Use DNF on Oracle Linux

Introduction

Oracle Linux provides the dnf utility, based on Dandified Yum (DNF), as the client software for installing and managing system packages. These packages can come from the Unbreakable Linux Network (ULN) or an Oracle Linux yum server. Software packages are installed on a system using standard dnf commands and depend on the system having enabled the appropriate ULN channel subscriptions or yum repositories. While installing or upgrading packages, dnf automatically handles package dependencies and requirements.

DNF significantly improves functionality and performance and brings many new features, including modular content and a more stable and documented API, compared to the traditional' yum' command.

Objectives

In this tutorial, you'll learn how to:

• Work with DNF repositories
• Manage packages and modules
• Install security updates
• Leverage package groups
• Use the DNF history feature
• Automate patch upgrades

Prerequisites

• Minimum of a single Oracle Linux system

• Each system should have Oracle Linux installed and configured with:

  • A non-root user account with sudo access
  • Access to the Internet

Deploy Oracle Linux

Note: If running in your own tenancy, read the linux-virt-labs GitHub project README.md and complete the prerequisites before deploying the lab environment.

1. Open a terminal on the Luna Desktop.

2. Clone the linux-virt-labs GitHub project.

   git clone https://github.com/oracle-devrel/linux-virt-labs.git

3. Change into the working directory.

   cd linux-virt-labs/ol

4. Install the required collections.

   ansible-galaxy collection install -r requirements.yml

5. Deploy the lab environment.

   ansible-playbook create_instance.yml -e localhost_python_interpreter="/usr/bin/python3.6"

   The free lab environment requires the extra variable local_python_interpreter, which sets ansible_python_interpreter for plays running on localhost. This variable is needed because the environment installs the RPM package for the Oracle Cloud Infrastructure SDK for Python, located under the python3.6 modules.

   The default deployment shape uses the AMD CPU and Oracle Linux 8. To use an Intel CPU or Oracle Linux 9, add -e instance_shape="VM.Standard3.Flex" or -e os_version="9" to the deployment command.

   Important: Wait for the playbook to run successfully and reach the pause task. At this stage of the playbook, the installation of Oracle Linux is complete, and the instances are ready. Take note of the previous play, which prints the public and private IP addresses of the nodes it deploys and any other deployment information needed while running the lab.

Work with DNF Repositories

1. Open a terminal and connect via SSH to the ol-node-01 instance.

   ssh oracle@<ip_address_of_instance>

2. Get a list of enabled repositories.

   dnf repolist

   DNF searches the /etc/yum.repos.d directory for files ending in .repo. You can pass the all option to see a listing of both the enabled and disabled repositories. A repository file may define one or more repositories and consider the repository enabled when enabled=1 and disabled when enabled=0.

3. Enable a repository.

   Oracle Linux 8:

   sudo dnf config-manager --enable ol8_codeready_builder

   Oracle Linux 9:

   sudo dnf config-manager --enable ol9_codeready_builder

4. Disable a repository.

   Oracle Linux 8:

   sudo dnf config-manager --disable ol8_codeready_builder

   Oracle Linux 9:

   sudo dnf config-manager --disable ol9_codeready_builder

5. Install a repository.

   Oracle Linux ships pre-built repositories for various products in package format. You can search for these and then install and enable them.

   dnf search oracle*release*

   Oracle Linux 8:

   sudo dnf install -y oracle-instantclient-release-el8

   OracleLinux 9:

   sudo dnf install -y oracle-instantclient-release-el9

   Although not preferred, you can also install repositories by:

   1. Directly creating a new .repo file in /etc/yum.repos.d
   2. Using dnf config-manager --add-repo <repo_file>, which allows installing a repo file stored locally or from a URL

6. Remove the DNF cache.

   To aid with performance, DNF caches data in /var/cache/dnf. There are times that this cached data may become stale and cause dnf commands to fail. To fix this problem, you can remove all the cached items.

   dnf clean all

   DNF automatically rebuilds this cache over time as you run various commands. To troubleshoot a command failure, you can clear the cache and then retry the failed command.

Manage Packages and Modules

1. Get a list of available packages from the enabled repositories.

   dnf list

   You can narrow the output returned by using the installed or available options and even requesting a specific package name such as dnf list available git.

2. List the available modules.

   dnf module list

   The output shows the modules available to the system, associated streams, and profiles where:

   • Name: Module name
   • Stream: Stream version
   • Profiles: Available profiles and their status
     • common: A hardened production-ready deployment and is the default profile
     • development: Installs the packages that are necessary to make modifications to the module
     • minimal: Installs the smallest set of packages that provide a working application

   Use the Hint at the end of the output to determine which streams and profiles are enabled, disabled, installed, or the default.

   Similar to packages, you can pass a module name to the list option to see the status of just that module.

3. Get information about a package or module.

   dnf info zsh

   In this case, zsh is the package name. You do the same for modules but add the module command and append the specific module, such as dnf module info php. If you need information about a particular module stream, pass --profile along with the module:stream rather than the module name.

   dnf module info --profile php:8.2

4. Search for an available or installed package.

   dnf search php

5. Search for the package that provides a specific filename or command.

   The provides command, with an alias of whatprovides, finds the package that matches the filename. If you do not provide a full path, DNF appends /usr/sbin, and /usr/bin to the filename. For legacy purposes, it also appends /sbin, and /bin.

   dnf provides sudo

6. Install a package.

   sudo dnf install tmux

   Answer y to confirm the package install. Avoid this extra step in the future by passing the -y option. DNF, by default, only installs packages from enabled repositories. However, you can bypass that default behavior by passing the --enablerepo=<repo name> option.

7. Reinstall a package.

   sudo dnf reinstall -y tmux

   This command essentially performs a dnf remove, then a dnf install. The critical difference is that using the reinstall keeps any custom configuration of files associated with the package.

8. Enable a module.

   Before installing packages from a module, you need to enable it.

   Oracle Linux 8:

   sudo dnf module -y enable nginx

   The above enabled the default profile and stream for nginx. You can specify the stream using :stream and the profile with /profile, which is required in Oracle Linux 9 because there are no default streams.

   Oracle Linux 9:

   sudo dnf module -y enable nginx:1.22

9. Install a module.

   Oracle Linux 8:

   sudo dnf module install -y nginx:1.14

   Oracle Linux 9:

   sudo dnf module install -y nginx:1.22

   After installing the packages, running sudo dnf module list nginx shows a [i] next to the 1.22 stream's common [d] profile.

10. Remove a package or module.

    sudo dnf remove -y tmux

    Similarly, you can remove a module using the same syntax by replacing the package name with the module:stream/profile.

11. Switch a module.

    Switching module streams causes the content to be either upgraded or downgraded to a version different from the current version on the system. It also handles the installation of additional dependencies or the removal of packages that are no longer required.

    sudo dnf module -y switch-to nginx:1.24/common

12. Disable a module.

    sudo dnf module -y disable nginx

    By disabling a module, you ensure the removal of installed profiles, all related module streams become unavailable, and modular RPMS are not part of the package set. If DNF detects any conflicts, then the operation is rejected. One reason to disable a module is that newer packages exist in the default repository and appstream.

13. Reset a module.

    This operation sets the module state so it’s no longer enabled or disabled. DNF removes all profiles, and only packages from the default profile are available.

    sudo dnf module -y reset nginx

Install Security Updates

1. List all available errata.

   dnf updateinfo list

   The output shows the enabled repositories followed by each update. DNF sorts the available errata in order of their IDs and identifies them further by their type.

   • Severity/Sec : Priority/Security patch
   • bugfix : Bug fix
   • enhancement : Feature enhancement

   You can append cves, bugfix, or security to the command to narrow the output to only that specific errata type. You can also pass --installed to get a list of those security fixes installed on the host.

2. Show a summary of the available errata.

   dnf updateinfo summary

3. Get a list of security upgrades based on severity.

   You can pass Critical, Important, Moderate, or Low to the --sec-severity option.

   dnf updateinfo list --sec-severity=Important

   DNF allows you to pass other options to the list command. You can use --advisory <Advisory ID> to get a specific advisory or --cve <CVD ID to get a particular CVE. Using the info command instead of list and the exact options provides detailed information on the specific advisory or CVE.

4. Update each package to its latest version.

   sudo dnf upgrade -y

   You can optionally exclude a specific package from the upgrade with the -x option followed by the package name. While Oracle Linux recommends you apply all errata, the upgrade command takes the following options:

   • --cve: updates a single CVE ID
   • --advisory: update a single Advisory ID
   • --security: updates all security-related errata

   Alternatively, a user can run sudo dnf upgrade-minimal to only apply updates to packages that provide a bugfix, enhancement, or a fix for a security issue.

   Important: After any kernel updates, ensure you reboot the system. If you run a system where reboots are not feasible, then it's recommended that you use Oracle Ksplice to apply kernel patches.

Manage Package Groups

DNF allows for the installation, update, or removal of package groups. These groups are a collection of dependent packages that serve a common purpose.

1. List the available groups.

   dnf group list

2. Get a list of groups a group contains.

   dnf group info "Server with GUI"

   The Server with GUI installs the GNOME graphical desktop.

3. Show the individual packages a group contains.

   dnf group info Core

4. Install the group.

   sudo dnf group install "Server with GUI" --assumeno

   The --assumeno option will automatically answer no and skip the installation to save time in this tutorial. Leave this option out of the command and replace it with the -y option to install it automatically. DNF provides the dnf group update and dnf group remove commands to update and remove groups.

Use the DNF History Feature

The DNF history feature shows all the actions performed by the dnf command. The history feature allows for undo, redo, and rollback of a specific DNF transaction. In addition to DNF history, package installations, updates, and removals are logged in the /var/log/dnf.log file.

1. List all of the DNF transactions.

   dnf history

   You can get information related to one of the transactions by running dnf history info <transaction ID>.

2. Roll back a specific transaction.

   The rollback option will undo all transactions after the specified <transaction ID>. If you only wish to reverse a single transaction, use undo instead.

   sudo dnf history rollback <transaction ID>

   The DNF history rollback command increments the transaction ID and records the rollback as a unique transaction.

3. Repeat a specific transaction.

   You can redo the specific transaction and repeat each of its steps.

   sudo dnf history redo <transaction ID>

Automate Patching

An alternative to manually running dnf upgrade is to use the DNF Automatic Tool. This tool provides automatic notifications of upgrades, downloads them, and installs the packages automatically by using systemd timers.

1. Install the required package and enable the timer.

   sudo dnf install dnf-automatic -y

   sudo systemctl enable --now dnf-automatic.timer

2. View the default upgrade_type configuration.

   The configuration file for the DNF Automatic Tool is /etc/dnf/automatic.conf. By default, the automatic upgrade applies to all available upgrades. You can change the upgrade_type parameter to security to only use the security upgrades.

   grep upgrade_type /etc/dnf/automatic.conf

Next Steps

This tutorial taught you how to manage software packages on your Oracle Linux system and ensure you keep it up to date with the latest security fixes. So get your systems updated and then check out the Related Links section for more details and training for Oracle Linux.

Related Links

• DNF Command Reference
• Oracle Linux Documentation
• Oracle Linux Training Station