1 How Oracle Distributes Software Packages
Oracle uses two mechanisms to distribute software packages:
Depending on the infrastructure and the support agreement with Oracle, you can use either of these software distribution mechanisms with the Oracle Linux systems you're running. You can also create software distribution mirrors to provision software to a broader infrastructure.
Distributing Packages Through the Oracle Linux Yum Server
Instead of using the installation media, you can access the Oracle Linux yum server to install Oracle Linux packages, including bug fixes, security fixes, and enhancements. Oracle logically organizes software packages on the yum server into different repositories based on package purpose, support status, or dependencies.
Available Oracle Linux Yum Servers
Two Oracle Linux yum sources for package distribution are available:
- Public Yum Server
-
The primary Oracle Linux yum server is publicly available at https://yum.oracle.com/ where you can obtain software packages for free.
The repositories in the public yum server are replicates of a subset of ULN channels. Channels that contain software, such as Ksplice, that are only licensed for use by Oracle Linux Support customers are unavailable in the server. For more information, see Available Yum Repositories.
- Oracle Cloud Infrastructure Yum Servers
-
Unlike the publicly available yum server, Oracle replicates all ULN channels to the Oracle Cloud Infrastructure yum servers. Thus, compute instances have access to software directly without requiring ULN registration. Access to specific ULN content depends on the support contract that you have for an Oracle Cloud Infrastructure account.
To enable access to restricted content through the regional yum servers, ensure that you have installed the appropriate
release-el8
packages and have enabled the repositories to which you require access.
Available Yum Repositories
A yum repository is a directory of packages that are typically available on a web server or
an ISO image. The directory also includes metadata in a repodata
subdirectory. The metadata is updated each time a package changes within the repository
directory.
You can configure any client system to use a yum repository by creating a yum repository configuration entry. To install software from the repository, you use either the yum or dnf command to install software from the repository.
In Oracle Linux, yum repository names map to equivalent ULN channel names, but excluding the
platform architecture. For example, the ULN channel ol8_x86_64_baseos_latest
is ol8_baseos_latest
on the Oracle Linux yum server. Yum repository names
don't include the platform architecture because the URL to the repository already identifies
the architecture. Therefore, when accessing the yum server, the system is automatically
connected to the appropriate architecture's repositories.
Core OS repositories are the minimum required repositories for an Oracle Linux system to function. These repositories are enabled immediately after installation and must remain enabled through the life cycle of an Oracle Linux system.
On Oracle Linux 9 systems, the core OS repositories are ol9_baseos_latest
and ol9_appstream
.
On Oracle Linux 8 systems, the core OS repositories are ol8_baseos_latest
and ol8_appstream
.
For a complete list of available repositories on the Oracle Linux yum server, go to https://yum.oracle.com and under the Browse the Repositories section, click the link that corresponds to the system’s Oracle Linux version.
For additional information, see the Oracle Linux Yum Server Frequently Asked Questions.
Securing the Distribution of Oracle Linux Packages
For access, the public Oracle Linux yum server is configured to use the HTTPS protocol, hence the URL https://yum.oracle.com. The protocol implements a signed SSL certificate that validates the connection with other parties. The communication that's established between the server and other systems is encrypted as a protection against interference when packages are downloaded.
Also, when building packages, Oracle uses Gnu Privacy Guard (GnuPG or GPG) encryption. GPG works through private and public keys. In a network channel where an exchange of files or packages occurs, the recipient uses the public key to authenticate the source and validate the source as trustworthy.
The system's repository files contain parameters that are related to GPG, as shown in the
following entry in /etc/yum.repos.d/oracle-linux-ol8.repo
:
[ol8_baseos_latest]
name=Oracle Linux 8 BaseOS Latest ($basearch)
baseurl=https://yum$ociregion.$ocidomain/repo/OracleLinux/OL8/baseos/latest/$basearch/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
enabled=1
...
-
gpgkey
: specifies the full path of the key that's provided by the repository maintainer. -
gpgcheck=1
: the default1
setting indicates that package installation also automatically includes GPG key verification that ensures that the packages to be installed are trusted packages. Always ensure thatgpgcheck=1
is the persistent setting.
The public keys that Oracle generates for Oracle Linux packages are available on the Oracle Linux
yum server and are included when the packages are installed on the system. The public GPG key
is installed automatically when you install the oraclelinux-release
package.
You can update the public keys by downloading them from the Oracle Linux yum server.
On Oracle Linux 8, run the following commands:
sudo wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol8 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
sudo gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
On Oracle Linux 9, run the following commands:
sudo wget https://yum.oracle.com/RPM-GPG-KEY-oracle-ol9 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
sudo gpg --import --import-options show-only /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Distributing Packages Through the Unbreakable Linux Network
The Unbreakable Linux Network (ULN) uses channels to distribute software packages. Each channel contains a logical grouping of packages based on the Oracle Linux version, platform architecture, and package purpose. To access packages, you subscribe to the channels that you require.
Comparing ULN and Yum Servers
Using ULN has advantages over yum. ULN contains access to extra software that's not available through the public Oracle Linux yum server. Most notably, ULN provides access to Oracle Ksplice software channels so that you can automatically update the system kernel without requiring a reboot, along with several other channels for commercially available software from Oracle. Therefore, you can download useful packages that aren't included in the original distribution.
ULN offers software patches, updates, and fixes for Oracle Linux and Oracle VM, and information about yum, dnf, Ksplice, and support policies. The ULN Alert Notification Tool periodically checks with ULN and alerts you when updates are available.
Accessing ULN
To access ULN, you must be an Oracle Linux Support customer with a valid Customer Supports Identifier (CSI) and a Single Sign-On (SSO) account. Then, you can use the comprehensive resources of ULN at https://linux.oracle.com/. This site provides a web interface where you can review and manage the software channels available to different systems and platforms.
To use dnf with ULN, you must individually register each system with ULN and subscribe the system to one or more ULN channels. When you register a system with ULN, the system automatically chooses the channel that contains the latest version according to the system's architecture and OS release.
About ULN Channels
Channels correspond to the architecture of a system. The Unbreakable Linux Network has more than 100 unique channels. These support the i386, x86_64, IA64, and the 64-bit Arm architectures for releases of Oracle Linux 4 update 6 and later and Oracle VM 2.1 and later. ULN channels also exist for MySQL, Oracle VM, Oracle Ksplice, OCFS2, RDS, and productivity applications. Other channels might also become available, such as channels for the beta versions of packages, or for specific developer content.
ULN channels are of the following types:
- Core
-
Consists of required channels of a specific Oracle Linux release, including the
*_latest
channel which distributes the latest possible version of any package release. Registered systems are automatically subscribed to appropriate core channels.Caution:
Unsubscribing from the_latest
channel can make the system vulnerable to security-related issues. We recommend that you keep the system subscribed to this channel. - Base and Patch
-
Extra ULN channels that are available for various OS update levels or revisions.
You can maintain a system at a specific update by unsubscribing from the
_latest
channel and replacing it with_base
and_patch
channels. However, this configuration can leave a system vulnerable to security issues because Oracle stops updating the patch channels after releasing a new update level. Also, software in the_appstream
channel is always released in line with the latest release. Fixing the system to a particular update level could create dependency issues when Oracle updates the software in the_appstream
channel.
Not all channels are available for all architectures. Use the ULN web interface to check what channels are available for a specific system architecture. See How to Manage a System's Channel Subscriptions. See also selected channels for Oracle Linux 9 and Oracle Linux 8 and their respective descriptions.
Main ULN Channels for Oracle Linux 9
The following table lists the primary ULN channels for Oracle Linux 9. Additional channels are available. Check the ULN web interface for a complete list.
Channel | Description |
---|---|
ol9_arch_baseos_latest
|
Core channel. Provides all the latest versions of the base operating system packages in the current release of the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level. |
ol9_arch_appstream
|
Core channel. Provides all the latest versions of the Application Stream user space packages in the current release of the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level. |
ol9_arch_addons
|
Provides packages released by Oracle in addition to the upstream packages made available in the other channels listed here. These packages are specific to functionality that Oracle provides to improve user experience on Oracle Linux and to provide access to services specific to Oracle. |
ol9_arch_oci
|
Provides packages specific to Oracle Cloud Infrastructure customers. The packages in this channel should only be used on compute instances in Oracle Cloud Infrastructure. This channel is available on ULN and is mirrored to the regional yum servers within the Oracle Cloud Infrastructure, but is not mirrored to the publicly accessible Oracle Linux yum server. |
ol9_arch_codeready_builder
|
Provides the packages released in the upstream
Support for the |
Main ULN Channels for Oracle Linux 8
The following table lists the primary ULN channels for Oracle Linux 8. Additional channels are available. Check the ULN web interface for a complete list.
Channel | Description |
---|---|
ol8_arch_baseos_latest
|
Core channel Provides all the latest versions of the base operating system packages in the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level. |
ol8_arch_appstream
|
Core channel Provides all the latest versions of the Application Stream user space packages in the distribution, including any errata. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is set at the highest update level. |
ol8_arch_un_baseos_base
|
Provides the base versions of the base operating system packages in
the distribution when a particular update level is released. The initial
release of Oracle Linux 8, n has a value of 0. Errata
patches are not provided in this channel. If you want to keep your
system up to date and secure, you should also subscribe to the
appropriate _baseos_patch channel or subscribe to the
appropriate _baseos_latest channel. If you are
subscribed to the _baseos_latest channel, you do not
need to subscribe to this channel.
|
ol8_arch_un_baseos_patch
|
Provides the patched versions of the base operating system packages
in the distribution when a particular update level is released. As
errata patches are made available, the updates are released into this
channel. Note that in the case of the initial release of Oracle Linux 8,
n has a value of 0. Errata patches are provided
in this channel until a new update release is made available. If you
want to keep your system up to date and secure, you should subscribe to
the appropriate _baseos_latest channel. If you are
subscribed to the _baseos_latest channel, you do not
need to subscribe to a patch channel.
|
ol8_arch_addons
|
Provides packages released by Oracle in addition to the upstream packages made available in the other channels listed here. These packages are specific to functionality that Oracle provides to improve user experience on Oracle Linux and to provide access to services specific to Oracle. |
ol8_arch_oci
|
Provides packages specific to Oracle Cloud Infrastructure customers. The packages in this channel should only be used on compute instances in Oracle Cloud Infrastructure. This channel is available on ULN and is mirrored to the regional yum servers within the Oracle Cloud Infrastructure, but is not mirrored to the publicly accessible Oracle Linux yum server. |
ol8_arch_codeready_builder
|
Provides the packages released in the upstream
Support for the |
ol8_arch_developer
|
Provides packages intended for developers to create test and development environments for Oracle Linux 8 and related technologies. Support for the developer packages is limited to package installation assistance only. |
ol8_arch_developer_EPEL
|
Provides a mirror of the selected packages that are available on the EPEL (Extra Packages for Enterprise Linux) repository. Support for the EPEL packages is limited to package installation assistance only. |
About the DNF Utility
The dnf
utility, which is based on Dandified Yum (DNF), is the client
software for installing and managing packages on systems running Oracle Linux 8 or later
releases. These packages can come from either the Oracle Linux yum server or from ULN. While
installing or upgrading packages, dnf also automatically handles
package dependencies and requirements.
DNF provides significant improvements in functionality and performance when compared to the traditional yum command. DNF also brings a host of new features, including modular content, and a more stable and documented API. DNF is compatible with Yum v3 for editing or creating configuration files and for managing repositories and packages. You can use the dnf command and all its options in the same manner as how you use the yum command on previous releases of Oracle Linux.
To provide backward compatibility, the yum and dnf commands are interchangeable. You not only can perform tasks similar to those that you performed in earlier releases of Oracle Linux, but you can also avail of a wider range of new features that are available in dnf, such as improved package management and performance. To view syntax differences between dnf and legacy yum commands, see Comparing Yum Version 3 With DNF.
When you run the dnf command, the system connects to the ULN server repository and downloads the latest software packages to the system in RPM format. The dnf command then displays a list of the available packages so that you can choose which packages you want to install.
Important:
Oracle Linux packages are built as RPM packages. However, avoid using the
rpm command for install or update operations unless explicitly
instructed to do so by a support representative. In particular, if you do use the
rpm command, never use the --force
or
--nodeps
options. Otherwise, you might cause serious system stability
issues.
For more information, see the dnf(8)
manual page and https://dnf.readthedocs.io/en/latest/index.html.