Creating RPM Repositories and Making a Repository Installer

Creating a Repository for RPMs and Creating your own RPM repo installer

Install the necessary tools
yum install rpm-sign gnupg

Now create the gpg certificates
gpg –gen-key
select default for everything, then enter a password

Edit the file /home/username/.rpmmacros and add the macro
%_gpg_name “email-address”

where email address is your email address.

Note: If you are using a package that is already found inside the fedora repositories, you will need to increment the release number, so that your release number is higher. After doing this, the package with the highest release number will be installed.

Next sign your rpm packages
rpm –addsign units-2.00-9.fc17.x86_64.rpm

Add your key to the list of allowed keys to use. If you do not add your key to the allowed list of keys on each computer using your repo, then you will not be allowed to install the package. This will result in this error:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID f2f80ec8: NOKEY

So, instead of getting this error, lets add the key to the list. First as the same user that you ran “gpg –gen-key” as, run:
gpg –export –armour EMAIL-ADDRESS

Where the email is the one entered in the previous steps. Copy the output, which should be your public key, and place it in a file in the directory /etc/pki/rpm-gpg/ for example:
sudo vi /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-oatley
then paste the key inside this file

Create the yum repository
In this case, the repo file connects locally, create this file in /etc/yum.repos.d/
this file created was called: fedora-oatley.repo
sudo vi /etc/yum.repos.d/fedora-oatley.repo

[fedora-oatley]
name=fedora-oatley
baseurl=http://ip-address-of-your-computer/repo
enabled=0
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-oatley

Making the repository on a httpd server
Install the httpd server
sudo yum install httpd
make a directory that you would like to contain repo data
sudo mkdir /var/www/html/repo/
copy over the sign packages that you would like your repo to serve
sudo cp /home/username/rpmbuild/RPMS/x86_64/units-2.00-9.fc17.x86_64.rpm /var/www/html/repo
create the repo meta data
createrepo /var/www/html/repo
Make sure the httpd is running
systemctl start httpd.service

To disable all repositories and enable only yours, then install the package:
yum –disablerepo=\* –enablerepo=your-repository-name install package-name

For my repository I used:
yum –disablerepo=\* –enablerepo=fedora-oatley install units

Note: The next part is making an rpm that can install your repository on another persons computer, this part will only work if your httpd webserver is serving to the internet, and you placed the correct ip address inside your .repo file.

Installing a repository on a remote computer with an rpm

First gather some of the files created in the previous steps

The repository file that was created
/etc/yum.repos.d/oatley-raspi.repo

The gpg key that was created
/etc/pki/gpg-rpm/RPM-GPG-KEY-oatley-raspi

Copy these files to a temporary folder named: your-package-name-1.0
For example
mkdir oatley-raspi-repo-1.0

Note: the name is important and you will need to remember it and use it in a later part! The 1.0 at the end is the version number, you will be placing this in the spec file later.

Now you need to archive and compress the folder and the 2 files inside
tar -cvzf oatley-raspi-repo.tar.gz oatley-raspi-repo-1.0

Next copy the .tar.gz file to your SOURCES directory in your rpmbuild folder
cp oatley-raspi-repo.tar.gz ~/rpmbuild/SOURCES/

Now you need to create the spec file for the rpm. There are a couple difference in this spec file compared to that of one containing a binary file.

The first difference is the line:
BuildArch: noarch
Which tells the build that this is not a binary rpm, which means the rpm just contains config files, images, text, etc. But no binary files or programs.

Putting the exit 0 after all of these macros is not required, but if you are running into issues with it failing due to installation issues such as running a ./configure, then they may help.
%prep
exit 0
%setup -q
%build
exit 0

This is where we install the config files, or the repo file and the gpg key file. There is no configure, make, or make install macros in this spec file as we are not performing any of these action.
%install
mkdir -p %{buildroot}/etc/yum.repos.d/
mkdir -p %{buildroot}/etc/pki/rpm-gpg/
cp oatley-raspi.repo %{buildroot}/etc/yum.repos.d/oatley-raspi.repo
cp RPM-GPG-KEY-oatley-raspi %{buildroot}/etc/pki/rpm-gpg/RPM-GPG-KEY-oatley-raspi

The last difference, which could easly be inside either a binary or a noarch spec file, is the %config(noreplace) macros. By adding files into the /etc, rpmbuild assumes they are either executable files or config files. Since in this case they are not executable files, you declare them as config files with the %config macro. If you say “%config(noreplace) file” then if it finds a copy of the file it will not replace it, if you say “%config(replace) file” then the file will be replaced.
%files
%doc README
%config(noreplace) /etc/yum.repos.d/oatley-raspi.repo
%config(noreplace) /etc/pki/rpm-gpg/RPM-GPG-KEY-oatley-raspi

Run rpmbuild followed by rpmlint to check the spec and rpm files for errors and fix them accordingly(if there are any unexpected errors)
rpmbuild -ba SPECS/oatley-raspi-repo.spec
rpmlint -i SPECS/oatley-raspi-repo.spec

At this point you should be able to install your repo on another computer and connect to your repository and download any of the packages on it.

If you would like to view the files I used and the final outcome of all packages visit here: http://99.251.80.134/

Good luck!

Advertisements

About oatleywillisa

Computer Networking Student
This entry was posted in SBR600. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s