Quiz: DNF Package Manager¶
10 questions
L1 (5 questions)¶
1. On RHEL 8+, what happens when you run the yum command?
Show answer
yum is a symlink to dnf on RHEL 8+. Running yum actually executes dnf (yum4). The syntax is compatible, but the underlying dependency solver is libsolv instead of yum3's custom Python solver. *Common mistake:* yum and dnf are completely separate tools that can be used interchangeably2. How do you apply only security updates with dnf, and why is this important during a patch window?
Show answer
dnf update --security — installs only packages with security advisories. Add --sec-severity=Critical to filter further. This prevents pulling in feature updates or major version bumps that could introduce breaking changes during a maintenance window. *Common mistake:* dnf update automatically applies only security patches by default3. What is the difference between dnf history undo 42 and dnf history rollback 42?
Show answer
undo 42 reverses only the changes made in transaction 42. rollback 42 reverses ALL transactions after 42, restoring the system to the state immediately after transaction 42 completed. Rollback is more aggressive and affects multiple transactions. *Common mistake:* undo and rollback are synonyms in dnf4. How does dnf versionlock work, and where is the lock configuration stored?
Show answer
dnf versionlock add5. What does the priority field in a dnf repo config control, and what is the default?
Show answer
Priority determines which repo dnf prefers when multiple repos offer the same package. Lower number = higher priority. Default is99. Set internal repos to a low number (e.g.,
10. to ensure they override EPEL or other third-party repos. *Common mistake:* Higher priority numbers mean higher preference
L2 (5 questions)¶
1. What is a dnf module stream, and what happens when you enable one?
Show answer
A module stream is a version track (e.g., postgresql:15 vs :16). Enabling a stream makes packages from other streams invisible to the solver. This is sticky — it persists until you explicitly reset the module. Switching streams requires a reset, which can remove installed packages. *Common mistake:* Module streams are just aliases for different repos2. Why can dnf autoremove break applications that were installed with rpm -i?
Show answer
rpm -i does not register the package as user-installed in dnf's database. Its dependencies appear as orphaned autoremove candidates. dnf autoremove removes them, breaking the rpm-installed application. Fix: install via dnf install ./pkg.rpm or mark deps with dnf mark install. *Common mistake:* autoremove only removes packages that have no files on disk3. How do you create an offline repository mirror for air-gapped environments?
Show answer
Use dnf reposync --repoid=4. Why is using exclude= in repo configs risky for security patching?
Show answer
exclude= makes matching packages completely invisible to dnf, including security updates. If someone added exclude=kernel* to prevent kernel updates, dnf update --security silently skips kernel CVE fixes. Use dnf versionlock instead — it pins versions but remains visible in versionlock list. *Common mistake:* exclude= only hides packages from search results, not from updates5. What are the three dnf-automatic timer profiles and when would you use each?