Linux ❉ system software installation details

One software package (source package and binary package)

There are many software packages under Linux, and almost all of them are licensed by GPL and open source for free (free source code). GPL, the full name of which is General Public License, and its Chinese name is "General Public License". It is simply understood that GPL is an agreement to protect software freedom. Software authorized by GPL must be open source. Please click< Open source protocol >Learn more.

1 Linux source package

Source code package is a lot of source code programs, which are written by programmers according to specific formats and syntax. The computer can only recognize machine language, that is, binary language, so the installation of source package requires a "translator" to translate "abcd" into binary language. This "translator" is usually called compiler. "Compilation" refers to the translation process from the source code to the object code directly executed by the computer (or virtual machine). The function of the compiler is to translate the source code into binary code for the computer to recognize and run.

In addition, the installation of the source package needs to compile the source code into binary code, so the installation time is long. For example, everyone should have installed QQ under Windows. QQ has many functions and relatively large programs (about 70 MB). However, since it is not released in the form of source package, it is released after compilation, so it only takes a few minutes (after simple configuration) to install successfully. But if we install one in Linux as a source package MySQL Database, even if the compressed package of this software is only about 23 MB, it takes about 30 minutes (slightly different according to different hardware configurations).

2. Linux binary package

Binary package, that is, the package generated after the source package is successfully compiled. Because the binary package has been compiled before it is released, users can install the software faster (equivalent to the software installed under Windows), and the probability of error reporting in the installation process is greatly reduced.
Binary package is the default software installation package under Linux, so binary package is also called the default installation package. At present, there are mainly two mainstream binary package management systems:

  • RPM package management system: powerful, easy to install, upgrade, query and uninstall. Therefore, many Linux distributions use this mechanism as the management method of software installation by default, such as Fedora, CentOS, SuSE, etc.
  • DPKG package management system: a package management mechanism developed by Debian Linux. Through DPKG package, Debian Linux can manage software packages. It is mainly used in Debian and Ubuntu.

The principles and forms of RPM package management system and DPKG management system are similar, which can be similar

3. Similarities and differences between the two

The source package generally contains multiple files. In order to facilitate distribution, the source package is usually packaged and compressed. The most commonly used packaging and compression format in Linux is "tar.gz", so the source package is also called Tarball.

Tarball is a packaging tool for Linux system, which can package and compress the source package. People are used to calling the final packaged compressed file tarball file.

The source package needs to be downloaded from the official software website. The package usually contains the following contents:

  • Source code file.
  • Configure and detect programs (such as configure or config, etc.).
  • Software installation instructions and software instructions (such as INSTALL or README).


In general, using the source package to install software has the following benefits:

  • Open source. If you have enough ability, you can modify the source code.
  • You can freely select the required functions.
  • Because the software is compiled and installed, it is more suitable for your own system, more stable and more efficient.
  • Easy to uninstall.


However, at the same time, there are several deficiencies in using the source package to install the software:

  • There are many steps in the installation process, especially when installing a large software collection (such as building a LAMP environment), spelling errors are easy to occur.
  • The compilation time is long, so the installation time is longer than binary installation.
  • Because the software is compiled and installed, once an error is reported in the installation process, it is difficult for novices to solve it.


Compared with the source package, the binary package is a software package that has been compiled at the time of software release, so the installation speed is much faster than the source package (equivalent to the software installation speed under Windows). It is precisely because of the translation that we can't see the source code of the software.

Using RMP package to install software has the following 2 benefits:

  1. The package management system is simple. You can install, upgrade, query and uninstall packages through only a few commands.
  2. The installation speed is much faster than the source package installation.


At the same time, using RMP package to install software has the following shortcomings:

  • After compilation, you can't see the source code in.
  • The function selection is not as flexible as the source package.
  • dependence. Sometimes we find that when installing package a, we need to install b and c first, while when installing b, we need to install d and e first. This requires installing d and E, then b and c, and finally a. Installing software requires a certain order, and sometimes it is very dependent.

II. Uniform naming rules for RPM packages

The naming of RPM binary packages shall comply with unified naming rules. Users can directly obtain the version, applicable platform and other information of such packages through the name.

RPM The general format of binary package naming is as follows:
Package name-Version number-Number of releases-publisher-Linux platform-Suitable hardware platform-Package extension

For example, the RPM package name is httpd-2.2.15-15 el6. centos. 1.i686. RPM, where:

  • Httped: package name. Note here that httped is the package name, while httpd-2.2.15-15 el6. centos. 1.i686. Rpm is usually called the full package name. The package name is different from the full package name. In some Linux commands, some commands (such as package installation and upgrade) use the full package name, while some commands (package query and uninstall) use the package name. If you are not careful, you will make a mistake.
  • 2.2.15: package version number. The format of version number is usually the main version number Minor version number Revision number.
  • 15: The number of binary package releases, indicating the number of programming generated RPM packages.
  • el *: software publisher, el6 indicates that this package is released by red hat and is suitable for RHEL 6 X (Red Hat Enterprise unux) and CentOS 6 Used on X.
  • CentOS: indicates that this package is applicable to CentOS system.
  • i686: indicates the hardware platform used by this package. The platforms supported by the current RPM package are shown in the table:

 

Platform nameApplicable platform information
i386386 or more computers can be installed
i586All computers above 686 can be installed
i686Computers above Pentium II can be installed. At present, all CPU s are above Pentium II, so most of this software version
x86_6464 bit CPU s can be installed
noarchNo hardware restrictions
  • rpm: the extension of the rpm package, indicating that it is a compiled binary package and can be installed directly using the rpm command. In addition, SRC rpm is an rpm package with an extension of rpm, which indicates that it is a source code package. You need to install the generated source code, compile it and generate a package in rpm format, and then use the rpm command to install it. Linux system does not rely on extension partition file type, and the full package name should include The rpm extension is prepared for the system administrator. If we do not label the extension of the rpm package, it is difficult for the administrator to know that it is an rpm package.

III. detailed explanation of RPM package installation, uninstall and upgrade (RPM command)

Take the installation of apache program as an example

**rpm command parameters

-a: Query all kits;
-b<Completion phase><Kit file>+or-t <Completion phase><Kit file>+: Set the completion stage of the package and specify the file name of the package file;
-c: Only configuration files are listed, and this parameter needs to be matched"-l"Parameter usage;
-d: Only text files are listed. This parameter needs to be matched"-l"Parameter usage;
-e<Kit file>or--erase<Kit file>: Delete the specified suite;
-f<file>+: Query the suite with the specified file;
-h or--hash: List the marks when installing the kit;
-i: Display relevant information of the kit;
-i<Kit file>or--install<Kit file>: Install the specified kit file;
-l: Display the list of files of the suite;
-p<Kit file>+: Query specified RPM Kit file;
-q: Using the query mode, when you encounter any problems, rpm The command will ask the user first;
-R: Display the association information of the suite;
-s: Display the file status. This parameter needs to be matched"-l"Parameter usage;
-U<Kit file>or--upgrade<Kit file>: Upgrade the specified package file;
-v: Display the instruction execution process;
-vv: The instruction execution process is displayed in detail to facilitate troubleshooting.

1. Default installation path of RPM package

Generally, the RPM package adopts the default installation path of the system, and all installation files will be installed in the directory shown in the table according to categories. The default installation path of RPM package can be queried through the command.

Installation pathIncluding meaning
/etc/Profile installation directory
/usr/bin/Executable command installation directory
/usr/lib/Where to save the function library used by the program
/usr/share/doc/Storage location of basic software user manual
/usr/share/man/Help file save location

In addition, the RPM package also supports manually specifying the installation path, but this method is not recommended. Once the installation path is manually specified, all installation files will be installed to the specified location, and the commands used to query the installation path in the system cannot be used (manual configuration is required to be recognized by the system). The gain is not worth the loss.

Unlike the RPM package, the source package is usually installed by manually specifying the installation path (habitually installed in / usr/local /). Since the installation paths are different, the source code package and RPM package of the same apache program can be installed on a Linux server (but only one can be turned on at the same time, because they need to occupy the same port 80). (in practice, a server hardly contains two apache programs at the same time)

2. Installation of RPM package

(1) Command format

# Command format
[root@localhost ~]# rpm -ivh package full name
!!It must be the full name of the package. For commands involving the full name of the package, be sure to pay attention to the path. The software package may be on the CD, so you need to mount the equipment in advance.

(2) Installation process

# Use this command to install the apache package
[root@localhost ~]# rpm -ivh \
/mnt/cdrom/Packages/httpd-2.2.15-15.el6.centos.1.i686.rpm
Preparing...
####################
[100%]
1:httpd
####################
[100%]
# The installation is not really successful until there are two 100%, and the first 100% only indicates that the installation preparation is completed.
# This command can also install multiple packages at one time by separating the full package names with spaces
[root@localhost ~]# rpm -ivh a.rpm b.rpm c.rpm

If there are other installation requirements (such as mandatory installation of a software regardless of its dependencies), you can adjust them through the following options:

  • -nodeps: does not detect dependent installations. During software installation, dependency will be detected to determine whether the required underlying software is installed. If it is not installed, an error will be reported. You can use this option if you want to force the installation regardless of dependencies. Note that the software installed without dependency detection is basically unusable, so it is not recommended.
  • -replacefiles: replace file installation. If you want to install a software package, but some files in the package already exist, an error of "a file already exists" will be reported during normal installation, resulting in the failure of software installation. Use this option to ignore this error and overwrite the installation.
  • -replacepkgs: replace the package installation. If the package is already installed, this option can install the package again.
  • -Force: force installation. Reinstall whether it is already installed or not. That is, the combination of - replacefiles and - replacepkgs.
  • -Test: test the installation. It won't be actually installed, just check the dependencies.
  • -prefix: Specifies the installation path. Specify the installation path for installing the software instead of using the default installation path.

After installation, you can try to start.

3. Upgrade of RPM package

[root@localhost ~]# rpm -Uvh package full name
-U((in words): if the software has not been installed, install it directly; If not installed, upgrade to the latest version.

[root@localhost ~]# rpm -Fvh package full name
-F(Capital): if the software is not installed, it will not be installed. You must install a lower version to upgrade.

4. Uninstall RPM package

The dependencies between packages should be considered when uninstalling RPM packages. For example, we first install the httpd package, and then install the function module mod of httpd_ SSL package, so when uninstalling, you must first uninstall mod_ssl, and then uninstall httpd, otherwise an error will be reported.

# command
[root@localhost ~]# rpm -e package name


# If you uninstall RPM software without considering dependencies, executing the uninstall command will cause a package dependency error
[root@localhost ~]# rpm -e httpd
error: Failed dependencies:
httpd-mmn = 20051115 is needed by (installed) mod_wsgi-3.2-1.el6.i686
httpd-mmn = 20051115 is needed by (installed) php-5.3.3-3.el6_2.8.i686
httpd-mmn = 20051115 is needed by (installed) mod_ssl-1:2.2.15-15.el6.
centos.1.i686
httpd-mmn = 20051115 is needed by (installed) mod_perl-2.0.4-10.el6.i686
httpd = 2.2.15-15.el6.centos.1 is needed by (installed) httpd-manual-2.2.
15-15.el6.centos.1 .noarch
httpd is needed by (installed) webalizer-2.21_02-3.3.el6.i686
httpd is needed by (installed) mod_ssl-1:2.2.15-15.el6.centos.1.i686
httpd=0:2.2.15-15.el6.centos.1 is needed by(installed)mod_ssl-1:2.2.15-15.el6.centos.1.i686

# The uninstall command of RPM software package supports the "- nocteps" option, that is, you can uninstall directly without detecting dependencies,
# However, it is not recommended to use this method, because this operation may cause other software to fail to work normally

5. rpm command query package

# Query whether the software package is installed
[root@localhost ~]# rpm -q package name
# Check whether apache is installed in Linux system
[root@localhost ~]# rpm -q httpd
httpd-2.2.15-15.el6.centos.1.i686

# Query all installed software packages in the system
[root@localhost ~]# rpm -qa | grep httpd
httpd-devel-2.2.15-15.el6.centos.1.i686
httpd-tools-2.2.15-15.el6.centos.1.i686
httpd-manual-2.2.15-15.el6.centos.1.noarch
httpd-2.2.15-15.el6.centos.1.i686

# Query package details
[root@localhost ~]# rpm -qi package name
# Want to view the details of apache package
[root@localhost ~]# rpm -qi httpd
Name : httpd Relocations:(not relocatable)
#Package name
Version : 2.2.15 Vendor:CentOS
#Version and vendor
Release : 15.el6.centos.1 Build Date: 2012 Tuesday, February 14, 2006 06:27:1
#Release version and build time
Install Date: 2013 Monday, January 7, 2011 19:22:43
Build Host:
c6b18n2.bsys.dev.centos.org
#Installation time
Group : System Environment/Daemons Source RPM:
httpd-2.2.15-15.el6.centos.1.src.rpm
#Group and source RPM package file names
Size : 2896132 License: ASL 2.0
#Package size and license agreement
Signature :RSA/SHA1,2012 Tuesday, February 14, 2011 at 19:11:00, Key ID
0946fca2c105b9de
#digital signature 
Packager: CentOS BuildSystem <http://bugs.centos.org>
URL : http://httpd.apache.org/
#Manufacturer's website
Summary : Apache HTTP Server
#Package description
Description:
The Apache HTTP Server is a powerful, efficient, and extensible web server.
#describe


# In addition, you can query the details of packages that are not installed
[root@localhost ~]# rpm -qip package full name
# Note that the full name of the package is used here, and the uninstalled software package can only be determined by using the method of "absolute path + full name of the package".

# Command to query the file list of the package
# The rpm software package is usually installed in the default path, and each installation file will be placed in the appropriate directory file by category.
# Use the rpm command to query all the files contained in the installed software package and their installation paths
[root@localhost ~]# rpm -ql package name
# View all files in the apache package and their installation locations
[root@localhost ~]# rpm -ql httpd
/etc/httpd
/etc/httpd/conf
/etc/httpd/conf.d
/etc/httpd/conf.d/README
/etc/httpd/conf.d/welcome.conf
/etc/httpd/conf/httpd.conf
/etc/httpd/conf/magic
.........

# The rpm command can also query all the files contained in the uninstalled package and the path to install
[root@localhost ~]# rpm -qlp package full name
# Since the software package has not been installed, you need to use the method of "absolute path + full package name" to determine the package.



# The command queries which RPM package the system files belong to
[root@localhost ~]# rpm -qf system file name
# Note that this command can only be used for files installed using RPM packages, and cannot be used for files created manually
#Query the package to which the ls command belongs
[root@localhost ~]# rpm -qf /bin/ls
coreutils-8.4-19.el6.i686

# Query package dependencies
# When installing an RPM package using the RPM command, you need to consider the dependency with other RPM packages.
[root@localhost ~]# rpm -qR package name
[root@localhost ~]# rpm -qR httpd
/bin/bash
/bin/sh
/etc/mime.types
/usr/sbin/useradd
apr-util-ldap
chkconfig
config(httpd) = 2.2.15-15.el6.centos.1
httpd-tods = 2.2.15-15.el6.centos.1
initscripts >= 8.36
...Omit partial output
# Add the - p option on the basis of this command to find the dependencies of uninstalled packages. Note that the method of "absolute path + full package name" is also used

IV. RPM package verification and digital certificate (digital signature)

In order to timely find the problems of file deletion, file data modification and malicious tampering with file content, Linux provides the following two monitoring (detection) methods:

  • RPM package verification: in fact, compare the installed file with the database content in / var/lib/rpm / directory to determine whether the file content has been modified.
  • RPM package digital certificate verification: used to verify whether the RPM package itself has been modified.

1. Linux RPM package verification

[root@localhost ~]# rpm -Va
-Va Option means to verify all installed software packages in the system.
[root@localhost ~]# rpm -V installed package name
-V Option indicates that the verification is specified RPM Files in package, yes verity The first letter of.
[root@localhost ~]# rpm -Vf system file name
-Vf Option means to verify whether a system file has been modified.
# After modifying the file, save and exit, and use the rpm -V command to verify the apache package again:
[root@localhost ~]# rpm -V httpd
S.5....T. c /etc/httpd/conf/httpd.conf

# S.5.... T. c S.5.... T. c /etc/httpd/conf/httpd. The full meaning of conf is: configuration file httpd The size, content and modification time of conf have been artificially modified.

As you can see, the result shows the information that the file has been modified. This information can be divided into the following three parts:

1. The first 8 characters (S.5....T) belong to the verification information, and the specific meanings of each character are as follows

  • S: Whether the file size has changed.
  • M: Whether the file type or file permission (rwx) has changed.
  • 5: Whether the MD5 checksum of the file has changed (it can be regarded as whether the file content has changed).
  • D: Whether the master-slave code of the device has changed.
  • 50: Whether the file path has changed.
  • U: Whether the owner (owner) of the file has changed.
  • G: Whether the group of the file has changed.
  • T: Whether the modification time of the file has changed.
  • .: if the relevant items have not changed, use express.

2. The types of modified documents can be roughly divided into the following categories:

  • c: configuration file.
  • d: General documentation.
  • g: ghost file is very rare, that is, the file should not be included in this RPM package.
  • l: license file.
  • r: Description file (read me).

3. The absolute path of the modified file (including the file name).

Note that not all modifications to files are malicious. Generally, it is normal to modify the configuration file. For example, to configure apache, you need to modify its configuration file. If the verification information indicates that the binary file has been modified, you need to be careful, unless you modify it intentionally.

2) RPM digital certificate verification

The RPM package verification method can only be used to verify the installed RPM package and its installation files. If the RPM package itself has been tampered with, this method will not solve the problem, and the RPM digital certificate verification method needs to be used. Simply understand, RPM package verification is actually to compare the existing installation files with the initial files when the RPM package was originally installed, and prompt the user if there are changes. Therefore, this method cannot verify that the RPM package itself has been modified.

(1) Digital certificate

Digital certificates, also known as digital signatures, are issued directly by software developers. After installing the digital certificate in the Linux system, if the RPM package is modified, the digital certificate carried in the package will also change, which will not successfully match the system, and the software cannot be installed.

You can imagine a digital certificate as your own signature, which cannot be imitated (the manufacturer's digital certificate is the only one). Only the documents I approve will be signed (as long as the software released by the manufacturer meets the digital certificate verification); If the file is modified, the signature will become different (if the software changes, the digital certificate will change and fail verification).

The method of verifying RPM package with digital certificate has the following two characteristics:

  1. The original public key file must be found before installation.
  2. Installing the RPM package will extract the certificate information in the RPM package, and then verify it with the original certificate installed on the machine. If the verification is passed, the installation is allowed; If the verification fails, the installation is not allowed and a warning is issued.
# Digital certificate storage directory
[root@192 ~]# ll /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
-rw-r--r--. 1 root root 1690 Apr  8  2020 /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7

# Install digital certificate
[root@192 ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
# After installing the digital certificate, you can use the following command to verify
[root@192 ~]# rpm -qa|grep gpg-pubkey

# When installing RPM package on the system with digital certificate, the system will automatically verify the digital certificate of the package. If it passes the verification, it can be installed. Otherwise, it will not be installed (the system will report an error).

The digital certificate itself is also an RPM package, so you can query the details of the digital certificate with the RPM command or uninstall it.

V. detailed explanation of extracting RPM package file (cpio command)

1. cpio command

(1) Introduction

The cpio command is used to store and read files from the archive package. In other words, the cpio command can extract files (or directories) from the archive package or copy files (or directories) to the archive package.

Archive package, also known as file library, is actually a file in cpio or tar format, which contains other files and some related information (file name, access rights, etc.). The archive package can be either a file on disk or a tape or pipe.

The cpio command can be regarded as a backup or restore command, because it can backup data (files) to the cpio archive library, or use the cpio document library to restore data.

When using cpio to back up or restore data, you should pay attention to the following points:

  • When using cpio to back up data, if the absolute path is used, the data will be automatically restored to the absolute path when restoring data; Similarly, if the backup data uses a relative path, the data will be restored to the relative path.
  • The cpio command cannot specify the file to be backed up (or restored) by itself. It requires the full path of the target file (or directory) to be successfully read. Therefore, this command is often used in conjunction with the find command.
  • When the cpio command restores data, it will not automatically overwrite the files with the same name, nor will it create a directory (extract it directly to the current folder).

(2) Command format

# Copy out mode is to back up the data to the file library
[root@localhost ~]# CPIO - o [VCB] > [file device]

-o: copy-out Mode, backup;
-v: Display the backup process;
-c: Use newer portable format Storage mode;
-B: Setting input/The output block is 5120 Bytes,Instead of the 512 of the pattern Bytes;


# Copy in mode is to recover data from the file library
[root@localhost ~]# CPIO -i[vcdu] < [file | device]

-i: copy-in Mode, restore;
-v: Display the restore process;
-c: Newer portable format Storage mode;
-d: Automatically create a new directory during restore;
-u: Automatically overwrite older files with newer files;


# Copy mode. Using - p mode, you can read all files from a directory, but do not back them up to the cpio library, but directly copy them to other files
[root@localhost tmp]# cpio -p /tmp/test
#Backup the / boot / directory to the / tmp/test / directory

Example:

# Backup data using cpio
[root@localhost ~]#find /etc -print | cpio -ocvB > /root/etc.cpio
#Use the find command to specify the / etc / directory to be backed up, and use > to export to the etc.cpio file
[root@localhost ~]# II -h etc.cpio
-rw--r--r--.1 root root 21M 6 May 12:29 etc.cpio
#etc.cpio file generation


# Restore previously backed up data using cpio

[root@localhost ~]# cpio -idvcu < /root/etc.cpio
#Restore backup of etc
#If you look at the current directory / root /, you will find that the / etc / directory is not generated. This is because the / etc / directory uses an absolute path during backup, so the data is directly restored to the / etc / system directory instead of being generated in the / root/etc / directory

# Use - p to copy / boot / to the / test/boot directory

[root@localhost ~]# cd /tmp/
#Enter the / tmp / directory
[root@localhost tmp]#rm -rf*
#Delete all data in the / tmp / directory
[root@localhost tmp]# mkdir test
#Create backup directory
[root@localhost tmp]# find /boot/ -print | cpio -p /tmp/test
#Backup the / boot / directory to the / tmp/test / directory
[root@localhost tmp]# ls test/boot
#The / boot / directory is backed up in the / tmp/test / directory

2. Use cpio command to extract the specified file in RPM package

(1) Introduction

In the process of using the server, if the system files are modified or deleted by mistake, you can consider using the cpio command to extract the system files required in the original RPM package, so as to repair the misoperated source files.

(2) Command format

# RPM packages allow files in packages to be extracted one by one
[root@localhost ~]# rpm2cpio package full name | cpio -idv File absolute path
# In this command, rpm2cpio is the command to convert RPM package to CPIO format. The specified file can be extracted from CPIO file library through CPIO command.

(3) Example

Suppose we accidentally delete the / bin/ls command, there are usually two ways to repair it:

  1. Coreutils-8.4-19 el6. I686 package (RPM package containing ls command) is installed again through the - force option;
  2. Use the cpio command from coreutils-8.4-19 el6. Extract the / bin/ls file from the i686 package, and then copy it to the corresponding location;
# Which RPM package does the query ls command belong to
[root@localhost ~]# rpm -qf /bin/ls
coreutils-8.4-19.el6.i686

# On this basis, we only need to extract the ls command file from the RPM package using the cpio command, and then copy it to the corresponding location
[root@localhost ~]# mv /bin/ls /root/
#Move the / bin/ls command to the / root / directory, creating the illusion of deletion by mistake
[root@localhost ~]# ls
-bash: ls: command not found
#When the ls command is executed, the system will report the error "command not found"
[root@localhost ~]# rpm2cpio /mnt/cdrom/Packages/coreutils-8.4-19.el6.i686.rpm
|cpio -idv ./bin/ls
#Extract ls command file to current directory
[root@localhost ~]# cp /root/bin/ls /bin/
#Copy the extracted ls command file to the / bin / directory
[root@localhost ~]#ls
anaconda-ks.cfg bin inittab install.log install.log.syslog ls
#You can see that the ls command can be used normally again

Vi. another RPM package - SRPM source package installation software

1. Introduction

The SRPM package is no longer a compiled binary file, but a source code file. It can be understood that SRPM package is the product of software directly packaged into RPM package after being released in the form of source code.

file formatFile name formatDirect installation or notEmbedded program typeCan I modify parameters and compile
RPM xxx.rpmMayCompiledmust not
SRPMxxx.src.rpmmust notUncompiled source codecan

The naming of SRPM package is basically similar to that of RPM package. The only difference is that SRPM package has "src" flag, that is, SRPM package is named in the way of "package name - version number - release times - Publisher - src.rpm", such as“ MySQL-5.5.29-2.el6.src.rpm".

In addition, SRPM package is an uncompiled source package and cannot be directly used to install software. The following two steps need to be taken:

  1. Compile SRPM package into binary RPM package;
  2. Install the software using the compiled RPM package;

There are two ways to install software (compile SRPM package) using SRPM package:

  1. Using rpmbuild command, you can directly use SRPM package to install software, or you can compile SRPM package into RPM package first, and then use RPM package to install software;
  2. Use * spec file can compile SRPM package into RPM package, and then use RPM package to install software;

2. Installation of rpmbuild command

[root@localhost~]#rpm -ivh /mnt/cdroin/Packages/rpm-build-4.8.0-27.el6.i686.rpm
Preparing...
###################
[100%]
1:rpm-build
###################
[100%]
#The rpmbuild command is also a program, but this program will not be installed by default

3. Install SRPM package with rpmbuild command

If we only want to install the SRPM package without modifying the source code, we can directly use the rpmbuild command

(1) Command format

[root@localhost ~]# rpmbuild [options] full package name
-rebuild: compile SRPM Package generation RPM Binary package;
-recompile: compile SRPM Package, installed at the same time.

# SRPM is still an RPM package in essence, so the dependencies between packages still need to be considered during installation. Its dependent packages must be installed first before they can be installed correctly.

(2) httpd example

[root@localhost ~]# rpmbuild -rebuild httpd-2.2.15-5.el6.src.rpm
warning: InstallSourcePackage at: psm.c:244: Header V3 RSA/SHA256 Signature, key
ID fd431d51: NOKEY
warning: user mockbuild does not exist - using root
warning: group mockbuild does not exist - using root
# The warning is that the mockbuild user does not exist, use root instead. This is not an error report. Don't be nervous
...Omit partial output
Wrote: /root/rpmbuild/RPMS/i386/ httpd-2.2.15-5.el6.i386.rpm
Wrote: /root/rpmbuild/RPMS/i386/httpd-devel-2.2.15-5.el6.i386.rpm
Wrote: /root/rpmbuild/RPMS/noarch/httpd-manual-2.2.15-5.el6.noarch.rpm
Wrote: /root/rpmbuild/RPMS/i386/httpd-tools-2.2.15-5.el6.i386.rpm
Wrote: /root/rpmbuild/RPMS/i386/ mod_ssl-2.2.15-5.el6.i386.rpm
# The location where the RPM package is written. If you see it, it indicates that the compilation is successful
Executing(%clean): /bin/sh -e/var/tmp/rpm-tmp.Wb8TKa
+ umask 022
+ cd/root/rpmbuild/BUILD
+ cd httpd-2.2.15
+ rm -rf /root/rpmbuild/BUILDROOT/httpd-2.2.15-5.el6.i386
+ exit 0
Executing(-clean): /bin/sh -e/var/tmp/rpm-tmp.3UBWql
+ umask 022
+ cd/root/rpmbuild/BUILD
+ rm-rf httpd-2.2.15
+ exit 0

# exit 0 is a sign of successful compilation. The temporary files generated during this compilation process will be deleted automatically.
# After the SRPM package is compiled, the rpmbuild directory will be generated in the current directory, and the files (software packages) generated in the whole compilation process will exist here.
[root@localhost ~]# ls /root/rpmbuild/
BUILD RPMS SOURCES SPECS SRPMS

From the ls command, you can see that there are several subdirectories under the rpmbuild directory, and the file categories saved are shown in the table below

file nameFile content
BUILDSave location of data generated during compilation
RPMSAfter the compilation is successful, the generated RPM package is saved in the following location:
SOURCESSave location of source package (*. tar.gz) extracted from SRPM package
SPECSThe installation location of the generated settings file. The second installation method is to use this file for installation
SRPMSLocation of SRPM package
# You can see that the compiled RPM package is saved in the / root/rpmbuild/RPMS / directory
[root@localhost ~]#ll /root/rpmbuild/RPMS/i386/
-rw--r--r-- 1 root root 3039035 11 June 19:30 httpd-2.2.15-5.el6.i386.rpm
-rw--r--r-- 1 root root 154371 11 June 19:30 httpd-devel-2.2.15-5.el6.i386.rpm
-rw--r--r-- 1 root root 124403 11 June 19:30 httpd-tools-2.2.15-5.el6.i386.rpm
-rw--r--r-- 1 root root 383539 11 June 19:30 mod_ssl-2.2.15-5.el6.i386.rpm

In this way, we get the RPM package that can directly install the software. In fact, compiling SRPM package with rpmbuild command goes through the following three processes:

  1. First untie the SRPM package to get the source package;
  2. Compile the source package and generate binary files;
  3. Repackage binaries to generate RPM packages.

4. Use * spec file installation

I want to use it To install the software from the spec file, you need to unpack the SRPM package first. We can use the rpmbuild command to unpack the SRPM package, but here we choose another way, that is, use the rpm -i command

[root@localhost ~]# rpm -i httpd-2.2.15-5.el6.src.rpm
-i Option for installation rpm Package indicates installation, but for SRPM For the installation of package, only .src.rpm After unpacking, place the files in the current directory rpmbuild Directory does not involve installation operations.

With this command, you can also generate an rpmbuild directory in the current directory. There are only two subdirectories of SOURCES and SPECS in this rpmbuild directory. Among them, the source code is placed in the SOURCES directory, and the setting file is placed in the SPECS directory.

# Use the settings file in the SPECS directory to generate RPM packages
[root@localhost ~]# rpmbuild -ba /root/rpmbuild/SPECS/httpd.spec
# -The ba option means to compile and generate RPM binary package and SRPM source package at the same time. You can also use the - bb option here to generate only RPM binary packages.

After the command is executed, BUILD, RPMS, SOURCES, SPECS and SRPMS directories will be generated in the / root/rpmbuild / directory. The RPM package will be placed in the RPMS directory, and the SRPM package will be generated in the SRPMS directory

VII. Rebuild RPM database

1. Introduction to common damage

Not all user operations are "playing cards according to common sense". For example, misoperations such as forced exit of RPM package during upgrade and accidental interruption of RPM package installation may cause failure of RPM database. The consequence is that when installing, deleting and querying software package, the request cannot be executed

Rebuild RPM database

# Delete the damaged RPM database in the current system and execute the following command:
[root@localhost ~]# rm -f /var/lib/rpm/_db.*

# To rebuild the RPM database, execute the following command:
[root@localhost -]# rpm -rebuilddb  # This step will take some time to complete

2. More serious situation

In addition to the crash of RPM database caused by user misoperation, some hackers will change the RPM database after invading the system to avoid problems detected by the system administrator through the RPM package verification function. In theory, once the system is "patronized" by hackers, any operation will not be trusted.

In this case, we can detect the file according to the following steps

# For the file or command to be verified, find which software package it belongs to, as shown in the following command:
[root@localhost ~]# rpm -qf/etc/rc.d/init.d/smb
samba-3.0.23c-2

# Use the - dump option to view the information of each file, and use the grep command to extract the corresponding file information:
[root@localhost ~]# rpm -ql -dump samba|grep /etc/rc.d/init.d/smb
/etc/rc.d/init.d/smb 2087 1157165946 b1c26e5292157a83cadabe851bf9b2f9 0100755 root root 1 0 0X

# In this message:
"2087"express smb The initial number of characters in the file
"b1c26e5292157a83cadabe851bf9b2f9"express smb Document MD5 Check value
"0755 root root"Indicates the permission, owner and group of the file.
# Check the actual file and judge whether the file has been changed by comparing the file size, owner, group, permission, MD5 check value and other data:
[root@localhost ~]# ls -l /etc/rc.d/init.d/smb
-rwxr-xr-x 1 root root 2087 Sep 2 2006/etc/rc.d/init.d/smb
[root@localhost ~]# md5sum /etc/rc.d/init.d/smb
b1c26e5292157a83cadabe851bf9b2f9 /etc/rc.d/init.d/smb

# The above verification results show that / etc / rc d/init. The information of the D / SMB file is consistent with the information obtained through the RPM QL dump Samba command, so it can be concluded that the file has not been invaded or changed.

If you are sure that the RPM database has been modified, check it based on the Samba RPM file obtained from the CD or other trusted source.

[root@localhost~]# rpm -ql --dump -p /mnt/cdrom/Fedora/RPMS/samba-3.0.23c-2.i386.rpm | grep /etc/rc.d/init.d/smb
warning: samba-3.0.23c-2.i386.rpm: Header V3 DSA signature: NOKEY, key ID 412a&62
/etc/rc.d/init.d/smb 2087 1157165946 b1c26e5292157a83cadabe851 bf9b2f9 0100755 root root 1 0 0 X

# If the result obtained is different from the command result based on RPM database, it indicates that the RPM database has been changed. It is necessary to correct file errors and system vulnerabilities and rebuild the RPM database.

VIII. RPM package dependency (including solutions)

The dependency of RPM software package (including SRPM package) is mainly reflected in the installation and uninstallation of RPM package

# If the Linux system is installed in the most basic way (basic server mode), gcc software is not installed and needs to be installed manually.
# When you use the RPM command to install the RPM package of gcc software, a dependency error occurs
[root@localhost ~]# rpm -ivh /mnt/cdrom/Packages/ gcc-4.4.6-4.el6.i686.rpm
error: Failed dependencies: <―Dependency error
cloog-ppi >= 0.15 is needed by gcc-4.4.6-4.el6.i686
cpp = 4.4.6-4.el6 is needed by gcc-4.4.6-4.el6.i686
glibc-devel >= 2.2.90-12 is needed by gcc-4.4.6-4.el6.i686

# The error message prompts us that if you want to install gcc, you need to install cloog ppl, cpp and glibc devel first, which reflects the dependency of RPM package.

In addition, the version requirements of each dependent software will be clearly given in the error message:
">=": Indicates that the version should be greater than or equal to the displayed version;
"<=": Indicates that the version should be less than or equal to the displayed version;
"=": Indicates that the version should be equal to the displayed version;

In Linux system, the dependencies between RPM packages can be roughly divided into the following three types:

  1. Tree dependency (A-B-C-D): to install software A, you must install B first, and to install B, you need to install C first The method to solve this type of dependency is to install from back to front, that is, install D first, then install C, then install B, and finally install software A.
  2. Ring dependency (A-B-C-D-A): the dependency of each software installation constitutes A "ring". The solution to this type of dependency is to install all software packages at the same time with one command, that is, use rpm -ivh package A package B.
  3. Model dependency: software package installation requires the help of some files of other software packages (such as library files). The most direct way to solve module dependency is through http://www.rpmfind.net Find the package containing this file on the website and install it.

Keywords: Linux Operation & Maintenance server

Added by rgriffin3838 on Fri, 14 Jan 2022 11:51:46 +0200