rpm — quick reference
Query installed packages
Look up what is already recorded in the local RPM database.
| When to use | Command |
|---|---|
| Check whether a package name is installed | rpm -q package_name |
| List every package in the RPM database | rpm -qa |
| List installed packages by install time (newest first) | rpm -qa --last |
| Show summary metadata for an installed package | rpm -qi package_name |
| List files an installed package placed on disk | rpm -ql package_name |
| Find which installed package owns a file path | rpm -qf /path/to/file |
Query package files (not yet installed)
Inspect a .rpm archive on disk before you install it.
| When to use | Command |
|---|---|
| Show metadata from a package file | rpm -qip package.rpm |
| List files inside a package file | rpm -qlp package.rpm |
| List dependencies a package file needs | rpm -qpR package.rpm |
| Verify a package file against its embedded checksums | rpm -Vp package.rpm |
Install, upgrade, and remove
Change what is installed. On production hosts, dnf or yum usually handles dependencies; rpm is the engine underneath.
| When to use | Command |
|---|---|
Install a package from a .rpm file |
sudo rpm -ivh package.rpm |
| Upgrade if installed, otherwise install | sudo rpm -Uvh package.rpm |
| Remove an installed package by name | sudo rpm -e package_name |
| Remove without checking dependencies (break-glass only) | sudo rpm -e --nodeps package_name |
Verify and signatures
Confirm installed payloads or check download integrity.
| When to use | Command |
|---|---|
| Verify installed files against the RPM database | sudo rpm -Va |
| Verify one installed package | sudo rpm -V package_name |
Check signatures and digests on a .rpm file |
rpm --checksig package.rpm |
Help and version
| When to use | Command |
|---|---|
| Show built-in usage text | rpm --help |
| Show RPM version | rpm --version |
rpm — command syntax
Synopsis from rpm --help on Ubuntu 25.04 (rpm 4.20.1):
Usage: rpm [OPTION...]Common modes combine a query/install flag with selectors such as -q (query), -i (install), -U (upgrade), -e (erase), -p (package file), and -f (file). Full option lists are long — run rpm --help on your host.
rpm updates the RPM database under /var/lib/rpm/. Most install and erase operations need sudo.
rpm — command examples
Essential Query an installed package
On an RPM-based server, the first check is whether the package name is in the local database and which version is installed.
Run the command (replace bash with a package your host actually installed via RPM):
rpm -q bashSample output when the package is installed:
bash-5.2.15-3.fc41.x86_64When the name is not in the RPM database (common on Debian/Ubuntu hosts where dpkg owns packages):
package bash is not installedList a few installed RPM names to see what your database contains:
rpm -qa | head -5On a fresh Ubuntu install the RPM database is often empty — that is normal. On RHEL or Fedora you will see many lines.
Essential Inspect a .rpm file before installing
When you downloaded a vendor .rpm manually, read its metadata and dependency list before rpm -i.
Run the commands (use your package file path):
rpm -qip /tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpm
rpm -qpR /tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpmSample output:
Name : rpmdemo
Version : 1.0
Release : 1
Architecture: noarch
Install Date: (not installed)
Group : Unspecified
Size : 23
License : MIT
Signature : (none)
Source RPM : rpmdemo-1.0-1.src.rpm
Build Date : Wed 01 Jul 2026 03:37:32 PM IST
Build Host : localhost
Packager : <@localhost>
Summary : Test package for cheatsheet
Description :
Minimal test RPM for article verification.
/bin/sh
rpmlib(CompressedFileNames) <= 3.0.4-1
rpmlib(FileDigests) <= 4.6.0-1
rpmlib(PayloadFilesHavePrefix) <= 4.0-1The Requires lines tell you what must already be on the system. If anything is missing, install dependencies first or use dnf instead of raw rpm -i.
Essential Install a local .rpm file
Install a package archive when you already have the file and accept responsibility for dependencies. On Debian/Ubuntu the RPM database is often empty, so a test package may need --nodeps (see the advanced example); on RHEL or Fedora omit that when dependencies are already installed.
Run the command:
sudo rpm -ivh --nodeps /tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpmSample output:
Verifying... ########################################
Preparing... ########################################
Updating / installing...
rpmdemo-1.0-1 ########################################Confirm it landed in the database and see which file it owns:
rpm -q rpmdemo
rpm -ql rpmdemoSample output:
rpmdemo-1.0-1.noarch
/usr/local/bin/rpmdemoClean up the test package when you are done:
sudo rpm -e rpmdemoCommon Find which package installed a file
When a binary appears on disk and you need its package name for updates or support cases.
Run the command:
rpm -qf /usr/local/bin/rpmdemoSample output (after installing the test package):
rpmdemo-1.0-1.noarchIf the file was not installed by any RPM package:
file /usr/local/bin/rpmdemo is not owned by any packageCommon Remove an installed RPM package
Uninstall by package name when reverse dependencies allow it.
Run the command:
sudo rpm -e rpmdemoSample output on success — rpm is silent when erase succeeds.
Verify removal:
rpm -q rpmdemoSample output:
package rpmdemo is not installedIf erase fails with dependency errors, remove dependents first or use dnf remove on hosts where dnf manages the stack.
Common List recently installed RPM packages
Audit what changed on a shared admin host — newest installs appear first.
Run the command:
rpm -qa --last | head -5Sample output (only when the RPM database has entries):
rpmdemo-1.0-1.noarch Wed 01 Jul 2026 03:37:39 PM ISTAn empty database prints nothing — expected on Debian/Ubuntu unless you installed RPM packages locally.
Common Verify download integrity with --checksig
Before installing a vendor RPM from the internet, confirm digests are intact.
Run the command:
rpm --checksig /tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpmSample output:
/tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpm: digests OKUnsigned local builds show digests OK without a GPG signature line — that is normal for packages you built yourself.
Advanced Install or erase with --nodeps (dangerous)
--nodeps skips dependency checks. Use only in disposable lab VMs when you understand the risk.
Try a normal install when a dependency is missing:
sudo rpm -ivh /tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpmSample output when /bin/sh is not registered as an RPM dependency on the host:
error: Failed dependencies:
/bin/sh is needed by rpmdemo-1.0-1.noarchForce the install anyway:
sudo rpm -ivh --nodeps /tmp/rpmbuild-test/RPMS/noarch/rpmdemo-1.0-1.noarch.rpmThe install proceeds, but later rpm -e rpmdemo may warn about unsatisfied dependencies — remove with sudo rpm -e --nodeps rpmdemo and prefer dnf on production RPM distros.
Advanced Verify installed files against the RPM database
-V compares on-disk files with the hashes and metadata RPM recorded at install time — useful after suspected tampering.
Run the command:
sudo rpm -Va 2>&1 | head -10Sample output uses single-letter codes per file (for example S size changed, M mode changed). An empty result means every checked file still matches.
Verify one package only:
sudo rpm -V rpmdemoNo output means the package files match the database.
rpm — when to use / when not
| Use rpm when | Use something else when |
|---|---|
|
|
rpm vs dnf
| rpm | dnf | |
|---|---|---|
| Level | Low-level .rpm and database tool |
High-level repo-aware frontend |
| Dependencies | Does not resolve repos | Resolves and installs dependencies |
| Typical use | Query, verify, manual .rpm install |
Day-to-day package management |
| Database | Owns /var/lib/rpm/ |
Calls rpm internally |
See the dnf command for repository installs and upgrades.
Related commands
| Command | One line |
|---|---|
| rpm | Low-level RPM install, query, verify (this page) |
Browse the full index in our Linux commands reference.
rpm — interview corner
What is the rpm command used for?
rpm manages RPM packages — the .rpm archive format used on RHEL, Fedora, Rocky Linux, AlmaLinux, and openSUSE. It can install, upgrade, erase, query, and verify packages and it maintains the local RPM database.
Higher-level tools like dnf talk to repositories and resolve dependencies, but they still rely on rpm to change files on disk and update the database.
A strong answer is:
"rpm is the low-level RPM package manager — it installs and removes .rpm files, queries the local database, and verifies file integrity. dnf is the user-friendly frontend that resolves dependencies from repos."
What is the difference between rpm and dnf?
dnf (or legacy yum) is what admins run for everyday work: pick a package name, pull it from configured repositories, install dependencies automatically.
rpm is the engine underneath. You reach for it when you already have a .rpm file on disk, need rpm -qf to see which package owns a path, or want rpm -Va to audit installed files.
A strong answer is:
"dnf handles repos and dependencies; rpm works directly on .rpm files and the RPM database. I use dnf for normal installs and rpm for queries, verification, or manual vendor RPMs."
What does rpm -q mean versus rpm -i?
-q enters query mode against the installed database — for example rpm -qi bash shows metadata, rpm -ql bash lists files.
-i installs a package from a .rpm file on disk: rpm -ivh package.rpm. Add -p to query a file that is not installed yet: rpm -qip package.rpm.
A strong answer is:
"-q queries the RPM database; -i installs from a package file. For uninstalled archives I combine them: rpm -qip or rpm -qpR on the .rpm path."
When would you use rpm --nodeps?
--nodeps tells rpm to ignore dependency requirements during install or erase. That can leave broken package states — missing libraries, uninstallable upgrades, or services that fail at runtime.
It is a last resort in labs or recovery when you will fix the dependency tree immediately afterward. On production systems, use dnf install or install missing dependencies explicitly instead.
A strong answer is:
"Only in controlled recovery — --nodeps bypasses dependency checks and can break the package stack. I prefer dnf or installing prerequisites first."
How do you verify an RPM package was not tampered with?
For a downloaded file, run rpm --checksig package.rpm — it validates embedded digests and any GPG signature.
For installed software, rpm -V package_name or rpm -Va compares on-disk files with values stored at install time (size, permissions, digest, and more). Output uses letter codes; silence means everything matched.
A strong answer is:
"Before install I use rpm --checksig on the file. After install I use rpm -V or rpm -Va to detect changed files compared to the RPM database."
Troubleshooting
| Symptom | Likely cause | Fix |
|---|---|---|
Failed dependencies on install |
Required packages not in RPM database | Install deps first, or use dnf install ./package.rpm |
package X is not installed on query |
Name typo or package managed outside RPM (e.g. dpkg on Ubuntu) | rpm -qa | grep keyword; use the distro's native tool |
file … is not owned by any package |
File was copied manually or belongs to another packaging system | dpkg -S on Debian/Ubuntu |
| Erase blocked by dependencies | Other RPMs still require this package | rpm -q --whatrequires package; remove dependents or use dnf |
Unknown option |
Flag not in your rpm build |
Check rpm --help on the host |
