How to Install an RPM Package in Linux: A Complete Guide
Installing RPM packages is a fundamental skill for anyone working with Red Hat-based Linux distributions. Whether you're managing a web server, setting up a development environment, or deploying software dependencies, understanding how RPM installation works — and the different ways to approach it — puts you in control of your system.
What Is an RPM Package?
RPM stands for Red Hat Package Manager (sometimes called RPM Package Manager recursively). It's both a file format and a package management system originally developed by Red Hat. An .rpm file bundles together compiled software, configuration files, metadata, and installation scripts into a single distributable unit.
RPM is the native package format for distributions including RHEL, CentOS, Fedora, AlmaLinux, Rocky Linux, and openSUSE. If you're running Debian, Ubuntu, or Mint, RPM is not your native format — those systems use .deb packages and apt.
The Three Main Methods to Install RPM Packages
1. Using rpm (The Low-Level Command)
The rpm command is the most direct method. It interacts with packages without automatically resolving dependencies.
sudo rpm -ivh package-name.rpm What the flags mean:
-i— install-v— verbose output (shows progress details)-h— hash marks (displays a progress bar)
To upgrade an existing package rather than perform a fresh install:
sudo rpm -Uvh package-name.rpm To query whether a package is already installed:
rpm -q package-name The key limitation:rpm does not automatically fetch or install dependencies. If the package requires other libraries or packages not already on your system, the installation will fail with dependency errors. You'll need to resolve those manually or switch to a higher-level tool.
2. Using dnf or yum (Recommended for Most Users) ✅
dnf (and its predecessor yum) are package managers that sit on top of RPM and handle dependency resolution automatically. They pull packages from configured repositories and install everything needed in one step.
To install a local .rpm file:
sudo dnf install ./package-name.rpm Note the ./ prefix — this tells dnf you're pointing to a local file rather than a package name in a repository.
dnf will analyze the package's dependencies, check your configured repos, and install any missing components automatically. This is why most administrators and developers prefer it over raw rpm for day-to-day use.
On older systems still using yum:
sudo yum install ./package-name.rpm 3. Using zypper (openSUSE and SLES)
On openSUSE or SUSE Linux Enterprise, the package manager is zypper:
sudo zypper install package-name.rpm It handles dependencies similarly to dnf, drawing from configured repositories as needed.
Verifying a Successful Installation
After installation, confirm the package is present on your system:
rpm -qa | grep package-name This queries all installed packages (-qa) and filters by name. You can also check the installed version:
rpm -qi package-name This returns detailed metadata including version number, build date, vendor, and description.
Common Issues and What Causes Them
| Problem | Likely Cause | How to Address It |
|---|---|---|
Dependency errors with rpm | Missing required libraries | Use dnf install instead |
| "Already installed" message | Package exists at same version | Use -Uvh to upgrade |
| Signature verification failure | Package not signed or key missing | Import the GPG key or use --nosignature carefully |
| Permission denied | Command run without sudo | Prefix with sudo |
Package not found (with dnf) | Wrong path or filename | Confirm file path with ls |
GPG Signature Verification 🔐
When installing RPMs from external sources, GPG signature verification is an important security layer. Packages from official repositories are signed with a vendor key. If you download an .rpm from a third-party site, verifying its signature before installing is a best practice:
rpm --checksig package-name.rpm If the key isn't imported yet, you'll need to import the vendor's public key first:
sudo rpm --import https://example.com/RPM-GPG-KEY Skipping verification with --nosignature or --force is possible but introduces risk — only do this when you fully trust and control the source.
Factors That Affect How You Should Approach RPM Installation
The "right" method depends on variables specific to your environment:
- Distribution and version — Fedora uses
dnfnatively; older CentOS 6/7 systems useyum; openSUSE useszypper. The base command changes accordingly. - Internet connectivity — Dependency resolution via
dnfrequires repo access. Air-gapped systems may need to manually stage dependencies or userpmwith pre-downloaded files. - Package source — Official repo packages benefit from automatic dependency handling. Third-party
.rpmfiles may have dependencies not available in your default repos. - System role — Production servers typically enforce strict GPG verification and change control processes. Development machines often allow more flexibility.
- User privilege level — Standard users can query packages with
rpm -q; installing always requires root orsudoaccess.
The spectrum runs from a single-command dnf install on a connected workstation, all the way to manually staging dependency chains on an isolated production server where every package must be vetted. Both scenarios use RPM under the hood, but the workflow and risk profile look very different depending on your setup.