Display package information using rpm - RPM Package Manager
-i, –info
Display package information, including name, version, and description. This uses the –queryformat if one was specified.
-f, –file FILE
Query package owning FILE.
Description :
This package contains a system utility (passwd) which sets or changes passwords, using PAM (Pluggable Authentication Modules) library.
fedora@fedora ~> sudo rpm -qif /bin/passwd
Name : passwd
Version : 0.78.99
Release : 1.fc17
Architecture: i686
Install Date: Wed 23 May 2012 02:11:02 AM IST
Group : System Environment/Base
Size : 380177
License : BSD or GPLv2+
Signature : RSA/SHA256, Sat 28 Jan 2012 08:00:49 AM IST, Key ID 50e94c991aca3465
Source RPM : passwd-0.78.99-1.fc17.src.rpm
Build Date : Fri 27 Jan 2012 07:11:36 PM IST
Build Host : x86-07.phx2.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://fedorahosted.org/passwd
Summary : An utility for setting or changing passwords using PAM
Verify Package Integrity Using RPM
The RPM package management system includes the ability to verify the integrity of installed packages by comparing the installed files with information about the files taken from the package metadata stored in the RPM database.
Although an attacker could corrupt the RPM database (analogous to attacking the AIDE database as described above), this check can still reveal modification of important files. To determine which files on the system differ from what is expected by the RPM database:
A “c” in the second column indicates that a file is a configuration file (and may be expected to change). In order to exclude configuration files from this list, run:
# rpm -qVa | awk ‘$2!=”c” {print $0}’
How to ensure Package Signature Checking is Globally Activated
The gpgcheck option should be used to ensure that checking of an RPM package’s signature always occurs prior to its installation.
To force yum to check package signatures before installing them, ensure that the following line appears in /etc/yum.conf in the [main] section:
How to manually Check for Package Updates
The following command prints a list of packages that need to be updated:
To actually install these updates, run:
How can I get yum to keep package at a certain version.
There are several ways you can do this.
One is to exclude it from your updates list. See man yum.conf for more details.
Another way to pin package to a certain version is to use the versionlock plugin.
If you are using the latest Fedora then the plugin can be installed using:
yum install yum-plugin-versionlock
To add files that you want version locked, use the following yum command:
yum versionlock [package-name]