Chapter 9. Yum

Yum is the Red Hat package manager that is able to query for information about available packages, fetch packages from repositories, install and uninstall them, and update an entire system to the latest available version. Yum performs automatic dependency resolution when updating, installing, or removing packages, and thus is able to automatically determine, fetch, and install all available dependent packages.
Yum can be configured with new, additional repositories, or package sources, and also provides many plug-ins which enhance and extend its capabilities. Yum is able to perform many of the same tasks that RPM can; additionally, many of the command-line options are similar. Yum enables easy and simple package management on a single machine or on groups of them.
The following sections assume your system was registered with Red Hat Subscription Management during installation as described in the Red Hat Enterprise Linux 7 Installation Guide. If your system is not subscribed, see Chapter 7, Registering the System and Managing Subscriptions.


Yum provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (package sources), or for individual repositories. When signature verification is enabled, yum will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the RPM packages you download and install on your system are from a trusted source, such as Red Hat, and were not modified during transfer. See Section 9.5, “Configuring Yum and Yum Repositories” for details on enabling signature-checking with yum.
Yum also enables you to easily set up your own repositories of RPM packages for download and installation on other machines. When possible, yum uses parallel download of multiple packages and metadata to speed up downloading.
Learning yum is a worthwhile investment because it is often the fastest way to perform system administration tasks, and it provides capabilities beyond those provided by the PackageKit graphical package management tools.


You must have superuser privileges in order to use yum to install, update or remove packages on your system. All examples in this chapter assume that you have already obtained superuser privileges by using either the su or sudo command.

9.1. Checking For and Updating Packages

Yum enables you to check if your system has any updates waiting to be applied. You can list packages that need to be updated and update them as a whole, or you can update a selected individual package.

9.1.1. Checking For Updates

To see which installed packages on your system have updates available, use the following command:
yum check-update

Example 9.1. Example output of the yum check-update command

The output of yum check-update can look as follows:
~]# yum check-update
Loaded plugins: product-id, search-disabled-repos, subscription-manager
dracut.x86_64                         033-360.el7_2      rhel-7-server-rpms
dracut-config-rescue.x86_64           033-360.el7_2      rhel-7-server-rpms
kernel.x86_64                         3.10.0-327.el7     rhel-7-server-rpms
rpm.x86_64                            4.11.3-17.el7      rhel-7-server-rpms
rpm-libs.x86_64                       4.11.3-17.el7      rhel-7-server-rpms
rpm-python.x86_64                     4.11.3-17.el7      rhel-7-server-rpms
yum.noarch                            3.4.3-132.el7      rhel-7-server-rpms
The packages in the above output are listed as having updates available. The first package in the list is dracut. Each line in the example output consists of several rows, in case of dracut:
  • dracut — the name of the package,
  • x86_64 — the CPU architecture the package was built for,
  • 033 — the version of the updated package to be installed,
  • 360.el7 — the release of the updated package,
  • _2 — a build version, added as part of a z-stream update,
  • rhel-7-server-rpms — the repository in which the updated package is located.
The output also shows that we can update the kernel (the kernel package), yum and RPM themselves (the yum and rpm packages), as well as their dependencies (such as the rpm-libs, and rpm-python packages), all using the yum command.

9.1.2. Updating Packages

You can choose to update a single package, multiple packages, or all packages at once. If any dependencies of the package or packages you update have updates available themselves, then they are updated too.

Updating a Single Package

To update a single package, run the following command as root:
yum update package_name

Example 9.2. Updating the rpm package

To update the rpm package, type:
~]# yum update rpm
Loaded plugins: langpacks, product-id, subscription-manager
Updating Red Hat repositories.
INFO:rhsm-app.repolib:repos updated: 0
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package rpm.x86_64 0:4.11.1-3.el7 will be updated
--> Processing Dependency: rpm = 4.11.1-3.el7 for package: rpm-libs-4.11.1-3.el7.x86_64
--> Processing Dependency: rpm = 4.11.1-3.el7 for package: rpm-python-4.11.1-3.el7.x86_64
--> Processing Dependency: rpm = 4.11.1-3.el7 for package: rpm-build-4.11.1-3.el7.x86_64
---> Package rpm.x86_64 0:4.11.2-2.el7 will be an update
--> Running transaction check
--> Finished Dependency Resolution

Dependencies Resolved
 Package                   Arch        Version         Repository       Size
 rpm                       x86_64      4.11.2-2.el7    rhel            1.1 M
Updating for dependencies:
 rpm-build                 x86_64      4.11.2-2.el7    rhel            139 k
 rpm-build-libs            x86_64      4.11.2-2.el7    rhel             98 k
 rpm-libs                  x86_64      4.11.2-2.el7    rhel            261 k
 rpm-python                x86_64      4.11.2-2.el7    rhel             74 k

Transaction Summary
Upgrade  1 Package (+4 Dependent packages)

Total size: 1.7 M
Is this ok [y/d/N]:
This output contains several items of interest:
  1. Loaded plugins: langpacks, product-id, subscription-manager — Yum always informs you which yum plug-ins are installed and enabled. See Section 9.6, “Yum Plug-ins” for general information on yum plug-ins, or Section 9.6.3, “Working with Yum Plug-ins” for descriptions of specific plug-ins.
  2. rpm.x86_64 — you can download and install a new rpm package as well as its dependencies. Transaction check is performed for each of these packages.
  3. Yum presents the update information and then prompts you for confirmation of the update; yum runs interactively by default. If you already know which transactions the yum command plans to perform, you can use the -y option to automatically answer yes to any questions that yum asks (in which case it runs non-interactively). However, you should always examine which changes yum plans to make to the system so that you can easily troubleshoot any problems that might arise. You can also choose to download the package without installing it. To do so, select the d option at the download prompt. This launches a background download of the selected package.
    If a transaction fails, you can view yum transaction history by using the yum history command as described in Section 9.4, “Working with Transaction History”.


Yum always installs a new kernel regardless of whether you are using the yum update or yum install command.
When using RPM, on the other hand, it is important to use the rpm -i kernel command which installs a new kernel instead of rpm -u kernel which replaces the current kernel.
Similarly, it is possible to update a package group. Type as root:
yum group update group_name
Here, replace group_name with a name of the package group you want to update. For more information on package groups, see Section 9.3, “Working with Package Groups”.
Yum also offers the upgrade command that is equal to update with enabled obsoletes configuration option (see Section 9.5.1, “Setting [main] Options”). By default, obsoletes is turned on in /etc/yum.conf, which makes these two commands equivalent.

Updating All Packages and Their Dependencies

To update all packages and their dependencies, use the yum update command without any arguments:
yum update
If packages have security updates available, you can update only these packages to their latest versions. Type as root:
yum update --security
You can also update packages only to versions containing the latest security updates. Type as root:
yum update-minimal --security
For example, assume that:
  • the kernel-3.10.0-1 package is installed on your system;
  • the kernel-3.10.0-2 package was released as a security update;
  • the kernel-3.10.0-3 package was released as a bug fix update.
Then yum update-minimal --security updates the package to kernel-3.10.0-2, and yum update --security updates the package to kernel-3.10.0-3.

Automating Package Updating

To refresh the package database and download updates automatically, you can use the yum-cron service. For more information, see Section 9.7, “Automatically Refreshing Package Database and Downloading Updates with Yum-cron”.

9.1.3. Upgrading the System Off-line with ISO and Yum

For systems that are disconnected from the Internet or Red Hat Network, using the yum update command with the Red Hat Enterprise Linux installation ISO image is an easy and quick way to upgrade systems to the latest minor version. The following steps illustrate the upgrading process:
  1. Create a target directory to mount your ISO image. This directory is not automatically created when mounting, so create it before proceeding to the next step. As root, type:
    mkdir mount_dir
    Replace mount_dir with a path to the mount directory. Typically, users create it as a subdirectory in the /media directory.
  2. Mount the Red Hat Enterprise Linux 7 installation ISO image to the previously created target directory. As root, type:
    mount -o loop iso_name mount_dir
    Replace iso_name with a path to your ISO image and mount_dir with a path to the target directory. Here, the -o loop option is required to mount the file as a block device.
  3. Copy the media.repo file from the mount directory to the /etc/yum.repos.d/ directory. Note that configuration files in this directory must have the .repo extension to function properly.
    cp mount_dir/media.repo /etc/yum.repos.d/new.repo
    This creates a configuration file for the yum repository. Replace new.repo with the filename, for example rhel7.repo.
  4. Edit the new configuration file so that it points to the Red Hat Enterprise Linux installation ISO. Add the following line into the /etc/yum.repos.d/new.repo file:
    Replace mount_dir with a path to the mount point.
  5. Update all yum repositories including /etc/yum.repos.d/new.repo created in previous steps. As root, type:
    yum update
    This upgrades your system to the version provided by the mounted ISO image.
  6. After successful upgrade, you can unmount the ISO image. As root, type:
    umount mount_dir
    where mount_dir is a path to your mount directory. Also, you can remove the mount directory created in the first step. As root, type:
    rmdir mount_dir
  7. If you will not use the previously created configuration file for another installation or update, you can remove it. As root, type:
    rm /etc/yum.repos.d/new.repo

Example 9.3. Upgrading from Red Hat Enterprise Linux 7.0 to 7.1

If required to upgrade a system without access to the Internet using an ISO image with the newer version of the system, called for example rhel-server-7.1-x86_64-dvd.iso, create a target directory for mounting, such as /media/rhel7/. As root, change into the directory with your ISO image and type:
~]# mount -o loop rhel-server-7.1-x86_64-dvd.iso /media/rhel7/
Then set up a yum repository for your image by copying the media.repo file from the mount directory:
~]# cp /media/rhel7/media.repo /etc/yum.repos.d/rhel7.repo
To make yum recognize the mount point as a repository, add the following line into the /etc/yum.repos.d/rhel7.repo copied in the previous step:
Now, updating the yum repository will upgrade your system to a version provided by rhel-server-7.1-x86_64-dvd.iso. As root, execute:
~]# yum update
When your system is successfully upgraded, you can unmount the image, remove the target directory and the configuration file:
~]# umount /media/rhel7/
~]# rmdir /media/rhel7/
~]# rm /etc/yum.repos.d/rhel7.repo