Monday, April 18, 2011

Creating a YUM Repository

Welcome Again. In this post I will describe the steps required in order to create your own YUM repository that can be used to install new versions of software. For this post I am using the “gnupg-1.4.11-1.fc14.x86_64.rpm” I created in my previous posts. Only this time I had added an option in the Spec File which increased the Epoch version.

Before we begin you need to generate a GPG Key using the gpg --gen-key command -- this allows you to sign your RPM file.

After you generate your key you will need to add the email address associated to your GPG key to the %_gpg_name macro in the ~/.rpmmacros file -- %_gpg_name “email-address”.

Our first step after creating our GPG key would be to sign this RPM package, the command that we need to use in order to accomplish this is below – enter your pass phrase when prompted;
rpm --addsign gnupg-1.4.11-1.fc14.x86_64.rpm
Enter pass phrase:
Pass phrase is good.

If the previous command returned successful then we can move onto the next step – creating your repository. (Assuming Apache is installed we will create the directory /var/www/html/fedora/14/x86_64/rpms/ which will hold our RPM files). To accomplish this follow the steps provided below;

Log in as the super user
cp ~/rpmbuild/RPMS/gnupg-1.4.11-1.fc14.x86_64.rpm  /var/www/html/fedora/14/x86_64/rpms/
createrepo /var/www/html/fedora/14/x86_64/rpms/ (output provided below)
1/1 - gnupg-1.4.11-1.fc14.x86_64.rpm                                           
Saving Primary metadata
Saving file lists metadata
Saving other metadata

If the YUM repository was created successfully above you should see a directory named repodata in the /var/www/html/fedora/14/x86_64/rpms/ directory.

After we have verified that the repository has been created you will need to create a new repository file inside of the /etc/yum.repos.d directory -- an example of a repository file (called fedora-gcasella.repo) I have created is below;
[fedora-gcasella]
name=Fedora $releasever - $basearch
failovermethod=priority
baseurl=http://gcasella.dynamic-dns.net/fedora/14/$basearch/rpms/
enabled=1
metadata_expire=7d
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-gcasella

IMPORTANT: If the gpgkey option is commented out and you try to run the yum install command you will receive an error indicating that the public key for the package is not installed.

Before testing out new repository we will create a new file within the /etc/pki/rpm-gpg/ directory – you may give it any name that you want.

After creating this file we will run the command; gpg --export --armor <email-address> (ensure that this is done as the regular user and NOT the super user.) Save the output of this command to the new file you had created inside of the /etc/pki/rpm-gpg/ directory.
If everything has gone well you will be able to test your newly created repository (ensure that the httpd service is started on the machine holding your RPM files.) and run the yum install gnupg command. You should receive similar output as below;

Loaded plugins: langpacks, presto, refresh-packagekit
Adding en_US to language list
fedora-gcasella                                                                                                                       | 1.3 kB     00:00    
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package gnupg.x86_64 3:1.4.11-1.fc14 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

=============================================================================================================================================================
 Package                         Arch                             Version                                    Repository                                 Size
============================================================================================================================================================
Updating:
 gnupg                           x86_64                           3:1.4.11-1.fc14                            fedora-gcasella                           1.2 M

Transaction Summary
============================================================================================================================================================
Upgrade       1 Package(s)

Total size: 1.2 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID e1af8018: NOKEY
fedora-gcasella/gpgkey                                                                                                                | 3.4 kB     00:00 ...
Importing GPG key 0xE1AF8018:
Userid: "Gian-Luca Casella <gcasella@learn.senecac.on.ca>"
From  : /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-gcasella
Is this ok [y/N]: y

Selecting “y” will install the GPG key into your system, indicating that it is now a valid signature and to accept any other packages from you that you may have available for download.


Repository-Release RPM:

To make it easier for other users to access my repository I have created an RPM which contains both my repository file along with my GPG key. This RPM can be found by clicking on this link.

The steps below show how I was able to create this repository release RPM file …
cp /etc/yum.repos.d/fedora-gcasella.repo   ~/rpmbuild/SOURCES/
cp /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-gcasella ~/rpmbuild/SOURCES/
tar cvf gcasellarepo-0.0.1.tar *gcasella* && gzip gcasellarepo-0.0.1.tar

The commands above will copy the repository file and the GPG Key file (created previously) into your ~/rpmbuild/SOURCES/ directory. Next you would need to create a tarball of these files using the tar cvf command – this tarball can be found here.

Once we have the Sources in the appropriate place we will create the SPEC file, the contents of my spec file are listed below, this will install the repository file and the GPG key to their appropriate locations;

Name:gcasellarepo
Version:0.0.1
Release:1%{?dist}
Summary:RPM Package containing my repository file along with my GPG Key

Group:System Environment/Base
License:GPLv3
URL:http://gcasella.dynamic-dns.net/fedora/
Source0:http://gcasella.dynamic-dns.net/fedora/14/x86_64/source/gcasellarepo-0.0.1.tar.gz
BuildRoot:%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description
Installs my custom made repository configuration file along with its GPG key

%prep
%setup -q

%build

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/yum.repos.d/
mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/pki/rpm-gpg/
cp -p fedora-gcasella.repo $RPM_BUILD_ROOT%{_sysconfdir}/yum.repos.d/
cp -p RPM-GPG-KEY-fedora-gcasella $RPM_BUILD_ROOT%{_sysconfdir}/pki/rpm-gpg/

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%doc
/etc/yum.repos.d/fedora-gcasella.repo
/etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-gcasella

%changelog
* Tue Feb 08 2011 Gian-Luca Casella <gcasella@learn.senecac.on.ca> 0.0.1
- Created my own personal RPM in order to install both my repository file along with the corresponding GPG Key needed to install with.

Additional Notes:

If you buy chance have SELinux running and is set to “Enforcing” issue the setsebool  -P httpd_read_user_content 1 command, this has fixed any issues for me.
Gian-Luca Casella -- Last Updated on Monday, April 18, 2011

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)