rpm - The Modern Install

By:  Tony Steidler-Dennison  http://www.lockergnome.com/issues/penguinshell.html

Yesterday, we talked about installing programs from source code you've downloaded and compiled on your machine.
There are some great advantages to using that process for your programs - customizability and a high level of control over the process.
That's even ignoring the security issues. Because the source code is available for anyone to peruse, the risk of malicious code is far less.
Even if you're not inclined to check the source, you can bet that someone, probably many in the Linux community have done just that.
And, in fact, most dedicated Linux hackers would sound the alarm bells if a program was particularly insidious.

However, most new Linux users arrive from the Windows or Mac worlds. In those environments, programs are pre-compiled, 
containing installation routines that make the underlying code invisible to the user. Admittedly, it's a much quicker and easier 
way to install programs. In effect, users let the programmers do the installation heavy lifting.

As we've noted, most Linux users, by way of their original experience with Windows or Mac boxes, are used to the install model 
those operating systems present. For new Linux users, the thought of compiling a program may seem as foreign as the notion of 
moving to Antarctica. To bridge that gap, many users turn to rpm files, pre-compiled binaries for Linux created under the Redhat 
Package Management system.

rpm is, indeed, a system. Aside from providing a quick and painless install routine for many, many Linux programs, the rpm 
program itself serves some other very useful functions.

First, rpm tracks all the rpm packages on your system in an efficient and well-organized database. Users have the ability, 
either through one of several GUI tools or from the command line, to query the database for specific programs.

Second, rpm provides a measure of dependency checking. If, for instance, you attempt to install a package requiring a library 
that's not installed on your system, rpm will abort the install, returning a message outlining the missed dependencies. Though it's 
not as advanced as Debian's apt-get or Gentoo's Portage (both of which will simply download and install any programs upon 
which your install depends), rpm does provide this dependency checking in a fundamental way.

rpm also provides a means to check the integrity of the program you've downloaded. This integrity check can include verification, 
via md5 files, that the program is unchanged since its creation. It can also check to assure than an installed rpm hasn't been 
tampered with or somehow corrupted.

Finally, rpm provides an easy method for uninstalling programs. Because the system tracks all elements of an rpm installation, 
it's in the best possible position to remove those programs cleanly and properly.

The options available to rpm are too numerous to list in a single Penguin Shell issue. For a full view of rpm usage, check the man 
pages. However, a few widely useful commands are in order.

To install a program and present a text-based "progress meter," use the following command:

    rpm -ivh your.rpm

This will display hash marks (#) to indicate the progress of the install.

To install and immediately update the rpm database, use the following:

    rpm -Uvh your.rpm.

To uninstall an rpm package, use:

    rpm -e your.rpm

To verify a package's integrity, use:

    rpm --verify your.rpm

Those are just the fundamental command line options. Many of these options are available via such GUI-based rpm programs 
as Gnorpm and KPackage.

There is a downside to rpms. First is the security issue. Because the code is pre-compiled, you'd need to decompile it to view 
the source. In reaction to a general objection to this practice from the Linux community, many authors now provide source rpms 
in addition to the program. This provides some measure of comfort to users.

The second issue is a bit more subtle than the security issue. rpms, by their nature, are intended to reach the broadest base of users. 
Because of that, they tend to carry more code overhead than source packages, as they attempt to account for many different system 
options. Even at that, rpms are no less likely to fail than source code. Despite an effort to reach the full Linux user base, or possibly 
because of it, the reach of rpm sometimes exceeds its grasp.

Whichever you choose, know that you do have viable and flexible options for installing programs in Linux. If you're looking for quick 
and easy, use rpm. If you're in no rush, or are unintimidated by the compilation process, source code is a great way to go.

[report a broken link by clicking here]