Chapter 6. Yum

Yum is the Red Hat package manager that is able to query for information about available packages, fetch packages from repositories, install and uninstall them, and update an entire system to the latest available version. Yum performs automatic dependency resolution on packages you are updating, installing, or removing, and thus is able to automatically determine, fetch, and install all available dependent packages.
Yum can be configured with new, additional repositories, or package sources, and also provides many plug-ins which enhance and extend its capabilities. Yum is able to perform many of the same tasks that RPM can; additionally, many of the command line options are similar. Yum enables easy and simple package management on a single machine or on groups of them.

Secure package management with GPG-signed packages

Yum provides secure package management by enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature verification on GPG-signed packages to be turned on for all package repositories (i.e. package sources), or for individual repositories. When signature verification is enabled, Yum will refuse to install any packages not GPG-signed with the correct key for that repository. This means that you can trust that the RPM packages you download and install on your system are from a trusted source, such as Red Hat, and were not modified during transfer. Refer to Section 6.4, “Configuring Yum and Yum Repositories” for details on enabling signature-checking with Yum, or Section B.3, “Checking a Package's Signature” for information on working with and verifying GPG-signed RPM packages in general.
Yum also enables you to easily set up your own repositories of RPM packages for download and installation on other machines.
Learning Yum is a worthwhile investment because it is often the fastest way to perform system administration tasks, and it provides capabilities beyond those provided by the PackageKit graphical package management tools. Refer to Chapter 7, PackageKit for details on using PackageKit.

Yum and superuser privileges

You must have superuser privileges in order to use yum to install, update or remove packages on your system. All examples in this chapter assume that you have already obtained superuser privileges by using either the su or sudo command.

6.1. Checking For and Updating Packages

6.1.1. Checking For Updates

To see which installed packages on your system have updates available, use the following command:
yum check-update
For example:
~]# yum check-update
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
INFO:rhsm-app.repolib:repos updated: 0
PackageKit.x86_64                  0.5.8-2.el6                rhel
PackageKit-glib.x86_64             0.5.8-2.el6                rhel
PackageKit-yum.x86_64              0.5.8-2.el6                rhel
PackageKit-yum-plugin.x86_64       0.5.8-2.el6                rhel
glibc.x86_64                       2.11.90-20.el6             rhel
glibc-common.x86_64                2.10.90-22                 rhel
kernel.x86_64                      2.6.31-14.el6              rhel
kernel-firmware.noarch             2.6.31-14.el6              rhel
rpm.x86_64                         4.7.1-5.el6                rhel
rpm-libs.x86_64                    4.7.1-5.el6                rhel
rpm-python.x86_64                  4.7.1-5.el6                rhel
udev.x86_64                        147-2.15.el6               rhel
yum.noarch                         3.2.24-4.el6               rhel
The packages in the above output are listed as having updates available. The first package in the list is PackageKit, the graphical package manager. The line in the example output tells us:
  • PackageKit — the name of the package
  • x86_64 — the CPU architecture the package was built for
  • 0.5.8 — the version of the updated package to be installed
  • rhel — the repository in which the updated package is located
The output also shows us that we can update the kernel (the kernel package), Yum and RPM themselves (the yum and rpm packages), as well as their dependencies (such as the kernel-firmware, rpm-libs, and rpm-python packages), all using yum.

6.1.2. Updating Packages

You can choose to update a single package, multiple packages, or all packages at once. If any dependencies of the package (or packages) you update have updates available themselves, then they are updated too.

Updating a Single Package

To update a single package, run the following command as root:
yum update package_name
For example, to update the udev package, type:
~]# yum update udev
Loaded plugins: product-id, refresh-packagekit, subscription-manager
Updating Red Hat repositories.
INFO:rhsm-app.repolib:repos updated: 0
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package udev.x86_64 0:147-2.15.el6 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================
 Package       Arch            Version                 Repository     Size
===========================================================================
Updating:
 udev          x86_64          147-2.15.el6            rhel          337 k

Transaction Summary
===========================================================================
Install       0 Package(s)
Upgrade       1 Package(s)

Total download size: 337 k
Is this ok [y/N]:
This output contains several items of interest:
  1. Loaded plugins: product-id, refresh-packagekit, subscription-manageryum always informs you which Yum plug-ins are installed and enabled. Refer to Section 6.5, “Yum Plug-ins” for general information on Yum plug-ins, or to Section 6.5.3, “Plug-in Descriptions” for descriptions of specific plug-ins.
  2. udev.x86_64 — you can download and install new udev package.
  3. yum presents the update information and then prompts you as to whether you want it to perform the update; yum runs interactively by default. If you already know which transactions the yum command plans to perform, you can use the -y option to automatically answer yes to any questions that yum asks (in which case it runs non-interactively). However, you should always examine which changes yum plans to make to the system so that you can easily troubleshoot any problems that might arise.
    If a transaction does go awry, you can view Yum's transaction history by using the yum history command as described in Section 6.3, “Working with Transaction History”.

Updating and installing kernels with Yum

yum always installs a new kernel in the same sense that RPM installs a new kernel when you use the command rpm -i kernel. Therefore, you do not need to worry about the distinction between installing and upgrading a kernel package when you use yum: it will do the right thing, regardless of whether you are using the yum update or yum install command.
When using RPM, on the other hand, it is important to use the rpm -i kernel command (which installs a new kernel) instead of rpm -u kernel (which replaces the current kernel). Refer to Section B.2.2, “Installing and Upgrading” for more information on installing/upgrading kernels with RPM.

Updating All Packages and Their Dependencies

To update all packages and their dependencies, simply enter yum update (without any arguments):
yum update

Updating Security-Related Packages

Discovering which packages have security updates available and then updating those packages quickly and easily is important. Yum provides the plug-in for this purpose. The security plug-in extends the yum command with a set of highly-useful security-centric commands, subcommands and options. Refer to Section 6.5.3, “Plug-in Descriptions” for specific information.

6.1.3. Preserving Configuration File Changes

You will inevitably make changes to the configuration files installed by packages as you use your Red Hat Enterprise Linux system. RPM, which Yum uses to perform changes to the system, provides a mechanism for ensuring their integrity. Refer to Section B.2.2, “Installing and Upgrading” for details on how to manage changes to configuration files across package upgrades.

6.1.4. Upgrading the System Off-line with ISO and Yum

For systems that are disconnected from the Internet or Red Hat Network, using the yum update command with the Red Hat Enterprise Linux installation ISO image is an easy and quick way to upgrade systems to the latest minor version. The following steps illustrate the upgrading process:
  1. Create a target directory to mount your ISO image. This directory is not automatically created when mounting, so create it before proceeding to the next step. As root, type:
    mkdir mount_dir
    Replace mount_dir with a path to the mount directory. Typically, users create it as a subdirectory in the /media/ directory.
  2. Mount the Red Hat Enterprise Linux 6 installation ISO image to the previously created target directory. As root, type:
    mount -o loop iso_name mount_dir
    Replace iso_name with a path to your ISO image and mount_dir with a path to the target directory. Here, the -o loop option is required to mount the file as a block device.
  3. Copy the media.repo file from the mount directory to the /etc/yum.repos.d/ directory. Note that configuration files in this directory must have the .repo extension to function properly.
    cp mount_dir/media.repo /etc/yum.repos.d/new.repo
    This creates a configuration file for the yum repository. Replace new.repo with the filename, for example rhel6.repo.
  4. Edit the new configuration file so that it points to the Red Hat Enterprise Linux installation ISO. Add the following line into the /etc/yum.repos.d/new.repo file:
    baseurl=file://mount_dir
    Replace mount_dir with a path to the mount point.
  5. Update all yum repositories including /etc/yum.repos.d/new.repo created in previous steps. As root, type:
    yum update
    This upgrades your system to the version provided by the mounted ISO image.
  6. After successful upgrade, you can unmount the ISO image. As root, type:
    umount mount_dir
    where mount_dir is a path to your mount directory. Also, you can remove the mount directory created in the first step. As root, type:
    rmdir mount_dir
  7. If you will not use the previously created configuration file for another installation or update, you can remove it. As root, type:
    rm /etc/yum.repos.d/new.repo

Example 6.1. Upgrading from Red Hat Enterprise Linux 6.3 to 6.4

Imagine you need to upgrade your system without access to the Internet. To do so, you want to use an ISO image with the newer version of the system, called for instance RHEL6.4-Server-20130130.0-x86_64-DVD1.iso. A target directory created for mounting is /media/rhel6/. As root, change into the directory with your ISO image and type:
~]# mount -o loop RHEL6.4-Server-20130130.0-x86_64-DVD1.iso /media/rhel6/
Then set up a yum repository for your image by copying the media.repo file from the mount directory:
~]# cp /media/rhel6/media.repo /etc/yum.repos.d/rhel6.repo
To make yum recognize the mount point as a repository, add the following line into the /etc/yum.repos.d/rhel6.repo copied in the previous step:
baseurl=file:///media/rhel6/
Now, updating the yum repository will upgrade your system to a version provided by RHEL6.4-Server-20130130.0-x86_64-DVD1.iso. As root, execute:
~]# yum update
When your system is successfully upgraded, you can unmount the image, remove the target directory and the configuration file:
~]# umount /media/rhel6/
~]# rmdir /media/rhel6/
~]# rm /etc/yum.repos.d/rhel6.repo