Before using any RPM packages, you must know where to find them. An Internet search returns many RPM repositories, but if you are looking for RPM packages built by Red Hat, they can be found at the following locations:

RPM packages typically have file names like foo-1.0-1.i386.rpm. The file name includes the package name (foo), version (1.0), release (1), and architecture (i386). To install a package, log in as root and type the following command at a shell prompt:

rpm -Uvh foo-1.0-1.i386.rpm

If the installation is successful, the following output is displayed:

Preparing...                ########################################### [100%]   
   1:foo                    ########################################### [100%]

As you can see, RPM prints out the name of the package and then prints a succession of hash marks as a progress meter while the package is installed.

The signature of a package is checked automatically when installing or upgrading a package. The signature confirms that the package was signed by an authorized party. For example, if the verification of the signature fails, an error message such as the following is displayed:

error: V3 DSA signature: BAD, key ID 0352860f

If it is a new, header-only, signature, an error message such as the following is displayed:

error: Header V3 DSA signature: BAD, key ID 0352860f

If you do not have the appropriate key installed to verify the signature, the message contains the word NOKEY such as:

warning: V3 DSA signature: NOKEY, key ID 0352860f

Refer to Section 10.3, “Checking a Package's Signature” for more information on checking a package's signature.

Preparing...                ########################################### [100%] 
package foo-1.0-1 is already installed

rpm -ivh --replacepkgs foo-1.0-1.i386.rpm

Preparing...                ########################################### [100%] 
file /usr/bin/foo from install of foo-1.0-1 conflicts with file from package bar-2.0.20

rpm -ivh --replacefiles foo-1.0-1.i386.rpm

error: Failed dependencies:
        bar.so.2 is needed by foo-1.0-1     
Suggested resolutions:
	bar-2.0.20-3.i386.rpm

rpm -ivh foo-1.0-1.i386.rpm bar-2.0.20-3.i386.rpm

Preparing...                ########################################### [100%]    
   1:foo                    ########################################### [ 50%]    
   2:bar                    ########################################### [100%]

rpm -q --redhatprovides bar.so.2

bar-2.0.20-3.i386.rpm

Uninstalling a package is just as simple as installing one. Type the following command at a shell prompt:

rpm -e foo

You can encounter a dependency error when uninstalling a package if another installed package depends on the one you are trying to remove. For example:

error: Failed dependencies:         
	foo is needed by (installed) bar-2.0.20-3.i386.rpm

To make RPM ignore this error and uninstall the package anyway (which may break the package dependent on it) use the --nodeps option.

Upgrading a package is similar to installing one. Type the following command at a shell prompt:

rpm -Uvh foo-2.0-1.i386.rpm

As part of upgrading a package, RPM automatically uninstalls any old versions of the foo package. Note that -U will also install a package even when there are no previous versions of the package installed.

Because RPM performs intelligent upgrading of packages with configuration files, you may see a message like the following:

saving /etc/foo.conf as /etc/foo.conf.rpmsave

This message means that changes you made to the configuration file may not be forward compatible with the new configuration file in the package, so RPM saved your original file and installed a new one. You should investigate the differences between the two configuration files and resolve them as soon as possible, to ensure that your system continues to function properly.

If you attempt to upgrade to a package with an older version number (that is, if a more updated version of the package is already installed), the output is similar to the following:

package foo-2.0-1 (which is newer than foo-1.0-1) is already installed

To force RPM to upgrade anyway, use the --oldpackage option:

rpm -Uvh --oldpackage foo-1.0-1.i386.rpm

Freshening is similar to upgrading, except that only existent packages are upgraded. Type the following command at a shell prompt:

rpm -Fvh foo-1.2-1.i386.rpm

RPM's freshen option checks the versions of the packages specified on the command line against the versions of packages that have already been installed on your system. When a newer version of an already-installed package is processed by RPM's freshen option, it is upgraded to the newer version. However, RPM's freshen option does not install a package if no previously-installed package of the same name exists. This differs from RPM's upgrade option, as an upgrade does install packages whether or not an older version of the package was already installed.

Freshening works for single packages or package groups. If you have just downloaded a large number of different packages, and you only want to upgrade those packages that are already installed on your system, freshening does the job. Thus, you do not have to delete any unwanted packages from the group that you downloaded before using RPM.

In this case, issue the following command:

rpm -Fvh *.rpm

RPM automatically upgrades only those packages that are already installed.

The RPM database stores information about all RPM packages installed in your system. It is stored in the directory /var/lib/rpm/, and is used to query what packages are installed, what versions each package is, and any changes to any files in the package since installation, among others.

To query this database, use the -q option. The rpm -q package name command displays the package name, version, and release number of the installed package package name. For example, using rpm -q foo to query installed package foo might generate the following output:

foo-2.0-1

You can also use the following Package Selection Options with -q to further refine or qualify your query:

There are a number of ways to specify what information to display about queried packages. The following options are used to select the type of information for which you are searching. These are called Information Query Options.

For options that display lists of files, add -v to the command to display the lists in a familiar ls -l format.

Verifying a package compares information about files installed from a package with the same information from the original package. Among other things, verifying compares the size, MD5 sum, permissions, type, owner, and group of each file.

The command rpm -V verifies a package. You can use any of the Package Verify Options listed for querying to specify the packages you wish to verify. A simple use of verifying is rpm -V foo, which verifies that all the files in the foo package are as they were when they were originally installed. For example:

If everything verified properly, there is no output. If there are any discrepancies, they are displayed. The format of the output is a string of eight characters (a c denotes a configuration file) and then the file name. Each of the eight characters denotes the result of a comparison of one attribute of the file to the value of that attribute recorded in the RPM database. A single period (.) means the test passed. The following characters denote specific discrepancies:

If you see any output, use your best judgment to determine if you should remove the package, reinstall it, or fix the problem in another way.