rpm — Install, query, verify, and uninstall individual .rpm files across all 5 shells
Equivalents in every shell
sudo rpm -ivh package.rpmThe low-level package manipulator — yum/dnf are higher-level wrappers that resolve deps and call into the rpm DB. Use rpm directly when (a) installing a downloaded `.rpm` file with no repo to pull from, (b) querying the rpm DB (`rpm -qa` list all installed, `rpm -qf /path/to/file` find which package owns a file, `rpm -ql <pkg>` list files in a package, `rpm -qi <pkg>` package info), (c) verifying integrity (`rpm -V <pkg>` checks installed files against their original checksums + permissions). `-i` install, `-U` upgrade-or-install, `-e` erase, `-v` verbose, `-h` hash progress bars.
sudo rpm -ivh package.rpmSame external. Common forensic pattern on RHEL-family servers: `rpm -qa --last | head -20` shows the 20 most recently installed packages with timestamps — useful for "what just changed on this box?". The rpm DB lives in `/var/lib/rpm/` (`Packages` Berkeley-DB on RHEL 7-, sqlite on RHEL 9+). Corruption is rare but recovery is `rpm --rebuilddb`.
sudo rpm -ivh package.rpmSame external. Fish syntax quirk: `rpm -qa | grep <q>` works as expected, but the more idiomatic fish equivalent is `rpm -qa | string match -r <regex>` — `string match -r` understands regex without needing grep. For "find packages installed in the last day": `rpm -qa --last | head -n 50 | string match -e (date "+%a %b %d")`.
Get-PackageNo native pwsh rpm. On Linux pwsh: `& sudo rpm -ivh <file>.rpm`. On Windows, the closest concept to "inspect installed packages" is `Get-Package` (from PackageManagement module) or `Get-CimInstance Win32_Product` (slow ~10s and triggers MSI reconfigure as a side effect — avoid; use `Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*` for a fast read-only enumeration). For installing `.msi` files: `Start-Process msiexec.exe -ArgumentList "/i package.msi /qn" -Wait`.
msiexec /i package.msi /qnNo cmd-native rpm. Windows installer format is `.msi`, invoked via `msiexec /i <file>.msi` (interactive) or `msiexec /i <file>.msi /qn` (quiet, no UI). The Windows equivalent of `rpm -qa` is no clean single command — `wmic product get name,version` (slow, deprecated) or `reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s` for a registry-based enumeration. On Amazon Linux 2023 / Fedora WSL: `wsl sudo rpm -ivh <file>.rpm` works.
Worked examples
Install a downloaded .rpm file
sudo rpm -ivh nginx-1.24.0-1.x86_64.rpmsudo rpm -ivh nginx-1.24.0-1.x86_64.rpmStart-Process msiexec.exe -ArgumentList "/i nginx.msi /qn" -Waitmsiexec /i nginx.msi /qnFind which package owns a given file
rpm -qf /usr/bin/nginxrpm -qf /usr/bin/nginxGet-Item C:\nginx\nginx.exe | Get-AuthenticodeSignatureList all installed packages with install dates, newest first
rpm -qa --last | head -20rpm -qa --last | head -20Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* | Sort-Object InstallDate -Descending | Select-Object DisplayName, InstallDate -First 20Gotchas
- `rpm -i` does NOT resolve dependencies — it installs the single `.rpm` file you give it and fails with "Failed dependencies: libfoo.so.5 is needed by ..." if deps are missing. Use `yum localinstall <file>.rpm` (or `dnf install <file>.rpm` on RHEL 8+) to install a local rpm file WITH dep resolution from your enabled repos. This is the #1 surprise for users coming from `dpkg -i <file>.deb && apt install -f` (which works around dep failures retroactively) — rpm doesn't have that two-phase recovery, so reach for dnf/yum for any package with dependencies.
- `rpm -e <pkg>` REFUSES to remove a package if other installed packages depend on it ("Failed dependencies: <pkg> is needed by ..."). To force-remove regardless (dangerous — breaks the dependent package): `rpm -e --nodeps <pkg>`. The right way is to remove the dependent packages first, OR use `dnf remove <pkg>` which removes the package + everything depending on it transitively (and prompts before doing so).
- Verifying installed-package integrity with `rpm -V <pkg>` produces output like `S.5....T. c /etc/nginx/nginx.conf` — those 9 characters are flag letters for what differs (S=size, 5=MD5 sum, T=mtime, etc); the `c` is the file type (config file). For configs, differences are expected (you edited them); for binaries, ANY non-`.........` line indicates tampering or post-install corruption. `rpm -Va` audits every installed package — slow but produces a clean integrity baseline.
- `.rpm` packages are GPG-signed by their builder; `rpm -i` warns but proceeds if you haven't imported the key. The correct flow is `rpm --import https://path/to/RPM-GPG-KEY-vendor` once per vendor key, then subsequent installs verify automatically. On RHEL 9+, `rpm -K <file>.rpm` ("check signature") verifies without installing — useful in CI to gate "did we just download a tampered RPM?" before allowing it into a base image.
- macOS does NOT have rpm. Mac users handling `.rpm` files (e.g., extracting payloads) need `brew install rpm2cpio` (or `7z`). `rpm2cpio file.rpm | cpio -id` extracts the package contents to the current directory without installing anything. Useful for "I downloaded an rpm but I need a single file from it" — extract, grab, discard. On Windows: `7-Zip` can open `.rpm` files as archives (rpm = cpio + header).