Yum is the Fedora package manager that is able
to query for information about packages, fetch packages from
repositories, install and uninstall packages using automatic
dependency resolution, and update an entire system to the latest
available packages. Yum performs automatic
dependency resolution on packages you are updating, installing or
removing, and thus is able to automatically determine, fetch and
install all available dependent packages. Yum can
be configured with new, additional repositories, or package
sources, and also provides many plugins which enhance and
extend its capabilities. Yum is able to perform
many of the same tasks that RPM can; additionally,
many of the command line options are similar. Yum
enables easy and simple package management on a single machine or
on groups of them.
Secure Package Management with GPG-Signed Packages
Yum provides secure package management by
enabling GPG (Gnu Privacy Guard; also known as GnuPG) signature
verification on GPG-signed packages to be turned on for all package
repositories (i.e. package sources), or for individual
repositories. When signature verification is enabled,
Yum will refuse to install any packages not
GPG-signed with the correct key for that repository. This means
that you can trust that the RPM packages you
download and install on your system are from a trusted source, such
as the Fedora Project, and were not modified during transfer. Refer
to Section 1.3, “Configuring Yum and Yum Repositories” for details
on enabling signature-checking with Yum, or
Section 3.3, “Checking a Package's Signature” for information
on working with and verifying GPG-signed RPM
packages in general.
Yum also enables you to easily set up your own
repositories of RPM packages for download and
installation on other machines.
Learning Yum is a worthwhile investment because
it is often the fastest way to perform system administration tasks,
and it provides capabilities beyond those provided by the
PackageKit graphical package management tools.
Refer to Chapter 2, PackageKit for details on using
PackageKit.
1.1. Checking For and Updating Packages
1.1.1. Checking For Updates
You can use the yum check-update command to see
which installed packages on your system have updates available.
Note: Yum and Superuser
Privileges
You must have superuser privileges in order to use
yum to install, update or remove packages on your
system. All examples in this chapter assume that you have already
obtained superuser privileges by using either the su
or sudo command.
~]# yum check-update
Loaded plugins: presto, refresh-packagekit, security
PackageKit.x86_64 0.5.3-0.1.20090915git.fc12 fedora
PackageKit-glib.x86_64 0.5.3-0.1.20090915git.fc12 fedora
PackageKit-yum.x86_64 0.5.3-0.1.20090915git.fc12 fedora
PackageKit-yum-plugin.x86_64 0.5.3-0.1.20090915git.fc12 fedora
glibc.x86_64 2.10.90-22 fedora
glibc-common.x86_64 2.10.90-22 fedora
kernel.x86_64 2.6.31-14.fc12 fedora
kernel-firmware.noarch 2.6.31-14.fc12 fedora
rpm.x86_64 4.7.1-5.fc12 fedora
rpm-libs.x86_64 4.7.1-5.fc12 fedora
rpm-python.x86_64 4.7.1-5.fc12 fedora
yum.noarch 3.2.24-4.fc12 fedora
Twelve packages are listed as having updates available. The
first package in the list is PackageKit, the
graphical package manager. The first line of the above output tells
us:
PackageKit— the name of the package
x86_64— the CPU architecture the package was built
for
0.5.3-0.1.20090915git.fc12— the version of the
updated package to be installed
fedora— the repository in which the updated package
is located
The output also shows us that we can update the kernel (the
kernel package), Yum and RPM
themselves (the yum and rpm packages), as
well as their dependencies (such as the
kernel-firmware, rpm-libs and
rpm-python packages), all using yum.
1.1.2. Updating Packages
You can choose to update a single package, multiple packages, or
all packages at once. If any dependencies of the package (or
packages) you update have updates available themselves, then they
are updated too. To update a single package, enter yum update
:
~]# yum update glibc
Loaded plugins: presto, refresh-packagekit, security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
--> Processing Dependency: glibc = 2.10.90-21 for package: glibc-common-2.10.90-21.x86_64
---> Package glibc.x86_64 0:2.10.90-22 set to be updated
--> Running transaction check
---> Package glibc-common.x86_64 0:2.10.90-22 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
======================================================================
Package Arch Version Repository Size
======================================================================
Updating:
glibc x86_64 2.10.90-22 fedora 2.7 M
Updating for dependencies:
glibc-common x86_64 2.10.90-22 fedora 6.0 M
Transaction Summary
======================================================================
Install 0 Package(s)
Upgrade 2 Package(s)
Total download size: 8.7 M
Is this ok [y/N]:
This output contains two further items of
interest:
Loaded plugins: presto,
refresh-packagekit, security— yum always
informs you which Yum plugins are installed and
enabled. Here, yum is using the
presto, refresh-packagekit and
security plugins. Refer to Section 1.4, “Yum Plugins” for general information on
Yum plugins, or to Section 1.4.3, “Plugin Descriptions” for descriptions of
specific plugins.
kernel.x86_64— you can download and install new
kernels safely with yum.
Important: Updating and Installing Kernels with
Yum
Yum always installs a new
kernel in the same sense that RPMinstalls
a new kernel when you use the command rpm -i kernel.
Therefore, you do not need to worry about the distinction between
installing and upgrading a kernel package when
you use yum: it will do the right
thing, regardless of whether you are using the yum
update or yum install command.
When using RPM, on the other hand, it is
important to use the rpm -i kernel command (which
installs a new kernel) instead of rpm -u kernel (which
replaces the current kernel). Refer to Section 3.2.2, “Installing” for more information on
installing/updating kernels with RPM.
yum presents the update information and then
prompts you as to whether you want it to perform the update;
yum runs interactively by default. If you already know
which transactions yum plans to perform, you can use
the -y option to automatically answer yes
to any questions yum may ask (in which case it runs
non-interactively). However, you should always examine which
changes yum plans to make to the system so that you
can easily troubleshoot any problems that might arise.
If a transaction does go awry, you can view
Yum's log of transactions by entering cat
/var/log/yum.log at the shell prompt. The most recent
transactions are listed at the end of the log file.
Updating All Packages and Their Dependencies
To update all packages and their dependencies, simply enter
yum update (without any
arguments):
~]# yum update
Example 1.1. Updating all packages at once
1.1.3. Updating Security-Related Packages
Discovering which packages have security updates available and
then updating those packages quickly and easily is important.
Yum provides the security plugin
for this purpose. The security plugin extends the
yum command with a set of highly-useful
security-centric commands, subcommands and options. Refer to
Section 1.4.3, “security (yum-plugin-security)” for specific
information.
1.1.4. Preserving Configuration File Changes
You will inevitably make changes to the configuration files
installed by packages as you use your Fedora system.
RPM, which Yum uses to perform
changes to the system, provides a mechanism for ensuring their
integrity. Refer to Section 3.2.4, “Upgrading” for details on how to manage changes
to configuration files across package upgrades.