From Segfault
Jump to: navigation, search


The RPM Package Manager (formerly known as the Red Hat Package Manager).

RPM database recovery

Sometimes RPM transactions can fail horribly (especially in ENOSPC[1] situations):

Error: Subprocess failed. Error: RPM failed: error: rpmdb: Packages page 3014 is on free list with type 7
error: rpmdb: PANIC: Invalid argument
error: db4 error(-30974) from dbcursor->c_put: DB_RUNRECOVERY: Fatal error, run database recovery
error: error(-30974) adding header #1701 record
error: rpmdb: PANIC: fatal region error detected; run recovery
error: db4 error(-30974) from db->sync: DB_RUNRECOVERY: Fatal error, run database recovery
error: rpmdb: PANIC: fatal region error detected; run recovery
error: db4 error(-30974) from dbcursor->c_close: DB_RUNRECOVERY: Fatal error, run database recovery

The following commands could help, in that order:

sudo rm /var/lib/rpm/__db*
sudo rpm --rebuilddb
sudo dnf clean all

RPM keys

Install PGP keys for RPM:

gpg --recv-keys KEYID
gpg --export --armor KEYID > foo
rpm --import foo && rm -f

Remove a specific RPM key:

$ rpm -q gpg-pubkey

$ rpm --erase --allmatches gpg-pubkey-6b8d79e6-3f49313d


rpmorphan tries to find forgotten or unused packages.

After a system upgrade, list forgotten packages that were installed before the upgrade:

rpmorphan --all --install-time +14

List packages that are not used:

rpmorphan --all --access-time +14

Find packages that no other package depends on:

rpmorphan -guess-all


Some rpm queries:[2].

Printing (and sorting) by package size:[3]

$ rpm -qa --queryformat="%{name}-%{version}-%{release} %{size}\n"        | sort -nk2 | tail | awk '{print $1, $NF/1024/1024, "MB"}'
kernel-PAE-core-4.3.3-300.fc23 50.0091 MB
kernel-PAE-core-4.3.3-303.fc23 50.0102 MB
mariadb-server-10.0.21-1.fc23 81.6 MB
linux-firmware-20151214-60.gitbbe4917c.fc23 89.9443 MB
glibc-common-2.22-7.fc23 119.306 MB

Printing (and sorting) by install date:[4]

$ rpm -qa --queryformat="%{name}-%{version}-%{release} %{installtime}\n" | sort -nk2 | tail | awk '{print $1, strftime("%F", $2)}'
mbedtls-devel-2.2.1-1.fc23 2016-03-05
checksec-1.5-5.fc23 2016-03-06
gpg-pubkey-26a76d7d-56dbb263 2016-03-06
haveged-1.9.1-4.fc23 2016-03-06
gatling-cvs-1.fc23 2016-03-06


With Fedora 22, the switch to DNF ("Dandified Yum") was made.


DNF copies many Yum commands and provides some more. I.e. instead of installing yum-utils, dnf provides this functionality out of the box[5], resp. with its dnf-plugins-core plugin:

package-cleanup --dupes dnf repoquery --duplicated
package-cleanup --leaves dnf list autoremove
package-cleanup --orphans dnf list extras
package-cleanup --oldkernels dnf repoquery --installonly
package-cleanup --problems dnf repoquery --unsatisfied
package-cleanup --cleandupes dnf remove $(dnf repoquery --duplicated --latest-limit -1 -q)
package-cleanup --oldkernels dnf remove $(dnf repoquery --installonly --latest-limit -3 -q)

The actual package removal is kinda hazy though:

_dnf_filter() { awk '/^[a-z]/ {print $1, $2}' | sed -e "s/.$(arch) /-/;s/.noarch /-/"; }

sudo dnf remove $(dnf list autoremove | _dnf_filter)


Semi-automatic updates of a distribution:

script -c "date && dnf clean all && dnf upgrade -d 1 -y" -a ~/log/dnf.log

Note: we're using --debuglevel=1 to omit the progress bars[6] when dnf downloads packages.

Automatic updates

Starting with Fedora 22, automatic updates can be enabled via the dnf-automatic package:

sudo dnf install dnf-automatic

Configuration options:

$ grep ^[\[a-z] /etc/dnf/automatic.conf
upgrade_type = default
random_sleep = 300
download_updates = yes
apply_updates = yes

emit_via = email,stdio
output_width = 80

email_from = root@foobar.example.org
email_to = root@example.org
email_host = mailhub.example.org

debuglevel = 1

Enable the timer:

sudo systemctl enable dnf-automatic.timer && sudo systemctl start dnf-automatic.timer

List timers with:

$ systemctl list-timers
NEXT                         LEFT               LAST                         PASSED       UNIT                ACTIVATES
Fri 2015-10-09 16:11:06 PDT  3 weeks 2 days ago Mon 2015-11-02 07:03:47 PST  1min 19s ago dnf-automatic.timer dnf-automatic.service
Mon 2015-11-02 07:49:13 PST  44min left         n/a                          n/a          dnf-makecache.timer dnf-makecache.service


As yum-plugin-changelog has not been ported to DNF yet[7][8], we can try to use the following commands[9] instead:

dnf --refresh updateinfo info                            # show detailed information
dnf --refresh updateinfo list                            # show list of advisories


Much like the hold function in dpkg, dnf allows to lock certain packages to not get updated[10], e.g. when a newer version is known to be broken and we don't want to update just yet.


$ dnf install python3-dnf-plugins-extras-versionlock
$ dnf versionlock add kernel-PAE-core-4.8.8-200.fc24.i686 kernel-PAE-modules-4.8.8-200.fc24.i686 

$ dnf versionlock list


The Yum Package Manager ("yellowdog updater modified") is was[11] the default package manager for RedHat and Fedora distributions.

With Fedora 22, the switch to DNF was made.


The equivalent of deborphan for Debian based distributions, from yum-utils:

yum remove `package-cleanup --quiet --leaves`

List & remove old kernels:

package-cleanup --oldkernels

With --orphans, it will list packages that are not available from the configured repositories:

package-cleanup --orphans
yum list extras                        # May provide better output

Scan for dependency problems, duplicates:

package-cleanup --problems
package-cleanup --dupes


Semi-automatic updates of a distribution:

script -c "date && dnf clean all && dnf upgrade -d 1 -y" -a ~/log/dnf.log

Note: we're using --debuglevel=1 to omit the progress bars[12] when dnf downloads packages.


While apt-listchanges is available for Apt-get, yum has yum-changelog

$ yum install yum-changelog                         # May be called yum-plugin-changelog in Fedora
$ grep ^[a-z] /etc/yum/pluginconf.d/changelog.conf

yum test

To do a dry run of an installation[13], one has to install a plugin for that to happen:

yum install yum-tsflags

After it's enabled in /etc/yum/pluginconf.d/tsflags.conf, try:

$ yum --tsflags="test" install xz
xz                                    i386

Installing for dependencies:
xz-libs                               i386

Transaction Summary
Install       2 Package(s)
Upgrade       0 Package(s)
Is this ok [y/N]: y

An lo and behold, no packages were actually installed:

$ rpm -q xz xz-libs
package xz is not installed
package xz-libs is not installed


Almost every time yum is used, it tries to updates its metadata cache[14]. We'd like to do this manually every now and then, but yum should just stop doing this by itself - or at least way less often:

$ grep ^metadata /etc/yum.conf 
metadata_expire=7d                          # Default was "90m"


Zypper is the package management software used in SLES and openSUSE distributions.


AFAIK there's no such thing yet. Only remotely similar requests for this:


The closest equivalent would be:

$ zypper packages --orphaned                                     # Also: --unneeded
Loading repository data...
Reading installed packages...
S | Repository | Name                | Version    | Arch
i | @System    | boost-license1_58_0 | 1.58.0-3.4 | noarch
i | @System    | boost-license1_59_0 | 1.59.0-4.1 | noarch
i | @System    | cpp48               | 4.8.5-1.1  | x86_64
i | @System    | libcloog-isl4       | 0.18.1-4.4 | x86_64
i | @System    | libisl13            | 0.14-1.21  | x86_64

Which is a pain to remove, but let's try anyway:

zypper remove --clean-deps $(zypper packages --orphaned | awk '$5 ~ /^[a-z]/ {print $5"-"$7}')

In earlier Zypper versions[15], the closest thing was to install rpmorphan or package-cleanup and use that to remove orphaned packages:

zypper remove --clean-deps $(package-cleanup -q --leaves)

Note: package-cleanup was really built for Yum, not for Zypper and may fail at certain operations!

Remove old kernel packages:

zypper remove $(rpm -qf $(ls -d /lib/modules/* | grep -v $(uname -r)))

Apparently this is not needed anymore as newer installations have a purge-kernels service installed:

$ grep ^mult /etc/zypp/zypp.conf 
multiversion = provides:multiversion(kernel)
multiversion.kernels = latest,latest-1,running

$ systemctl status purge-kernels.service
● purge-kernels.service - Purge old kernels
   Loaded: loaded (/usr/lib/systemd/system/purge-kernels.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Wed 2018-05-16 02:11:00 EDT; 3min 45s ago
  Process: 691 ExecStart=/sbin/purge-kernels (code=exited, status=0/SUCCESS)
  Process: 654 ExecStartPre=/bin/rm -f /boot/do_purge_kernels (code=exited, status=0/SUCCESS)
 Main PID: 691 (code=exited, status=0/SUCCESS)