3

Devel packages usually contain the headers or other stuff that's necessary for compiling applications.

To keep the systems clean and manageable, I'm looking for a command to list all-devel-packages installed by yum (also rpm's, without the suffix).

I usually use yum list installed and collect the devel's manually.

Do you recommend to remove them after compilation as a general rule?

mate64
  • 1,681
  • 4
  • 18
  • 29
  • I wouldn't install them in the first place... however, *some* devel packages are needed for driver runtime compilation (management agents, VMware tools, backup software, etc.) – ewwhite Feb 27 '13 at 09:20

4 Answers4

6
yum remove $(rpm -qa "*-devel")

Also, don't do development on your production (or even staging) systems. If you really must rebuild an RPM, use mock which builds it in a chroot and can clean up after itself.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
5

I think your question on development packages removal has a two part answer. The first part is to remove the -devel packages as recommended by others. This will remove the development interfaces for applications such as httpd-devel.

The second part is core development packages for basic development, mostly needed if you need to install program from source code. RHEL groups this packages under Development tools. You can remove these packages using -

        yum groupremove "Development tools"

Personally I wouldn't install any development packages on production servers as SvenW mentioned. So I would start with a clean base installation without any development packages and then explicitly install only the absolutely needed ones later depending on your requirements.

Daniel t.
  • 9,291
  • 1
  • 33
  • 36
4

Basic security tennet: Don't use black lists (i.e., look for things to forbid), as it is too easy to leave something out (and you won't find out until it is too late); use white lists (i.e., check what needs to be allowed), if you forget something you'll know soon enough.

In this particular case: Make a list of the software that is needed on the machine, either for its management or for the services it is providing, and install that (and whatever dependencies it drags in). If there are several alternatives (i.e., use scp(1) or FTP to upload new contents) see if you can keep only one, and select that one carefully. Everything else is baggage, and a potential security risk.

vonbrand
  • 1,149
  • 2
  • 8
  • 16
3
yum list installed | grep '\-devel\'

or, since yum has a pacakge selection mechanism: 

yum list installed '*-devel'

which also should work for uninstall: 

yum erase '*-devel'

To keep the system "clean and manageable", have a work machine where you built your own packages and then install those on the production machines.

Sven
  • 98,649
  • 14
  • 180
  • 226
  • Yes, but that won't catch all (development packages like compilers aren't called `-devel`). – vonbrand Feb 27 '13 at 12:58
  • @vonbrand: Of course not. `...-devel` is just a convention anyway. As I said, if you are really concerned about this, don't compile on a production system. – Sven Feb 27 '13 at 13:16