What Is In An RPM Package?

An RPM package is a file containing software, metadata, and scripts, designed for the reliable installation, upgrading, and removal of applications on Linux distributions like Red Hat, Fedora, and CentOS.

The package uses a binary format and consists of four main sections: the Lead, Signature, Header, and Payload. The exact contents vary depending on whether it is a binary RPM or a source RPM (SRPM).

The structure of an RPM file

An RPM file is not a simple archive, but a carefully structured package that allows the RPM Package Manager to perform complex operations, such as managing dependencies and running pre- and post-installation scripts. The file format is divided into four distinct parts:

• Lead: The very first part of an RPM file is the Lead section. Its primary purpose is to identify the file as an RPM package. It contains a magic number, which is a unique identifier, along with some historical and obsolete header information.
• Signature: Following the lead is the signature section. This is a critical component for security and package integrity. It contains checksums (like MD5, SHA1, or SHA256) and cryptographic signatures (such as GPG). The package manager uses this information to verify that the package has not been corrupted or tampered with since it was signed by the original developer.
• Header: The header is a collection of metadata about the package. It is essentially a database of information used by the package manager to determine dependencies, installation paths, and other critical details. Key data points found in the header include:
  • Name, Version, and Release (NVR): Identifies the software and its version.
  • Architecture: Specifies the hardware architecture the package is built for (e.g., x86_64, ARM). "noarch" is used for architecture-independent packages.
  • Summary and Description: Human-readable text that describes the package's purpose.
  • License: Information on the software license.
  • Dependencies: Lists other packages the software requires to run properly.
  • File List: A manifest of all the files included in the package, including their original file paths, permissions, and checksums.
  • Scriptlets: These are shell scripts that are executed at different stages of the installation or uninstallation process. This can include pre-installation, post-installation, pre-uninstallation, and post-uninstallation scripts.
• Payload: The payload is the actual archive of files that will be installed on the system. By default, it is a compressed cpio archive. It is extracted during installation, and the files are placed in the locations specified by the file list in the header. The payload can contain compiled binaries, libraries, configuration files, documentation, and other data.

Types of RPM packages

RPMs come in two primary types, each serving a different purpose in the software lifecycle:

Binary RPM

A binary RPM is the most common type of package, used by most end-users for installation. It contains pre-compiled binaries, libraries, and other files that are ready to be installed and used immediately. This is the result of a successful build process and is specific to a particular architecture (unless designated as "noarch").

Contents of a binary RPM:

• Compiled binaries and libraries: The executable program and all required library files.
• Configuration files: Template or default configuration files for the software.
• Documentation: Man pages, README files, and license information.
• Resources: Any additional files the application needs, such as fonts, icons, or data files.

Source RPM (SRPM)

An SRPM is designed for developers and package maintainers. It contains the raw ingredients needed to build a binary RPM, allowing for custom compilation or modification. SRPMs are architecture-agnostic, meaning the same SRPM can be used to build binary RPMs for different architectures.

Contents of an SRPM:

• The SPEC file: This is the core of the SRPM, a blueprint or "recipe" that details how to build the source code into a binary package. It contains sections for:
  • %prep: Instructions for preparing the source code.
  • %build: Instructions for compiling the software.
  • %install: Instructions for copying the compiled files into the correct directory structure.
  • %files: The list of files to be included in the final binary RPM.
• Source code archives: Compressed archives (tarballs or zip files) of the original source code.
• Patches: Files containing code changes to apply to the source code before building.

How to examine an RPM package

System administrators and developers often need to inspect the contents of an RPM before installation. This can be done using the rpm command with specific flags.