This chapter covers Linux package management using apt (Debian/Ubuntu) and yum (Red Hat/CentOS/Fedora). Package management is a core skill for CompTIA A+ technicians, as Linux systems are increasingly common in enterprise environments. Expect 2-3 questions on the 220-1102 exam covering package management commands, repository configuration, and dependency resolution. Mastery of these tools is essential for system maintenance, software installation, and troubleshooting.
Jump to a section
Imagine you are a chef running a busy restaurant kitchen. You need various ingredients (software packages) to prepare your dishes (run your applications). You have two suppliers: 'apt' (for Debian-based kitchens) and 'yum' (for Red Hat-based kitchens). When you need a new ingredient, you call your supplier and ask for it. The supplier checks their catalog (repository) and delivers the ingredient along with any other ingredients required for it to work (dependencies). The supplier also keeps a detailed inventory (package database) of everything you have in your pantry, so they can tell you what you already have, what needs updating, and what is missing. If you need to remove an ingredient, the supplier checks if any other recipes (packages) depend on it before removing it, to avoid breaking your dishes. The supplier also allows you to search their catalog, see details about each ingredient, and even simulate a delivery to see what would happen without actually changing your pantry. This is exactly how apt and yum work: they retrieve packages from repositories, resolve dependencies automatically, maintain a local database of installed packages, and provide commands to install, update, remove, and query packages. apt and yum differ mainly in their underlying package format (.deb vs .rpm) and some command syntax, but the core functionality is identical.
What is Package Management?
Package management is the process of installing, updating, configuring, and removing software on a Linux system. A package manager automates these tasks, handling dependencies (other software required by the package), version control, and integrity verification. Without a package manager, you would need to manually download source code, compile it, and manage dependencies—a tedious and error-prone process.
Why Two Major Systems? apt vs yum
Linux distributions are broadly split into two families based on their package format and package manager:
Debian-based (Debian, Ubuntu, Linux Mint, Kali Linux) use .deb packages and the apt (Advanced Package Tool) family, which includes apt-get, apt-cache, and the newer apt command.
Red Hat-based (Red Hat Enterprise Linux, CentOS, Fedora, Rocky Linux) use .rpm packages and the yum (Yellowdog Updater Modified) package manager. Modern Fedora and RHEL 8+ use dnf as the successor to yum, but the exam still tests yum commands.
Both systems achieve the same goals but with different syntax and underlying tools.
How Package Managers Work Internally
#### Repositories
A repository is a server or local directory containing packages and metadata. The metadata includes package names, versions, descriptions, dependencies, and checksums. The package manager downloads the metadata (often compressed) to a local cache. For apt, the repository list is in /etc/apt/sources.list or /etc/apt/sources.list.d/. For yum, repositories are configured in .repo files under /etc/yum.repos.d/.
#### Local Package Database
apt maintains a database in /var/lib/dpkg/. It records every installed package, its version, and its status (installed, removed, purged).
yum uses the RPM database located in /var/lib/rpm/. This database stores package metadata and dependency information.
When you run an install command, the package manager:
1. Updates the local cache of repository metadata (if you ran apt update or yum check-update).
2. Resolves dependencies: identifies all required packages that are not yet installed.
3. Downloads the packages (usually from the repository) along with any dependencies.
4. Verifies package integrity using checksums (MD5, SHA1, SHA256).
5. Installs the packages, updating the local database.
#### Dependency Resolution
Dependencies are specified in the package metadata. For example, a package might require libssl.so.1.1 (a shared library) or another package like openssl. The package manager uses a SAT solver (for apt) or a simpler algorithm (for yum) to find a consistent set of packages that satisfy all dependencies. If a conflict arises (e.g., two packages require different versions of the same library), the package manager reports an error.
Key Commands for apt
sudo apt update – Updates the package index from repositories (downloads new metadata).
sudo apt upgrade – Upgrades all installed packages to the latest versions available in repositories.
sudo apt full-upgrade – Upgrades packages, handling changed dependencies by installing or removing packages as needed.
sudo apt install <package> – Installs a package and its dependencies.
sudo apt remove <package> – Removes a package but leaves configuration files.
sudo apt purge <package> – Removes a package and its configuration files.
sudo apt autoremove – Removes packages that were installed as dependencies but are no longer needed.
apt search <keyword> – Searches package names and descriptions.
apt show <package> – Shows detailed information about a package.
apt list --installed – Lists all installed packages.
Key Commands for yum
sudo yum check-update – Checks for available updates (does not update metadata; use yum makecache to force refresh).
sudo yum update – Updates all packages or a specific package.
sudo yum install <package> – Installs a package and dependencies.
sudo yum remove <package> – Removes a package.
sudo yum autoremove – Removes orphaned dependencies.
yum search <keyword> – Searches packages.
yum info <package> – Shows package information.
yum list installed – Lists installed packages.
yum deplist <package> – Shows dependencies of a package.
Configuration Files
- apt: /etc/apt/sources.list contains lines like:
deb http://archive.ubuntu.com/ubuntu focal main restricted
Each line specifies the repository type (deb or deb-src), URL, distribution codename, and components (main, universe, restricted, multiverse).
- yum: /etc/yum.repos.d/*.repo files contain sections like:
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 Key options: enabled (1 or 0), gpgcheck (verify GPG signatures), baseurl (direct URL), mirrorlist.
GPG Key Verification
Both systems use GPG keys to verify that packages come from a trusted source. The public key is imported and stored locally. For apt, keys are managed with apt-key (deprecated) or stored in /etc/apt/trusted.gpg.d/. For yum, keys are in /etc/pki/rpm-gpg/. If a package is not signed or the key is missing, the installation fails unless gpgcheck=0 is set (not recommended).
Common Pitfalls
Broken dependencies: If a repository is misconfigured or a package is removed improperly, dependencies may break. Use sudo apt --fix-broken install or sudo yum distro-sync to repair.
Holding packages: You can prevent a package from being updated using sudo apt-mark hold <package> or by adding exclude=<package> to yum configuration.
Clean cache: If metadata is corrupted, use sudo apt clean or sudo yum clean all to clear the cache and then update again.
Interaction with Other Tools
Package managers work with:
- dpkg (low-level Debian package tool) – dpkg -i installs a .deb file but does not resolve dependencies.
- rpm (low-level Red Hat package tool) – rpm -ivh installs an .rpm file similarly.
- snap and flatpak – Alternative package systems that run in sandboxed environments; they can coexist with apt/yum.
Exam Relevance for 220-1102
Objective 1.6 requires you to:
Explain the purpose of package managers.
Use apt and yum commands to install, update, and remove software.
Understand repository configuration.
Troubleshoot common package management issues.
Know the difference between apt update and apt upgrade: update refreshes the package list; upgrade actually installs new versions. Similarly, yum check-update vs yum update.
Summary of Key Differences
| Feature | apt (Debian) | yum (Red Hat) |
|------------------|----------------------------------|-----------------------------------|
| Package format | .deb | .rpm |
| Config file | /etc/apt/sources.list | /etc/yum.repos.d/*.repo |
| Update metadata | apt update | yum makecache |
| Install | apt install | yum install |
| Remove | apt remove | yum remove |
| Search | apt search | yum search |
| Show info | apt show | yum info |
| Fix dependencies | apt --fix-broken install | yum distro-sync |
Both are powerful tools that simplify software management on Linux. As a CompTIA A+ technician, you should be comfortable using both on their respective distributions.
Update package repository metadata
Before installing or upgrading software, the package manager must refresh its local cache of available packages. For apt, run `sudo apt update`. This command downloads the latest `Packages.gz` or `Packages.xz` files from each repository listed in `/etc/apt/sources.list` and stores them in `/var/lib/apt/lists/`. For yum, run `sudo yum check-update` or `sudo yum makecache` to download the metadata. The metadata includes package names, versions, dependencies, and checksums. This step is crucial because it ensures you are installing the latest available versions and that the package manager knows about all available packages.
Resolve dependencies
When you run `sudo apt install <package>` or `sudo yum install <package>`, the package manager first reads the dependency information from the metadata. It builds a dependency tree: for each required package, it checks if it is already installed. If not, it adds it to the list of packages to install. The package manager uses algorithms to resolve complex dependency chains, ensuring no conflicts (e.g., two packages requiring different versions of the same library). If a conflict is detected, the operation is aborted with an error message. This step is invisible to the user but critical to system stability.
Download packages
After resolving dependencies, the package manager downloads the required .deb or .rpm files from the configured repositories. For apt, the files are stored in `/var/cache/apt/archives/`. For yum, they are stored in `/var/cache/yum/`. The download uses HTTP, FTP, or local file protocols. The package manager verifies each downloaded file's checksum (e.g., SHA256) against the metadata to ensure integrity. If GPG checking is enabled, it also verifies the package's GPG signature. If verification fails, the package is rejected and an error is reported.
Install packages and update database
Once all packages are downloaded and verified, the package manager extracts the files to their appropriate locations on the filesystem. For apt, this is done by dpkg, which unpacks the .deb file, runs pre-install and post-install scripts (if any), and copies files to directories like `/usr/bin/`, `/etc/`, etc. For yum, rpm performs similar actions. After installation, the local package database is updated: apt updates `/var/lib/dpkg/status`, and yum updates `/var/lib/rpm/`. The database now reflects that the package is installed, along with its version and any configuration changes.
Clean up and verify
After installation, the package manager may remove downloaded package files to free space (apt can be configured with `apt clean` or `autoclean`). It also runs any post-installation scripts, such as starting a service or creating a user. The user can verify the installation using `apt list --installed | grep <package>` or `rpm -q <package>`. If dependencies were resolved but some packages are no longer needed later, `sudo apt autoremove` or `sudo yum autoremove` will remove them. This step ensures the system remains clean and efficient.
In a typical enterprise environment, Linux servers run critical applications such as web servers (Apache, Nginx), databases (MySQL, PostgreSQL), and container orchestration (Docker, Kubernetes). Package management is essential for keeping these systems patched and secure. For example, a DevOps team managing a fleet of Ubuntu servers uses apt to deploy security updates automatically via unattended-upgrades. They configure repositories in /etc/apt/sources.list to include only trusted sources, and they pin package versions using apt-mark hold to prevent critical application dependencies from being updated unexpectedly. In a Red Hat environment, a system administrator might use yum with Red Hat Satellite to manage thousands of servers. They create custom repositories for internal applications and use yum versionlock to lock specific package versions. Performance considerations include bandwidth usage: downloading large updates simultaneously can saturate network links. Administrators often set up local mirrors (e.g., using apt-mirror or reposync) to reduce external bandwidth and speed up deployments. A common misconfiguration is adding untrusted third-party repositories, which can lead to package conflicts or security vulnerabilities. For instance, adding a PPAs (Personal Package Archives) on Ubuntu without verifying the source can introduce malware. Another issue is forgetting to run apt update before apt upgrade, resulting in outdated package lists and failed installations. In production, administrators script the sequence: apt update && apt upgrade -y to ensure consistency. On Red Hat systems, forgetting to import GPG keys can cause installations to fail with 'GPG key retrieval failed' errors. Troubleshooting these issues requires checking repository configuration files, clearing the cache (yum clean all), and verifying network connectivity to repository URLs.
The 220-1102 exam (Objective 1.6) tests your ability to use Linux package management commands and understand their purpose. Expect 2-3 questions that ask you to identify the correct command for a given task, or to interpret error messages related to dependencies or repository configuration. The most common wrong answers on exam questions include: 1) Confusing apt update with apt upgrade – many candidates choose apt upgrade when the question asks about updating the package list. Remember: update refreshes metadata; upgrade installs new versions. 2) Using apt install without sudo – the exam expects you to know that package management requires root privileges. 3) On yum questions, candidates often select yum update when the task is to check for updates without installing them; the correct command is yum check-update. 4) Confusing apt remove with apt purge – remove leaves config files; purge removes them. The exam may ask which command completely removes a package. Specific numbers and terms that appear verbatim: the path /etc/apt/sources.list for Debian repositories, and /etc/yum.repos.d/ for Red Hat. The command apt-get is still tested as the traditional form, but apt is the modern equivalent. Edge cases: the exam might ask what to do if a package installation fails due to broken dependencies – the answer is apt --fix-broken install or yum distro-sync. Another edge case is holding a package to prevent updates: apt-mark hold or yum versionlock. To eliminate wrong answers, focus on the underlying mechanism: if the question mentions 'package list' or 'metadata', the answer involves update or check-update. If it mentions 'installing software', the answer is install. Pay attention to the distribution name: if the question says 'Ubuntu', use apt commands; if 'CentOS', use yum.
apt update refreshes the package list; apt upgrade installs new versions.
yum check-update lists available updates without installing; yum update installs them.
Package management commands require root privileges (sudo).
Dependencies are automatically resolved when using apt install or yum install.
Use apt --fix-broken install to repair broken dependencies on Debian systems.
Use yum distro-sync to synchronize package versions with the repository on Red Hat systems.
Configuration for apt is in /etc/apt/sources.list; for yum in /etc/yum.repos.d/.
apt autoremove removes orphaned dependencies; yum autoremove does the same.
These come up on the exam all the time. Here's how to tell them apart.
apt (Debian/Ubuntu)
Uses .deb package format.
Configuration in /etc/apt/sources.list.
Update metadata: sudo apt update.
Install: sudo apt install <package>.
Remove with config: sudo apt remove; remove completely: sudo apt purge.
yum (Red Hat/CentOS)
Uses .rpm package format.
Configuration in /etc/yum.repos.d/*.repo.
Update metadata: sudo yum makecache or sudo yum check-update.
Install: sudo yum install <package>.
Remove: sudo yum remove (does not have a separate purge command; use yum remove with --remove-leaves).
Mistake
apt update installs the latest versions of all packages.
Correct
apt update only refreshes the local package index (metadata) from repositories; it does not install or upgrade any software. The command to actually upgrade packages is apt upgrade.
Mistake
yum and dnf are completely different and incompatible.
Correct
dnf is the next-generation replacement for yum, but it maintains command-line compatibility for most operations. On Fedora and RHEL 8+, yum is often a symlink to dnf. The exam still tests yum commands, but understanding dnf is beneficial.
Mistake
You can install any .deb file using apt install.
Correct
apt install expects a package name from a repository, not a local file. To install a local .deb file, use dpkg -i <file.deb> (which does not resolve dependencies) or apt install ./<file.deb> (which does resolve dependencies).
Mistake
Running apt autoremove is safe at any time.
Correct
autoremove removes packages that were installed as dependencies but are no longer required. However, if you manually removed a package that was a dependency for another, autoremove might remove needed packages. Always review the list of packages to be removed before confirming.
Mistake
yum update and yum upgrade are different commands.
Correct
In yum, update and upgrade are synonyms; both perform the same function of updating packages. This is different from apt where update and upgrade are distinct.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
apt update downloads the latest package metadata from repositories, updating the local cache. It does not install or upgrade any packages. apt upgrade actually installs newer versions of packages that are already installed. Always run apt update before apt upgrade to ensure you have the latest metadata. On the exam, remember: 'update refreshes the list; upgrade installs the updates.'
You can use `sudo apt install ./<filename>.deb` (note the ./ prefix). This tells apt to treat the file as a local package and will resolve dependencies from repositories. Alternatively, you can use `sudo dpkg -i <filename>.deb` but dpkg does not resolve dependencies, so you may need to run `sudo apt --fix-broken install` afterward.
Use `sudo apt purge <package>`. This removes the package and all configuration files. `sudo apt remove` only removes the package but leaves configuration files. On Red Hat systems, yum does not have a separate purge command; you can use `sudo yum remove <package>` and manually delete config files if needed.
You can use `sudo yum versionlock <package>` to lock the current version. To remove the lock, use `sudo yum versionlock delete <package>`. Alternatively, you can add `exclude=<package>` to the repository configuration in /etc/yum.repos.d/.
This error occurs when yum cannot find the GPG key for a repository. First, ensure the repository configuration file has the correct `gpgkey` URL. You can manually import the key using `sudo rpm --import <key-url>`. Alternatively, temporarily disable GPG checking by setting `gpgcheck=0` in the .repo file, but this is not recommended for security reasons.
apt is a newer, more user-friendly command that combines the most common functions of apt-get and apt-cache. It provides progress bars, color output, and simpler syntax. apt-get is the traditional tool and still works. On the exam, both are acceptable, but apt is now the recommended command for interactive use.
Use `apt list --installed`. This shows all packages that are installed on the system. You can filter by piping to grep: `apt list --installed | grep <keyword>`. On Red Hat systems, use `yum list installed` or `rpm -qa`.
You've just covered Linux Package Management: apt and yum — now see how well it sticks with free 220-1102 practice questions. Full explanations included, no account needed.
Done with this chapter?