From Segfault
Jump to navigation Jump to search


The RPM Package Manager (formerly known as the Red Hat Package Manager).

RPM database recovery

Sometimes RPM transactions can fail horribly (especially in ENOSPC[1] situations):

Error: Subprocess failed. Error: RPM failed: error: rpmdb: Packages page 3014 is on free list with type 7
error: rpmdb: PANIC: Invalid argument
error: db4 error(-30974) from dbcursor->c_put: DB_RUNRECOVERY: Fatal error, run database recovery
error: error(-30974) adding header #1701 record
error: rpmdb: PANIC: fatal region error detected; run recovery
error: db4 error(-30974) from db->sync: DB_RUNRECOVERY: Fatal error, run database recovery
error: rpmdb: PANIC: fatal region error detected; run recovery
error: db4 error(-30974) from dbcursor->c_close: DB_RUNRECOVERY: Fatal error, run database recovery

The following commands could help, in that order:

sudo rm /var/lib/rpm/__db*
sudo rpm --rebuilddb
sudo dnf clean all

RPM keys

Install PGP keys for RPM:

gpg --recv-keys KEYID
gpg --export --armor KEYID > foo
rpm --import foo && rm -f

Remove a specific RPM key:

$ rpm -q gpg-pubkey

$ rpm --erase --allmatches gpg-pubkey-6b8d79e6-3f49313d


rpmorphan tries to find forgotten or unused packages.

After a system upgrade, list forgotten packages that were installed before the upgrade:

rpmorphan --all --install-time +14

List packages that are not used:

rpmorphan --all --access-time +14

Find packages that no other package depends on:

rpmorphan -guess-all


List all installed packages, but only its package name:

rpm -qa --qf "%{NAME}\n" | sort

Similarily, but with DNF:

dnf repoquery --queryformat %{name} --userinstalled             # dnf history userinstalled would show version numbers too.

Some rpm queries:[2].

Printing (and sorting) by package size:[3]

$ rpm -qa --queryformat="%{name}-%{version}-%{release} %{size}\n"        | sort -nk2 | awk '{print $1, $NF/1024/1024, "MB"}' | tail
kernel-PAE-core-4.3.3-300.fc23 50.0091 MB
kernel-PAE-core-4.3.3-303.fc23 50.0102 MB
mariadb-server-10.0.21-1.fc23 81.6 MB
linux-firmware-20151214-60.gitbbe4917c.fc23 89.9443 MB
glibc-common-2.22-7.fc23 119.306 MB

Printing (and sorting) by install date:[4]

$ rpm -qa --queryformat="%{name}-%{version}-%{release} %{installtime}\n" | sort -nk2 | awk '{print $1, strftime("%F", $2)}' | tail
mbedtls-devel-2.2.1-1.fc23 2016-03-05
checksec-1.5-5.fc23 2016-03-06
gpg-pubkey-26a76d7d-56dbb263 2016-03-06
haveged-1.9.1-4.fc23 2016-03-06
gatling-cvs-1.fc23 2016-03-06


With Fedora 22, the switch to DNF ("Dandified Yum") was made.


DNF copies many Yum commands and provides some more. I.e. instead of installing yum-utils, dnf provides this functionality out of the box[5], resp. with its dnf-plugins-core plugin:

package-cleanup --dupes dnf repoquery --duplicates
package-cleanup --leaves dnf list autoremove[6]
package-cleanup --orphans dnf list extras
package-cleanup --oldkernels dnf repoquery --installonly
package-cleanup --problems dnf repoquery --unsatisfied


Semi-automatic updates of a distribution:

script -c "date && dnf clean all && dnf upgrade -d 1 -y" -a ~/log/dnf.log

Note: we're using --debuglevel=1 to omit the progress bars[7] when dnf downloads packages.

Automatic updates

Starting with Fedora 22, automatic updates can be enabled via the dnf-automatic package:

sudo dnf install dnf-automatic

Configuration options:

$ grep ^[\[a-z] /etc/dnf/automatic.conf
upgrade_type = default
random_sleep = 300
download_updates = yes
apply_updates = yes

emit_via = email,stdio
output_width = 80

email_from = root@foobar.example.org
email_to = root@example.org
email_host = mailhub.example.org

debuglevel = 1

Enable the timer:

sudo systemctl enable dnf-automatic.timer && sudo systemctl start dnf-automatic.timer

List timers with:

$ systemctl list-timers
NEXT                         LEFT               LAST                         PASSED       UNIT                ACTIVATES
Fri 2015-10-09 16:11:06 PDT  3 weeks 2 days ago Mon 2015-11-02 07:03:47 PST  1min 19s ago dnf-automatic.timer dnf-automatic.service
Mon 2015-11-02 07:49:13 PST  44min left         n/a                          n/a          dnf-makecache.timer dnf-makecache.service


As yum-plugin-changelog has not been ported to DNF yet[8][9], we can try to use the following commands[10] instead:

dnf --refresh updateinfo info                                                             # show detailed information
dnf --refresh updateinfo list                                                             # show list of advisories


Much like the hold function in dpkg, dnf allows to lock certain packages to not get updated[11], e.g. when a newer version is known to be broken and we don't want to update just yet.


$ dnf install python3-dnf-plugins-extras-versionlock
$ dnf versionlock add kernel-PAE-core-4.8.8-200.fc24.i686 kernel-PAE-modules-4.8.8-200.fc24.i686 

$ dnf versionlock list


The Yum Package Manager ("yellowdog updater modified") is was[12] the default package manager for RedHat and Fedora distributions.

With Fedora 22, the switch to DNF was made.


The equivalent of deborphan for Debian based distributions, from yum-utils:

yum remove `package-cleanup --quiet --leaves`

List & remove old kernels:

package-cleanup --oldkernels

With --orphans, it will list packages that are not available from the configured repositories:

package-cleanup --orphans
yum list extras                                                                           # May provide better output

Scan for dependency problems, duplicates:

package-cleanup --problems
package-cleanup --dupes


Semi-automatic updates of a distribution:

script -c "date && dnf clean all && dnf upgrade -d 1 -y" -a ~/log/dnf.log

Note: we're using --debuglevel=1 to omit the progress bars[13] when dnf downloads packages.


While apt-listchanges is available for Apt-get, yum has yum-changelog

$ yum install yum-changelog                                                               # May be called yum-plugin-changelog in Fedora
$ grep ^[a-z] /etc/yum/pluginconf.d/changelog.conf

yum test

To do a dry run of an installation[14], one has to install a plugin for that to happen:

yum install yum-tsflags

After it's enabled in /etc/yum/pluginconf.d/tsflags.conf, try:

$ yum --tsflags="test" install xz
xz                                    i386

Installing for dependencies:
xz-libs                               i386

Transaction Summary
Install       2 Package(s)
Upgrade       0 Package(s)
Is this ok [y/N]: y

An lo and behold, no packages were actually installed:

$ rpm -q xz xz-libs
package xz is not installed
package xz-libs is not installed


Almost every time yum is used, it tries to updates its metadata cache[15]. We'd like to do this manually every now and then, but yum should just stop doing this by itself - or at least way less often:

$ grep ^metadata /etc/yum.conf 
metadata_expire=7d                                                                        # Default was "90m"


Zypper is the package management software used in SLES and openSUSE distributions.


AFAIK there's no such thing yet. Only remotely similar requests for this:


The closest equivalent would be:

$ zypper packages --orphaned                                                              # Also: --unneeded
Loading repository data...
Reading installed packages...
S | Repository | Name                | Version    | Arch
i | @System    | boost-license1_58_0 | 1.58.0-3.4 | noarch
i | @System    | boost-license1_59_0 | 1.59.0-4.1 | noarch
i | @System    | cpp48               | 4.8.5-1.1  | x86_64
i | @System    | libcloog-isl4       | 0.18.1-4.4 | x86_64
i | @System    | libisl13            | 0.14-1.21  | x86_64

Which is a pain to remove, but let's try anyway:

zypper remove --clean-deps $(zypper packages --orphaned | awk '$5 ~ /^[a-z]/ {print $5"-"$7}')

In earlier Zypper versions[16], the closest thing was to install rpmorphan or package-cleanup and use that to remove orphaned packages:

zypper remove --clean-deps $(package-cleanup -q --leaves)

Note: package-cleanup was really built for Yum, not for Zypper and may fail at certain operations!

Remove old kernel packages:

zypper remove $(rpm -qf $(ls -d /lib/modules/* | grep -v $(uname -r)))

Apparently this is not needed anymore as newer installations have a purge-kernels service installed:

$ grep ^mult /etc/zypp/zypp.conf 
multiversion = provides:multiversion(kernel)
multiversion.kernels = latest,latest-1,running

$ systemctl status purge-kernels.service
● purge-kernels.service - Purge old kernels
   Loaded: loaded (/usr/lib/systemd/system/purge-kernels.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Wed 2018-05-16 02:11:00 EDT; 3min 45s ago
  Process: 691 ExecStart=/sbin/purge-kernels (code=exited, status=0/SUCCESS)
  Process: 654 ExecStartPre=/bin/rm -f /boot/do_purge_kernels (code=exited, status=0/SUCCESS)
 Main PID: 691 (code=exited, status=0/SUCCESS)