Understanding DNF Package Manager in AlmaLinux

Introduction

DNF (Dandified YUM) serves as the default package manager for AlmaLinux, providing a powerful and efficient system for software installation, updates, and dependency management. As the next-generation replacement for YUM, DNF offers improved performance, better dependency resolution, and enhanced features that make package management more reliable and user-friendly. This comprehensive guide explores every aspect of DNF, from basic operations to advanced repository management and troubleshooting techniques.

Understanding DNF Architecture

Evolution from YUM

DNF represents a complete rewrite of YUM using modern technologies:

• libsolv: Advanced dependency resolver
• hawkey: High-level package management library
• librepo: Repository metadata downloading
• libcomps: Package group metadata handling

Key Improvements Over YUM

1. Performance: 3-5x faster dependency resolution
2. Memory Usage: Reduced memory footprint
3. API: Clean, well-documented Python API
4. Dependency Resolution: More predictable behavior
5. Python 3: Native Python 3 support

DNF Configuration

Main Configuration File

The primary configuration file /etc/dnf/dnf.conf controls DNF behavior:

[main]
# Basic settings
gpgcheck=1
installonly_limit=3
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False

# Performance settings
fastestmirror=True
max_parallel_downloads=10
minrate=1000
timeout=30
retries=10

# Cache settings
keepcache=0
metadata_expire=6h
metadata_timer_sync=10800

# Security settings
repo_gpgcheck=1
localpkg_gpgcheck=1

# Output settings
color=auto
color_update_installed=normal
color_update_local=bold
color_update_remote=normal
color_list_installed_newer=red
color_list_installed_older=yellow
color_list_installed_reinstall=cyan
color_list_installed_extra=magenta
color_list_available_upgrade=bold_blue
color_list_available_downgrade=yellow
color_list_available_install=bold_cyan
color_list_available_reinstall=cyan
color_search_match=bold_magenta

# Debug settings
debuglevel=2
errorlevel=6
obsoletes=1

Repository Configuration

Repository files are stored in /etc/yum.repos.d/:

# List repository files
ls -la /etc/yum.repos.d/

# Example repository configuration
cat > /etc/yum.repos.d/custom.repo << 'EOF'
[custom-repo]
name=Custom Repository
baseurl=https://repo.example.com/el9/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.example.com/RPM-GPG-KEY-custom
priority=90
module_hotfixes=1
countme=1
EOF

Essential DNF Commands

Package Installation

Basic Installation

# Install single package
sudo dnf install package_name

# Install multiple packages
sudo dnf install package1 package2 package3

# Install with automatic yes
sudo dnf install -y httpd mariadb-server php

# Install specific version
sudo dnf install package_name-1.2.3

# Install from local RPM file
sudo dnf install ./local-package.rpm

# Install only from specific repository
sudo dnf install --repo=epel package_name

Advanced Installation Options

# Install without dependencies (dangerous!)
sudo dnf install --nodeps package_name

# Install with weak dependencies
sudo dnf install --setopt=install_weak_deps=True package_name

# Install and assume yes for GPG key import
sudo dnf install --assumeyes --nogpgcheck package_name

# Download only without installing
sudo dnf download package_name

# Install all packages from a group
sudo dnf group install "Development Tools"

Package Updates

System Updates

# Update all packages
sudo dnf update

# Update specific package
sudo dnf update package_name

# Update all except specific packages
sudo dnf update --exclude=kernel* --exclude=php*

# Check for updates without installing
sudo dnf check-update

# Update to specific version
sudo dnf update-to package_name-1.2.3

# Minimal update (security only)
sudo dnf update-minimal

# Update with bug fixes and security
sudo dnf update --bugfix --security

Automatic Updates

# Install automatic updates
sudo dnf install dnf-automatic

# Configure automatic updates
sudo vim /etc/dnf/automatic.conf

# Enable automatic updates timer
sudo systemctl enable --now dnf-automatic.timer

# Check timer status
sudo systemctl status dnf-automatic.timer

Package Removal

# Remove package
sudo dnf remove package_name

# Remove with dependencies
sudo dnf autoremove package_name

# Remove leaving dependencies
sudo dnf remove --nodeps package_name

# Remove obsolete packages
sudo dnf remove $(dnf repoquery --extras)

# Clean up unused dependencies
sudo dnf autoremove

Package Queries

Search Operations

# Search for packages
dnf search keyword

# Search in package names only
dnf search --name keyword

# Search in summary and description
dnf search --all keyword

# Search by file
dnf provides /usr/bin/htop

# Search with wildcards
dnf search 'python3-*'

# Advanced search with grep
dnf list available | grep -i pattern

Information Queries

# Show package information
dnf info package_name

# List installed packages
dnf list installed

# List available packages
dnf list available

# List all packages
dnf list all

# List recent packages
dnf list recent

# List extras (packages not in any repo)
dnf list extras

# List obsoletes
dnf list obsoletes

# Show package dependencies
dnf deplist package_name

# Show which package provides a file
dnf provides /path/to/file

# Show package changelog
dnf changelog package_name

Repository Management

Repository Operations

# List enabled repositories
dnf repolist

# List all repositories
dnf repolist all

# Enable repository
sudo dnf config-manager --set-enabled repository_name

# Disable repository
sudo dnf config-manager --set-disabled repository_name

# Add repository
sudo dnf config-manager --add-repo https://example.com/repo.repo

# Show repository configuration
dnf repoinfo repository_name

# Clean repository metadata
sudo dnf clean metadata

# Clean all cached data
sudo dnf clean all

# Rebuild cache
sudo dnf makecache

# Synchronize packages with repository
sudo dnf distro-sync

Working with Third-Party Repositories

EPEL Repository

# Install EPEL repository
sudo dnf install epel-release

# Verify EPEL installation
dnf repolist | grep epel

# Install package from EPEL
sudo dnf install --enablerepo=epel package_name

ELRepo Repository

# Import GPG key
sudo rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org

# Install ELRepo
sudo dnf install https://www.elrepo.org/elrepo-release-9.el9.elrepo.noarch.rpm

# List available kernels
dnf list available --enablerepo=elrepo-kernel kernel*

Creating Local Repository

# Install createrepo
sudo dnf install createrepo_c

# Create repository directory
sudo mkdir -p /var/www/html/local-repo

# Copy RPMs to repository
sudo cp *.rpm /var/www/html/local-repo/

# Create repository metadata
sudo createrepo /var/www/html/local-repo/

# Create repository configuration
cat > /etc/yum.repos.d/local.repo << 'EOF'
[local-repo]
name=Local Repository
baseurl=file:///var/www/html/local-repo/
enabled=1
gpgcheck=0
priority=1
EOF

# Update repository metadata
sudo createrepo --update /var/www/html/local-repo/

DNF Modules and Streams

Understanding Modules

DNF modules allow multiple versions of software to be available:

# List all modules
dnf module list

# List specific module
dnf module list nodejs

# Show module information
dnf module info nodejs

# List enabled modules
dnf module list --enabled

# List installed modules
dnf module list --installed

Working with Module Streams

# Enable module stream
sudo dnf module enable nodejs:18

# Install module stream
sudo dnf module install nodejs:18

# Switch module streams
sudo dnf module reset nodejs
sudo dnf module enable nodejs:20
sudo dnf module install nodejs:20

# Install specific profile
sudo dnf module install nodejs:18/development

# Remove module
sudo dnf module remove nodejs:18

# Disable module
sudo dnf module disable nodejs:18

Module Profiles

# List available profiles
dnf module info --profile nodejs

# Install minimal profile
sudo dnf module install nodejs:18/minimal

# Install multiple profiles
sudo dnf module install nodejs:18/development nodejs:18/s2i

Package Groups

Group Management

# List available groups
dnf group list

# List hidden groups
dnf group list --hidden

# Show group information
dnf group info "Development Tools"

# Install group
sudo dnf group install "Development Tools"

# Install with optional packages
sudo dnf group install --with-optional "Development Tools"

# Update group
sudo dnf group update "Development Tools"

# Remove group
sudo dnf group remove "Development Tools"

# Mark group as installed
sudo dnf group mark install "Development Tools"

# Mark group as removed
sudo dnf group mark remove "Development Tools"

Creating Custom Groups

Create a custom group definition:

<!-- /etc/dnf/comps.d/custom-group.xml -->
<comps>
  <group>
    <id>custom-web-stack</id>
    <name>Custom Web Stack</name>
    <description>Custom LAMP stack components</description>
    <default>true</default>
    <uservisible>true</uservisible>
    <packagelist>
      <packagereq type="mandatory">httpd</packagereq>
      <packagereq type="mandatory">mariadb-server</packagereq>
      <packagereq type="mandatory">php</packagereq>
      <packagereq type="default">php-mysqlnd</packagereq>
      <packagereq type="optional">phpmyadmin</packagereq>
    </packagelist>
  </group>
</comps>

DNF Plugins

Essential Plugins

# Install DNF plugins core
sudo dnf install dnf-plugins-core

# List installed plugins
dnf list installed 'dnf-plugin*'

# Available plugins
dnf search dnf-plugin

Useful Plugins

1. versionlock Plugin

# Install versionlock
sudo dnf install python3-dnf-plugin-versionlock

# Lock package version
sudo dnf versionlock add kernel-5.14.0-362.8.1.el9_3

# List locked packages
dnf versionlock list

# Remove version lock
sudo dnf versionlock delete kernel-5.14.0-362.8.1.el9_3

# Clear all locks
sudo dnf versionlock clear

2. needs-restarting Plugin

# Check which services need restart
sudo dnf needs-restarting

# Check which processes need restart
sudo dnf needs-restarting --reboothint

# List affected services
sudo dnf needs-restarting --services

3. config-manager Plugin

# Add repository
sudo dnf config-manager --add-repo https://example.com/repo

# Enable/disable repository
sudo dnf config-manager --set-enabled powertools
sudo dnf config-manager --set-disabled testing

# Save repository configuration
sudo dnf config-manager --save --setopt=epel.priority=10

DNF History and Rollback

History Management

# View transaction history
dnf history

# View detailed history
dnf history list

# Show specific transaction
dnf history info 12

# Show packages affected by transaction
dnf history info 12 --verbose

# Search history
dnf history list kernel

# Show history statistics
dnf history stats

# Show user who ran transaction
dnf history userinstalled

Transaction Rollback

# Undo last transaction
sudo dnf history undo last

# Undo specific transaction
sudo dnf history undo 12

# Redo transaction
sudo dnf history redo 12

# Rollback to transaction
sudo dnf history rollback 12

# Repeat transaction
sudo dnf history repeat 12

# Store rollback data
sudo dnf history store

Performance Optimization

DNF Speed Improvements

# Enable fastest mirror
echo 'fastestmirror=True' | sudo tee -a /etc/dnf/dnf.conf

# Increase parallel downloads
echo 'max_parallel_downloads=10' | sudo tee -a /etc/dnf/dnf.conf

# Set minimum download speed
echo 'minrate=100k' | sudo tee -a /etc/dnf/dnf.conf

# Reduce timeout for slow mirrors
echo 'timeout=10' | sudo tee -a /etc/dnf/dnf.conf

# Enable deltarpm
sudo dnf install deltarpm
echo 'deltarpm=True' | sudo tee -a /etc/dnf/dnf.conf

Cache Management

# Keep cache after installation
echo 'keepcache=1' | sudo tee -a /etc/dnf/dnf.conf

# Set metadata expiration
echo 'metadata_expire=6h' | sudo tee -a /etc/dnf/dnf.conf

# Clean specific cache types
sudo dnf clean packages
sudo dnf clean metadata
sudo dnf clean expire-cache
sudo dnf clean all

# Build cache
sudo dnf makecache

# Timer-based makecache
sudo systemctl enable --now dnf-makecache.timer

Security Best Practices

GPG Key Management

# Import GPG key
sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9

# List imported keys
rpm -qa gpg-pubkey*

# Show key information
rpm -qi gpg-pubkey-34d8786d-6229e051

# Remove GPG key
sudo rpm -e gpg-pubkey-34d8786d-6229e051

# Verify package signature
rpm -K package.rpm

Security Configuration

# Enable GPG checking globally
echo 'gpgcheck=1' | sudo tee -a /etc/dnf/dnf.conf
echo 'repo_gpgcheck=1' | sudo tee -a /etc/dnf/dnf.conf
echo 'localpkg_gpgcheck=1' | sudo tee -a /etc/dnf/dnf.conf

# Disable GPG check for specific repository
sudo dnf install --disablerepo=* --enablerepo=trusted-repo --nogpgcheck package

# Security-only updates
sudo dnf update --security

# List security updates
dnf updateinfo list security

# Show security advisories
dnf updateinfo info security

Troubleshooting DNF Issues

Common Problems and Solutions

1. Corrupted Cache

# Clean all cache
sudo dnf clean all
sudo rm -rf /var/cache/dnf/*

# Rebuild cache
sudo dnf makecache

2. Broken Dependencies

# Check for problems
sudo dnf check

# List duplicate packages
dnf list --duplicates

# Remove duplicates
sudo dnf remove --duplicates

# Skip broken packages
sudo dnf update --skip-broken

# Force architecture
sudo dnf install package.x86_64

3. Repository Issues

# Disable problematic repository temporarily
sudo dnf --disablerepo=problematic-repo update

# Skip unavailable repositories
sudo dnf update --skip-if-unavailable

# Test repository configuration
sudo dnf repolist -v

# Check repository metadata
sudo dnf repository-packages repo-name list

4. Transaction Conflicts

# Check running transactions
ps aux | grep dnf

# Remove stale lock
sudo rm -f /var/run/dnf.pid

# Clean up incomplete transactions
sudo dnf clean packages
sudo dnf-3 clean packages  # If using dnf-3

# Reset module state
sudo dnf module reset module-name

Debug Mode

# Increase debug level
sudo dnf -d 10 install package

# Enable debug output
sudo dnf --debuglevel=10 update

# Save debug information
sudo dnf --debugsolver --debuglevel=10 install package 2>&1 | tee dnf-debug.log

# Check DNF database
sudo dnf check --dependencies

DNF Database Recovery

# Rebuild RPM database
sudo rpm --rebuilddb

# Verify database integrity
sudo rpm -vv --verify --all

# Clean DNF database
sudo rm -rf /var/lib/dnf/*
sudo dnf clean all
sudo dnf makecache

Advanced DNF Usage

Scripting with DNF

Python API Example

#!/usr/bin/env python3
import dnf

# Create DNF base object
base = dnf.Base()
base.read_all_repos()
base.fill_sack()

# Query installed packages
query = base.sack.query()
installed = query.installed()

# Find specific package
pkg_query = query.filter(name='httpd')
for pkg in pkg_query:
    print(f"{pkg.name}-{pkg.version}-{pkg.release}")

# Check available updates
updates = query.upgrades()
for pkg in updates:
    print(f"Update available: {pkg.name}")

Shell Scripting

#!/bin/bash
# DNF automation script

# Function to check if package is installed
is_installed() {
    dnf list installed "$1" &>/dev/null
    return $?
}

# Function to install if not present
install_if_missing() {
    local package=$1
    if ! is_installed "$package"; then
        echo "Installing $package..."
        sudo dnf install -y "$package"
    else
        echo "$package is already installed"
    fi
}

# Install required packages
packages=("httpd" "mariadb-server" "php" "php-mysqlnd")
for pkg in "${packages[@]}"; do
    install_if_missing "$pkg"
done

# Update system
echo "Updating system..."
sudo dnf update -y

# Clean up
echo "Cleaning up..."
sudo dnf autoremove -y
sudo dnf clean all

Creating DNF Aliases

Add to ~/.bashrc:

# DNF aliases
alias dnfi='sudo dnf install'
alias dnfu='sudo dnf update'
alias dnfr='sudo dnf remove'
alias dnfs='dnf search'
alias dnfp='dnf provides'
alias dnfc='sudo dnf clean all'
alias dnfl='dnf list installed'
alias dnfh='dnf history'
alias dnfg='dnf group'

# Advanced aliases
alias dnf-security='sudo dnf update --security'
alias dnf-cleanup='sudo dnf autoremove && sudo dnf clean all'
alias dnf-rollback='sudo dnf history undo last'
alias dnf-whatprovides='dnf provides'
alias dnf-leaves='dnf leaves'
alias dnf-broken='sudo dnf check'

DNF Configuration Templates

Minimal Server Configuration

# /etc/dnf/dnf.conf
[main]
gpgcheck=1
installonly_limit=2
clean_requirements_on_remove=True
best=True
skip_if_unavailable=True
fastestmirror=True
max_parallel_downloads=3
keepcache=0
metadata_expire=12h

Development Workstation Configuration

# /etc/dnf/dnf.conf
[main]
gpgcheck=1
installonly_limit=5
clean_requirements_on_remove=True
best=True
skip_if_unavailable=False
fastestmirror=True
max_parallel_downloads=10
keepcache=1
metadata_expire=6h
deltarpm=True

Enterprise Package Management

Package Standardization

# Create package baseline
dnf list installed > /etc/package-baseline.txt

# Compare against baseline
dnf list installed > current-packages.txt
diff /etc/package-baseline.txt current-packages.txt

# Generate package manifest
cat > package-manifest.sh << 'EOF'
#!/bin/bash
# Package manifest for AlmaLinux 9

PACKAGES=(
    # System tools
    "vim-enhanced"
    "wget"
    "curl"
    "git"
    "htop"
    
    # Development
    "@Development Tools"
    "python3-devel"
    "nodejs"
    
    # Services
    "httpd"
    "mariadb-server"
    "php"
)

for package in "${PACKAGES[@]}"; do
    sudo dnf install -y "$package"
done
EOF

Compliance and Auditing

# Audit installed packages
sudo dnf history userinstalled > user-installed-packages.txt

# Check for unauthorized packages
dnf list extras

# Verify package integrity
sudo rpm -Va > package-verification.log

# Generate compliance report
cat > compliance-check.sh << 'EOF'
#!/bin/bash
echo "Package Compliance Report"
echo "========================"
echo "Date: $(date)"
echo "Hostname: $(hostname)"
echo ""
echo "Installed Packages: $(dnf list installed | wc -l)"
echo "Available Updates: $(dnf check-update | grep -v "^$" | wc -l)"
echo "Security Updates: $(dnf updateinfo list security | wc -l)"
echo "Extra Packages: $(dnf list extras | wc -l)"
echo ""
echo "Repository Status:"
dnf repolist
echo ""
echo "Recent Changes:"
dnf history | head -20
EOF

Conclusion

DNF package manager provides a robust, efficient, and feature-rich solution for package management in AlmaLinux. From basic package operations to advanced repository management and enterprise deployment strategies, DNF offers the tools necessary for maintaining healthy, secure, and up-to-date systems.

Key takeaways:

• Master basic DNF commands for daily operations
• Understand repository and module management
• Implement security best practices
• Utilize history and rollback features
• Optimize performance for your environment
• Develop troubleshooting skills for common issues

With this comprehensive understanding of DNF, you’re equipped to handle any package management challenge in AlmaLinux environments, ensuring efficient system administration and maintenance.