Linux Package Management

Published: December 2023 | Topic: Software Deployment & Automation for DevOps

Package management is fundamental to Linux system administration and DevOps. It enables you to install, update, configure, and remove software efficiently and consistently across your infrastructure. Mastering package management ensures reproducible environments, secure systems, and automated deployments.

Why Package Management Matters for DevOps

Effective package management provides:

• Consistency: Same software versions across all servers
• Security: Automatic security updates and patches
• Dependency Management: Automatic handling of software dependencies
• Reproducibility: Recreate environments reliably
• Automation: Script package operations for deployments
• Rollback Capability: Revert to previous versions if needed
• Audit Trail: Track what's installed and when

Package Management Workflow

Repository
Central software catalog

→

Package Manager
(APT, YUM, DNF)

→

Local System
Installed software

→

Automation
Ansible, Chef, Puppet

1. Introduction to Package Managers

What is a Package Manager?

A package manager is a collection of tools that automates the process of installing, upgrading, configuring, and removing software packages in a consistent manner. It handles dependencies, maintains a database of installed packages, and ensures system stability.

Key Components of Package Management

• Package: Compressed archive containing software files + metadata
• Repository: Centralized collection of packages
• Dependency: Other packages required for software to work
• Metadata: Package name, version, description, dependencies
• Database: Local record of installed packages and versions
• Package Format: .deb (Debian/Ubuntu), .rpm (RHEL/CentOS/Fedora)

Linux Distribution Package Managers

UDebian/Ubuntu

Package Format: .deb

Package Manager: APT (Advanced Package Tool)

Frontend Tools: apt, apt-get, aptitude

Config Files: /etc/apt/sources.list, /etc/apt/sources.list.d/

CRHEL/CentOS

Package Format: .rpm

Package Manager: YUM (Yellowdog Updater Modified)

Config Files: /etc/yum.conf, /etc/yum.repos.d/

Note: CentOS 8+ uses DNF

FFedora

Package Format: .rpm

Package Manager: DNF (Dandified YUM)

Config Files: /etc/dnf/dnf.conf, /etc/yum.repos.d/

Features: Faster, better dependency resolution

SopenSUSE

Package Format: .rpm

Package Manager: Zypper

Config Files: /etc/zypp/zypp.conf, /etc/zypp/repos.d/

Features: Powerful dependency solver

AArch Linux

Package Format: .pkg.tar.zst

Package Manager: Pacman

Config Files: /etc/pacman.conf, /etc/pacman.d/

Philosophy: Rolling release, minimal

Package Formats Comparison

Format	Used By	Tool	Package Database	Pros
.deb	Debian, Ubuntu, Mint	dpkg, APT	/var/lib/dpkg/status	Large repository, stable
.rpm	RHEL, CentOS, Fedora, SUSE	rpm, YUM, DNF, Zypper	/var/lib/rpm/	Enterprise focus, certified
Snap	Ubuntu (cross-distro)	snapd	/var/lib/snapd/	Containerized, auto-updates
Flatpak	Cross-distro	flatpak	~/.local/share/flatpak/	Sandboxed, portable

2. APT Package Management (Debian/Ubuntu)

What is APT?

APT (Advanced Package Tool) is a high-level package management system for Debian and Ubuntu. It provides commands for searching, installing, updating, and removing packages while automatically handling dependencies.

Low-Level: dpkg

Debian package manager - handles individual .deb files.

# Install local .deb file
$ sudo dpkg -i package.deb

# List installed packages
$ dpkg -l | grep nginx

# Show package info
$ dpkg -s nginx

# List package files
$ dpkg -L nginx

Limitation: Doesn't handle dependencies automatically

High-Level: APT

Advanced Package Tool - handles repositories and dependencies.

# Modern APT commands (recommended)
$ sudo apt update
$ sudo apt install nginx
$ sudo apt remove nginx
$ sudo apt upgrade

# Legacy apt-get commands
$ sudo apt-get update
$ sudo apt-get install nginx

Features: Dependency resolution, repository management

Essential APT Commands

Package Installation

# Install single package
$ sudo apt install nginx

# Install multiple packages
$ sudo apt install nginx mysql-server php-fpm

# Install specific version
$ sudo apt install nginx=1.18.0-0ubuntu1

# Install without recommended packages
$ sudo apt install --no-install-recommends package

Package Removal

# Remove package (keep configs)
$ sudo apt remove nginx

# Remove package + configs
$ sudo apt purge nginx

# Remove unused dependencies
$ sudo apt autoremove

# Clean package cache
$ sudo apt clean

Package Search & Info

# Search for packages
$ apt search nginx

# Show package info
$ apt show nginx

# List installed packages
$ apt list --installed

# Check for upgradable packages
$ apt list --upgradable

System Updates

# Update package lists
$ sudo apt update

# Upgrade installed packages
$ sudo apt upgrade

# Full distribution upgrade
$ sudo apt full-upgrade

# Safe upgrade (no new packages)
$ sudo apt safe-upgrade

APT Configuration & Files

# Main APT configuration file
$ cat /etc/apt/apt.conf
# or individual files in /etc/apt/apt.conf.d/

# Repository configuration
$ cat /etc/apt/sources.list
# Additional repos in /etc/apt/sources.list.d/

# Common APT options in /etc/apt/apt.conf.d/
# /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

# Pre-download packages for faster installs
$ sudo apt install -d nginx

3. YUM/DNF Package Management (RHEL/CentOS/Fedora)

What are YUM and DNF?

YUM (Yellowdog Updater Modified) and DNF (Dandified YUM) are package managers for RPM-based distributions. DNF is the next-generation replacement for YUM, offering better performance and dependency resolution.

Low-Level: rpm

RPM Package Manager - handles individual .rpm files.

# Install local .rpm file
$ sudo rpm -ivh package.rpm

# Query installed packages
$ rpm -qa | grep nginx

# Show package info
$ rpm -qi nginx

# List package files
$ rpm -ql nginx

# Verify package integrity
$ rpm -V nginx

High-Level: YUM/DNF

Package managers with repository support.

# YUM (RHEL/CentOS 7 and earlier)
$ sudo yum install nginx
$ sudo yum update

# DNF (Fedora, RHEL/CentOS 8+)
$ sudo dnf install nginx
$ sudo dnf update

# Most commands are interchangeable
# DNF is faster with better dependency resolution

Essential YUM/DNF Commands

Package Operations

# Install package
$ sudo yum install nginx
# or
$ sudo dnf install nginx

# Install group of packages
$ sudo yum groupinstall "Development Tools"

# Install from local file with deps
$ sudo yum localinstall package.rpm

System Updates

# Update all packages
$ sudo yum update
# or
$ sudo dnf update

# Update specific package
$ sudo yum update nginx

# Check for updates
$ sudo yum check-update

Package Removal

# Remove package
$ sudo yum remove nginx

# Remove unused dependencies
$ sudo yum autoremove

# Clean cache
$ sudo yum clean all

Search & Info

# Search for packages
$ yum search nginx

# Show package info
$ yum info nginx

# List installed packages
$ yum list installed

# What provides a file
$ yum provides /etc/nginx/nginx.conf

DNF-Specific Features

# DNF module management (RHEL 8+/Fedora)
$ sudo dnf module list
$ sudo dnf module enable nodejs:14
$ sudo dnf module install nodejs:14

# History and rollback
$ sudo dnf history
$ sudo dnf history info 5
$ sudo dnf history undo 5

# Automatic removal of unused deps
$ sudo dnf autoremove

# DNF configuration
$ cat /etc/dnf/dnf.conf

4. Managing Repositories

What are Package Repositories?

Repositories (repos) are centralized collections of software packages with metadata. They provide a secure, organized way to distribute software and updates.

Repository Architecture

Official Repos
Maintained by distribution

Third-Party Repos
EPEL, PPAs, RPM Fusion

Local Repos
Internal/corporate packages

↓

Package Manager (APT/YUM/DNF)

APT Repository Management

Repository Configuration

# Main repository file
$ cat /etc/apt/sources.list

# Format of repository line:
deb http://archive.ubuntu.com/ubuntu/ focal main restricted
# Type URL Distribution Component

# Additional repos directory
$ ls /etc/apt/sources.list.d/
# .list files for additional repos

Managing Repositories

# Add PPA (Personal Package Archive)
$ sudo add-apt-repository ppa:nginx/stable

# Remove repository
$ sudo add-apt-repository --remove ppa:nginx/stable

# Add repository manually
$ echo "deb http://repo.example.com/ubuntu focal main" | \
    sudo tee /etc/apt/sources.list.d/custom.list

# Import repository GPG key
$ wget -qO - https://repo.example.com/key.asc | sudo apt-key add -

YUM/DNF Repository Management

Repository Configuration

# Repository directory
$ ls /etc/yum.repos.d/
# .repo files for each repository

# Example .repo file format:
[epel]
name=EPEL $releasever
baseurl=https://download.fedoraproject.org/pub/epel/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://download.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-$releasever

Managing Repositories

# List enabled repositories
$ yum repolist
# or
$ dnf repolist

# List all repositories
$ yum repolist all

# Enable/disable repository
$ yum-config-manager --enable epel
$ yum-config-manager --disable epel

# Add EPEL repository (RHEL/CentOS)
$ sudo yum install epel-release

Important Third-Party Repositories

Repository	For	Purpose	Installation
EPEL	RHEL/CentOS	Extra Packages for Enterprise Linux	yum install epel-release
RPM Fusion	Fedora RHEL	Multimedia, gaming, and other software	dnf install rpmfusion-free-release
PPA	Ubuntu Debian	Personal Package Archives (user repos)	add-apt-repository ppa:user/ppa-name
Docker CE	All	Docker Community Edition	Follow Docker installation docs
NodeSource	All	Node.js binaries	curl -sL https://deb.nodesource.com/setup_16.x | bash

Setting Up a Local Repository for DevOps

# For Debian/Ubuntu:
# 1. Install required packages
$ sudo apt install reprepro apache2

# 2. Create repository structure
$ mkdir -p /var/www/repos/apt/debian/conf
# Create distributions file in conf/

# 3. Add packages to repo
$ reprepro -b /var/www/repos/apt/debian includedeb focal package.deb

# For RHEL/CentOS:
# 1. Install createrepo
$ sudo yum install createrepo httpd

# 2. Create repository directory
$ mkdir -p /var/www/html/repos/rpm/
$ cp *.rpm /var/www/html/repos/rpm/

# 3. Create repository metadata
$ createrepo /var/www/html/repos/rpm/

# 4. Clients add repo file:
# /etc/yum.repos.d/local.repo
[local-repo]
name=Local Repository
baseurl=http://repo-server/repos/rpm/
enabled=1
gpgcheck=0

5. Building from Source

When to Build from Source

While package managers are preferred, sometimes you need to build from source:

• Latest version: Package repo has older version
• Custom patches: Need specific modifications
• Performance optimization: Compile with specific flags
• Unavailable packages: Software not in repositories
• Development: Need to modify or debug source

⚠️ Considerations Before Building from Source

• Dependency management: You must handle dependencies manually
• Updates: No automatic security updates
• Integration: May not integrate well with package manager
• Support: Harder to get support for custom builds
• Reproducibility: Harder to reproduce exact build

Best Practice: Create your own packages when possible

The Build Process

Source Compilation Workflow

Source Code
Download .tar.gz

→

Extract
tar -xf

→

Configure
./configure

→

Build
make

→

Install
make install

Build Tools & Dependencies

Development Tools

# Debian/Ubuntu
$ sudo apt install build-essential
# Includes gcc, g++, make, etc.

# RHEL/CentOS/Fedora
$ sudo yum groupinstall "Development Tools"
# or
$ sudo dnf groupinstall "Development Tools"

# Additional tools
$ sudo apt install autoconf automake libtool
$ sudo apt install pkg-config cmake

Common Build Systems

# Autotools (./configure)
./configure --prefix=/usr/local
make
sudo make install

# CMake
mkdir build && cd build
cmake ..
make
sudo make install

# Meson
meson build
ninja -C build
sudo ninja -C build install

Complete Build Example: Nginx from Source

# 1. Install build dependencies
$ sudo apt install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev

# 2. Download source
$ wget https://nginx.org/download/nginx-1.20.1.tar.gz
$ tar -xzf nginx-1.20.1.tar.gz
$ cd nginx-1.20.1

# 3. Configure with custom options
$ ./configure --prefix=/opt/nginx \
    --with-http_ssl_module \
    --with-http_v2_module \
    --with-http_realip_module

# 4. Build and install
$ make
$ sudo make install

# 5. Create systemd service (optional)
$ sudo cp /opt/nginx/contrib/systemd/nginx.service /etc/systemd/system/
$ sudo systemctl daemon-reload
$ sudo systemctl enable --now nginx

Creating Your Own Packages

Creating .deb Packages

# Install packaging tools
$ sudo apt install devscripts debhelper dh-make

# Create package structure
$ cd myapp-1.0/
$ dh_make --createorig --single --yes

# Edit debian/ files
# debian/control - package metadata
# debian/rules - build rules
# debian/changelog - version history

# Build package
$ dpkg-buildpackage -us -uc

Creating .rpm Packages

# Install packaging tools
$ sudo yum install rpm-build rpmdevtools

# Setup build environment
$ rpmdev-setuptree

# Create spec file
$ cd ~/rpmbuild/SPECS/
$ rpmdev-newspec myapp
# Edit myapp.spec

# Build package
$ rpmbuild -ba myapp.spec
# Package at ~/rpmbuild/RPMS/

Best Practices for Building from Source in DevOps

1. Use version control: Track build scripts and configurations
2. Document dependencies: Keep list of required packages
3. Use isolated environments: Docker containers or VMs for building
4. Create packages when possible: Easier deployment and updates
5. Test thoroughly: Verify functionality after installation
6. Consider maintainability: Who will update when vulnerabilities are found?
7. Use CI/CD: Automate build and testing process
8. Keep source secure: Verify checksums and GPG signatures

Package Management Automation for DevOps

Automated Package Management with Ansible

# Ansible playbook for multi-distro package management
---
- name: Ensure packages are installed
hosts: all
tasks:
- name: Install common packages on Debian/Ubuntu
apt:
name:
- nginx
- mysql-server
- python3-pip
state: present
update_cache: yes
when: ansible_os_family == "Debian"

- name: Install common packages on RHEL/CentOS
yum:
name:
- nginx
- mariadb-server
- python3-pip
state: present
when: ansible_os_family == "RedHat"

- name: Add Docker repository for Ubuntu
apt_repository:
repo: deb https://download.docker.com/linux/ubuntu {{ ansible_distribution_release }} stable
state: present
when: ansible_os_family == "Debian"

- name: Add EPEL repository for CentOS
yum:
name: epel-release
state: present
when: ansible_distribution == "CentOS"

Package Management Command Cheat Sheet

Debian/Ubuntu (APT)

$ sudo apt update # Update package lists
$ sudo apt upgrade # Upgrade packages
$ sudo apt install package # Install package
$ sudo apt remove package # Remove package
$ sudo apt purge package # Remove + configs
$ apt search pattern # Search packages
$ apt show package # Package info

RHEL/CentOS (YUM)

$ sudo yum install package # Install package
$ sudo yum update # Update packages
$ sudo yum remove package # Remove package
$ yum search pattern # Search packages
$ yum info package # Package info
$ yum clean all # Clean cache
$ yum repolist # List repos

Fedora (DNF)

$ sudo dnf install package # Install package
$ sudo dnf update # Update packages
$ sudo dnf remove package # Remove package
$ dnf search pattern # Search packages
$ dnf history # Transaction history
$ dnf autoremove # Remove unused deps

Generic Package Operations

$ which package # Find command location
$ dpkg -L package # List package files (.deb)
$ rpm -ql package # List package files (.rpm)
$ apt-cache policy package # Package version info
$ yum provides /path/file # Which package provides file

Practice Scenarios for DevOps Engineers

1. You need to deploy the same application across Ubuntu and CentOS servers. How would you ensure consistent package installation?
2. A security vulnerability is announced for a package. How would you check if it's installed and update it across 100 servers?
3. You need to install software that's not in the official repositories. What are your options and which is most maintainable?
4. How would you create an internal repository for your organization's custom applications?
5. A build from source is failing due to missing dependencies. How would you systematically identify and install them?
6. You need to pin a specific version of a package to prevent automatic updates. How would you do this in APT and YUM?
7. How would you roll back a package update that caused issues in production?
8. What steps would you take to verify the integrity and authenticity of packages from third-party repositories?

Key Takeaways

• Choose the right tool: APT for Debian/Ubuntu, YUM/DNF for RHEL/CentOS/Fedora
• Understand the hierarchy: Low-level (dpkg/rpm) vs high-level (APT/YUM) tools
• Manage repositories wisely: Official repos first, verify third-party sources
• Automate package management: Use configuration management tools
• Build from source only when necessary: Prefer packaged versions for maintainability
• Keep systems updated: Regular security updates are critical
• Document your packages: Track what's installed and why
• Test updates in staging: Never update production without testing

Mastering package management is essential for maintaining secure, stable, and reproducible Linux systems in DevOps environments. These skills enable you to automate deployments, ensure consistency, and quickly respond to security issues.