Friday 26 October 2012


How to create a RPM package

            Creating a RPM package can be simply interpreted as a process that builds a package and puts specific content to that package, and when users need that RPM package, they just restore the package content back to the system by using the command “rpm -i”. In general, there are three steps to complete the process of building the RPM package. First, building the package, which builds from the SPEC file; second, testing the package uses Mock utility; last, using Koji performs cross-platform package testing. Below is the first step to perform the SPEC file building. This is the link documentation from fedora 

http://fedoraproject.org/wiki/How_to_create_an_RPM_package?rd=PackageMaintainers/CreatingPackageHowTo#Introduction

1)   First, in order to create the package, we need to build the environment, so some packages need to be installed
  • yum groupinstall "Fedora Packager"
  • yum install rpmlint yum-utils
2)   Run this command under command line interface “rpmdev-setuptree”
  • This command creates the ~/rpmbuild directory and ~/.rpmmacros file, and these are the essential element to build a raw RPM package.
3)   Under ~/rpmbuild directory, there are a few sub-directory exist, and they represent different meaning by itself. Our building processes take place under the SPEC directory.
  • ~/rpmbuild/SPECS: RPM specifications (.spec) files
  • ~/rpmbuild/SOURCES: Pristine source package (e.g. tarballs) and patches
  • ~/rpmbuild/BUILD: Source files are unpacked and compiled in a subdirectory underneath this.
  • ~/rpmbuild/BUILDROOT: Files are installed under here during the %install stage.
  • ~/rpmbuild/RPMS: Binary RPMs are created and stored under here.
  • ~/rpmbuild/SRPMS: Source RPMs are created and stored here.
  4)   Under the SPEC directory, run this command “rpmdev-newspec nameOfPackage”. In my case, I build the package named combine, so my command will be “rpmdev-newspec combine”.
  • This command will generate the file of “combine.spec”, and this is the package that needs to be editing.
5)   Edit the file of combine.spec to specify the content under each Macro (this is the link for explaining Macro https://fedoraproject.org/wiki/How_to_create_an_RPM_package?rd=PackageMaintainers/CreatingPackageHowTo#Macros)    

 below is the content of my SPEC file:

Name:           combine
Version:        0.3.4
Release:        1%{?dist}
Summary:        combine files or data stream tool
 License:        GPLv2+
URL:            http://savannah.gnu.org/projects/combine/
Source0:        http://ftp.gnu.org/gnu/combine/combine-0.3.4.tar.gz

 #BuildRequires: 
#Requires:       

 %description
combine matches 0, 1, or many files to one file or data streamm to generate ouput files or data streams based on the match.

%prep
%setup -q
  
%build
%configure
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
%make_install
  
%files
/usr/bin/combine
/usr/share/guile/date/calendar.scm
/usr/share/guile/date/parse.scm
/usr/share/info/combine.info.gz
/usr/share/info/dir
/usr/share/locale/de/LC_MESSAGES/combine.mo

%changelog
* Sun Oct 10 2012 Max Ou <maximumou@fedoraproject.org> - 0.3.4
- Initial packaging

6)  Use command “rpmbuild -ba nameOfPackage.spec” to build the file of combine.spec. In my case, I need to run the command of “rpmbuild -ba combine.spec”. When the build is successful, the binary RPMs will be placed in ~/rpmbuild/RPMS and the source RPM will be placed in ~/rpmbuild/SRPMS/
  • -ba refers to build all
7)   Using rpmlint utility to examine the package after finishes building the SPEC file.  

 Below is my output, and it contains a few errors and warnings that need to be fixed

[root@localhost x86_64]# rpmlint combine-0.3.4-1.fc17.x86_64.rpm
combine.x86_64: W: summary-not-capitalized C combine files or data stream tool
combine.x86_64: W: name-repeated-in-summary C combine
combine.x86_64: W: spelling-error %description -l en_US streamm -> stream, streams, stream m
combine.x86_64: W: spelling-error %description -l en_US ouput -> output, putout, out
combine.x86_64: E: description-line-too-long C combine matches 0, 1, or many files to one file or data streamm to generate ouput files or data streams based on the match.
combine.x86_64: W: incoherent-version-in-changelog 0.3.4 ['0.3.4-1.fc17', '0.3.4-1']
combine.x86_64: E: info-files-without-install-info-postin /usr/share/info/combine.info.gz
combine.x86_64: E: info-files-without-install-info-postun /usr/share/info/combine.info.gz
combine.x86_64: E: info-dir-file /usr/share/info/dir
combine.x86_64: E: info-files-without-install-info-postin /usr/share/info/dir
combine.x86_64: E: info-files-without-install-info-postun /usr/share/info/dir
combine.x86_64: E: incorrect-fsf-address /usr/share/guile/date/calendar.scm
combine.x86_64: W: no-manual-page-for-binary combine
combine.x86_64: E: unknown-key (MD5
combine.x86_64: W: file-not-in-%lang /usr/share/locale/de/LC_MESSAGES/combine.mo
1 packages and 0 specfiles checked; 8 errors, 7 warnings.


8All the relative files can be downloading from this link:

       http://matrix.senecac.on.ca/~zcou/     
Posted by at No comments:

Thursday 25 October 2012



Signing RPM packages


Signing a RPM packages use GPG program to add security features to the original RPM package, which to consolidate the integrity of the RPM package.  GPG stands for GNU Privacy Guard, which is the free software that under the GNU General Public License, and it is alternative to Pretty Good Privacy (PGP) suite cryptographic software.  This is the GPG main website http://www.gnupg.org. The latest version of GPG is 2.0.19, which releases from March-27-2012. GPG provides multiple OS operation. Gpg4win is the Window version of GnuPG that offers a friendly graphic interface for users, and GPGTools provides a Mac OS X version of GnuPG.  However, under Linux system, we should use command line interface to sign the signature for the package.
1)      create the GPG key pair
a.       gpg --genkey
·         In this interaction interface, we just need to answer the questions from the command prompt to set the key type, key length, and the key expires times.
 [root@localhost x86_64]# gpg --gen-key
gpg (GnuPG) 1.4.12; Copyright (C) 2012 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
(1)     RSA and RSA (default)
(2)     DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 1024
Requested keysize is 1024 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) n
Key is valid for? (0) 1m
Key expires at Fri 23 Nov 2012 05:44:55 PM EST
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: maximum ou
Email address: maximumou@fedoraproject.org
Comment:
You selected this USER-ID:
    "maximum ou <maximumou@fedoraproject.org>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

passphrase not correctly repeated; try again.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++
.+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
+++++
gpg: key A4D845 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2012-11-07
pub   1024/A0D835 2012-10-24 [expires: 2012-11-23]
      Key fingerprint = FC88 33E1 64E6 BCED 777A  2EE0 CD16 0961 A604 D845
uid                  maximum ou <maximumou@fedoraproject.org>
sub   1024R/30AD7 2012-10-24 [expires: 2012-11-23]

2)      to verify the key use the command
a.       gpg --list-keys
·         The key ring list in the /root/.gnupg/pubring.gpg by default

3)      add user info in ~/.rpmmacros
a.       vi ~/.rpmmacros
%_signature gpg
%_gpg_name “yourname or youremailaddress”

4)      after save the rpmmacros file, then we are ready to sign the rpm package now
a.       rpm --addsign combine-0.3.4-1.fc17.x86_64.rpm
·         --addsign is a key word
·         combine-0.3.4-1.fc17.x86_64.rpm is package that we need to sign
·         After verify our password that we just generate earlier, then the signing process is completed.

5)       There are a few gpg keyword is necessary to know
a.        gpg --export -a ‘yourname’ > RPMKEY
·         To export the public key to a text file

b.      sudo rpm --import RPMKEY
·         To import the rpm key back to RPM database

c.       verify the signature
·         rpm --checksig combine-0.3.4-1.fc17.x86_64.rpm


6)      Fix the problem of “rpm: combine-0.3.4-1.fc17.x86_64.rpm: No such file or directory”
a.       This tricky problem takes me so much times to Google it. In fact, it just misses a package called “rpm-sign”, and just installs this package. This problem will go away.
·         yum install rpm-sign

Creating a YUM repository


Create software repository is to share your repository packages to the general community. Before the process start, we need our signed RPM package ready first.
1)      use yum to install the createrepo package if we don’t have the package installed yet
a.       yum install createrepo

2)      if we decide to put our repositories on the LAN, then we can put it under apache server (fedora 17 in my server)
a.       yum install httpd
b.      systemctl start httpd.service

3)      Create the repository metadata for that directory
a.       cd /var/www/html/
b.      createrepo .

4)      create a new repository file called maximum.repo
a.       vi maximum.repo
[maximumrepo]
name=maximumrepo repository
baseurl=http://192.168.1.120/var/www/html/repodata/
enabled=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-maximum

  • [maximumrepo] ( Repository name )
  • name=maximumrepo repository   ( A readable string describing the repository name )
  • baseurl= http://192.168.1.120   ( The URL point to the yum repository’s  directory )
  • enabled=1 ( Enabled or disabled repo. enabled to 0 )
·         metadata_expire=7d  ( 7days to expire )

5)      export the GPG public key from my rpm database
a.       gpg --export -a ‘maximumou’ > /etc/pki/rpm-gpg/RPM-GPG-KEY-maximum


    6) The signed RPM package and ASCII public key file can be download from this link:
            http://matrix.senecac.on.ca/~zcou/



Posted by at No comments:

Saturday 6 October 2012

Testing the source RPM package using Koji

Koji is a utility that uses a scratch package to build a testing environment for the source RPM file, which to verify whether the source RPM file fits into different computer architectures, such as, ARM, IBM, and power PC. Koji is a necessary environment for testing the source RPM file because it can verify the compatibility issue of the source RPM file before releases it. This could effectively enhance the stability for the source package in term of usability in different architectures.  Before we use koji to test our source RPM file, we actually need to create fedora account in here https://admin.fedoraproject.org/accounts/  for authorizing and evaluating our testers’ identity.

1)      First, this is the syntax of the koji command “koji build TargetPlatform --scratch sourceRPMfile”  

# TargetPlatform means what platform we need to test, such as, f17, f18, f18-gnome, f19, and el6-candidate, etc.
# -- scratch is the key word means to ask koji to build the package but not tag it for the target
# the sourceRPMfile is your source that prepares for testing

After I issue the command of “koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm”, then the testing source package will upload to fedora server in this address http://koji.fedoraproject.org/koji/tasks .  You can find your task number after executes the command.  Based on the task number, you can find out your package building status from koji.fedora server. If the command line returns feedback that says build completed successfully and it means that the process of your package testing runs without any errors and passes the testing based on the two basic architectures of x86_64 and i686.  This process is about to take 3 minutes to finish, and the mock building times for this package uses 5 minutes.  Below is the output;

[root@localhost SRPMS]# koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm
Uploading srpm: wget-1.13.4-2.fc17.src.rpm
[====================================] 100% 00:00:19   1.86 MiB  99.16 KiB/sec
Created task: 4567716
Task info: http://koji.fedoraproject.org/koji/taskinfo?taskID=4567716
Watching tasks (this may be safely interrupted)...
4567716 build (f17, wget-1.13.4-2.fc17.src.rpm): free
4567716 build (f17, wget-1.13.4-2.fc17.src.rpm): free -> open (ppc12.phx2.fedoraproject.org)

4567718 buildArch (wget-1.13.4-2.fc17.src.rpm, i686): free
4567717 buildArch (wget-1.13.4-2.fc17.src.rpm, x86_64): open (buildvm-13.phx2.fedoraproject.org)
4567718 buildArch (wget-1.13.4-2.fc17.src.rpm, i686): free -> open (buildvm-06.phx2.fedoraproject.org)
4567717 buildArch (wget-1.13.4-2.fc17.src.rpm, x86_64): open (buildvm-13.phx2.fedoraproject.org) -> closed
0    free  2 open  1 done  0 failed
4567718 buildArch (wget-1.13.4-2.fc17.src.rpm, i686): open (buildvm-06.phx2.fedoraproject.org) -> closed
0 free  1 open  2 done  0 failed
4567716 build (f17, wget-1.13.4-2.fc17.src.rpm): open (ppc12.phx2.fedoraproject.org) -> closed
0 free  0 open  3 done  0 failed 
4567716 build (f17, wget-1.13.4-2.fc17.src.rpm) completed successfully

2)      Follow this solution, we can test the same package throughout different architectures, such IBM, and uses follow command of “S390-koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm”. The task status will up load to http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=whateveryourtasknumber for testing the source RPM package in IBM platform. This process takes longer than others in general as least in my attempt because it depends how many people are actually using the testing services in the fedora server end. The testing will exam IBM s390 and s390x platform if it finishes successfully, then the result should look similar like below example.

[root@localhost SRPMS]# s390-koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm
Uploading srpm: wget-1.13.4-2.fc17.src.rpm
[====================================] 100% 00:00:20   1.86 MiB  91.00 KiB/sec
Created task: 827832
Task info: http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=827832
Watching tasks (this may be safely interrupted)...
827832 build (f17, wget-1.13.4-2.fc17.src.rpm): free
827832 build (f17, wget-1.13.4-2.fc17.src.rpm): free -> open (fedora3.s390.bos.redhat.com)
  827833 buildArch (wget-1.13.4-2.fc17.src.rpm, s390): free
  827834 buildArch (wget-1.13.4-2.fc17.src.rpm, s390x): free
  827833 buildArch (wget-1.13.4-2.fc17.src.rpm, s390): free -> open (fedora2.s390.bos.redhat.com)
  827834 buildArch (wget-1.13.4-2.fc17.src.rpm, s390x): free -> open (fedora1.s390.bos.redhat.com)
  827834 buildArch (wget-1.13.4-2.fc17.src.rpm, s390x): open (fedora1.s390.bos.redhat.com) -> closed
  0 free  2 open  1 done  0 failed
  827833 buildArch (wget-1.13.4-2.fc17.src.rpm, s390): open (fedora2.s390.bos.redhat.com) -> closed
  0 free  1 open  2 done  0 failed
827832 build (f17, wget-1.13.4-2.fc17.src.rpm): open (fedora3.s390.bos.redhat.com) -> closed
  0 free  0 open  3 done  0 failed

827832 build (f17, wget-1.13.4-2.fc17.src.rpm) completed successfully

3)      Then, we can try to test the package in power PC to see whether it works or not. I uses the command of “ppc-koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm” to test the package in power pc environment. The task status can be found in the link of http://ppc.koji.fedoraproject.org/koji/taskinfo?taskID=whateveryourtasknumber. The testing case will exam the ppc 32bit and 64bit system. If it finishes successfully, then the result should look similar like below example.

[root@localhost SRPMS]# ppc-koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm
Uploading srpm: wget-1.13.4-2.fc17.src.rpm
[====================================] 100% 00:00:22   1.86 MiB  85.16 KiB/sec
Created task: 728977
Task info: http://ppc.koji.fedoraproject.org/koji/taskinfo?taskID=728977
Watching tasks (this may be safely interrupted)...
728977 build (f17, wget-1.13.4-2.fc17.src.rpm): free
728977 build (f17, wget-1.13.4-2.fc17.src.rpm): free -> open (ppc-builder6)
  728978 buildArch (wget-1.13.4-2.fc17.src.rpm, ppc): free
  728979 buildArch (wget-1.13.4-2.fc17.src.rpm, ppc64): free
  728978 buildArch (wget-1.13.4-2.fc17.src.rpm, ppc): free -> open (ppc-builder6)
  728979 buildArch (wget-1.13.4-2.fc17.src.rpm, ppc64): free -> open (ppc-builder6)
  728978 buildArch (wget-1.13.4-2.fc17.src.rpm, ppc): open (ppc-builder6) -> closed
  0 free  2 open  1 done  0 failed
  728979 buildArch (wget-1.13.4-2.fc17.src.rpm, ppc64): open (ppc-builder6) -> closed
  0 free  1 open  2 done  0 failed
728977 build (f17, wget-1.13.4-2.fc17.src.rpm): open (ppc-builder6) -> closed
  0 free  0 open  3 done  0 failed

4)      The last attempt is to test arm architectures of armv5tel and armv7hl.  I use command of “arm-koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm” for testing rpm package.  The process takes around 6 minutes to completing the testing. As the example below, the test result can be found from here:  http://arm.koji.fedoraproject.org/koji/taskinfo?taskID=1178537

[root@localhost SRPMS]# arm-koji build f17 --scratch wget-1.13.4-2.fc17.src.rpm
Uploading srpm: wget-1.13.4-2.fc17.src.rpm
[====================================] 100% 00:00:34   1.86 MiB  55.98 KiB/sec
Created task: 1178537
Task info: http://arm.koji.fedoraproject.org/koji/taskinfo?taskID=1178537
Watching tasks (this may be safely interrupted)...
1178537 build (f17, wget-1.13.4-2.fc17.src.rpm): free
1178537 build (f17, wget-1.13.4-2.fc17.src.rpm): free -> open (hsv-yosemite-1-4-v5tel)
  1178539 buildArch (wget-1.13.4-2.fc17.src.rpm, armv5tel): free
  1178538 buildArch (wget-1.13.4-2.fc17.src.rpm, armv7hl): free
  1178538 buildArch (wget-1.13.4-2.fc17.src.rpm, armv7hl): free -> open (cdot-panda-12-2-v7hl)
  1178539 buildArch (wget-1.13.4-2.fc17.src.rpm, armv5tel): free -> open (cdot-panda-6-1)
  1178539 buildArch (wget-1.13.4-2.fc17.src.rpm, armv5tel): open (cdot-panda-6-1) -> closed
  0 free  2 open  1 done  0 failed
  1178538 buildArch (wget-1.13.4-2.fc17.src.rpm, armv7hl): open (cdot-panda-12-2-v7hl) -> closed
  0 free  1 open  2 done  0 failed
1178537 build (f17, wget-1.13.4-2.fc17.src.rpm): open (hsv-yosemite-1-4-v5tel) -> closed
  0 free  0 open  3 done  0 failed

1178537 build (f17, wget-1.13.4-2.fc17.src.rpm) completed successfully


Posted by at No comments:
Subscribe to: Posts (Atom)