacOS)

Question 7

What’s a benefit of installing from a repo vs installing packages individually?

Answer 7

A repo resolves dependencies automatically

Question 8

How does dnf resolve dependencies?

Answer 8

dnf looks at the repos configured on a system to fetch dependencies automatically

Question 9

What is an EPEL repo?

Answer 9

Extra Packages for Enterprise Linux. These are Fedora project repos that aren’t from RHEL.

Question 10

What command line tool is used to manage subscriptions?

Answer 10

subscription-manager

Question 11

In what circumstances would you need to specify which repos to use?

Answer 11

1. You want to use nondefault software packages
2. You are installing RHEL but not registering it

Question 12

What are the four main parameters needed or a repo file?

Answer 12

[label] a repo file can have many sub repos, and each section starts with a label that ids each sub repo
name= specifies the name of the repo
baseurl= url pointing to repo location
gpgcheck= use if you want a gpg key used to verify package integrity

Question 13

What directory contains repos?

Answer 13

/etc/yum.repos.d

Question 14

What tool can generate a template repo file so you don’t have to remember the specifics?

Answer 14

dnf config-manager
e.g. dnf config-manager —add-repo=file:///repo/BaseOS

Question 15

What options can you point to for a repo?

Answer 15

URI (file location), URL

file://URI or file:///repo/BaseOS

https://URL or https://reposerver.example.com

Question 16

What additional option needs to be set after creating a repo file with dnf config-manager –add-repo?

Answer 16

set gpgcheck = 0 if you don’t want the gpg check. If you don’t specify, by default it will want a gpgcheck

Question 17

Detail for repo parameter [label]

Answer 17

This is the section header inside the .repo file, enclosed in square brackets ([ ]).

It serves as a unique identifier for the repository and is used when running dnf commands (e.g., dnf repolist or dnf install –enablerepo=repoid)

See example below from the fedora.repo file.

[fedora]
name=Fedora $releasever - $basearch
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
enabled=1
countme=1
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[fedora-source]
name=Fedora $releasever - Source
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/source/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False
~

Question 18

Detail for the name= parameter

Answer 18

This is the human-readable description of the repository, specified by the name= directive.

It is displayed in dnf repolist and other output but is not used in commands.

example: inside the fedora.repo file

[fedora]
name=Fedora $releasever - $basearch
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
enabled=1
countme=1
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[fedora-debuginfo]
name=Fedora $releasever - $basearch - Debug
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/$basearch/debug/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False

[fedora-source]
name=Fedora $releasever - Source
#baseurl=http://download.example/pub/fedora/linux/releases/$releasever/Everything/source/tree/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch
enabled=0
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False
~

Question 19

Detail for the mirrorlist= parameter

Answer 19

Optional parameter that refers to a URL where information about mirror servers for this server can be obtained. Typically used for big online repos only

Question 20

Detail for the baseurl= parameter

Answer 20

mandatory option that refers to the base URL or URI where the RPM packages are found

Question 21

Detail for the gpgcheck= parameter

Answer 21

Set to 1 if a GNU Privacy Guard integrity check needs to b eperformed on the packages. If set to 1, a GPG key is required. This is also the default and will be set as such if you create a new repo with the repo creation command line tool.

Question 22

Detail for the gpgkey= parameter

Answer 22

Specifies the location of the GPG key that is used to check package integrity

Question 23

What sort of circumstances would lead to the use of a gpg check being invaluable?

Answer 23

1. A repo is hacked and the download files are replaced/changed
2. A man in the middle attack

Question 25

What are three protocol formats that can be used for the baseurl parameter of a repo file?

Answer 25

Http://, ftp://, or file:// Then follow with url or uri. E.g. file://**/location/of/files**

Question 26

What makes downloading from a repo especially vulnerable?

Answer 26

You have to run dnf commands as root, so whatever malicious interaction happens with the repo is going to happen as root user.

Question 27

What directory are gpg keys stored?

Answer 27

/etc/pki/rpm-gpg

Question 28

How is a gpg key for a repo acquired?

Answer 28

The gpg key is downloaded on first contact with the repo

Question 29

Creating a repo: First two things you need

Answer 29

1. Make sure all packages you need for the repo are in it 2. Use the createrepo command to generated the repo metadata

Question 30

What are the two subdirectories in a redhat installation repo directory?

Answer 30

1. BaseOS - the base OS packages 2. AppStream - the application stream packages

Question 31

How do you list all repos?

Answer 31

dnf repolist

Question 32

What command is used to manage repos?

Answer 32

dnf

Question 33

dnf command that lets you search packages for a string that occurs in the package name or summary

Answer 33

dnf search

Question 34

dnf command that searches packages for a string that occurs in the package name, summary, or description(this last one is extra)

Answer 34

dnf search all

Question 35

dnf command that provides more information about the package

Answer 35

dnf info

Question 36

dnf command that installs a package

Answer 36

dnf install

Question 37

dnf command that removes a package

Answer 37

dnf remove

Question 38

dnf command that lista all or installed packages

Answer 38

dnf list all, or dnf list installed

Question 39

dnf command that lists package groups

Answer 39

dnf group lists

Question 40

dnf command that installs all packages from a group

Answer 40

dnf group install

Question 41

dnf command that updates specified packages

Answer 41

dnf update

Question 42

dnf command that removes all stored metadata

Answer 42

dnf clean all

Question 43

how does dnf search work?

Answer 43

1. It contacts the online repo 2. it downloads the most recent repo metadata to your local machine 3. it then searches package names and descriptions for the string you give it. if no output, try dnf search all

Question 44

what dnf command do you use if you want to see if a package in a repo contains a specific file that you want?

Answer 44

dnf provides or dnf whatprovides or dnf wp and THEN, you HAVE to put the following package as thus: */filename (because it's looking inside a package) or any other full file pathname ex; dnf whatprovides */Containter file

Question 45

what dnf command removes a package from the system?

Answer 45

dnf remove

Question 46

What do dnf remove and dnf install have in common?

Answer 46

They both do a dependency analysis

Question 47

what should you never do when using dnf remove?

Answer 47

bypass looking at the dependencies of a package (and therefore missing what other associated packages will be removed when you remove any one package the no-no command is dnf remove -y (selects the yes option to just automatically remove without the prompt)

Question 48

What is a protected package?

Answer 48

One that cannot just be removed easily, and dnf remove will not work on them. e.g...

Question 49

how can you use dnf to check if there's a newer version of a package available in a remote repo?

Answer 49

dnf list ___

Question 50

What happens to an old package when you update it?

Answer 50

It replaces the old package, unless it's a kernel. Old kernels are not replaced.

Question 51

what is a package group?

Answer 51

a repo defines what that is, or what grouping exists for a given package

Question 52

How do you know what the package groups in a repo are?

Answer 52

dnf group list

Question 53

does dnf group list show all groups?

Answer 53

no, some are hidden

Question 54

how do you show hidden package groups in a repo?

Answer 54

dnf group list hidden

Question 55

what dnf command gives you further info on a package group?

Answer 55

dnf group info

Question 56

what allows you to undo dnf commands?

Answer 56

dnf history, using dnf history undo [number in history] e.g. dnf history undo 2 (erase the 2nd command in dnf history)

Question 57

What is the big distinction between BaseOS and AppStream repos? (the two default)

Answer 57

AppStream has packages that can change in major version, while BaseOS explicitly avoids this (for those that want that stability)

Question 58

Why do AppStream repos allow changes to major packages versions in the same distro, without having to do a major OS upgrade?

Answer 58

Because it was important that all dependencies of any one package be within one repo -- but that's hard to do if a major package version changes

Question 59

Give an example of a package that the AppStream repo can provide a major version upgrade for

Answer 59

Python

Question 60

What is the key difference between modules and package groups?

Answer 60

package groups are static. they don't have different versions or streams modules allow you to install different versions of software while avoiding conflicts. great for quickly evolving software like python, postgresql

Question 61

table of properties with differences/distinctions bw package groups and modules

Answer 61

Question 62

what is an application stream?

Answer 62

It is a specific version of a module. this allows different major versions of packages to be offered within the same repo

Question 63

what must you do when working with modules from different streams? (diff major versions)

Answer 63

only one stream can be enabled at a time

Question 64

what is a module profile?

Answer 64

a profile is a list of packages that are installed together for a particular use case, and one module can have multiple profiles

Question 65

give an example of typical profiles within a module

Answer 65

minimal profile default profile server profile

Question 66

what is the default package format?

Answer 66

rpm

Question 67

What is inside an rpm?

Answer 67

files and metadata on how to install the files. may have a pre and post install script as well

Question 68

what is a module?

Answer 68

a delivery mechanism to install rpm packages. diff versions and profiles can be provided

Question 69

what is an application stream?

Answer 69

a specific version of a module

Question 70

what is a profile?

Answer 70

a collection of packages that are installed together for a particular use case

Question 71

what dnf command helps you find what modules are available?

Answer 71

dnf module list

Question 72

what dnf command will show you what streams there are for a module?

Answer 72

dnf module list modulename, e.g.dnf module list maven

Question 73

what dnf command will tell you what profiles there are for a module?

Answer 73

dnf module info dnf module info php - will tell you all the profiles for all the data streams for the php module dnf module info php:8.1 - find all profiles for a specific stream (version) of php

Question 74

Label vs name parameters in a repo file

Answer 74

Label (or ID) **This is the section header in the .repo file, enclosed in square brackets ([]). ** It is used internally by dnf to identify the repository. **Must be unique within the .repo file. Name **The name directive provides a human-readable description of the repository. **It does not need to be unique. **It is used for display purposes, such as in dnf repolist.

Question 75

What command should be used if you want to change the stream (version) you're on for a specific module?

Answer 75

dnf module enable php:8.1 this disables the old stream and enables the new stream

Question 76

what command should you run after changing the stream(version) of a module?

Answer 76

dnf distro-sync this ensures all dependent packages that aren't in the module itself are updated as well

Question 77

4 purposes of dnf distro-sync

Answer 77

Purpose of dnf distro-sync: 1. Ensures Consistency: It aligns installed package versions with the repository versions. 2. Downgrades Packages if Needed: If an installed package version is newer than what is available in the repo (e.g., after enabling an older repo), it will downgrade it. 3. Upgrades Packages if Needed: If a newer version is available in the repo, it will upgrade the package. 4. Fixes Partial Updates: If some packages were manually updated or installed from third-party sources, this command can bring them back to the official repository versions.

Question 78

What was the biggest issue with the old way of managing packages with rpm?

Answer 78

dependency hell often while installing a group of rpms, many dependencies would arise. These would all have to be installed and with the right order as well

Question 79

What was rpm replaced (or rather extended) with?

Answer 79

repositories, then yum, then dnf (which looks at all available repos for dependencies)

Question 80

Even though packages that are downloaded can still be installed with rpm -Uvh packagename, what could be used to install that downloaded package instead?

Answer 80

dnf install packagename.rpm the not only installs the package as rpm -Uvh would, but it considers all its repos to resolve dependencies automatically

Question 81

Even with better programs for package management than rpm, what is rpm often still used for?

Answer 81

querying packages

Question 82

What two package databases are maintained on a RHEL system?

Answer 82

rpm and dnf

Question 83

What happens with the dnf and rpm databases when a package is installed with dnf?

Answer 83

1. dnf db gets updated 2. that info then synchronizes with the rpm db

Question 84

what happens to the dnf and rpm databases when installing a package through rpm?

Answer 84

1. the update is written to the rpm database only and does not update the dnf database -- a good reason to not use rpm when installing software!

Question 85

Is there any reason to still use rpm when we have dnf?

Answer 85

Yes. Rpm is a better choice when... 1. when you want to install or remove a pkg without resolving dependencies (like if you already have the dependencies and you don't want dnf adding more). This makes rpm faster when the extra dependency checks aren't needed. ex: custom built rpm that has its dependencies included, removing a package while keeping dependencies intact) 2. rpm checks if a file has been modified, corrupted, or deleted (helpful to see if a file was altered by an unintended process, diagnosing system integrity issues 3. You can inspect a package BEFORE it is installed, which dnf can't do (view package files, list info). This helps you checks a packages contents and see where a file would be placed. rpm -qip for info and rpm -qlp for list files 4. You can remove a package from rpm db without uninstalling the files (can't do this with dnf) -- helps when there is db corruption, or to force a package reinstallation without affecting files 5. No repo is needed. If installing a local rpm, don't need a repo. very fast and simple.

Question 86

composition of an rpm filename?

Answer 86

packagename-version-subversion.redhatversion.platform(32 or 64 bits) e.g. python-5.0.7-40.el7.x86_64 python package, version 5.0.7, subversion 40, for Red Hat 7, and for 6 bit architecture

Question 87

What rpm command will show you what software is installed on the machine?

Answer 87

rpm -qa

Question 88

What is the dnf equivalent of the rpm -qa command?

Answer 88

dnf list installed

Question 89

What rpm query would tell me more abaout what files are in the nmap package?

Answer 89

rpm -qi nmap this queries the installed version itself for the description, and the rpm db for more details

Question 90

What rpm command will show you all the files in a package, let's say nmap?

Answer 90

rpm -ql nmap

Question 91

What rpm command could find you documentation for a package, say nmap?

Answer 91

rpm -qd nmap

Question 92

What rpm command would show you all the config files for a package, like nmap?

Answer 92

rpm -qc nmap so like rpm query configs

Question 93

What rpm command would help you find a file name and the package its in?

Answer 93

rpm -qf filename

Question 94

What is the command rpm -qf /bin/ls doing?

Answer 94

queries the rpm database to find what package the file /bin/ls belongs to

Question 95

What must you add to an rpm command if querying a file that has not yet been installed?

Answer 95

-p without this flag, you query the rpm db instead of the package itself

Question 96

What other consideration other than p flag, do you need to make when querying an rpm package directly and not the rpm db?

Answer 96

You have to provide the full rpm name and not just the package name. You need version and more.

Question 97

What is happening with this command? rpm -qp --scripts httpd-2.4.6-19.el7.centos.x86_64

Answer 97

Directly query the package httpd-2.4.6-19.el7.centos.x86_64 instead of the rpm db, in order to see if the package contains scripts

Question 98

Why is it important to use rpm to query if an rpm package contains scripts?

Answer 98

Because rpms have to be installed as root, and you want to be sure there are no rogue scripts

Question 99

What rpm command will tell you the dependencies of a specific package?

Answer 99

rpm -qR

Question 100

what rpm command shows which parts of a specific package have been changed since installation?

Answer 100

rpm -V

Question 101

What rpm command verifies installed packages and shows the parts that have been changed since installation?

Answer 101

rpm -Va

Question 102

What's the difference between rpm -V and rpm -Va?

Answer 102

rpm -V is for one package, rpm -Va is for all. It's a system-wide integrity check.

Question 103

On an rpm -Va command's output, what would the following 9 digits before a file mean? S.5....T. c /etc/httpd/conf/httpd.conf

Answer 103

Question 104

What's a drawback of rpm -qp?

Answer 104

It only works on RPM package files and can't be used to query files directly form repos. That requires a separate command, repoquery

Question 105

What's the purpose of repoquery?

Answer 105

Queries repos for rpms since the rpm command can't

Question 106

Is repoquery a default package?

Answer 106

No, and it command with the dnf-utils package that would have to be installed

Question 107

How similar are rpm and repoquery?

Answer 107

They have similar option flags, but not --scripts, but this can be worked around if you only work with trusted repos

Question 108

If you wanted to know all the nitty gritty details of how an rpm is installed, how could you find out?

Answer 108

with the rpm -qp --scripts command

Question 109

How could a package be downloaded to the local directory?

Answer 109

using yumdownloader, a package provided by yum-utils

Question 110

rpm -qf $(which dnsmasq) What's going on in this command?

Answer 110

You're querying to find out what package a file belongs to. For the file name, it's using an embedded command to produce the filename (which dnsmasq) and you need the $ to embed it.

Question 111

In the context of taking the RHCSA test, why is it so helpful to know rpm commands?

Answer 111

It allows you to learn and find things on the fly when taking the test, by finding documentation and files and config files and all that.

Question 112

Very broadly and speaking high level, what's different about dnf vs rpm?

Answer 112

dnf manages packages coming from repos, and rpm does queries on packages on a system

Question 113

How could you make a directory containing RPM packages into a repo?

Answer 113

createrepo enables you to make a directory containing a collection of RPM packages in a repository

Question 114

What needs to be in a repo file to point to a repository on http://server.example.com/repo?

Answer 114

the line [some-label] name=some-name baseurl=http://server.example.com/repo needs to be in the repo file

Question 115

You've just configured a new repo to be used on your RHEL computer. What command enables you to verify that the repo is indeed available?

Answer 115

dnf repolist verifies that a repository is available

Question 116

Which command enables you to search the RPM package containing the file useradd?

Answer 116

dnf provides */useradd enables you to search the RPM package containing the file useradd

Question 117

Which two commands do you need to use to show the name of the dnf group that contains security tools and shows what is in that group?

Answer 117

using dnf group list followed by dnf group info "Security Tools" shows the name and contents of the dnf group that contains security tools

Question 118

Which command do you use to ensure that all PHP related packages are going to be installed using the older version 7.1, without actually installing anything yet?

Answer 118

dnf module enable php:5.1 ensures that all PHP related packages are going to be installed using the older version 5.1, without actually installing anything yet

Question 119

You want to make sure that an RPM package that you have downloaded does not contain any dangerous script code. Which command enables you to do so?

Answer 119

rpm -pq --scripts packagename enables you to ensure that a downloaded RPM package does not contain dangerous script code

Question 120

Which command reveals all documentation in an RPM package?

Answer 120

rpm -qd packagename shows all documentation in an RPM package

Question 121

Which command shows the RPM package a file comes from?

Answer 121

rpm -qf /path/to/file shows which PRM package a file comes from

Question 122

Which command enables you to query software from the repository?

Answer 122

repoquery enables you to query software from the repository

Question 123

What's the difference between repoquery and dnf?

Answer 123

Question 124

Review Q Chapter 9 #1

Answer 124

D. The gpgcheck= line indicates whether to check the integrity of packages in the repository using the GPG key. Although useful, this capability is not mandatory in all cases

Question 125

Review Q Chapter 9 #2

Question 126

Review Q Chapter 9 #3

Question 127

Review Q Chapter 9 #4

Question 128

Review Q Chapter 9 #5

Question 129

Review Q Chapter 9 #6

Question 130

Review Q Chapter 9 #7

Question 130

Review Q Chapter 9 #8

Question 131

Review Q Chapter 9 #9

Question 132

Review Q Chapter 9 #10