1. Managing Software in Oracle Linux
  2. How Oracle Distributes Software Packages

1 How Oracle Distributes Software Packages

Oracle uses two mechanisms to distribute software packages:

Depending on the infrastructure and the support agreement with Oracle, you can use either of these software distribution mechanisms with the Oracle Linux systems you're running. You can also create software distribution mirrors to provision software to a broader infrastructure.

Distributing Packages Through the Oracle Linux Yum Server

Instead of using the installation media, you can access the Oracle Linux yum server to install Oracle Linux packages, including bug fixes, security fixes, and enhancements. Oracle logically organizes software packages on the yum server into different repositories based on package purpose, support status, or dependencies.

Available Oracle Linux Yum Servers

Two Oracle Linux yum sources for package distribution are available:

Public Yum Server

The primary Oracle Linux yum server is publicly available at https://yum.oracle.com/ where you can obtain software packages for free.

The repositories in the public yum server are replicates of a subset of ULN channels. Channels that contain software, such as Ksplice, that are only licensed for use by Oracle Linux Support customers are unavailable in the server. For more information, see Available Yum Repositories.

Oracle Cloud Infrastructure Yum Servers

Unlike the publicly available yum server, Oracle replicates all ULN channels to the Oracle Cloud Infrastructure yum servers. Thus, compute instances have access to software directly without requiring ULN registration. Access to specific ULN content depends on the support contract that you have for an Oracle Cloud Infrastructure account.

To enable access to restricted content through the regional yum servers, ensure that you have installed the appropriate release-el8 packages and have enabled the repositories to which you require access.

Available Yum Repositories

A yum repository is a directory of packages that are typically available on a web server or an ISO image. The directory also includes metadata in a repodata subdirectory. The metadata is updated each time a package changes within the repository directory.

You can configure any client system to use a yum repository by creating a yum repository configuration entry. To install software from the repository, you use either the yum or dnf command to install software from the repository.

In Oracle Linux, yum repository names map to equivalent ULN channel names, but excluding the platform architecture. For example, the ULN channel ol8_x86_64_baseos_latest is ol8_baseos_latest on the Oracle Linux yum server. Yum repository names don't include the platform architecture because the URL to the repository already identifies the architecture. Therefore, when accessing the yum server, the system is automatically connected to the appropriate architecture's repositories.

Core OS repositories are the minimum required repositories for an Oracle Linux system to function. These repositories are enabled immediately after installation and must remain enabled through the life cycle of an Oracle Linux system.

On Oracle Linux 9 systems, the core OS repositories are ol9_baseos_latest and ol9_appstream.

On Oracle Linux 8 systems, the core OS repositories are ol8_baseos_latest and ol8_appstream.

For a complete list of available repositories on the Oracle Linux yum server, go to https://yum.oracle.com and under the Browse the Repositories section, click the link that corresponds to the system’s Oracle Linux version.

For additional information, see the Oracle Linux Yum Server Frequently Asked Questions.

Securing the Distribution of Oracle Linux Packages

For access, the public Oracle Linux yum server is configured to use the HTTPS protocol, hence the URL https://yum.oracle.com. The protocol implements a signed SSL certificate that validates the connection with other parties. The communication that's established between the server and other systems is encrypted as a protection against interference when packages are downloaded.

Also, when building packages, Oracle uses Gnu Privacy Guard (GnuPG or GPG) encryption. GPG works through private and public keys. In a network channel where an exchange of files or packages occurs, the recipient uses the public key to authenticate the source and validate the source as trustworthy.

The system's repository files contain parameters that are related to GPG, as shown in the following entry in /etc/yum.repos.d/oracle-linux-ol8.repo: 

[ol8_baseos_latest]
name=Oracle Linux 8 BaseOS Latest ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL8/baseos/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
...

  • gpgkey: specifies the full path of the key that's provided by the repository maintainer.

  • gpgcheck=1: the default 1 setting indicates that package installation also automatically includes GPG key verification that ensures that the packages to be installed are trusted packages. Always ensure that gpgcheck=1 is the persistent setting.

The public keys that Oracle generates for Oracle Linux packages are available on the Oracle Linux yum server and are included when the packages are installed on the system. The public GPG key is installed automatically when you install the oraclelinux-release package.

You can update the public keys by downloading them from the Oracle Linux yum server.

On Oracle Linux 8, run the following commands: 

sudo wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
sudo gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle

On Oracle Linux 9, run the following commands: 

sudo wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol9 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
sudo gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle

Distributing Packages Through the Unbreakable Linux Network

The Unbreakable Linux Network (ULN) uses channels to distribute software packages. Each channel contains a logical grouping of packages based on the Oracle Linux version, platform architecture, and package purpose. To access packages, you subscribe to the channels that you require.

Comparing ULN and Yum Servers

Using ULN has advantages over yum. ULN contains access to extra software that's not available through the public Oracle Linux yum server. Most notably, ULN provides access to Oracle Ksplice software channels so that you can automatically update the system kernel without requiring a reboot, along with several other channels for commercially available software from Oracle. Therefore, you can download useful packages that aren't included in the original distribution.

ULN offers software patches, updates, and fixes for Oracle Linux and Oracle VM, and information about yum, dnf, Ksplice, and support policies. The ULN Alert Notification Tool periodically checks with ULN and alerts you when updates are available.

Accessing ULN

To access ULN, you must be an Oracle Linux Support customer with a valid Customer Supports Identifier (CSI) and a Single Sign-On (SSO) account. Then, you can use the comprehensive resources of ULN at https://linux.oracle.com/. This site provides a web interface where you can review and manage the software channels available to different systems and platforms.

To use dnf with ULN, you must individually register each system with ULN and subscribe the system to one or more ULN channels. When you register a system with ULN, the system automatically chooses the channel that contains the latest version according to the system's architecture and OS release.

About ULN Channels

Channels correspond to the architecture of a system. The Unbreakable Linux Network has more than 100 unique channels. These support the i386, x86_64, IA64, and the 64-bit Arm architectures for releases of Oracle Linux 4 update 6 and later and Oracle VM 2.1 and later. ULN channels also exist for MySQL, Oracle VM, Oracle Ksplice, OCFS2, RDS, and productivity applications. Other channels might also become available, such as channels for the beta versions of packages, or for specific developer content.

ULN channels are of the following types:

Core

Consists of required channels of a specific Oracle Linux release, including the *_latest channel which distributes the latest possible version of any package release. Registered systems are automatically subscribed to appropriate core channels.

Caution:

Unsubscribing from the _latest channel can make the system vulnerable to security-related issues. We recommend that you keep the system subscribed to this channel.
Base and Patch

Extra ULN channels that are available for various OS update levels or revisions.

You can maintain a system at a specific update by unsubscribing from the _latest channel and replacing it with _base and _patch channels. However, this configuration can leave a system vulnerable to security issues because Oracle stops updating the patch channels after releasing a new update level. Also, software in the _appstream channel is always released in line with the latest release. Fixing the system to a particular update level could create dependency issues when Oracle updates the software in the _appstream channel.

Not all channels are available for all architectures. Use the ULN web interface to check what channels are available for a specific system architecture. See How to Manage a System's Channel Subscriptions. See also selected channels for Oracle Linux 9 and Oracle Linux 8 and their respective descriptions.

Main ULN Channels for Oracle Linux 9

The following table lists the primary ULN channels for Oracle Linux 9. Additional channels are available. Check the ULN web interface for a complete list.

Channel Description
ol9_arch_baseos_latest

Core channel.

Provides all the latest versions of the base operating system packages in the current release of the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level.

ol9_arch_appstream

Core channel.

Provides all the latest versions of the Application Stream user space packages in the current release of the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level.

ol9_arch_addons Provides packages released by Oracle in addition to the upstream packages made available in the other channels listed here. These packages are specific to functionality that Oracle provides to improve user experience on Oracle Linux and to provide access to services specific to Oracle.
ol9_arch_oci Provides packages specific to Oracle Cloud Infrastructure customers. The packages in this channel should only be used on compute instances in Oracle Cloud Infrastructure. This channel is available on ULN and is mirrored to the regional yum servers within the Oracle Cloud Infrastructure, but is not mirrored to the publicly accessible Oracle Linux yum server.
ol9_arch_codeready_builder

Provides the packages released in the upstream codeready_builder channel. The packages released in this channel are intended for developers who intend to build binary content from source packages. The packages include compilers, libraries, and source required for package building and other related tasks. Many of the packages in this channel have dependencies on packages in the ol9_arch_appstream channel.

Support for the codeready_builder packages is limited to package installation assistance only.

Main ULN Channels for Oracle Linux 8

The following table lists the primary ULN channels for Oracle Linux 8. Additional channels are available. Check the ULN web interface for a complete list.

Channel Description
ol8_arch_baseos_latest

Core channel

Provides all the latest versions of the base operating system packages in the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level.
ol8_arch_appstream

Core channel

Provides all the latest versions of the Application Stream user space packages in the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level.

ol8_arch_un_baseos_base Provides the base versions of the base operating system packages in the distribution when a particular update level is released. The initial release of Oracle Linux 8, n has a value of 0. Errata patches are not provided in this channel. If you want to keep your system up to date and secure, you should also subscribe to the appropriate _baseos_patch channel or subscribe to the appropriate _baseos_latest channel. If you are subscribed to the _baseos_latest channel, you do not need to subscribe to this channel.
ol8_arch_un_baseos_patch Provides the patched versions of the base operating system packages in the distribution when a particular update level is released. As errata patches are made available, the updates are released into this channel. Note that in the case of the initial release of Oracle Linux 8, n has a value of 0. Errata patches are provided in this channel until a new update release is made available. If you want to keep your system up to date and secure, you should subscribe to the appropriate _baseos_latest channel. If you are subscribed to the _baseos_latest channel, you do not need to subscribe to a patch channel.
ol8_arch_addons Provides packages released by Oracle in addition to the upstream packages made available in the other channels listed here. These packages are specific to functionality that Oracle provides to improve user experience on Oracle Linux and to provide access to services specific to Oracle.
ol8_arch_oci Provides packages specific to Oracle Cloud Infrastructure customers. The packages in this channel should only be used on compute instances in Oracle Cloud Infrastructure. This channel is available on ULN and is mirrored to the regional yum servers within the Oracle Cloud Infrastructure, but is not mirrored to the publicly accessible Oracle Linux yum server.
ol8_arch_codeready_builder

Provides the packages released in the upstream codeready_builder channel. The packages released in this channel are intended for developers who intend to build binary content from source packages. The packages include compilers, libraries, and source required for package building and other related tasks. Many of the packages in this channel have dependencies on packages in the ol8_arch_appstream channel.

Support for the codeready_builder packages is limited to package installation assistance only.

ol8_arch_developer

Provides packages intended for developers to create test and development environments for Oracle Linux 8 and related technologies.

Support for the developer packages is limited to package installation assistance only.

ol8_arch_developer_EPEL

Provides a mirror of the selected packages that are available on the EPEL (Extra Packages for Enterprise Linux) repository.

Support for the EPEL packages is limited to package installation assistance only.

About the DNF Utility

The dnf utility, which is based on Dandified Yum (DNF), is the client software for installing and managing packages on systems running Oracle Linux 8 or later releases. These packages can come from either the Oracle Linux yum server or from ULN. While installing or upgrading packages, dnf also automatically handles package dependencies and requirements.

DNF provides significant improvements in functionality and performance when compared to the traditional yum command. DNF also brings a host of new features, including modular content, and a more stable and documented API. DNF is compatible with Yum v3 for editing or creating configuration files and for managing repositories and packages. You can use the dnf command and all its options in the same manner as how you use the yum command on previous releases of Oracle Linux.

To provide backward compatibility, the yum and dnf commands are interchangeable. You not only can perform tasks similar to those that you performed in earlier releases of Oracle Linux, but you can also avail of a wider range of new features that are available in dnf, such as improved package management and performance. To view syntax differences between dnf and legacy yum commands, see Comparing Yum Version 3 With DNF.

When you run the dnf command, the system connects to the ULN server repository and downloads the latest software packages to the system in RPM format. The dnf command then displays a list of the available packages so that you can choose which packages you want to install.

Important:

Oracle Linux packages are built as RPM packages. However, avoid using the rpm command for install or update operations unless explicitly instructed to do so by a support representative. In particular, if you do use the rpm command, never use the --force or --nodeps options. Otherwise, you might cause serious system stability issues.

For more information, see the dnf(8) manual page and https://dnf.readthedocs.io/en/latest/index.html.