Open source software security

Installing New Software on Mandrake Linux

30 November -0001
by: Justin Klein Keane
November 19, 2002

At some point in your Linux life you're going to need to install new software, either because you didn't get everything you wanted on the initial system install or because you've found a new program that you can't live without. The vast majority of software available for Linux if free, so you can find a lot of cool stuff (AIM clients, office productivity tools, network analysis tools, etc.) out there online. I'm going to briefly go over how to install new programs on your Mandrake machine.

Programs that you will want to install are generally going to conform to two different formats. The older, and less common format for distributing new software is .tar.gz format. The more common format, and the format of all the programs on your Mandrake distribution CD's is .rpm or RedHat Package Manager. The RedHat Package Manager is a great tool that maintains a database of programs you have installed, available programs from specific sources, and even programs that need to be updated due to security or bug problems.

RPM's are most easily installed and removed by using RPMDrake under Mandrake (Mandriva). You can find RPMDrake under the K Menu → Configuration → Packaging → Software Manager. You will have to run RPMDrake as root so that installed packages can be run by all users on the system. If you're not logged into KDE as root RPMDrake will prompt you for the root password. Once RPMDrake is up and running you can easily search through the installed and installable packages using the search box and associated buttons.

Mandrake Control Center

Be sure to set up your sources using the 'Define Sources' button. You may want to remove sources you know aren't available (for instance if you installed off of a downloaded version and you only have CD1) but be warned, in older Mandrake distributions I have found that this causes RPMDrake to become unstable. To add a new security update source either follow the instructions the first time you start up RPMDrake or click the 'Define Sources' button, then select 'New' and choose 'Security updates' from the 'Type of source:' drop down. You will have to click the 'Update the list of mirrors' button to get a list of mirrors. Mirrors are online archives of updated packages that you will need to install to bring your system to the most secure configuration. To do this you can simply click the 'Mandrake Update' button and a list of packages that have either become outdated or need to be patched for security reasons will display. Select the ones you want and click 'Install' to install the new packages. You may want to only install a few packages at a time as it often takes a while to download and install the new software.

To use RPMDrake to install most software all you need to do is type the name of the software into the 'Find:' box and click 'Search'. If you're not sure of the exact name of the package, you can either expand the trees in the list box below the search field, or click the 'Search by description' button and research. Once you find the package you want click on the name of the package and a short description will appear in the lower right hand corner of RPMDrake. If this is indeed the package you need you can simply click on the checkbox next to the package and then click the 'Install/Remove' button. You may be prompted to insert the correct CD into your drive, but other than that all you'll need to do is sit back and watch the status bars scroll away as the package installs. If the program you chose to install needs other supporting software you will be prompted that the system is also going to install those other RPM's. You should take note of what is being installed, if you notice a package you don't want on your system you may want to cancel out of the procedure.

To remove software, simply click on the 'Installed' tab and repeat your search. Alternatively you can expand the trees in the left hand pane to see the software packages currently installed on your system. If you click the checkbox next to one of these programs and click the 'Install/Remove' button RPMDrake will remove the software and any dependant packages. If other packages need to be removed you will be alerted to this fact and given the option to abort so read everything carefully.

You can also use RPM from the command line. Use 'rmp --help' to find all the necessary flags and usage options. You can issue 'rpm -q somename' to query the rpm database and check to see if the 'somename' package is installed. For instance, typing in 'rpm -q kernel' should give you your current kernel version. To install a new RPM (for instance one you downloaded from http://www.RPMFind.net) you must change into the directory in which the rpm is stored (probably your home directory (you simply type in 'cd' to change into your home directory)) and then type in 'rpm --install theRPMName.rpm' where 'theRPMName.rpm' is the actual name of the rpm package. The RPM should install and then you can use it normally.

.TAR.GZ FORMAT SOFTWARE

Software distributed in a .tar.gz format is identifiable by its file extension. For instance, say you find a new program named madirishprog-1.23.tar.gz on my website. The first thing you'll want to do is download it to your home directory. Once the download is complete you should open a shell and cd to your home directory. Issue an 'ls' to make sure the program is there. To unpack the .tar.gz (the .gz stands for a zipped file, the .tar stands for tarball or collection of several files that are packaged together) you first have to unzip it, then untar it. To unzip the file you'll need to issue the command 'gunzip madirishprog-1.23-tar.gz'. Once the command completes if you issue an 'ls' you'll notice that the file 'madirishprog-1.23.tar.gz' doesn't exist any more. Instead the file is now named 'madirishprog-1.23.tar' (it is no longer zipped). We next have to untar the file. To do this we're going to use the 'tar' command and some flags. Issue 'tar -xvf madirishprog-1.23.tar' to untar the file (the -x flag is for expand, the -v flag is for verbose (so you know what is going on) and the -f flag is for force). Now if you issue an 'ls' you'll see the file 'madirishprog-1.23.tar' no longer exists but has been replaced by a directory named 'madirishprog-1.23'. This directory contains all of the tar files. To install the program first su to root by issuing 'su'. Next cd into the directory with 'cd madirishprog-1.23'. Inside this directory there is almost always a readme file. Take a look and make sure you read the file. I usually use pico to read the readme file, but you can use whatever text editor you need. Inside the readme is usually a description of how to install the file.

Standard, old school .tar.gz files all use the same install procedure. The first thing you'll have to do is issue a './configure'. This will configure the file for your particular system configuration. There will be lots of text output after you issue this command, keep an eye out for any errors that may appear. Assuming everything works right the next command you'll have to issue is 'make'. This will start a whole new steam of text, and again you should look out for errors. If you don't get any the last command you'll have to issue is 'make install' and there should be more text streaming and if you don't get any more errors your program will be installed. You should be able to run it by simply typing 'madirishprog' or whatever the program name is, but if the program installed in a non-standard location you may need to find out where the executable is installed to run it (this is usually listed in the text out put described above but you can search for it by using a 'whereis madirishprog' to list its location).

Regardless of which format you choose, almost all new software includes some sort of instructions that you should read. The ubiquitous RTFM (Read The Fucking Manual) will crop up in response to questions you send to program distributors if you don't peruse the readme or documentation (which may be found on the distribution website). Make sure to keep an eye out for executables named 'install' or 'setup' in any new programs you download as well. Hope this helps :)