Domain 2 · Software management

Manage
software

Install, update, and remove packages with DNF. Configure repositories. Query the RPM database. Work with application streams and modules on RHEL 9.

8objectives
5topic areas
7quiz questions
DNFprimary tool

Objectives

What the exam tests

  • Install and update software packages from Red Hat Network, a remote repository, or from the local file system
  • Work with package module streams to install a specific version of a software package
  • Modify the system bootloader
  • Configure a system to use time services (chrony)
  • Install and update software packages from Red Hat Network
  • Enable and disable system services
  • Query and verify installed RPM packages
  • Create and configure file systems — covered separately in storage domain

On RHEL 9 the primary package tool is DNF (Dandified YUM). The yum command still works as a compatibility alias, but exam tasks may use either name.

Coverage weight by topic

DNF / YUM basics
Very high
Repository config
Very high
RPM queries
High
AppStream / modules
High
Local RPM install
Medium

Package management flow overview

Configure repo
dnf search
dnf install
rpm -q verify
systemctl enable

Most exam software tasks follow this pattern: configure or verify a repo, install a package, then enable and start the associated service.

DNF and YUM commands

DNF — installing and removing packages

# Install a package dnf install httpd dnf install httpd -y # skip confirmation prompt # Install from a local RPM file dnf install /tmp/package.rpm # Install a package group dnf group install "Development Tools" dnf groupinstall "Development Tools" # legacy syntax — same result # Remove a package dnf remove httpd dnf remove httpd -y # Remove a package AND unused dependencies dnf autoremove httpd

DNF — updating packages

# Update all installed packages dnf update dnf upgrade # identical to update in DNF # Update a specific package dnf update kernel # Check what would be updated (dry run) dnf check-update # Update security patches only dnf update --security # Downgrade a package to an older version dnf downgrade httpd

On the exam, dnf update and dnf upgrade are equivalent. The --security flag is tested in patching scenarios.

DNF — searching and querying

# Search for a package by keyword dnf search httpd dnf search web server # Show detailed package information dnf info httpd # List all installed packages dnf list installed # List available packages matching a pattern dnf list available httpd* # Find which package provides a file or command dnf provides /usr/bin/htpasswd dnf provides htpasswd # List package groups dnf group list dnf group info "Development Tools" # Show DNF transaction history dnf history dnf history info 5 # details of transaction #5 dnf history undo 5 # undo transaction #5

dnf provides is extremely useful on the exam when you need to find which package installs a specific file or binary.

DNF common options and flags

OptionEffect
-yAssume yes to all prompts — non-interactive
--nogpgcheckSkip GPG signature verification (use with caution)
--disablerepo=*Disable all repos for this transaction
--enablerepo=nameEnable a specific disabled repo for this transaction
--downloadonlyDownload RPMs without installing
--securityLimit operations to security-relevant packages
-qQuiet mode — suppress progress output
--setopt=Override a configuration option inline

Repository configuration

Repository file structure

Repository definitions live in /etc/yum.repos.d/ as .repo files. Each file can contain one or more [repoid] sections.

# Example: /etc/yum.repos.d/rhel-baseos.repo [rhel-9-baseos] name=RHEL 9 BaseOS baseurl=https://cdn.redhat.com/content/dist/rhel9/$releasever/$basearch/baseos/os enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
KeyRequiredDescription
nameYesHuman-readable name shown in listings
baseurlYes*HTTP/FTP/file URL to repo root. Use mirrorlist instead if using a mirror list.
enabledNo1 = active, 0 = disabled (default 1)
gpgcheckNo1 = verify package signatures (recommended)
gpgkeyNoPath or URL to GPG public key file
mirrorlistNoURL returning a list of mirror URLs (alternative to baseurl)

Managing repositories with dnf config-manager

# List all configured repositories and their status dnf repolist dnf repolist all # include disabled repos dnf repolist enabled dnf repolist disabled # Enable / disable a repo persistently dnf config-manager --enable rhel-9-appstream dnf config-manager --disable rhel-9-appstream # Add a new repo from a URL (creates .repo file automatically) dnf config-manager --add-repo https://example.com/rhel9/myrepo.repo # Add a local ISO / directory as a repository dnf config-manager --add-repo file:///mnt/repo

On exam day you are often given a repo URL or ISO path and asked to configure it. Use dnf config-manager --add-repo or create a .repo file manually — both are accepted.

Configuring a local ISO as a repository

# 1. Mount the ISO mount /dev/sr0 /mnt/dvd mount -o ro,loop rhel9.iso /mnt/dvd # 2. Make the mount persistent # Add to /etc/fstab: /dev/sr0 /mnt/dvd iso9660 defaults,ro 0 0 # 3. Create the repo file cat > /etc/yum.repos.d/local-dvd.repo <<EOF [BaseOS] name=RHEL 9 BaseOS (DVD) baseurl=file:///mnt/dvd/BaseOS enabled=1 gpgcheck=0 [AppStream] name=RHEL 9 AppStream (DVD) baseurl=file:///mnt/dvd/AppStream enabled=1 gpgcheck=0 EOF # 4. Verify dnf repolist

Setting gpgcheck=0 is acceptable for local ISOs on the exam. For production systems, always enable GPG verification.

GPG key management

# Import a GPG key manually rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release rpm --import https://example.com/RPM-GPG-KEY-myrepo # List all imported GPG keys rpm -qa gpg-pubkey* rpm -qi gpg-pubkey-XXXXXXXX-XXXXXXXX # details of a specific key

RPM package management

RPM — querying installed packages

# Is a package installed? rpm -q httpd # query by package name rpm -qa # list ALL installed packages rpm -qa | grep httpd # filter by name # Package details rpm -qi httpd # info: version, build date, summary rpm -ql httpd # list all files installed by package rpm -qd httpd # list documentation files only rpm -qc httpd # list configuration files only rpm -q --scripts httpd # show pre/post install scripts rpm -q --changelog httpd # show changelog # What package owns a file? rpm -qf /etc/httpd/conf/httpd.conf rpm -qf /usr/bin/htpasswd # Query a .rpm FILE (not yet installed) rpm -qip package.rpm # info from local file rpm -qlp package.rpm # file list from local file

rpm -qf /path/to/file is one of the most useful exam commands — it tells you exactly which package a file belongs to.

RPM — verifying package integrity

# Verify all files of an installed package against the RPM database rpm -V httpd # Verify ALL installed packages (slow but thorough) rpm -Va # Output codes when verification fails: # S - file size differs # M - mode (permissions) differs # 5 - MD5 checksum differs # U - user ownership differs # G - group ownership differs # T - modification time differs # . - test passed (no change) # Verify GPG signature of an RPM file rpm --checksig package.rpm

RPM — installing local packages

# Prefer dnf for local installs (handles dependencies) dnf install /path/to/package.rpm # rpm direct install (does NOT resolve dependencies) rpm -ivh package.rpm # install verbose with hash progress rpm -Uvh package.rpm # upgrade (or install if not present) rpm -Fvh package.rpm # freshen (upgrade only if already installed) rpm -e httpd # erase (remove) package rpm -e --nodeps httpd # remove ignoring dependency errors

Use dnf install package.rpm rather than bare rpm -i whenever possible — DNF automatically resolves and installs any missing dependencies.

RPM package naming convention

# Anatomy of an RPM filename: httpd - 2.4.53 - 7.el9 . x86_64 .rpm │name│ │version│ │release│ │arch │ # Architecture values: x86_64 # 64-bit Intel/AMD (most servers) aarch64 # 64-bit ARM noarch # architecture-independent (scripts, docs) src # source RPM (.src.rpm)

Application streams and modules

What are AppStream modules?

RHEL 9 ships two main repositories: BaseOS (core OS packages with long-term stability) and AppStream (user-space applications in multiple versioned streams). Modules allow you to install a specific version of an application — for example PHP 8.1 instead of the default — without replacing system packages.

BaseOS

  • Core OS components
  • Traditional RPM packaging
  • Long support lifecycle
  • Consistent throughout RHEL lifecycle

AppStream

  • User-space applications
  • Multiple versions via modules
  • Shorter update cadence
  • Enable specific stream per app

DNF module commands

# List all available modules dnf module list dnf module list --enabled dnf module list --disabled # Show streams for a specific module dnf module list php dnf module info php # Enable a module stream (does NOT install packages yet) dnf module enable php:8.1 # Install the default packages from an enabled stream dnf module install php:8.1 dnf module install php:8.1/common # specific profile # Switch to a different stream dnf module reset php # clear current stream selection dnf module enable php:8.2 # enable the new stream dnf distro-sync # align installed packages to new stream # Disable a module (prevents accidental installation) dnf module disable php # Remove module-installed packages dnf module remove php

Module stream notation is module:stream/profile. If you only specify module:stream, DNF uses the default profile.

Module concepts explained

ConceptDefinitionExample
ModuleA logical grouping of related packages for an applicationphp, nodejs, postgresql
StreamA specific version branch of the modulephp:8.1, nodejs:18
ProfileA predefined set of packages within a streamcommon, devel, minimal
Default streamThe version enabled if you install without specifying a streamVaries by module
Active streamThe currently enabled stream on the systemShown as [e] in module list

Module list output — reading the table

$ dnf module list php Name Stream Profiles Summary php 8.1 common [d], devel, minimal PHP scripting language php 8.2 [d] common [d], devel, minimal PHP scripting language # Legend: # [d] = default (used if no stream/profile specified) # [e] = enabled (currently active on this system) # [x] = disabled (blocked from use) # [i] = installed

Switching module streams — full workflow

# Scenario: system has php:8.1 installed, need to switch to php:8.2 # Step 1: Remove packages installed from the current stream dnf module remove php # Step 2: Reset the module (clears stream selection) dnf module reset php # Step 3: Enable the target stream dnf module enable php:8.2 # Step 4: Install the new stream dnf module install php:8.2 # Step 5: Sync any remaining packages dnf distro-sync

You cannot have two streams of the same module active simultaneously. Always reset before switching.

Cheat sheet

Most-tested commands — quick reference

Install a package
dnf install httpd -y
Remove a package
dnf remove httpd -y
Update all packages
dnf update -y
Search for a package
dnf search keyword
Package info
dnf info httpd
Who provides a file?
dnf provides /bin/file
Install local RPM
dnf install ./pkg.rpm
List all repos
dnf repolist all
Enable a repo
dnf config-manager --enable name
Add repo from URL
dnf config-manager --add-repo URL
Is package installed?
rpm -q httpd
List all installed
rpm -qa
Files in package
rpm -ql httpd
Who owns this file?
rpm -qf /path/to/file
Verify package files
rpm -V httpd
List modules
dnf module list
Enable a stream
dnf module enable php:8.1
Install module
dnf module install php:8.1
Reset module stream
dnf module reset php
Import GPG key
rpm --import /path/to/key
DNF history
dnf history
Undo last transaction
dnf history undo last
Config files in pkg
rpm -qc httpd
Install group
dnf group install "Dev Tools"

RPM query flags — quick reference

FlagWhat it showsCommon combo
-qQuery (required base flag)rpm -q httpd
-aAll installed packagesrpm -qa
-iPackage info / metadatarpm -qi httpd
-lList all installed filesrpm -ql httpd
-cConfiguration files onlyrpm -qc httpd
-dDocumentation files onlyrpm -qd httpd
-fWhich package owns this filerpm -qf /etc/hosts
-pQuery a local .rpm file (not installed)rpm -qip pkg.rpm
-VVerify integrity against RPM databaserpm -V httpd
--scriptsShow pre/post install scriptsrpm -q --scripts httpd

Repo file — minimal working example

# /etc/yum.repos.d/myrepo.repo — minimum required fields [myrepo] name=My Custom Repo baseurl=http://repo.example.com/rhel9/ enabled=1 gpgcheck=0

For exam tasks, this minimal structure is sufficient. Add gpgkey= if GPG verification is required.

Practice quiz

Question 1 of 7

Which command finds which installed package provides the file /usr/bin/htpasswd?

rpm -qf /path/to/file queries which installed package owns that specific file. The -f flag means "file". dnf provides also works but searches all repos, not just installed packages.

Question 2 of 7

You need to configure a local DVD ISO mounted at /mnt/dvd as a DNF repository. Which file should you create?

Repository definitions go in /etc/yum.repos.d/ as .repo files. For a DVD with BaseOS and AppStream, create two [section] blocks pointing to file:///mnt/dvd/BaseOS and file:///mnt/dvd/AppStream. Option A edits global DNF config, not a repo definition. Option C is Debian/Ubuntu syntax.

Question 3 of 7

Which command installs PHP version 8.1 from the AppStream module?

dnf module install php:8.1 enables the stream and installs its default profile in one step. Option A would look for a package literally named "php-8.1" (likely not found). Option C has incorrect syntax (should use colon: php:8.1). Option D is not a valid DNF subcommand.

Question 4 of 7

After running rpm -V sshd, the output shows S.5....T. /etc/ssh/sshd_config. What does the 5 indicate?

In rpm -V output, 5 means the MD5 checksum differs (file content has changed). S = file size changed, M = mode/permissions changed, T = modification time changed. A dot (.) means that test passed. This is expected for configuration files that have been legitimately edited.

Question 5 of 7

You want to disable the rhel-9-appstream repository permanently. Which command does this?

dnf config-manager --disable name sets enabled=0 in the repo's .repo file, making the change persistent across reboots. Option A only disables for that single command invocation. Option C deletes the file entirely (too destructive — you lose all config). Option D is for module streams, not repositories.

Question 6 of 7

Which command lists only the configuration files installed by the sshd package?

rpm -qc package lists only the configuration files tagged in the RPM spec (files typically under /etc). -ql lists all files, -qi shows package metadata, and dnf info shows repository metadata — not installed file lists.

Question 7 of 7

You installed the wrong stream for a module and need to switch. What is the correct first step before enabling a different stream?

The correct sequence is: dnf module remove <module>dnf module reset <module>dnf module enable module:newstreamdnf module install module:newstream. You must reset before enabling a different stream — attempting to enable a new stream directly while another is active will produce an error. Option D is technically possible but risky and not the intended method.