Chapter 1 Yum DNF

This chapter describes how to use the yum or dnf utility to install and upgrade software packages. Note that the yum command provided with Oracle Linux 8 is a symbolic link to the dnf command.

1.1 About DNF

The yum utility that is provided with Oracle Linux 8 is based on Dandified Yum (DNF). You can use dnf to install or upgrade RPM packages, while automatically handling package dependencies and requirements. The dnf command can be used to download the packages from repositories such as those that are available on the Oracle Linux yum server, but you can also set up your own repositories on systems that do not have Internet access. You can also use the dnf command on systems that are registered with the Unbreakable Linux Network (ULN) to install additional software that is limited to Oracle Linux Premier Support customers.

DNF provides significant improvements in functionality and performance when compared to the traditional yum command. DNF also brings a host of new features, including support for modular content and a more stable and well documented API. DNF is compatible with Yum v3, when used from the command line or when editing or creating configuration file. You can use the dnf command and all of its options similarly to how you used the yum command on previous releases of Oracle Linux.

The yum command that is provided with Oracle Linux 8 is a symbolic link to the dnf command. The commands are completely interchangeable. This implementation provides a level of backward compatibility that enables you to perform similar tasks to those that you performed in earlier releases of Oracle Linux, while at the same time, facilitating the wider range of new features that are available in dnf, such as improved package management and performance. Syntax differences between dnf and legacy yum commands are described in detail in Oracle® Linux 8: Release Notes for Oracle Linux 8.

1.1.1 About the Oracle Linux Yum Server

The Oracle Linux yum server is a convenient way to install Oracle Linux packages, including bug fixes, security fixes and enhancements, rather than installing them from installation media. You can access the server at https://yum.oracle.com/.

You can also subscribe to the Oracle Linux mailing list to be notified when new packages are released. You can access the mailing list at https://oss.oracle.com/mailman/listinfo/el-errata.

1.1.2 About Using ULN With Yum

The repositories that are available on the Oracle Linux yum server are aligned with the channels that are available from the Unbreakable Linux Network (ULN). Exceptions are any ULN channels that are limited to Oracle Linux Premier Support customers, for example, channels for products such as Ksplice.

Compute nodes running Oracle Linux on Oracle Cloud Infrastructure and that are connected to a service gateway automatically have access to ULN content via the regional yum servers available on the Oracle Services Network. These yum servers differ from the publicly available Oracle Linux yum server in that they also mirror content available on restricted ULN channels.

Access to ULN content is provided by virtue of the support contract that you have for your Oracle Cloud Infrastructure account. You are able to access content on ULN without any requirement to register or use alternate tools to manage channel access, simplifying any software management that you need to perform on a compute node.

To enable access to restricted content via the regional yum servers, ensure that you have installed the appropriate release-el8 packages and enabled the repositories that you require access to.

1.2 DNF Configuration

The main configuration file for DNF is /etc/dnf/dnf.conf. The global definitions for DNF are located under the [main] section heading of the DNF configuration file. The following table describes the important directives for DNF.

Directive

Description

cachedir

Directory used to store downloaded packages.

debuglevel

Logging level, from 0 (none) to 10 (all).

exclude

A space separated list of packages to exclude from installs or updates, for example: exclude=VirtualBox-4.? kernel*.

gpgcheck

If set to 1, verify the authenticity of the packages by checking the GPG signatures. You might need to set gpgcheck to 0 if a package is unsigned, but you should be wary that the package could have been maliciously altered.

gpgkey

Path to the GPG public key file.

installonly_limit

Maximum number of versions that can be installed of any one package.

keepcache

If set to 0, remove packages after installation.

logfile

Path to the yum log file.

obsoletes

If set to 1, replace obsolete packages during upgrades.

plugins

If set to 1, enable plugins that extend the functionality of yum.

proxy

URL of a proxy server including the port number. See Section 1.2.1, “Configuring the Use of a Proxy Server”.

proxy_password

Password for authentication with a proxy server.

proxy_username

User name for authentication with a proxy server.

reposdir

Directories where yum should look for repository files with a .repo extension. The default directory is /etc/yum.repos.d.

See the dnf.conf(5) manual page for more information.

The following listing shows an example [main] section from the DNF configuration file.

[main]
cachedir=/var/cache/dnf
keepcache=0
debuglevel=2
logfile=/var/log/dnf.log
obsoletes=1
gpgkey=file://media/RPM-GPG-KEY
gpgcheck=1
plugins=1
installonly_limit=3

It is possible to define repositories below the [main] section in /etc/dnf/dnf.conf or in separate repository configuration files. By default, dnf expects any repository configuration files to be located in the /etc/yum.repos.d directory, unless you use the reposdir directive to define alternate directories.

Note that for backward-compatibility purposes, a symbolic link to /etc/dnf/dnf.conf is created at /etc/yum.conf. The configuration syntax is generally the same; although, some configuration options have been deprecated and some new configuration options have been added. See Oracle® Linux 8: Release Notes for Oracle Linux 8 for a breakdown of the differences between configuration options and syntax.

1.2.1 Configuring the Use of a Proxy Server

If your organization uses a proxy server as an intermediary for Internet access, specify the proxy setting in /etc/dnf/dnf.conf as shown in the following example.

proxy=http://proxysvr.example.com:3128

If the proxy server requires authentication, additionally specify the proxy_username, and proxy_password settings.

proxy=http://proxysvr.example.com:3128
proxy_username=yumacc
proxy_password=clydenw 

If you use the yum plugin (yum-rhn-plugin) to access the ULN, specify the enableProxy and httpProxy settings in /etc/sysconfig/rhn/up2date as shown in this example.

enableProxy=1
httpProxy=http://proxysvr.example.com:3128

If the proxy server requires authentication, additionally specify the enableProxyAuth, proxyUser, and proxyPassword settings.

enableProxy=1
httpProxy=http://proxysvr.example.com:3128
enableProxyAuth=1
proxyUser=yumacc
proxyPassword=clydenw
Caution

All dnf users require read access to /etc/dnf/dnf.conf or /etc/sysconfig/rhn/up2date. If these files must be world-readable, do not use a proxy password that is the same as any user's login password, and especially not root's password.

1.2.2 Yum Repository Configuration

Yum repository configuration files are used by DNF to determine where different packages and their dependencies can be installed from.

The yum configuration file or yum repository configuration files can contain one or more sections that define repositories.

The following table describes the basic directives for a repository.

Directive

Description

baseurl

Location of the repository channel (expressed as a file://, ftp://, http://, or https:// address). This directive must be specified.

enabled

If set to 1, permit yum to use the channel.

name

Descriptive name for the repository channel. This directive must be specified.

Any other directive that appears in this section overrides the corresponding global definition in the [main] section of the DNF configuration file. See the dnf.conf(5) manual page for more information.

The following listing shows an example repository section from a configuration file.

[ol8_appstream]
name=Oracle Linux $releasever Application Stream ($basearch)
baseurl=https://yum.oracle.com/repo/OracleLinux/OL8/appstream/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

In this example, the values of gpgkey and gpgcheck override any global setting. dnf substitutes the name of the current system's architecture for the variable $basearch.

The dnf command automatically searches the /etc/yum.repos.d directory for files with the suffix .repo and appends these to the configuration when it is processing. Use this directory to define repository files for repositories that you want to make available.

1.2.3 Downloading Oracle Linux Yum Server Repository Files

The Oracle Linux yum server provides a direct mapping of all of the ULN channels that are available to the public, without any specific support agreement. The repository labels that are used for each repository on the Oracle Linux yum server map directly to the channel names on ULN. See Chapter 2, Unbreakable Linux Network for more information about channel names and common suffixes that are used for channels and repositories.

Oracle Linux 8 uses modular yum repository configuration files released as packages that can be maintained through yum, which helps simplify repository management and also ensure that your yum repository definitions are kept up to date automatically whenever you update your system.

A list of all available RPM files to manage all of the possible yum repository configurations for your release can be obtained by running:

# dnf list *release-el8*

To install the yum repository configuration for a particular set of software that you wish to use, use the dnf command to install the corresponding package.

If, for some reason, you manage to remove all configuration to access the Oracle Linux yum server repositories, you should create a temporary yum repository configuration file at /etc/yum.repos.d/ol8-temp.repo with the following as the minimum required content:

[ol8_baseos_latest]
name=Oracle Linux $releasever BaseOS ($basearch)
baseurl=https://yum$ociregion.oracle.com/repo/OracleLinux/OL8/baseos/latest/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1

Then, reinstall the oraclelinux-release-el8 package to restore the default yum configuration:

# dnf reinstall oraclelinux-release-el8
# rm /etc/yum.repos.d/ol8-temp.repo

For more information about manually setting up Oracle Linux yum server repository configuration files, see https://yum.oracle.com/getting-started.html.

You can enable or disable repositories in each repository configuration file by setting the value of the enabled directive to 1 or 0, for each repository that is listed in the file, as required. The preferred method of enabling or disabling repositories under Oracle Linux 8 is to use the dnf config-manager command, as described in Section 1.2.4, “Using the DNF config-manager Plugin”.

1.2.3.1 Configuring Oracle Cloud Infrastructure Compute Instances for access to the regional yum server repositories

Compute instances in Oracle Cloud Infrastructure have access to regional yum servers via the service gateway. Regional yum servers on Oracle Cloud Infrastructure differ from the Oracle Linux yum server in that they also mirror content available on restricted ULN channels.

Yum repository configuration in Oracle Linux makes use of a yum variable in the baseurl for managing appropriate yum server access. For example, the baseurl to the ol8_baseos_latest repository for Oracle Linux 8 is:

baseurl=https://yum$ociregion.oracle.com/repo/OracleLinux/OL8/baseos/latest/$basearch

The $ociregion variable can be set by populating content in /etc/dnf/vars/ociregion. If this file does not exist, or the file is empty, the baseurl is expanded to point to the publicly accessible Oracle Linux yum server. In the case of a typical Oracle Cloud Infrastructure compute instance, the value of variable is set when the instance is created so that the baseurl is expanded to point to the closest regional yum server on the Oracle Cloud Infrastructure service network. For example, if $ociregion is set to -phx, the baseurl expands to point to the regional yum server located in Phoenix.

By using variables, configuration can remain relatively standard across Oracle Linux deployments but provide access to the additional resources available to Oracle Cloud Infrastructure customers.

1.2.4 Using the DNF config-manager Plugin

The dnf-plugins-core package includes several utilities that can help you to manage configuration and safely apply updates to your existing configuration. Most significant of these is the dnf config-manager plugin.

You can use dnf config-manager to add repositories, either at a specified URL or within a specified repository file. For example, to add a repository configuration file for Oracle Linux 8 that is hosted on a remote server, you can run the following command:

# dnf config-manager --add-repo https://example.com/my_yum_config.repo

You can use the same command to automatically generate a repository configuration file for a valid yum repository by pointing to the URL for which the repository is hosted. For example, to create a new configuration file in /etc/repos.d for an example repository, run:

# dnf config-manager --add-repo https://example.com/repo/OracleLinux/OL8/myrepo/x86_64

To enable a repository by using dnf config-manager, use the --enable option. For example, to enable the ol8_appstream repository, run:

# dnf config-manager --enable ol8_appstream

You can use the --disable option in a similar way to disable a repository.

You can also use the dnf config-manager tool to set other configuration options by specifying the --setopt and --save options. See the dnf.plugin.config_manager(8) manual page for more information.

1.3 Using DNF From the Command Line

The following table shows examples of some of the common tasks that you can perform by using the dnf command.

Command

Description

dnf repolist

Lists all of the enabled repositories.

dnf list

Lists all of the packages that are available in all enabled repositories and all packages that are installed on your system.

dnf list installed

Lists all of the packages that are installed on your system.

dnf list available

Lists all of the packages that are available to be installed in all enabled repositories.

dnf search string

Searches the package descriptions for the specified string.

dnf provides feature

Finds the name of the package to which the specified file or feature belongs, for example:

dnf provides /etc/dnf/automatic.conf

dnf info package

Displays detailed information about a package, for example:

dnf info dnf-automatic

dnf repoquery -l package

List the files that are contained in a package and are installed when the package is installed, for example:

dnf repoquery -l dnf-automatic

dnf install package

Installs the specified package, including packages on which it depends, for example:

dnf install dnf-automatic

dnf check-update

Checks whether updates exist for packages that are already installed on your system.

dnf upgrade package

Updates the specified package, including packages on which it depends, for example:

dnf upgrade dnf-automatic

DNF also interprets the dnf update package command as synonymous with the upgrade syntax; however, this syntax is considered deprecated.

dnf upgrade

Updates all packages, including packages on which they depend.

DNF also interprets the dnf update package command as synonymous with the upgrade syntax; however, this syntax is considered deprecated.

dnf remove package

Removes the specified package. For example:

dnf remove dnf-automatic

dnf clean all

Removes all cached package downloads and cached headers that contain information about remote packages. Running this command can help to clear problems that are a result of unfinished transactions or out-of-date headers.

dnf help

Displays help about dnf usage.

dnf help command

Displays help about the specified dnf command, for example:

dnf help upgrade

dnf shell

Runs the dnf interactive shell.

See the dnf(8) manual page for more information.

Note

dnf makes no distinction between installing and upgrading a kernel package. dnf always installs a new kernel regardless of whether you specify upgrade or install.

1.4 DNF Groups

A set of packages can be organized and managed as a group. Groups can be nested so that a parent group contains a set of sub-groups that can be installed. Examples include the groups for setting up a virtualization host, a graphical desktop, a collection of fonts, or core system administration tools. The following table shows the dnf commands that you can use to manage these groups.

Command

Description

dnf group list

Lists Environment Groups, that contain many sub-groups; and base groups of packages that are available for installation.

dnf group info groupname

Displays detailed information about a group. If the group is a parent group, this command lists all sub-groups that it contains, alternately the command lists all packages that are in the group.

dnf group install groupname

Installs all of the packages in a group.

dnf group update groupname

Updates all of the packages in a group.

dnf group remove groupname

Removes all of the packages in a group.

1.5 DNF Modules and Application Stream

DNF introduces the concepts of modules, streams and profiles to allow for the management of different versions of software applications within a single operating system release. Modules can be used to group together many packages that comprise a single application and its dependencies. Streams can be used to provide alternate versions of the same module. Profiles can be used to define optional configurations of any single module so that a module can be limited only to developer packages or can be scoped to include additional packages for enhanced functionality.

Modular content is made available separately to core operating system packages so that these user-space applications can be installed in a variety of user-space environments, including virtual machines, containers as well as the base operating system. Modular content for Oracle Linux 8 is typically shipped within the Application Stream (AppStream) repository.

  • Modules: Are a set of RPM packages that are grouped together and must be installed together. They can contain several streams that consist of multiple versions of applications that you can install. You enable a module stream to provide system access to the RPM packages that are contained in that module stream.

    A typical module can contain the following types of packages:

    • Packages with an application

    • Packages with the application's specific dependency libraries

    • Packages with documentation for the application

    • Packages with helper utilities

  • Module streams: Hold different versions of content contained within a module.

    Modules can have multiple streams, where each stream contains a different version of packages and their dependencies. Each stream receives updates independently. A module can have more than one stream. However, note that for each module, only one of its streams can be enabled to provide access to its packages. Frequently, the stream with the latest version is selected as the default stream and is used when operations do not specify a particular stream or a different stream has not been enabled previously.

    Module streams can be thought of as virtual repositories within the physical repository. For example, the postgresql module provides the PostgreSQL database, in streams 9.6 and 10, respectively, with version 10 being the current default stream.

    Note

    Oracle recommends that you use the latest stream for any module that is installed, even though other streams may continue to receive limited support.

  • Module profiles: Provide a list of certain packages that are to be installed at the same time for a particular use case. At the same time, profiles are also a recommendation by the application packagers and experts. Note that each module can have one or more profiles.

    You install packages by using a module's profile as a one-time action. Using a module's profile to install packages does not prevent you from installing or uninstalling any of the packages that are provided by the module. Furthermore, it is possible to install packages by using multiple profiles of the same module without any further preparation. Also, a module's package list can contain packages from outside of the module stream, usually from BaseOS or stream's dependencies. Note that modules in Application Stream always have a default profile. This default profile is used for installations, when no other profile has been explicitly specified.

    For example, The httpd module that includes the Apache web server supports the following profiles for installation:

    • common: This profile is a hardened production-ready deployment and is the default profile.

    • devel: This profile installs the packages that are necessary to make modifications to httpd.

    • minimal: This profile installs the smallest set of packages that provide a running web server.

Unlike software collections that were included in previous releases of Oracle Linux, applications that are installed from Application Streams are installed into standard locations and do not require additional commands or actions to run. You can run any version of an installed application the same way as any other version, regardless of the stream from which it was installed. After it is installed, the application behaves exactly as any other native application that you have installed by using DNF.

1.5.1 Displaying Available Modules

You can list available modules, typically within the Application Stream repository, by using the dnf module list command. Further module information can be obtained using the dnf module info command.

The following table describes some of the more commonly used commands for viewing and displaying content details in Application Stream.

Command Syntax

Description of Action

dnf module info module-name

Displays information about a module.

dnf module info --profile module-name

Displays information about the packages that are installed by the profiles of a module using the default stream.

dnf module info --profile module-name:stream

Displays information about the packages that are installed by the profiles of a module using a specified stream.

dnf module list

Lists all of the available modules and displays the module name, stream, profiles, and a summary. Each module and stream is listed on a separate line. Profiles are indicated using comma separated values for each module and stream.

Default values are indicated with the characters [d]. Modules that are enabled are indicated with the characters [e], while those that are disabled are indicated with the characters [x]. Installed modules, streams and profiles are indicated with the characters [i].

dnf module list module-name

Lists the current status of a module.

dnf module provides package

Displays information about which modules provide a specified package.

If the package is only available outside of any modules, the command output is empty.

1.5.2 Module Installation Commands

The following table describes the commands that are used to install content from Application Stream.

Command Syntax

Description of Action

Additional Information

dnf install package

Installs the specified package.

If a package is provided by a module stream, the dnf command resolves the required module stream and enables it automatically during package installation. In addition, the process is recursive for any package dependencies. Note that if more module streams satisfy the requirement, the default streams are used.

If the package is provided by a module stream that is not marked as default or is not enabled, that package is not recognized until you manually enable the applicable module stream.

dnf module enable module-name:stream

Enables a module or stream.

Use this command when you want to enable a module so that the packages are available to the system, but you do not necessarily want to install the module immediately.

Note that some modules might not define default streams. In this case, you must explicitly specify the stream. If you explicitly specify a stream and an alternate stream is set as the default, the enabled stream overrides the default stream for subsequent install requests.

dnf install @module-name

Alternatively, you can use:

dnf module install module-name

Installs a module. The @ character is shorthand to indicate that you intend to install a module.

If the module defines a default stream, or you have enabled a particular stream, you do not need to include stream and colon in the command syntax.

Be aware that some modules do not define default streams.

dnf install @module-name:stream

Alternatively, you can use:

dnf module install module-name:stream

Installs a module by using a specific stream and default profiles.

 

dnf install @module-name:stream/profile

Alternatively, you can use:

dnf module install module-name:stream/profile

Installs a module by using a specific stream and profile.

 

1.5.3 About Modular Dependencies and Stream Changes

Typically, packages that provide content depend on other packages, and they usually specify the desired dependency versions. This same mechanism also applies to packages that are contained within modules. The grouping of packages and their particular versions into modules and streams has some additional constraints. For example, module streams can declare dependencies on the streams of other modules, independent of the packages that are contained and provided by them. After any package or module operation, the entire dependency tree for all of the underlying installed packages must satisfy all of the conditions that the packages declare. Also, all of the module stream dependencies must satisfied.

These additional constraints require that you carefully consider any package operations prior to performing them, as changing the enabled module streams does not automatically manipulate packages to enable you to have complete control over the changes. However, the tool always provides a summary of the actions to take.

When performing package operations on modules and streams, keep the following guidelines, caveats, and warnings in mind:

  • Enabling a module stream might also require the enabling of streams of additional modules.

  • Installing a module stream profile or packages from a stream might also require the enabling of streams of additional modules and the installation of additional packages.

  • Disabling a stream of a module might also require the disabling of other module streams, as no packages are removed automatically.

  • Removing a package can require the removal of additional packages. If any of the packages are provided by modules, the module streams remain enabled in preparation for further installation, even if no packages from these streams are installed subsequently; thereby, mirroring the behavior of an unused yum repository.

  • Switching the stream that is enabled for a module is the same as resetting the current stream and enabling a new stream.

    Note

    Switching an enabled stream does not automatically change any of the installed packages. Also, removing packages that are provided by a previous stream, and any of the packages that depend on them, as well as the installation of packages in a new stream are all tasks that must be performed manually.

  • Due to potential upgrade scripts that run during an installation, directly installing a stream of a module, other than one that is currently installed by default, is not recommended.

Module dependencies include regular package dependencies that are similar to RPM dependencies. For modules, however, availability can also depend on the enabling of module streams; module streams can also depend on other module streams.

Dependencies of non-modular packages on modular packages is used in Application Stream only when a modular package is provided by a module stream that is marked as the default. When a modular package depends on a non-modular package, the system always retains the module and stream choices, unless you provide explicit instructions to change them. A modular package receives updates from the currently enabled stream of the module that provides this package and does not upgrade to a version from a different stream.

1.5.4 Removing Installed Modules

Before removing an installed module, carefully review the information in Section 1.5.3, “About Modular Dependencies and Stream Changes”.

When you remove an installed module, all of the packages that are installed by the profiles of the currently enabled module stream, and any further packages and modules that depend on them, are also removed. Note that any packages installed from this module stream that are not listed in any of its profiles remain installed on the system and can be removed manually.

Note

A prerequisite to removing installed modules requires that the module to be removed already has some profiles installed.

To remove an installed module, follow these steps:

  1. Remove the module.

    # dnf module remove module-name

    In the previous example, module-name specifies the name of the module to remove.

    The dnf module remove command removes all of the packages that are installed from this module. You are presented with a summary of the changes to be made and a request for confirmation.

  2. Disable the module stream.

    # dnf module disable module-name

    In the previous example, module-name is the name of the module to disable.

    You are presented with a summary of the changes to be made and a request for confirmation.

  3. Remove any packages that you manually installed from the module stream.

    # dnf remove package ...

    In the previous example, package ... is the name of the package, or packages, to be removed.

    You are presented with a summary of the changes to be made and a request for confirmation.

1.5.5 Switching Module Streams

Before switching module streams, carefully review the information in Section 1.5.3, “About Modular Dependencies and Stream Changes”.

When you switch to a different module stream, you are usually upgrading or downgrading the content to a different version than the version that is currently installed on the system.

Note

The module stream that you want to switch must already be enabled, and, another stream of the same module must already exist.

  1. Install the profiles of a different stream of the module as follows:

    # dnf install @module-name:stream

    In the previous example, module-name is the name of the module and stream is the desired stream.

    You are presented with a summary of the changes to be made and a request for confirmation.

    Running the previous command enables the new stream and disables the current stream. Note that it might be necessary to make changes to additional module streams and packages.

  2. Update or downgrade any packages installed from the previous module stream that were not listed in the profiles installed in the previous step.

    # dnf distro-sync

    You are presented with a summary of the changes to be made and a request for confirmation.

  3. Manually remove any remaining packages that were installed from the previous module stream.

    # dnf remove package ...

    In the previous example, package ... is the name of the package, or packages, to be removed.

    You are presented with a summary of the changes to be made and a request for confirmation.

1.6 Using DNF Security Options

DNF includes integrated options to handle any requirement for managing security and errata updates that are available for packages installed in Oracle Linux 8.

List the errata that are available for your system as follows:

# dnf updateinfo list
...

The output from the command sorts the available errata in order of their IDs, and it also specifies whether each erratum is a security patch (severity/Sec.), a bug fix (bugfix), or a feature enhancement (enhancement). Security patches are listed by their severity: Important, Moderate, or Low.

You can use the --sec-severity option to filter the security errata by severity, for example:

# dnf updateinfo list --sec-severity=Moderate
...

To list the security errata by their Common Vulnerabilities and Exposures (CVE) IDs instead of their errata IDs, specify the keyword cves as an argument:

# dnf updateinfo list cves
...

Similarly, the keywords bugfix, enhancement, and security filter the list for all bug fixes, enhancements, and security errata.

You can use the --cve option to display the errata that correspond to a specified CVE, for example:

# dnf updateinfo list --cve CVE-2020-4000

To display more information, specify info instead of list, for example:

# dnf updateinfo info --cve CVE-2020-4000

To update all of the packages for which security-related errata are available to the latest versions of the packages, even if those packages that include bug fixes or new features but not security errata, use the following command:

# dnf --security update

To update all packages to the latest versions that contain security errata, ignoring any newer packages that do not contain security errata, use the following command:

# dnf --security upgrade-minimal

To update all kernel packages to the latest versions that contain security errata, use the following command:

# dnf --security upgrade-minimal kernel*

To update only those packages that correspond to a CVE or erratum, use the following command:

# dnf update --cve CVE-2020-4000
# dnf update --advisory ELSA-2020-4010
Note

Some updates might require that you reboot the system. By default, the boot manager automatically enables the most recent kernel version.

For more information, see the dnf(8) manual page.

1.7 Using the DNF Automatic Tool to Keep Your System Up To Date

The DNF Automatic tool is provided as an additional package that you can use as an alternative to manually running dnf upgrade to keep your system up to date with the latest security patches and bug fixes. The tool can provide automatic notifications of updates, download updates, and then install them automatically by using systemd timers.

You can install the dnf-automatic package and enable the systemd dnf-automatic.timer timer unit to start using this service:

# dnf install dnf-automatic
# systemctl enable --now dnf-automatic.timer

You configure the DNF Automatic tool by editing the /etc/dnf/automatic.conf configuration file and then restarting the timer unit.

Note that additional alternate timer units are available and can override the default configuration that is specified in the configuration file. Frequently, these timer units are used as handy shortcuts to perform a specific behavior:

  • dnf-automatic-notifyonly.timer: Notifies for available updates

  • dnf-automatic-download.timer: Downloads package updates, but does not install them

  • dnf-automatic-install.timer: Downloads and automatically installs package updates

You enable the required behavior by running:

# systemctl enable --now dnf-automatic-install.timer

1.8 Creating a Local Yum Repository by Using an ISO Image

Note

The system must have sufficient storage space to host a full Oracle Linux Media Pack DVD image (approximately 6.6 GB for Oracle Linux 8).

To create a local yum repository (for example, if a system does not have Internet access):

  1. On a system with Internet access, download a full Oracle Linux DVD image from the Oracle Software Delivery Cloud at https://edelivery.oracle.com/linux onto removable storage (such as a USB memory stick).

    Note

    You can verify that the ISO was copied correctly by comparing its checksum with the digest value that is listed on edelivery.oracle.com, for example:

    # sha1sum OracleLinux8.iso
    203b8185d8c6551378b41da26b088f23e131343f OracleLinux8.iso
  2. Transfer the removable storage to the system on which you want to create a local yum repository, and copy the DVD image to a directory in a local file system.

    # cp /media/USB_stick/OracleLinux8.iso /ISOs
  3. Create a suitable mount point, for example /var/OSimage/OL8_x86_64, and mount the DVD image on it.

    # mkdir -p /var/OSimage/OL8_x86_64
    # mount -o loop,ro /ISOs/OracleLinux8.iso /var/OSimage/OL8_x86_64
    Note

    Include the read-only mount option (ro) to avoid changing the contents of the ISO by mistake.

  4. Create an entry in /etc/fstab so that the system always mounts the DVD image after a reboot.

    /ISOs/OracleLinux8.iso /var/OSimage/OL8.0_x86_64 iso9660 loop,ro 0 0
  5. Disable all existing yum repositories.

    In the /etc/yum.repos.d directory, edit any existing repository files and disable all entries by setting enabled=0. Alternately, as described in Section 1.2.4, “Using the DNF config-manager Plugin”, you can disable all repositories by running:

    # dnf config-manager --disable \*
  6. Create the following entries in a new repository file (for example, /etc/yum.repos.d/OL8.repo).

    [OL8]
    name=Oracle Linux 8.0 x86_64
    baseurl=file:///var/OSimage/OL8_x86_64
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1 
    enabled=1 

    Note that the correct GPG key file must exist at the path specified for the gpgkey parameter. You can download the GPG keys used to sign all of the Oracle Linux release packages from the Oracle Linux yum server. See https://yum.oracle.com/faq.html#a10 for more information.

  7. Clean up the dnf cache.

    # dnf clean all
  8. Test that you can use the dnf command to access the repository.

    # dnf repolist
    Loaded plugins: refresh-packagekit, security
    ...
    repo id                          repo name                                status
    OL8                             Oracle Linux 8.0 x86_64                  5,070
    repolist: 5,070

1.9 Setting up a Local Yum Server by Using an ISO Image

To set up a local yum server (for example, if you have a network of systems that do not have Internet access):

  1. Choose one of the systems to be the yum server, and create a local yum repository on it as described in Section 1.8, “Creating a Local Yum Repository by Using an ISO Image”.

  2. Install the Apache HTTP server from the local yum repository.

    # dnf install httpd
  3. If SELinux is enabled in enforcing mode on your system, do the following:

    1. Use the semanage command to define the default file type of the repository root directory hierarchy as httpd_sys_content_t:

      # /usr/sbin/semanage fcontext -a -t httpd_sys_content_t "/var/OSimage(/.*)?"
    2. Use the restorecon command to apply the file type to the entire repository:

      # /sbin/restorecon -R -v /var/OSimage
    Note

    The semanage and restorecon commands are provided by the policycoreutils-python and policycoreutils packages.

  4. Create a symbolic link in /var/www/html that points to the repository:

    # ln -s /var/OSimage /var/www/html/OSimage
  5. Edit the HTTP server configuration file (/etc/httpd/conf/httpd.conf) as follows:

    1. Specify the resolvable domain name of the server, in the argument to ServerName.

      ServerName server_addr:80

      If the server does not have a resolvable domain name, enter its IP address instead.

    2. Verify that the setting of the Options directive in the <Directory "/var/www/html"> section specifies Indexes and FollowSymLinks to allow you to browse the directory hierarchy, for example:

      Options Indexes FollowSymLinks
    3. Save your changes to the file.

  6. Start the Apache HTTP server, then configure it to start after a reboot.

    # systemctl start httpd
    # systemctl enable httpd
  7. If you have enabled a firewall on your system, configure it to allow incoming HTTP connection requests on TCP port 80, for example:

    # firewall-cmd --zone=zone --add-port=80/tcp
    # firewall-cmd --permanent --zone=zone --add-port=80/tcp
  8. Disable all of the existing yum repositories on the server and each client system.

    In the /etc/yum.repos.d directory, edit any existing repository files and disable all entries by setting enabled=0. If you have the yum-utils package installed, as described in Section 1.2.4, “Using the DNF config-manager Plugin”, you can disable all repositories by running the following command:

    # dnf config-manager --disable \*
  9. Edit the repository file on the server (for example, /etc/yum.repos.d/OL8.repo):

    [OL8]
    name=Oracle Linux 8.0 x86_64
    baseurl=http://server_addr/OSimage/OL8.0_x86_64
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY
    gpgcheck=1 
    enabled=1 

    Replace server_addr with the IP address or resolvable host name of the local yum server.

  10. On each client, copy the repository file from the server to the /etc/yum.repos.d directory.

  11. On the server and each client, test that you can use the dnf command to access the repository:

    # dnf repolist
    Loaded plugins: refresh-packagekit, security
    ...
    repo id                          repo name                                status
    OL8                            Oracle Linux 8.0 x86_64                    5,070
    repolist: 5,070

1.10 For More Information About DNF

More information on DNF is available at https://dnf.readthedocs.io/en/latest/index.html.

Frequently asked questions about the Oracle Linux yum server are answered at https://yum.oracle.com/faq.html.