Monday, May 30, 2011

Build RPM from source file

Traditionally, Installing  from source file need to go through several steps: ./configure;make;make install;make clean. RPM can automate the process by SPEC file. Once binary RPM package is generated, it can be easily distributed to other servers.
This article use hping3 source file as an example to demonstrate the basics to build RPM. For further information, please refer to http://rpm5.org/docs/rpm-guide.html
Install rpmbuild
$yum install rpm-build
RPM Macros
#Various RPM Macros locations
/usr/lib/rpm/macros #Global default macros
/etc/rpm/micros   #Global user defined macros
~/.rpmmacros  #per-user defined  macros
rpmbuild --define 'macro_name value '   #define at run time
#display a macro
$ rpm --eval %{_vendor}
redhat
#display all macros
rpm --showrc
Setup build environment 
#It is preferred to use a non-root user  to to control build
$useradd builder
$ echo '%_topdir    /home/builder/redhat'  > .rpmmacros
$ mkdir -p /home/builder/redhat/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
Building RPM  involves following steps:
1. Preparing for building, including unpacking the sources
2. Building (compiling)
3. Installing the application or library
4. Cleaning up
5. Customized scripts for pre-install,post-install, pre-uninstall, post-uninstall
6. List files to be packaged into RPM
7. Add changelog
8. GPG sign package
The first 7 steps are controlled by SPEC  file
##This spec file use hping3 source file as an example 
[builder]$ cat  /home/builder/redhat/SPECS/hping3.spec
%define name hping3
%define version 3.0
Name: %{name}
Version: %{version}
Release: 0
License: GPL
##Pick a name in  /usr/share/doc/rpm-*/GROUPS
Group: Applications/System
URL: http://www.hping.org
##All  source files should be packed  under a dir named:    %{name}-%{version}   e.g. ./hping3-3.0/*
##Packed file name should be  %{name}-%{version}.XX  e.g. hping3-3.0.tar.gz
Source: hping3-3.0.tar.gz
Patch0: hping3.patch
#Patch1: 2.patch
#PreReq: unzip
##libpcap is required package for hping to work
Requires: libpcap
##gcc and libpcap-devel are required duing compling
BuildPreReq: gcc libpcap-devel
BuildArch:x86_64
##BuildRoot is staging area that looks like the final installation directory 
##all final files are copied to BuildRoot
BuildRoot: %{_tmppath}/%{name}-root
Summary: hping3 is a network tool.
%Description
hping3 is a network tool able to send custom TCP/IP
packets and to display target replies like ping do with
ICMP replies.
##1. Prepare
%prep
####%setup will go to ~/redhat/BUILD dir and unpack soure files
%setup -q
%patch0
##2. Build
%build
%configure --no-tcl
make
##3. Install
%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT{/usr/sbin,/usr/share/man/man8}
install -m 755 hping3   $RPM_BUILD_ROOT/usr/sbin/
(cd $RPM_BUILD_ROOT/usr/sbin; ln -s hping3 hping2 ; ln -s hping3 hping )
%{__gzip}  ./docs/hping3.8&& \
install -m 644 ./docs/hping3.8.gz $RPM_BUILD_ROOT/usr/share/man/man8
##4. Clean up
%clean
rm -rf $RPM_BUILD_ROOT
make clean
##-5. customized scripts; view all scripts of a rpm file "rpm -q --scripts file.rpm"
####user is not needed, demonstration purpose only
%pre
useradd hping
%post
chage -M -1 hping
#### $1=0 remove; $1=1 first install; $1>=2 upgrade
%postun
if [ $1 = 0 ]; then
userdel -r hping
fi
##6. list files to be packed to RPM
%files
%defattr(-,root,root)
%attr(755,root,root) /usr/sbin/hping*
%doc /usr/share/man/man8/hping3.8.gz
##7. changlog
%changelog
#### date Format:  date +'%a %b %d %Y'
* Mon May 30 2004   antirez <email@com>
- First public release of hping3
Test each stage by rpmbuild
$rpmbuild --help
Build options with [ <specfile> | <tarball> | <source package> ]:
-bp                           build through %prep (unpack sources and apply
patches) from <specfile>
-bc                           build through %build (%prep, then compile)
from <specfile>
-bi                           build through %install (%prep, %build, then
install) from <specfile>
-bl                           verify %files section from <specfile>
-ba                           build source and binary packages from
<specfile>
-bb                           build binary package only from <specfile>
GPG Sign RPM file
Sign a package to prove source identity  of the file
#Create gpg key pair,remmber the keypass for private key, it will be asked when signing package
$gpg --gen-key
#Tell rpm which gpg key to use
$ cat ~/.rpmmacros
%_topdir    /home/builder/redhat
%_signature gpg
%_gpg_name rpm test <rpm.test@com>
#Sign RPM with GPG private key
#Before RPM created, use rpmbuid --sign spec-file
#After RPM created, use rpm --resign
$rpm --resign /home/builder/redhat/RPMS/x86_64/hping3-3.0-0.x86_64.rpm
#Export GPG pulic key
$gpg --export -a > /tmp/my-gpg.pub
#Before import, signature "NOT OK"
$rpm --checksig hping3-3.0-0.x86_64.rpm
hping3-3.0-0.x86_64.rpm: (SHA1) DSA sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#31f8d18a)
#Import GPG pub key
$rpm --import /tmp/my-gpg.pub
#after import,  signature "OK"
$ rpm --checksig hping3-3.0-0.x86_64.rpm
hping3-3.0-0.x86_64.rpm: (sha1) dsa sha1 md5 gpg OK
#list all imported GPG keys
$ rpm -qa gpg*
gpg-pubkey-32a349c9-493c185a
gpg-pubkey-31f8d18a-4de2fc7b
gpg-pubkey-e8562897-459f07a4

No comments:

Post a Comment