RED HAT ENTERPRISE LINUX

DNF Package Management

Download, Install, Update, and Manage Software

CIS126RH | RHEL System Administration 1
Mesa Community College

Learning Objectives

Understand packages and repositories

RPM packages, dependencies, and Red Hat repositories

Search and query packages

Find packages, view information, and check what is installed

Install and remove software

Install packages, package groups, and remove software safely

Update and maintain systems

Apply updates, security patches, and manage package history

Configure repositories

Enable, disable, and add software repositories

What is a Package?

A package is an archive containing software files, metadata, and installation scripts. In RHEL, packages use the RPM (Red Hat Package Manager) format.

httpd-2.4.57-5.el9.x86_64.rpm

name version release dist arch

Package contains: binary executables, configuration files, documentation, a dependency list, and install/uninstall scripts. This ensures consistent, reliable installation across all RHEL systems.

What is a Package? — Architectures

Common architectures in RPM names:

Architecture	Meaning	Use
`x86_64`	64-bit Intel/AMD	Standard servers and desktops
`aarch64`	64-bit ARM	ARM servers, cloud instances
`noarch`	Architecture independent	Scripts, config packages
`i686`	32-bit (legacy)	Older compatibility libraries

Tip: Most packages on a RHEL 9 server will be x86_64 or noarch. DNF automatically selects the right architecture for your system.

What is a Repository?

A repository (repo) is a collection of packages stored on a server. DNF downloads packages from configured repositories, handling dependencies automatically.

Red Hat Repos

→

DNF

→

Your System

# List enabled repositories
[root@host ~]# dnf repolist
repo id                              repo name
rhel-9-for-x86_64-baseos-rpms        Red Hat Enterprise Linux 9 - BaseOS
rhel-9-for-x86_64-appstream-rpms     Red Hat Enterprise Linux 9 - AppStream

# List all repositories (including disabled)
[root@host ~]# dnf repolist all

Red Hat repositories require subscription. Your system must be registered with subscription-manager to access official packages.

DNF vs YUM

DNF (Dandified YUM) replaced YUM as the default package manager in RHEL 8. It offers better performance, improved dependency resolution, and a cleaner codebase.

Feature	DNF (RHEL 8/9)	YUM (RHEL 7)
Performance	Faster, parallel downloads	Slower, sequential
Dependencies	Better resolution algorithm	Older algorithm
Memory usage	More efficient	Higher usage
API	Clean Python API	Legacy API
Modularity	Full support	Not supported

DNF vs YUM — Compatibility

# yum command still works — it is an alias to dnf
[root@host ~]# yum install httpd
# Identical to:
[root@host ~]# dnf install httpd

# Confirm yum is just a symlink
[root@host ~]# ls -la /usr/bin/yum
lrwxrwxrwx. 1 root root 5 ... /usr/bin/yum -> dnf-3

For backward compatibility, yum still works and existing scripts continue to function. However, use dnf for all new work — DNF-specific features are not available through the yum alias.

Searching for Packages

# Search for packages by keyword
[root@host ~]# dnf search web server
========================= Name Matched: web server =========================
httpd.x86_64 : Apache HTTP Server
nginx.x86_64 : A high performance web server and reverse proxy server

# Search only in package names
[root@host ~]# dnf search --name-only httpd

Search commands query repository metadata, so they find both installed and available packages. Search before installing to confirm you are getting the right software.

Searching — Finding by File

# Find which package provides a specific file
[root@host ~]# dnf provides /usr/bin/vim
vim-enhanced-2:9.0.1712-1.el9.x86_64 : A version of the VIM editor
Repo        : rhel-9-for-x86_64-appstream-rpms
Matched from:
Filename    : /usr/bin/vim

# Find package providing a command (using wildcard)
[root@host ~]# dnf provides */sshd
openssh-server-8.7p1-34.el9.x86_64 : An open source SSH server daemon

Pro tip: When a command is missing, use dnf provides */COMMAND to find the package that installs it. This is the fastest way to identify what to install.

Package Information

# View detailed package information
[root@host ~]# dnf info httpd
Name         : httpd
Version      : 2.4.57
Release      : 5.el9
Architecture : x86_64
Size         : 59 k
Source       : httpd-2.4.57-5.el9.src.rpm
Repository   : rhel-9-for-x86_64-appstream-rpms
Summary      : Apache HTTP Server
URL          : https://httpd.apache.org/
License      : ASL 2.0
Description  : The Apache HTTP Server is a powerful, efficient,
             : and extensible web server.

dnf info shows name, version, release, architecture, download size, repository source, URL, license, and description — everything you need to verify you are installing the right software.

Package Information — Listing

# List all packages (installed and available)
[root@host ~]# dnf list all

# List only installed packages
[root@host ~]# dnf list installed

# List available packages (not yet installed)
[root@host ~]# dnf list available

# Check if a specific package is installed
[root@host ~]# dnf list installed httpd
Installed Packages
httpd.x86_64    2.4.57-5.el9    @appstream

If dnf list installed PACKAGE returns an error, the package is not installed. If it shows a result, it is installed and shows the version and source repository.

Installing Packages

dnf install downloads and installs packages along with all required dependencies. It shows what will be installed and asks for confirmation.

# Install a single package
[root@host ~]# dnf install httpd
Dependencies resolved.
================================================================================
 Package           Arch    Version          Repository    Size
================================================================================
Installing:
 httpd             x86_64  2.4.57-5.el9     appstream     59 k
Installing dependencies:
 apr               x86_64  1.7.0-11.el9     appstream    127 k
 apr-util          x86_64  1.6.1-23.el9     appstream    105 k
 httpd-core        x86_64  2.4.57-5.el9     appstream    1.4 M
...
Transaction Summary
================================================================================
Install  9 Packages
Total download size: 2.1 M   Installed size: 5.8 M
Is this ok [y/N]: y

Installing Multiple Packages

# Install multiple packages in one transaction
[root@host ~]# dnf install httpd mariadb-server php

# Install without confirmation (-y flag)
[root@host ~]# dnf install -y vim-enhanced

# Install a specific version
[root@host ~]# dnf install httpd-2.4.57-5.el9

# Install from a local RPM file
[root@host ~]# dnf install ./package.rpm

# Download RPM without installing
[root@host ~]# dnf download httpd
httpd-2.4.57-5.el9.x86_64.rpm

Caution: The -y flag skips confirmation. Use carefully in production — always review what DNF plans to do first.

Package Groups

Package groups bundle related packages together. Install a group to get a complete set of tools for a specific purpose.

# List available groups
[root@host ~]# dnf group list
Available Environment Groups:
   Server with GUI
   Server
   Minimal Install
Available Groups:
   Development Tools
   System Tools

# View what a group contains
[root@host ~]# dnf group info "Development Tools"
Group: Development Tools
 Mandatory Packages: gcc, make, autoconf, automake
 Optional Packages:  valgrind, cmake

# Install a group
[root@host ~]# dnf group install "Development Tools"

Removing Packages

dnf remove uninstalls packages. DNF also removes packages that depend on what you are removing — review carefully!

# Remove a package
[root@host ~]# dnf remove httpd
Dependencies resolved.
================================================================================
Removing:
 httpd                x86_64     2.4.57-5.el9     @appstream
Removing dependent packages:
 mod_ssl              x86_64     2.4.57-5.el9     @appstream
Removing unused dependencies:
 apr                  x86_64     1.7.0-11.el9     @appstream
 apr-util             x86_64     1.6.1-23.el9     @appstream

Transaction Summary: Remove 4 Packages
Is this ok [y/N]:

Warning: Removing packages can break dependent software. Always review the full removal list before confirming!

Removing Packages — Options

# Remove without auto-removing unused dependencies
[root@host ~]# dnf remove --noautoremove httpd

# Clean up orphaned dependencies separately
[root@host ~]# dnf autoremove
Dependencies resolved.
Removing:
 apr         x86_64  1.7.0-11.el9  @appstream
 apr-util    x86_64  1.6.1-23.el9  @appstream
Is this ok [y/N]:

--noautoremove leaves dependencies installed even if nothing else needs them. Use dnf autoremove later to clean up orphaned packages — but always review its list before confirming.

Updating Packages

dnf update downloads and installs newer versions of installed packages. Critical for applying security patches!

# Check for available updates (no changes made)
[root@host ~]# dnf check-update
kernel.x86_64          5.14.0-362.18.1.el9    baseos
openssl.x86_64         1:3.0.7-25.el9         baseos
vim-enhanced.x86_64    2:9.0.2081-1.el9       appstream

# Update all packages
[root@host ~]# dnf update

# Update a specific package only
[root@host ~]# dnf update openssl

In DNF, update and upgrade are synonymous — they do the same thing. Use dnf check-update first to preview what will change.

Updating — Security Patches

# Apply security fixes only
[root@host ~]# dnf update --security

# See what security updates are available
[root@host ~]# dnf updateinfo list security
RHSA-2024:0001  Critical/Sec.  openssl-3.0.7-25.el9.x86_64
RHSA-2024:0002  Important/Sec. kernel-5.14.0-362.18.1.el9.x86_64

# View advisory details
[root@host ~]# dnf updateinfo info RHSA-2024:0001

Best practice: Run dnf update --security regularly to patch known vulnerabilities without applying all other updates at once.

Managing History

DNF keeps a complete transaction history. Review past operations and undo changes when needed.

# View transaction history
[root@host ~]# dnf history
ID  | Command               | Date and time    | Action(s) | Altered
--------------------------------------------------------------------
 15 | update                | 2024-01-20 10:30 | Upgrade   |   23
 14 | install httpd         | 2024-01-19 14:22 | Install   |    9
 13 | remove vim-enhanced   | 2024-01-18 09:15 | Removed   |    1

# View details of a specific transaction
[root@host ~]# dnf history info 14
Transaction ID : 14
Begin time     : Fri 19 Jan 2024 02:22:15 PM
Packages Altered:
    Install httpd-2.4.57-5.el9.x86_64  @appstream
    Install apr-1.7.0-11.el9.x86_64    @appstream ...

Managing History — Rollback

# Undo a transaction (reverse the changes)
[root@host ~]# dnf history undo 14
Undoing transaction 14, from Fri 19 Jan 2024
    Removing httpd-2.4.57-5.el9.x86_64
    Removing apr-1.7.0-11.el9.x86_64 ...

# Redo a transaction (repeat it)
[root@host ~]# dnf history redo 14

Recovery tip: If an update breaks something, use dnf history undo TRANSACTION_ID to revert to the previous state. DNF figures out the exact reverse operations automatically.

Working with Repositories

# List all repos (enabled and disabled)
[root@host ~]# dnf repolist all
repo id                              status
rhel-9-for-x86_64-baseos-rpms        enabled
rhel-9-for-x86_64-appstream-rpms     enabled
codeready-builder-for-rhel-9         disabled

# Enable a repository permanently
[root@host ~]# dnf config-manager --enable codeready-builder-for-rhel-9

# Disable a repository permanently
[root@host ~]# dnf config-manager --disable codeready-builder-for-rhel-9

Some repositories are disabled by default to prevent accidental installation of packages intended for specific use cases — like CodeReady Builder, which contains development packages.

Working with Repositories — Per-Command

# Temporarily use a disabled repo for one command
[root@host ~]# dnf install package --enablerepo=codeready-builder-for-rhel-9

# Temporarily disable a repo for one command
[root@host ~]# dnf update --disablerepo=epel

# View detailed repository information
[root@host ~]# dnf repoinfo rhel-9-for-x86_64-baseos-rpms

Pro tip: Use --enablerepo to install a single package from a disabled repo without leaving it enabled permanently. This is the safest way to pull occasional packages from optional repositories.

Repository Configuration Files

Repository definitions are stored in /etc/yum.repos.d/ as .repo files. Each file can define one or more repositories.

# List repository configuration files
[root@host ~]# ls /etc/yum.repos.d/
redhat.repo

# Repository file structure
[root@host ~]# cat /etc/yum.repos.d/example.repo
[example-repo]
name=Example Repository
baseurl=https://repo.example.com/rhel9/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-example

Repository Configuration — Key Fields

Field	Value	Meaning
`[repo-id]`	Unique string	Identifier used with --enablerepo
`name`	Text	Human-readable description
`baseurl`	URL	Location of packages
`enabled`	1 or 0	Enable or disable the repo
`gpgcheck`	1 or 0	Verify package signatures
`gpgkey`	File path	GPG public key for verification

Security: Always keep gpgcheck=1 on production systems. This verifies packages are signed and unmodified. Never set it to 0.

Adding Third-Party Repos

# Add EPEL (Extra Packages for Enterprise Linux)
[root@host ~]# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm

# EPEL adds its repo config and GPG key automatically
[root@host ~]# dnf repolist
repo id                              repo name
epel                                 Extra Packages for Enterprise Linux 9
rhel-9-for-x86_64-baseos-rpms        Red Hat Enterprise Linux 9 - BaseOS
rhel-9-for-x86_64-appstream-rpms     Red Hat Enterprise Linux 9 - AppStream

# Now install packages from EPEL
[root@host ~]# dnf install htop

Adding Third-Party Repos — Manual

# Add a repository using config-manager
[root@host ~]# dnf config-manager --add-repo https://example.com/repo.repo

Warning: Third-party packages are not supported by Red Hat. Use them carefully in production. Risks include:

Conflicts with official packages
Security vulnerabilities from untrusted sources
Breakage during RHEL updates

Prefer EPEL when possible — it follows strict quality guidelines and is built specifically for RHEL compatibility.

Application Streams

Application Streams allow multiple versions of software to coexist in repositories. Choose the version that fits your needs.

# List available modules and streams
[root@host ~]# dnf module list
Name    Stream  Profiles              Summary
nodejs  18      common, development   Javascript runtime
nodejs  20      common, development   Javascript runtime
php     8.1     common, devel         PHP scripting language
php     8.2     common, devel         PHP scripting language
ruby    3.1     common                Ruby programming language
ruby    3.3     common                Ruby programming language

# View details of a specific stream
[root@host ~]# dnf module info php:8.2

Application Streams — Enabling

# Enable a specific stream
[root@host ~]# dnf module enable php:8.2

# Install module with default profile
[root@host ~]# dnf module install php:8.2

# Switch to a different stream (reset first)
[root@host ~]# dnf module reset php
[root@host ~]# dnf module enable php:8.1

To switch versions: reset the module first with dnf module reset, then enable the new stream. You may also need to remove and reinstall the packages to complete the version switch.

DNF Cache and Cleanup

# Clean cached metadata (forces refresh on next run)
[root@host ~]# dnf clean metadata

# Clean cached packages (downloaded RPMs)
[root@host ~]# dnf clean packages

# Clean everything
[root@host ~]# dnf clean all

# Force metadata refresh
[root@host ~]# dnf makecache

# Remove orphaned dependencies
[root@host ~]# dnf autoremove

# Check cache location
[root@host ~]# ls /var/cache/dnf/

DNF Cache — Troubleshooting

When to clean cache:

Repository errors or stale package lists
Packages not found that should exist
Metadata mismatch errors
After adding or removing repositories

First troubleshooting step: When DNF behaves unexpectedly, run dnf clean all then retry your command. This resolves the majority of DNF cache-related errors.

Cache location: /var/cache/dnf/ — contains subdirectories per repository with metadata and downloaded packages.

Troubleshooting DNF

# Check for dependency problems in installed packages
[root@host ~]# dnf check

# Force reinstall to fix a corrupted package
[root@host ~]# dnf reinstall httpd

# Rebuild the RPM database if corrupted
[root@host ~]# rpm --rebuilddb

# Verbose output for debugging
[root@host ~]# dnf -v install httpd

Common causes: network problems (check connectivity), stale cache (dnf clean all), subscription issues (subscription-manager status), disk space (df -h).

Troubleshooting — RPM Verification

# Check package file integrity
[root@host ~]# rpm -V httpd
S.5....T.  c /etc/httpd/conf/httpd.conf
# Modified config file (c) — expected and normal

# See which package owns a file
[root@host ~]# rpm -qf /etc/passwd
setup-2.13.7-9.el9.noarch

# List all files in an installed package
[root@host ~]# rpm -ql httpd

rpm -V output codes: S=size, 5=checksum, T=timestamp, c=config file. Modified config files are normal and expected — only worry about binary file changes.

Best Practices — Do

✔ Do

Review transaction summaries before confirming
Keep systems updated regularly
Test updates in non-production first
Use GPG verification for all packages
Document repository changes
Maintain valid subscriptions
Use dnf history for rollbacks
Clean cache when troubleshooting

Best Practices — Do Not

✘ Do Not

Use -y blindly in production
Disable GPG checking (gpgcheck=0)
Add untrusted repositories
Ignore dependency removal warnings
Skip reading transaction summaries
Mix packages from incompatible repos
Force install with --nodeps
Delay security updates

Golden rule: Read what DNF tells you. The transaction summary and warnings exist to prevent mistakes.

Key Takeaways

Repositories: Collections of packages. RHEL uses BaseOS, AppStream, and CodeReady Builder. Enable with dnf config-manager.

Search: dnf search finds packages. dnf provides finds packages containing files. dnf info shows details.

Install: dnf install adds packages with dependencies. dnf group install installs package groups.

Update: dnf update applies updates. dnf history tracks and reverses changes.

Remove: dnf remove uninstalls. Watch for dependent package removal!

Next: Managing Services with systemd

Graded Lab

Search for and install a web server package
View package information before and after installation
Install the "Development Tools" group
Check for and apply available updates
View transaction history and practice undo
Enable the CodeReady Builder repository

Next: Installing and Updating Applications by Using Flatpak