Introduction

Oracle Linux uses the RPM package format and yum to interact with both the free Oracle Linux yum server and Unbreakable Linux Network for customers with a support subscription. This post covers a few useful yum commands.

 

Show Information About Installed and Available Packages

yum info <package name> displays information about both installed and available packages.

 

$ yum info kernel-uek 
Loaded plugins: security
Installed Packages
Name        : kernel-uek
Arch        : x86_64
Version     : 4.1.12
Release     : 61.1.33.el6uek
Size        : 208 M
Repo        : installed
Summary     : The Linux kernel

URL         : http://www.kernel.org/

License     : GPLv2

Description : The kernel package contains the Linux kernel (vmlinuz), the core of any

            : Linux operating system.  The kernel handles the basic functions

            : of the operating system: memory allocation, process allocation, device

            : input and output, etc.

 

Available Packages

Name        : kernel-uek

Arch        : x86_64

Version     : 4.1.12

Release     : 94.1.8.el6uek

Size        : 50 M

Repo        : public_ol6_UEKR4

Summary     : The Linux kernel

URL         : http://www.kernel.org/

License     : GPLv2

Description : The kernel package contains the Linux kernel (vmlinuz), the core of any

            : Linux operating system.  The kernel handles the basic functions

            : of the operating system: memory allocation, process allocation, device

 

 

yum list <package name> will show available and installed packages by that name. To show older versions than the one currently installed or available to install, use --show-duplicates

 

$ yum list openssl --show-duplicates

Installed Packages

openssl.x86_64                                               1:1.0.2k-16.0.1.el7                                               installed

Available Packages

openssl.x86_64                                               1:1.0.2k-12.0.1.el7                                               ol7_latest

openssl.x86_64                                               1:1.0.2k-12.0.3.el7                                               ol7_latest

openssl.x86_64                                               1:1.0.2k-16.0.1.el7                                               ol7_latest

 

 

Working with Yum Repositories: Enabling and Disabling

 

Listing Enabled and Disabled Repositories

 

The command yum repolist here lists two enabled repositories: public_ol6_UEKR4 and public_ol6_latest

 

$ yum repolist

Loaded plugins: security

public_ol6_UEKR4                                                                        | 1.2 kB    00:00 

public_ol6_latest                                                                       | 1.4 kB    00:00 

repo id                    repo name                                                    status

public_ol6_UEKR4           Latest Unbreakable Enterprise Kernel Release 4 ...                244+73

public_ol6_latest          Oracle Linux 6Server Latest (x86_64)                              31,595+7,370

repolist: 31,839

 

List Disabled Repositories

To list disabled repositories, based on the yum configuration file in /etc/yum.repos.d, use the yum repolist disabled command:

 

$ yum repolist disabled

Loaded plugins: security

repo id                        repo name                                                                                      

public_ol6_MySQL               MySQL 5.5 for Oracle Linux 6 (x86_64)                                                          

public_ol6_MySQL56             MySQL 5.6 for Oracle Linux 6 (x86_64)                                                          

public_ol6_MySQL57             MySQL 5.7 for Oracle Linux 6 (x86_64)                                                          

public_ol6_UEKR3_latest        Unbreakable Enterprise Kernel Release 3 for Oracle ... (x86_64)                      

public_ol6_UEKR4_OFED          OFED supporting tool packages for... (x86_6)

public_ol6_UEK_base            Unbreakable Enterprise Kernel for Oracle Linux 6Server (x86_64)                                

public_ol6_UEK_latest          Latest Unbreakable Enterprise Kernel for Oracle Linux 6Server (x86_64)                          

public_ol6_addons              Oracle Linux 6Server Add ons (x86_64)                                                          

public_ol6_ceph10              Ceph Storage for Oracle Linux Release 1.0 - Oracle ... (x86_64)                  

public_ol6_ga_base             Oracle Linux 6Server GA installation media copy (x86_64)                                        

 

...                          

 

repolist: 0

 

Enabling and Disabling a Repository

To enable and disable repositories, you can either edit the appropriate configuration file in /etc/yum.repos.d/ or you can use the yum-config-manager tool provided by the yum-utils package

 

$ sudo yum -y install yum-utils

 

To enable a repository, use the yum-config-manager --enable command <repo name> command. For example to enable the Addons repository for Oracle Linux 6:

$ sudo yum-config-manager --enable public_ol6_addons

 

You will see output that includes the following.  Notice that enabled = 1.

 

===================================== repo: public_ol6_addons ======================================

[public_ol6_addons]

bandwidth = 0

base_persistdir = /var/lib/yum/repos/x86_64/6Server

baseurl = http://yum.oracle.com/repo/OracleLinux/OL6/addons/x86_64/

cache = 0

cachedir = /var/cache/yum/x86_64/6Server/public_ol6_addons

cost = 1000

enabled = 1

enablegroups = True

exclude =

failovermethod = priority

ftp_disable_epsv = False

...

 

Similarly to disable a repository:

 

$ sudo yum-config-manager --disable public_ol6_addons

 

Temporarily Enabling and Disabling Repositories: enablerepo and disablerepo

Sometimes you want to perform yum commands while temporarily enabling or disabling repositories without changing the current yum configuration. Use the --enablerepo and --disablerepo arguments to achieve this.  For example, to temporarily disable all currently enabled repositories while enabling a new repository, public_ol6_u9_base in order to search for the python binary only in that repository (in addition to any installed python binaries):

 

$ yum --disablerepo="*" --enablerepo=public_ol6_u9_base provides "*/bin/python"

 

For more information about the provides argument, see the separate topic below.

Security Notices and Bugfix Notices: updateinfo

Errata (security fixes, bug fixes and enhancements) for the base Oracle Linux operating system are available for free via the Oracle Linux yum server. You can view and search all errata advisories via linux.oracle.com/errata and CVEs (Common Vulnerabilities and Exposures) in particular via linux.oracle.com/cve The plugin yum-plugin-security is installed by default and lets you query security information.

 

List a Summary of Available Bugfix and Security Notices

 

$ yum updateinfo

Loaded plugins: security

Updates Information Summary: updates

    2 Security notice(s)

        1 Critical Security notice(s)

        1 Important Security notice(s)

    2 Bugfix notice(s)

updateinfo summary done

 

List Available Security Advisories

 

To get a list of available security advisories use the yum updateinfo security command:

 

$ yum updateinfo security

Loaded plugins: security

ELSA-2017-3539 Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

ELSA-2017-3539 Important/Sec. kernel-uek-firmware-4.1.12-61.1.34.el6uek.noarch

ELSA-2017-1100 Critical/Sec.  nss-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec.  nss-sysinit-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec.  nss-tools-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec.  nss-util-3.28.4-1.el6_9.x86_64

updateinfo list done

 

List Advisories by Severity

To list only Critical security advisories, use the --sec-severity=Critical flag

 

$ yum updateinfo list --sec-severity=Critical

Loaded plugins: security

ELSA-2017-1100 Critical/Sec. nss-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec. nss-sysinit-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec. nss-tools-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec. nss-util-3.28.4-1.el6_9.x86_64

updateinfo list done

 

Show Advisory Detail

To show detail for a particular advisory, use yum updateinfo <advisory ID>

 

$ yum updateinfo ELSA-2017-1100

Loaded plugins: security

 

=======================================================================

  nss and nss-util security update

=======================================================================

  Update ID : ELSA-2017-1100

    Release : Oracle Linux 6

       Type : security

     Status : final

     Issued : 2017-04-20

       CVEs : CVE-2017-5461

Description : nss

            : [3.28.4-1.0.1]

            : - Added nss-vendor.patch to change vendor

            : - Temporarily disable some tests until expired

            :  PayPalEE.cert is renewed

            :

            : [3.28.4-1]

            : - Rebase to 3.28.4

            :

            : nss-util

            : [3.28.4-1]

            : - Rebase to NSS 3.28.4 to accommodate base64

            :  encoding fix

   Severity : Critical

updateinfo info done

 

List Advisories by CVE

To list advisories that address a particular CVE, use yum updateinfo list --cve <CVE ID>

 

$ yum updateinfo list --cve CVE-2017-5461

Loaded plugins: security

ELSA-2017-1100 Critical/Sec. nss-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec. nss-sysinit-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec. nss-tools-3.28.4-1.0.1.el6_9.x86_64

ELSA-2017-1100 Critical/Sec. nss-util-3.28.4-1.el6_9.x86_64

updateinfo list done

 

List Vulnerabilities (CVEs) for Which Updates Are Available

To list CVEs that apply to your system use yum updateinfo list cves:

 

$ yum updateinfo list cves

Loaded plugins: security

CVE-2016-7910  Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2017-2583  Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2017-6214  Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2017-6347  Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2017-7184  Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2016-10208 Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2017-5986  Important/Sec. kernel-uek-4.1.12-61.1.34.el6uek.x86_64

CVE-2016-7910  Important/Sec. kernel-uek-firmware-4.1.12-61.1.34.el6uek.noarch

 

...

 

Apply an Update to Address a Particular CVE

To update your system to address a particular CVE:

 

$ sudo yum update --cve CVE-2017-5461

Loaded plugins: security

Setting up Update Process

Resolving Dependencies

Limiting packages to security relevant ones

4 package(s) needed (+0 related) for security, out of 7 available

--> Running transaction check

---> Package nss.x86_64 0:3.28.3-3.0.1.el6_9 will be updated

---> Package nss.x86_64 0:3.28.4-1.0.1.el6_9 will be an update

---> Package nss-sysinit.x86_64 0:3.28.3-3.0.1.el6_9 will be updated

---> Package nss-sysinit.x86_64 0:3.28.4-1.0.1.el6_9 will be an update

---> Package nss-tools.x86_64 0:3.28.3-3.0.1.el6_9 will be updated

---> Package nss-tools.x86_64 0:3.28.4-1.0.1.el6_9 will be an update

 

...

Search for Installed and Available Packages: repoquery

Search For an Available Package By Name

 

Search for any package called ruby or ruby followed by a 3 digit version number and include the repository name in the results. Here %-32 is used for formatting:

 

$ repoquery -a {ruby,ruby[0-9][0-9][0-9]} --qf "%-32{repoid} %{name}"

public_ol6_latest                ruby

public_ol6_software_collections  ruby193

public_ol6_software_collections  ruby200

 

Search For an Available Package in a Specific Repository

Use the --repoid option to limit your search to a particular repo:

$ repoquery -q python* --repoid public_ol6_software_collections

 

Find Which Package Contains a Particular File, Library or Executable: provides or whatprovides

To find out which package(s) contain a particular library, executable or any other file, use the provides or whatprovides option. For example, to find one or more packages that contain uuencode:

 

$ yum provides "*/uuencode" 

Loaded plugins: security

ol6_UEK_latest/filelists                                                |  20 MB     00:02    

ol6_addons/filelists                                                    | 922 kB     00:00    

ol6_latest/filelists                                                    |  68 MB     00:07    

sharutils-4.7-6.1.el6.x86_64 : The GNU shar utilities for packaging and unpackaging shell

                             : archives

Repo        : ol6_latest

Matched from:

Filename    : /usr/bin/uuencode

 

Even More Package Details: File Contents and Changelog

List the Contents of an Available Package

Use repoquery --list to list the file contents of a package, even if it's not installed.

 

$ repoquery --list jq 
/usr/bin/jq
/usr/share/doc/jq/AUTHORS
/usr/share/doc/jq/COPYING
/usr/share/doc/jq/README
/usr/share/doc/jq/README.md
/usr/share/man/man1/jq.1.gz

 

Inspecting Package Changelogs with yum-plugin-changelog

To inspect package changelogs, install the changelog yum plugin:

 

$ sudo yum install -y yum-plugin-changelog

 

Show Changelog Starting with a Certain Date

$ yum changelog 2017-APR-10 kernel-uek

Loaded plugins: changelog, security

 

Listing changelogs since 2017-04-10

 

==================== Available Packages ====================

kernel-uek-4.1.12-94.1.8.el6uek.x86_64  public_ol6_UEKR4

* Tue Apr 18 12:00:00 2017 Chuck Anderson <...@oracle.com> [4.1.12-94.1.8.el6uek]

- qla2xxx: Fix NULL pointer deref in QLA interrupt (Bruno Prémont)  [Orabug: 25894919]

- sched/wait: Fix the signal handling fix (Peter Zijlstra)  [Orabug: 25896852]

- Change return value for notify_change() to EACCES (Dhaval Giani)  [Orabug: 25897119]

 

* Wed Apr 12 12:00:00 2017 Chuck Anderson <...@oracle.com> [4.1.12-94.1.7.el6uek]

- block: fix use-after-free in seq file (Vegard Nossum)  [Orabug: 25877496]  {CVE-2016-7910}

 

* Tue Apr 11 12:00:00 2017 Chuck Anderson <...@oracle.com> [4.1.12-94.1.6.el6uek]

- net/mlx4_core: panic the system on unrecoverable errors (Santosh Shilimkar)  [Orabug: 25225861]

 

changelog stats. 2 pkgs, 2 source pkgs, 3 changelogs

 

 

References