Installing Redhat Packages [Was: [SLUG] Scanner, I'm part way there]

[Stephen]

john at johnallsopp.co.uk wrote:

>My book chapter says "if you plan to use Red Hat Linux software you have
>downloaded or acquired from third parties, it is likely that the software
>will be delivered in Red Hat Package Manager (RPM) format files".
>
>Or maybe they're right. Maybe they've just labelled a standard package
>manager format as a Red Hat one.
>
>So here I am, staring at four files (in the link above). If I download
>them, where to?
>
>Then they're compressed, right? The book says "use the file manager to
>browse to the file and double click it to install".
>
>Is that going to work? Firstly, which file do I click? The top one looks
>like a mixture of two versions, so I was going to do the bottom three.
>
>The bottom one is an md5, so I guess if I open that I get an md5 number.
>If I can work out how to get an md5 number from the middle file, I'll get
>to verify it's right, right? Do I do that on the tar.gz file or on the
>uncompressed file?
>
Ok... here's my lay speak on how I go about installing packages on 
Fedora Core 2.

The rpm files are the 'packages'. They are generally created by nice 
people with more time on their hands than most, and the rpms are often 
distribution specific - i.e. redhat, mandrake etc... where you can't 
find a distribution specific one go for the generic one, and failing 
that try any old random one and hope for the best resolving the 
dependencies.

So, grab the rpm and dump it somewhere. If there's an md5 file then 
that's smashing. The md5 file is a hash of the file itself - and is for 
you to verify that it downloaded correctly.

So, assuming we have package.rpm and package.md5 to verify the package 
we do

md5sum --check package.md5

This will find the associated file in the md5 file, create its own hash 
of that file and check that it is equal to the expected value. If even 
one byte of the file was different then, barring a mathematically 
improbably chance, your check would fail as the hash would differ.

So, if all is good then continue, otherwise download again. If it still 
fails then it's up to your judgement - could the dl be corrupted again, 
or perhaps the md5 file is the wrong one... anyway...

Not sure how you install packages on redhat, however I use the 'rpm' 
command.

To install a package try

rpm -ivh package.rpm

To update a package try

rpm -Uvh package.rpm

I think that if a package isn't installed the -U will install it anyway, 
so I generally just use the latter. If it comes up with some dependency 
failures then you can google for the failures and try installing them 
first. http://rpm.pbone.net is a good place to try... alternatively use 
the --force option to make it install the package despite the failures - 
it may be that the things were already on your system but the rpm 
package manager didn't know about them.

If you are using the tar.gz file then do the md5sum check on the file 
you download prior to decompression. I'm presuming you'll have to do a 
manual install of that one? If so read the usual README and INSTALL 
files, the latter tends to tell you the commands to issue to get it to 
do its funky thing. If a package exists then use that in my opinion as 
that will keep the package manager up to date and prevent it from 
buggering things later.

Hope that helps, I look forward to group embellishments, and sorry if I 
missed the point! :S

Steve