LLMpediaThe first transparent, open encyclopedia generated by LLMs

rpm (software)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Anaconda (distribution) Hop 5
Expansion Funnel Raw 36 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted36
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
rpm (software)
Namerpm
DeveloperRed Hat
Released1997
Operating systemLinux
LicenseGNU General Public License

rpm (software) is a low-level package management tool widely used on several Linux distributions for installing, querying, verifying, and querying binary and source packages. It provides a standardized file format and set of command-line interface utilities for managing software artifacts, metadata, and verification on RPM-based systems. rpm underpins many distribution-level systems and integrates with repository services, build tools, and security infrastructures.

Overview

rpm implements a package format and installer that stores files, metadata, and cryptographic signatures in a single archive. It is a core component of distributions such as Red Hat Enterprise Linux, Fedora, openSUSE, and historical systems like Mandriva Linux and CentOS. The tool provides subcommands to query package headers, list contents, perform integrity checks, and manage package transactions; it is often complemented by higher-level tools like yum and DNF. rpm's metadata model supports dependency declarations, scriptlets, and changelogs, enabling integration with build systems such as Koji and OBS.

History and Development

rpm originated in the late 1990s, created by developers associated with Red Hat who sought a binary package format for Linux distributions. Its design was influenced by existing package managers and archive formats, and it evolved through contributions from projects like Fedora Project and maintainers at SUSE. Over time, rpm has matured through major releases that improved transaction safety, multilib support, and signature verification; notable milestones include the adoption of RPM Database enhancements and the transition to RPM 4.x in the 2000s. The project has interacted with organizations such as Debian-adjacent efforts and academic collaborations, informing cross-distribution package tooling and standards.

Package Format and Components

The RPM package format bundles payload, headers, and signature data into a single file with a .rpm extension. Headers encode metadata fields such as Name, Version, Release, Architecture, and provides dependency tags like Requires and Provides; changelogs and license fields record provenance for auditors from bodies such as FSF-related projects. The payload is typically compressed with algorithms like gzip, xz, or bzip2, techniques also seen in archival tools created by authors from GNU Project. Packages may include scriptlets (preinstall, postinstall, preremove, postremove) that invoke interpreters such as Bash or Python during transaction phases, and package verification uses checksums and signature blocks tied to GPG keys managed by distribution infrastructure teams.

Command-line Usage and Subcommands

rpm exposes a suite of subcommands and flags enabling fine-grained package management. Common operations include -i to install, -e to erase, -U to upgrade, -q to query, and -V to verify installed files; these options are combined with queryformat directives and database queries referencing POSIX-style metadata conventions present in tools from GNU Coreutils. Advanced usage interacts with the RPM Database (RPMDB) stored under /var/lib/rpm, enabling administrators to recover with utilities influenced by Systemd startup scripts and maintenance practices from Red Hat Enterprise Linux engineering guides. Scripting around rpm is common in automation stacks used by projects such as Ansible, Puppet, and Chef for orchestrating package operations across fleets.

Dependency Resolution and Repositories

rpm itself performs basic dependency checks using header tags but does not implement full transaction-level dependency solving; higher-level resolvers like yum and DNF build a directed graph of Requires, Provides, Conflicts, and Obsoletes to compute installation plans. Repository metadata conforms to XML and compressed index formats produced by tools like createrepo and maintained by infrastructure teams at Fedora Project and openSUSE. Binary repositories integrate with content delivery networks and continuous integration services such as Koji and Jenkins to publish curated RPMs with versioned channels, enabling system administrators to pin package streams and implement staged rollouts used by enterprises like Red Hat.

Security and Signing

Security for RPM packages relies on cryptographic signatures and integrity checks. Packages are commonly signed with GPG keys; rpm verifies signatures against keyrings administered by distribution maintainers and release engineers from organizations like Red Hat and SUSE. The format supports SHA-family checksums and mandatory verification modes used in secure deployments managed by teams following standards from bodies like NIST for supply chain integrity. Scriptlet execution and file ownership semantics must be audited to mitigate privilege-escalation risks; security tooling such as OpenSCAP and continuous audit pipelines from CIS benchmarks are often employed to validate installed RPM content.

Integration and Ecosystem

rpm functions as a foundational layer for a broad ecosystem including build systems, repository managers, configuration management, and container tooling. Build systems like Koji and OBS produce RPM artifacts that feed into repositories consumed by orchestration tools such as Ansible and SaltStack. Container images for Docker and Podman frequently package RPMs for base images used by projects like Kubernetes and OpenShift. Ecosystem projects include package signing authorities, ABI monitoring tools, and migration utilities for interoperability with formats used by distributions such as Debian and community initiatives for cross-distribution packaging standards.

Category:Package management