rpm/doc/rpm.8

989 lines
28 KiB
Groff

.\" This manpage has been automatically generated by docbook2man
.\" from a DocBook document. This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/>
.\" Please send any bug reports, improvements, comments, patches,
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "RPM" "8" "09 June 2002" "Red Hat, Inc." "Red Hat Linux"
.SH NAME
rpm \- RPM Package Manager
.SH SYNOPSIS
.SS "QUERYING AND VERIFYING PACKAGES:"
.PP
\fBrpm\fR {\fB-q|--query\fR} [\fBselect-options\fR] [\fBquery-options\fR]
\fBrpm\fR {\fB-V|--verify\fR} [\fBselect-options\fR] [\fBverify-options\fR]
\fBrpm\fR \fB--import\fR \fB\fIPUBKEY\fB\fR\fI ...\fR
\fBrpm\fR {\fB-K|--checksig\fR} [\fB--nosignature\fR] [\fB--nodigest\fR]
\fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.SS "INSTALLING, UPGRADING, AND REMOVING PACKAGES:"
.PP
\fBrpm\fR {\fB-i|--install\fR} [\fBinstall-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
\fBrpm\fR {\fB-U|--upgrade\fR} [\fBinstall-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
\fBrpm\fR {\fB-F|--freshen\fR} [\fBinstall-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
\fBrpm\fR {\fB-e|--erase\fR} [\fB--allmatches\fR] [\fB--nodeps\fR] [\fB--noscripts\fR]
[\fB--notriggers\fR] [\fB--repackage\fR] [\fB--test\fR] \fB\fIPACKAGE_NAME\fB\fR\fI\ ...\fR
.SS "MISCELLANEOUS:"
.PP
\fBrpm\fR {\fB--initdb|--rebuilddb\fR}
\fBrpm\fR {\fB--addsign|--resign\fR} \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
\fBrpm\fR {\fB--querytags|--showrc\fR}
\fBrpm\fR {\fB--setperms|--setugids\fR} \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR
.SS "select-options"
.PP
[\fB\fIPACKAGE_NAME\fB\fR] [\fB-a,--all\fR] [\fB-f,--file \fIFILE\fB\fR]
[\fB-g,--group \fIGROUP\fB\fR] {\fB-p,--package \fIPACKAGE_FILE\fB\fR]
[\fB--fileid \fIMD5\fB\fR] [\fB--hdrid \fISHA1\fB\fR] [\fB--pkgid \fIMD5\fB\fR] [\fB--tid \fITID\fB\fR]
[\fB--querybynumber \fIHDRNUM\fB\fR] [\fB--triggeredby \fIPACKAGE_NAME\fB\fR]
[\fB--whatprovides \fICAPABILITY\fB\fR] [\fB--whatrequires \fICAPABILITY\fB\fR]
.SS "query-options"
.PP
[\fB--changelog\fR] [\fB-c,--configfiles\fR] [\fB-d,--docfiles\fR] [\fB--dump\fR]
[\fB--filesbypkg\fR] [\fB-i,--info\fR] [\fB--last\fR] [\fB-l,--list\fR]
[\fB--provides\fR] [\fB--qf,--queryformat \fIQUERYFMT\fB\fR]
[\fB-R,--requires\fR] [\fB--scripts\fR] [\fB-s,--state\fR]
[\fB--triggers,--triggerscripts\fR]
.SS "verify-options"
.PP
[\fB--nodeps\fR] [\fB--nofiles\fR] [\fB--noscripts\fR]
[\fB--nodigest\fR] [\fB--nosignature\fR]
[\fB--nolinkto\fR] [\fB--nomd5\fR] [\fB--nosize\fR] [\fB--nouser\fR]
[\fB--nogroup\fR] [\fB--nomtime\fR] [\fB--nomode\fR] [\fB--nordev\fR]
.SS "install-options"
.PP
[\fB--aid\fR] [\fB--allfiles\fR] [\fB--badreloc\fR] [\fB--excludepath \fIOLDPATH\fB\fR]
[\fB--excludedocs\fR] [\fB--force\fR] [\fB-h,--hash\fR]
[\fB--ignoresize\fR] [\fB--ignorearch\fR] [\fB--ignoreos\fR]
[\fB--includedocs\fR] [\fB--justdb\fR] [\fB--nodeps\fR]
[\fB--nodigest\fR] [\fB--nosignature\fR] [\fB--nosuggest\fR]
[\fB--noorder\fR] [\fB--noscripts\fR] [\fB--notriggers\fR]
[\fB--oldpackage\fR] [\fB--percent\fR] [\fB--prefix \fINEWPATH\fB\fR]
[\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR]
[\fB--repackage\fR] [\fB--replacefiles\fR] [\fB--replacepkgs\fR]
[\fB--test\fR]
.SH "DESCRIPTION"
.PP
\fBrpm\fR is a powerful \fBPackage Manager\fR,
which can be used to build, install, query, verify, update, and
erase individual software packages.
A \fBpackage\fR consists of an archive of files and
meta-data used to install and erase the archive files. The meta-data
includes helper scripts, file attributes, and descriptive information
about the package.
\fBPackages\fR come in two varieties: binary packages,
used to encapsulate software to be installed, and source packages,
containing the source code and recipe necessary to produce binary
packages.
.PP
One of the following basic modes must be selected:
\fBQuery\fR,
\fBVerify\fR,
\fBSignature Check\fR,
\fBInstall/Upgrade/Freshen\fR,
\fBUninstall\fR,
\fBInitialize Database\fR,
\fBRebuild Database\fR,
\fBResign\fR,
\fBAdd Signature\fR,
\fBSet Owners/Groups\fR,
\fBShow Querytags\fR, and
\fBShow Configuration\fR.
.SS "GENERAL OPTIONS"
.PP
These options can be used in all the different modes.
.TP
\fB-?, --help\fR
Print a longer usage message then normal.
.TP
\fB--version\fR
Print a single line containing the version number of \fBrpm\fR
being used.
.TP
\fB--quiet\fR
Print as little as possible - normally only error messages will
be displayed.
.TP
\fB-v\fR
Print verbose information - normally routine progress messages will be
displayed.
.TP
\fB-vv\fR
Print lots of ugly debugging information.
.TP
\fB--rcfile \fIFILELIST\fB\fR
Each of the files in the colon separated
\fIFILELIST\fR
is read sequentially by \fBrpm\fR for configuration
information.
Only the first file in the list must exist, and tildes will be
expanded to the value of \fB$HOME\fR.
The default \fIFILELIST\fR is
\fI/usr/lib/rpm/rpmrc\fR:\fI/usr/lib/rpm/redhat/rpmrc\fR:\fI/etc/rpmrc\fR:\fI~/.rpmrc\fR.
.TP
\fB--pipe \fICMD\fB\fR
Pipes the output of \fBrpm\fR to the command \fICMD\fR.
.TP
\fB--dbpath \fIDIRECTORY\fB\fR
Use the database in \fIDIRECTORY\fR rather
than the default path \fI/var/lib/rpm\fR
.TP
\fB--root \fIDIRECTORY\fB\fR
Use the file system tree rooted at \fIDIRECTORY\fR for all operations.
Note that this means the database within
\fIDIRECTORY\fR
will be used for dependency checks and any scriptlet(s) (e.g.
\fB%post\fR if installing, or
\fB%prep\fR if building, a package)
will be run after a chroot(2) to
\fIDIRECTORY\fR.
.SS "INSTALL AND UPGRADE OPTIONS"
.PP
The general form of an rpm install command is
.PP
\fBrpm\fR {\fB-i|--install\fR} [\fBinstall-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.PP
This installs a new package.
.PP
The general form of an rpm upgrade command is
.PP
\fBrpm\fR {\fB-U|--upgrade\fR} [\fBinstall-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.PP
This upgrades or installs the package currently installed
to a newer version. This is the same as install, except
all other version(s) of the package are removed after the
new package is installed.
.PP
\fBrpm\fR {\fB-F|--freshen\fR} [\fBinstall-options\fR] \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.PP
This will upgrade packages, but only if an earlier version
currently exists. The \fIPACKAGE_FILE\fR
may be specified as an
\fBftp\fR or
\fBhttp\fR URL,
in which case the package will be downloaded before being
installed. See \fBFTP/HTTP OPTIONS\fR
for information on \fBrpm\fR's internal
\fBftp\fR and
\fBhttp\fR
client support.
.PP
.TP
\fB--aid\fR
Add suggested packages to the transaction set when needed.
.TP
\fB--allfiles\fR
Installs or upgrades all the missingok files in the package,
regardless if they exist.
.TP
\fB--badreloc\fR
Used with \fB--relocate\fR, permit relocations on
all file paths, not just those \fIOLDPATH\fR's
included in the binary package relocation hint(s).
.TP
\fB--excludepath \fIOLDPATH\fB\fR
Don't install files whose name begins with
\fIOLDPATH\fR.
.TP
\fB--excludedocs\fR
Don't install any files which are marked as documentation
(which includes man pages and texinfo documents).
.TP
\fB--force\fR
Same as using
\fB--replacepkgs\fR,
\fB--replacefiles\fR, and
\fB--oldpackage\fR.
.TP
\fB-h, --hash\fR
Print 50 hash marks as the package archive is unpacked.
Use with \fB-v|--verbose\fR for a nicer display.
.TP
\fB--ignoresize\fR
Don't check mount file systems for sufficient disk space before
installing this package.
.TP
\fB--ignorearch\fR
Allow installation or upgrading even if the architectures
of the binary package and host don't match.
.TP
\fB--ignoreos\fR
Allow installation or upgrading even if the operating
systems of the binary package and host don't match.
.TP
\fB--includedocs\fR
Install documentation files. This is the default behavior.
.TP
\fB--justdb\fR
Update only the database, not the filesystem.
.TP
\fB--nodigest\fR
Don't verify package or header digests when reading.
.TP
\fB--nosignature\fR
Don't verify package or header signatures when reading.
.TP
\fB--nodeps\fR
Don't do a dependency check before installing or upgrading
a package.
.TP
\fB--nosuggest\fR
Don't suggest package(s) that provide a missing dependency.
.TP
\fB--noorder\fR
Don't reorder the packages for an install. The list of
packages would normally be reordered to satisfy dependencies.
.TP
\fB--noscripts\fR
.TP
\fB--nopre\fR
.TP
\fB--nopost\fR
.TP
\fB--nopreun\fR
.TP
\fB--nopostun\fR
Don't execute the scriptlet of the same name.
The \fB--noscripts\fR option is equivalent to
\fB--nopre\fR
\fB--nopost\fR
\fB--nopreun\fR
\fB--nopostun\fR
and turns off the execution of the corresponding
\fB%pre\fR,
\fB%post\fR,
\fB%preun\fR, and
\fB%postun\fR
scriptlet(s).
.TP
\fB--notriggers\fR
.TP
\fB--notriggerin\fR
.TP
\fB--notriggerun\fR
.TP
\fB--notriggerpostun\fR
Don't execute any trigger scriptlet of the named type.
The \fB--notriggers\fR option is equivalent to
\fB--notriggerin\fR
\fB--notriggerun\fR
\fB--notriggerpostun\fR
and turns off execution of the corresponding
\fB%triggerin\fR,
\fB%triggerun\fR, and
\fB%triggerpostun\fR
scriptlet(s).
.TP
\fB--oldpackage\fR
Allow an upgrade to replace a newer package with an older one.
.TP
\fB--percent\fR
Print percentages as files are unpacked from the package archive.
This is intended to make \fBrpm\fR easy to run from
other tools.
.TP
\fB--prefix \fINEWPATH\fB\fR
For relocatable binary packages, translate all file paths that
start with the installation prefix in the package relocation hint(s)
to \fINEWPATH\fR.
.TP
\fB--relocate \fIOLDPATH\fB=\fINEWPATH\fB\fR
For relocatable binary packages, translate all file paths
that start with \fIOLDPATH\fR in the
package relocation hint(s) to \fINEWPATH\fR.
This option can be used repeatedly if several
\fIOLDPATH\fR's in the package are to
be relocated.
.TP
\fB--repackage\fR
Re-package the files before erasing. The previously installed
package will be named according to the macro
\fB%_repackage_name_fmt\fR
and will be created in the directory named by
the macro \fB%_repackage_dir\fR (default value
is \fI/var/spool/repackage\fR).
.TP
\fB--replacefiles\fR
Install the packages even if they replace files from other,
already installed, packages.
.TP
\fB--replacepkgs\fR
Install the packages even if some of them are already installed
on this system.
.TP
\fB--test\fR
Do not install the package, simply check for and report
potential conflicts.
.SS "ERASE OPTIONS"
.PP
The general form of an rpm erase command is
.PP
\fBrpm\fR {\fB-e|--erase\fR} [\fB--allmatches\fR] [\fB--nodeps\fR] [\fB--noscripts\fR] [\fB--notriggers\fR] [\fB--repackage\fR] [\fB--test\fR] \fB\fIPACKAGE_NAME\fB\fR\fI ...\fR
.PP
The following options may also be used:
.TP
\fB--allmatches\fR
Remove all versions of the package which match
\fIPACKAGE_NAME\fR. Normally an
error is issued if \fIPACKAGE_NAME\fR
matches multiple packages.
.TP
\fB--nodeps\fR
Don't check dependencies before uninstalling the packages.
.TP
\fB--noscripts\fR
.TP
\fB--nopreun\fR
.TP
\fB--nopostun\fR
Don't execute the scriptlet of the same name.
The \fB--noscripts\fR option during package erase is
equivalent to
\fB--nopreun\fR
\fB--nopostun\fR
and turns off the execution of the corresponding
\fB%preun\fR, and
\fB%postun\fR
scriptlet(s).
.TP
\fB--notriggers\fR
.TP
\fB--notriggerun\fR
.TP
\fB--notriggerpostun\fR
Don't execute any trigger scriptlet of the named type.
The \fB--notriggers\fR option is equivalent to
\fB--notriggerun\fR
\fB--notriggerpostun\fR
and turns off execution of the corresponding
\fB%triggerun\fR, and
\fB%triggerpostun\fR
scriptlet(s).
.TP
\fB--repackage\fR
Re-package the files before erasing. The previously installed
package will be named according to the macro
\fB%_repackage_name_fmt\fR
and will be created in the directory named by
the macro \fB%_repackage_dir\fR (default value
is \fI/var/spool/repackage\fR).
.TP
\fB--test\fR
Don't really uninstall anything, just go through the motions.
Useful in conjunction with the \fB-vv\fR option
for debugging.
.SS "QUERY OPTIONS"
.PP
The general form of an rpm query command is
.PP
\fBrpm\fR {\fB-q|--query\fR} [\fBselect-options\fR] [\fBquery-options\fR]
.PP
You may specify the format that package information should be
printed in. To do this, you use the
\fB--qf|--queryformat\fR \fB\fIQUERYFMT\fB\fR
option, followed by the \fIQUERYFMT\fR
format string. Query formats are modified versions of the
standard \fBprintf(3)\fR formatting. The format
is made up of static strings (which may include standard C
character escapes for newlines, tabs, and other special
characters) and \fBprintf(3)\fR type formatters.
As \fBrpm\fR already knows the type to print, the
type specifier must be omitted however, and replaced by the name
of the header tag to be printed, enclosed by \fB{}\fR
characters. Tag names are case insensitive, and the leading
\fBRPMTAG_\fR portion of the tag name may be omitted
as well.
.PP
Alternate output formats may be requested by following
the tag with \fB:\fItypetag\fB\fR.
Currently, the following types are supported:
.TP
\fB:armor\fR
Wrap a public key in ASCII armor.
.TP
\fB:base64\fR
Encode binary data using base64.
.TP
\fB:date\fR
Use strftime(3) "%c" format.
.TP
\fB:day\fR
Use strftime(3) "%a %b %d %Y" format.
.TP
\fB:depflags\fR
Format dependency flags.
.TP
\fB:fflags\fR
Format file flags.
.TP
\fB:hex\fR
Format in hexadecimal.
.TP
\fB:octal\fR
Format in octal.
.TP
\fB:perms\fR
Format file permissions.
.TP
\fB:shescape\fR
Escape single quotes for use in a script.
.TP
\fB:triggertype\fR
Display trigger suffix.
.PP
For example, to print only the names of the packages queried,
you could use \fB%{NAME}\fR as the format string.
To print the packages name and distribution information in
two columns, you could use \fB%-30{NAME}%{DISTRIBUTION}\fR.
\fBrpm\fR will print a list of all of the tags it knows about when it
is invoked with the \fB--querytags\fR argument.
.PP
There are two subsets of options for querying: package selection,
and information selection.
.SS "PACKAGE SELECTION OPTIONS:"
.PP
.TP
\fB\fIPACKAGE_NAME\fB\fR
Query installed package named \fIPACKAGE_NAME\fR.
.TP
\fB-a, --all\fR
Query all installed packages.
.TP
\fB-f, --file \fIFILE\fB\fR
Query package owning \fIFILE\fR.
.TP
\fB--fileid \fIMD5\fB\fR
Query package that contains a given file identifier, i.e. the
\fIMD5\fR digest of the file contents.
.TP
\fB-g, --group \fIGROUP\fB\fR
Query packages with the group of \fIGROUP\fR.
.TP
\fB--hdrid \fISHA1\fB\fR
Query package that contains a given header identifier, i.e. the
\fISHA1\fR digest of the immutable header region.
.TP
\fB-p, --package \fIPACKAGE_FILE\fB\fR
Query an (uninstalled) package \fIPACKAGE_FILE\fR.
The \fIPACKAGE_FILE\fR may be specified
as an \fBftp\fR or \fBhttp\fR style URL, in
which case the package header will be downloaded and queried.
See \fBFTP/HTTP OPTIONS\fR for information on
\fBrpm\fR's internal
\fBftp\fR and
\fBhttp\fR
client support. The \fIPACKAGE_FILE\fR argument(s),
if not a binary package, will be interpreted as an ASCII package
manifest. Comments are permitted, starting with a '#', and each
line of a package manifest file may include white space separated
glob expressions, including URL's with remote glob expressions,
that will be expanded to paths that are substituted in place of
the package manifest as additional \fIPACKAGE_FILE\fR
arguments to the query.
.TP
\fB--pkgid \fIMD5\fB\fR
Query package that contains a given package identifier, i.e. the
\fIMD5\fR digest of the combined header and
payload contents.
.TP
\fB--querybynumber \fIHDRNUM\fB\fR
Query the \fIHDRNUM\fRth database entry
directly; this is useful only for debugging.
.TP
\fB--specfile \fISPECFILE\fB\fR
Parse and query \fISPECFILE\fR as if
it were a package. Although not all the information (e.g. file lists)
is available, this type of query permits rpm to be used to extract
information from spec files without having to write a specfile
parser.
.TP
\fB--tid \fITID\fB\fR
Query package(s) that have a given \fITID\fR
transaction identifier. A unix time stamp is currently used as a
transaction identifier. All package(s) installed or erased within
a single transaction have a common identifier.
.TP
\fB--triggeredby \fIPACKAGE_NAME\fB\fR
Query packages that are triggered by package(s)
\fIPACKAGE_NAME\fR.
.TP
\fB--whatprovides \fICAPABILITY\fB\fR
Query all packages that provide the \fICAPABILITY\fR capability.
.TP
\fB--whatrequires \fICAPABILITY\fB\fR
Query all packages that requires \fICAPABILITY\fR for proper functioning.
.SS "PACKAGE QUERY OPTIONS:"
.PP
.TP
\fB--changelog\fR
Display change information for the package.
.TP
\fB-c, --configfiles\fR
List only configuration files (implies \fB-l\fR).
.TP
\fB-d, --docfiles\fR
List only documentation files (implies \fB-l\fR).
.TP
\fB--dump\fR
Dump file information as follows:
.sp
.RS
.nf
path size mtime md5sum mode owner group isconfig isdoc rdev symlink
.fi
.RE
This option must be used with at least one of
\fB-l\fR,
\fB-c\fR,
\fB-d\fR.
.TP
\fB--filesbypkg\fR
List all the files in each selected package.
.TP
\fB-i, --info\fR
Display package information, including name, version, and description.
This uses the \fB--queryformat\fR if one was specified.
.TP
\fB--last\fR
Orders the package listing by install time such that the latest
packages are at the top.
.TP
\fB-l, --list\fR
List files in package.
.TP
\fB--provides\fR
List capabilities this package provides.
.TP
\fB-R, --requires\fR
List packages on which this package depends.
.TP
\fB--scripts\fR
List the package specific scriptlet(s) that are used as part
of the installation and uninstallation processes.
.TP
\fB-s, --state\fR
Display the \fIstates\fR of files in the package
(implies \fB-l\fR). The state of each file is one of
\fInormal\fR,
\fInot installed\fR, or
\fIreplaced\fR.
.TP
\fB--triggers, --triggerscripts\fR
Display the trigger scripts, if any, which are contained in
the package.
.SS "VERIFY OPTIONS"
.PP
The general form of an rpm verify command is
.PP
\fBrpm\fR {\fB-V|--verify\fR} [\fBselect-options\fR] [\fBverify-options\fR]
.PP
Verifying a package compares information about the installed files in
the package with information about the files taken from the package
metadata stored in the rpm database. Among other things, verifying
compares the size, MD5 sum, permissions, type, owner and group of
each file. Any discrepancies are displayed.
Files that were not installed from the package, for example,
documentation files excluded on installation using the
"\fB--excludedocs\fR" option,
will be silently ignored.
.PP
The package selection options are the same as for package
querying (including package manifest files as arguments).
Other options unique to verify mode are:
.TP
\fB--nodeps\fR
Don't verify dependencies of packages.
.TP
\fB--nodigest\fR
Don't verify package or header digests when reading.
.TP
\fB--nofiles\fR
Don't verify any attributes of package files.
.TP
\fB--noscripts\fR
Don't execute the \fB%verifyscript\fR scriptlet (if any).
.TP
\fB--nosignature\fR
Don't verify package or header signatures when reading.
.TP
\fB--nolinkto\fR
.TP
\fB--nomd5\fR
.TP
\fB--nosize\fR
.TP
\fB--nouser\fR
.TP
\fB--nogroup\fR
.TP
\fB--nomtime\fR
.TP
\fB--nomode\fR
.TP
\fB--nordev\fR
Don't verify the corresponding file attribute.
.PP
The format of the output is a string of 8 characters, a possible
attribute marker:
.nf
\fBc\fR \fB%config\fR configuration file.
\fBd\fR \fB%doc\fR documentation file.
\fBg\fR \fB%ghost\fR file (i.e. the file contents are not included in the package payload).
\fBl\fR \fB%license\fR license file.
\fBr\fR \fB%readme\fR readme file.
.fi
from the package header, followed by the file name.
Each of the 8 characters denotes the result of a comparison of
attribute(s) of the file to the value of those attribute(s) recorded
in the database. A single
"\fB.\fR" (period)
means the test passed, while a single
"\fB?\fR" (question mark)
indicates the test could not be performed (e.g. file permissions
prevent reading). Otherwise, the (mnemonically
em\fBB\fRoldened) character denotes failure of
the corresponding \fB--verify\fR test:
.nf
\fBS\fR file \fBS\fRize differs
\fBM\fR \fBM\fRode differs (includes permissions and file type)
\fB5\fR MD\fB5\fR sum differs
\fBD\fR \fBD\fRevice major/minor number mismatch
\fBL\fR read\fBL\fRink(2) path mismatch
\fBU\fR \fBU\fRser ownership differs
\fBG\fR \fBG\fRroup ownership differs
\fBT\fR m\fBT\fRime differs
.fi
.SS "DIGITAL SIGNATURE AND DIGEST VERIFICATION"
.PP
The general forms of rpm digital signature commands are
.PP
\fBrpm\fR \fB--import\fR \fB\fIPUBKEY\fB\fR\fI ...\fR
\fBrpm\fR {\fB--checksig\fR} [\fB--nosignature\fR] [\fB--nodigest\fR]
\fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.PP
The \fB--checksig\fR option checks all the digests and signatures contained in
\fIPACKAGE_FILE\fR to ensure
the integrity and origin of the package. Note that
signatures are now verified whenever a package is read,
and \fB--checksig\fR is useful to verify
all of the digests and signatures associated with a package.
.PP
Digital signatures cannot be verified without a public key.
An ASCII armored public key can be added to the \fBrpm\fR database
using \fB--import\fR. An imported public key is
carried in a header, and key ring management is performed
exactly like package management. For example, all currently imported
public keys can be displayed by:
.PP
\fBrpm -qa gpg-pubkey*\fR
.PP
Details about a specific public key, when imported, can be displayed
by querying. Here's information about the Red Hat GPG/DSA key:
.PP
\fBrpm -qi gpg-pubkey-db42a60e\fR
.PP
Finally, public keys can be erased after importing just like
packages. Here's how to remove the Red Hat GPG/DSA key
.PP
\fBrpm -e gpg-pubkey-db42a60e\fR
.SS "SIGNING A PACKAGE"
.PP
\fBrpm\fR \fB--addsign|--resign\fR \fB\fIPACKAGE_FILE\fB\fR\fI ...\fR
.PP
Both of the \fB--addsign\fR and \fB--resign\fR
options generate and insert new signatures for each package
\fIPACKAGE_FILE\fR given, replacing any
existing signatures. There are two options for historical reasons,
there is no difference in behavior currently.
.SS "USING GPG TO SIGN PACKAGES"
.PP
In order to sign packages using GPG, \fBrpm\fR
must be configured to run GPG and be able to find a key
ring with the appropriate keys. By default,
\fBrpm\fR uses the same conventions as GPG
to find key rings, namely the \fB$GNUPGHOME\fR environment
variable. If your key rings are not located where GPG expects
them to be, you will need to configure the macro
\fB%_gpg_path\fR
to be the location of the GPG key rings to use.
.PP
For compatibility with older versions of GPG, PGP, and rpm,
only V3 OpenPGP signature packets should be configured.
Either DSA or RSA verification algorithms can be used, but DSA
is preferred.
.PP
If you want to be able to sign packages you create yourself, you
also need to create your own public and secret key pair (see the
GPG manual). You will also need to configure the \fBrpm\fR macros
.TP
\fB%_signature\fR
The signature type. Right now only gpg and pgp are supported.
.TP
\fB%_gpg_name\fR
The name of the "user" whose key you wish to use to sign your packages.
.PP
For example, to be able to use GPG to sign packages as the user
\fI"John Doe <jdoe@foo.com>"\fR
from the key rings located in \fI/etc/rpm/.gpg\fR
using the executable \fI/usr/bin/gpg\fR you would include
.PP
.nf
%_signature gpg
%_gpg_path /etc/rpm/.gpg
%_gpg_name John Doe <jdoe@foo.com>
%_gpgbin /usr/bin/gpg
.fi
.PP
in a macro configuration file. Use \fI/etc/rpm/macros\fR
for per-system configuration and \fI~/.rpmmacros\fR
for per-user configuration.
.SS "REBUILD DATABASE OPTIONS"
.PP
The general form of an rpm rebuild database command is
.PP
\fBrpm\fR {\fB--initdb|--rebuilddb\fR} [\fB-v\fR] [\fB--dbpath \fIDIRECTORY\fB\fR] [\fB--root \fIDIRECTORY\fB\fR]
.PP
Use \fB--initdb\fR to create a new database, use
\fB--rebuilddb\fR to rebuild the database indices from
the installed package headers.
.SS "SHOWRC"
.PP
The command
.PP
\fBrpm\fR \fB--showrc\fR
.PP
shows the values \fBrpm\fR will use for all of the
options are currently set in
\fIrpmrc\fR and
\fImacros\fR
configuration file(s).
.SS "FTP/HTTP OPTIONS"
.PP
\fBrpm\fR can act as an FTP and/or HTTP client so
that packages can be queried or installed from the internet.
Package files for install, upgrade, and query operations may be
specified as an
\fBftp\fR or
\fBhttp\fR
style URL:
.PP
ftp://USER:PASSWORD@HOST:PORT/path/to/package.rpm
.PP
If the \fB:PASSWORD\fR portion is omitted, the password will be
prompted for (once per user/hostname pair). If both the user and
password are omitted, anonymous \fBftp\fR is used.
In all cases, passive (PASV) \fBftp\fR transfers are
performed.
.PP
\fBrpm\fR allows the following options to be used with
ftp URLs:
.TP
\fB--ftpproxy \fIHOST\fB\fR
The host \fIHOST\fR will be used as a proxy server
for all ftp transfers, which allows users to ftp through firewall
machines which use proxy systems. This option may also be specified
by configuring the macro \fB%_ftpproxy\fR.
.TP
\fB--ftpport \fIPORT\fB\fR
The TCP \fIPORT\fR number to use for
the ftp connection on the proxy ftp server instead of the default
port. This option may also be specified by configuring the macro
\fB%_ftpport\fR.
.PP
\fBrpm\fR allows the following options to be used with
\fBhttp\fR URLs:
.TP
\fB--httpproxy \fIHOST\fB\fR
The host \fIHOST\fR will be used as
a proxy server for all \fBhttp\fR transfers. This
option may also be specified by configuring the macro
\fB%_httpproxy\fR.
.TP
\fB--httpport \fIPORT\fB\fR
The TCP \fIPORT\fR number to use for the
\fBhttp\fR connection on the proxy http server instead
of the default port. This option may also be specified by configuring
the macro \fB%_httpport\fR.
.SH "LEGACY ISSUES"
.SS "Executing rpmbuild"
.PP
The build modes of rpm are now resident in the
\fI/usr/bin/rpmbuild\fR
executable. Although legacy compatibility provided by the popt aliases
below has been adequate, the compatibility is not perfect; hence build
mode compatibility through popt aliases is being removed from rpm.
Install the \fBrpmbuild\fR package, and see
\fBrpmbuild\fR(8) for documentation of all the
\fBrpm\fR build modes previously documented here in
\fBrpm\fR(8).
.PP
Add the following lines to \fI/etc/popt\fR
if you wish to continue invoking \fBrpmbuild\fR from
the \fBrpm\fR command line:
.PP
.nf
rpm exec --bp rpmb -bp
rpm exec --bc rpmb -bc
rpm exec --bi rpmb -bi
rpm exec --bl rpmb -bl
rpm exec --ba rpmb -ba
rpm exec --bb rpmb -bb
rpm exec --bs rpmb -bs
rpm exec --tp rpmb -tp
rpm exec --tc rpmb -tc
rpm exec --ti rpmb -ti
rpm exec --tl rpmb -tl
rpm exec --ta rpmb -ta
rpm exec --tb rpmb -tb
rpm exec --ts rpmb -ts
rpm exec --rebuild rpmb --rebuild
rpm exec --recompile rpmb --recompile
rpm exec --clean rpmb --clean
rpm exec --rmsource rpmb --rmsource
rpm exec --rmspec rpmb --rmspec
rpm exec --target rpmb --target
rpm exec --short-circuit rpmb --short-circuit
.fi
.SH "FILES"
.SS "rpmrc Configuration"
.PP
.nf
\fI/usr/lib/rpm/rpmrc\fR
\fI/usr/lib/rpm/redhat/rpmrc\fR
\fI/etc/rpmrc\fR
\fI~/.rpmrc\fR
.fi
.SS "Macro Configuration"
.PP
.nf
\fI/usr/lib/rpm/macros\fR
\fI/usr/lib/rpm/redhat/macros\fR
\fI/etc/rpm/macros\fR
\fI~/.rpmmacros\fR
.fi
.SS "Database"
.PP
.nf
\fI/var/lib/rpm/Basenames\fR
\fI/var/lib/rpm/Conflictname\fR
\fI/var/lib/rpm/Dirnames\fR
\fI/var/lib/rpm/Filemd5s\fR
\fI/var/lib/rpm/Group\fR
\fI/var/lib/rpm/Installtid\fR
\fI/var/lib/rpm/Name\fR
\fI/var/lib/rpm/Packages\fR
\fI/var/lib/rpm/Providename\fR
\fI/var/lib/rpm/Provideversion\fR
\fI/var/lib/rpm/Pubkeys\fR
\fI/var/lib/rpm/Removed\fR
\fI/var/lib/rpm/Requirename\fR
\fI/var/lib/rpm/Requireversion\fR
\fI/var/lib/rpm/Sha1header\fR
\fI/var/lib/rpm/Sigmd5\fR
\fI/var/lib/rpm/Triggername\fR
.fi
.SS "Temporary"
.PP
\fI/var/tmp/rpm*\fR
.SH "SEE ALSO"
.nf
\fBpopt\fR(3),
\fBrpm2cpio\fR(8),
\fBrpmbuild\fR(8),
.fi
\fBhttp://www.rpm.org/ <URL:http://www.rpm.org/>
\fR
.SH "AUTHORS"
.nf
Marc Ewing <marc@redhat.com>
Jeff Johnson <jbj@redhat.com>
Erik Troan <ewt@redhat.com>
.fi