repository rpm (optional) | narrabilis.com

By thomas, Fri, 07/24/2009 - 14:40

If you don't want to build a repository rpm, you can just put the local.repo file into your kickstart file. You will need to import the key using rpm --import also.

A somewhat better way to do it is to make a repository rpm that install the file and the key. To make such an rpm, create a working directory in signer's home directory

[root@server0 ~]# yum -y install rpm-build
[root@server0 ~]# su - signer
[signer@server0 ~]$ mkdir -p src/RPMS src/SPECS src/BUILD src/SRPMS
[signer@server0 ~]$ echo "%_topdir /home/signer/src" >> ~/.rpmmacros
[signer@server0 ~]$ cd src/SPECS
[signer@server0 SPECS]$ cat Example.com-local.spec
Summary: yum Local repository
Name: Example.com-Local
Version: 1
Release: 1
Group: System Environment/Base
License: GPL
BuildRoot: %{_tmppath}/%{name}-root
BuildArch: noarch

%description
This rpm contains the yum Example.com Local repository

%prep

%build

%install
mkdir -p $RPM_BUILD_ROOT/etc/yum.repos.d/
cat > $RPM_BUILD_ROOT/etc/yum.repos.d/local-%{version}-local.repo  $RPM_BUILD_ROOT/etc/pki/rpm-gpg/RPM-GPG-KEY-example.com 
- initial release

[signer@server0 SPECS]$ rpmbuild -ba Example.com-local.spec 
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.10406
+ umask 022
+ cd /home/signer/src/BUILD
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.10406
+ umask 022
+ cd /home/signer/src/BUILD
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.10406
+ umask 022
+ cd /home/signer/src/BUILD
+ mkdir -p /var/tmp/Example.com-Local-root/etc/yum.repos.d/
+ cat
+ mkdir -p /var/tmp/Example.com-Local-root/etc/pki/rpm-gpg/
+ cat
+ exit 0
Processing files: Example.com-Local-1-1
Requires(interp): /bin/sh /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) = 3.0.4-1 rpmlib(PayloadFilesHavePrefix) = 4.0-1
Requires(post): /bin/sh
Requires(postun): /bin/sh
Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/Example.com-Local-root
Wrote: /home/signer/src/SRPMS/Example.com-Local-1-1.src.rpm
Wrote: /home/signer/src/RPMS/noarch/Example.com-Local-1-1.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.10406
+ umask 022
+ cd /home/signer/src/BUILD
+ rm -rf /var/tmp/Example.com-Local-root
+ exit 0
[signer@server0 SPECS]$ cd ../
[signer@server0 src]$ cp RPMS/noarch/Example.com-Local-1-1.noarch.rpm SRPMS/Example.com-Local-1-1.src.rpm /var/www/html/install/Local

Now we need to move the rpms into the correct directories and rerun createrepo. We should script this at this point. Here is a simple script (modified from the one we use) that checks if rpms are signed and then links them into the appropriate directory. By linking first, we can make multiple links and then remove the copy in the current directory.

[signer@server0 Local]$ mkdir ~/bin
[signer@server0 Local]$ cat ~/bin/update_repo 
#!/bin/sh

COMPS=comps.xml

# determine the architecture of the rpm (noarch x86_64 i386...)
rpm_arch() {
	echo $1 | awk -F'.' '{NF=NF-1; print $NF}'
}

# build a list of rpms to move
for i in $@ *.rpm; do
	if [ -f "$i" ]; then
		case $i in
			*rpm)
				if rpm -K $i | awk '/pgp/ && /OK/ && !/NOT OK/' &>/dev/null; then
					RPMLIST="$RPMLIST $i"
				else
					echo "ERROR: rpm $i is NOT SIGNED"
					exit 1
				fi
				;;
			*)
				echo "ERROR: $i is not an rpm"
				exit 1
				;;
		esac
	else
		if [ "XXX$i" != "XXX*.rpm" ]; then
			echo "ERROR: $i is not a file"
			exit 1
		fi
	fi
done

echo $RPMLIST
if [ -d i386 -a -d x86_64 -a -d SRPMS ]; then
	for i in $RPMLIST; do
		ARCH=`rpm_arch $i`
		case $ARCH in
			src)
				ARCH=SRPMS
				;;
			i386|i486|i586|i686)
				ARCH=i386
				;;
			x86_64)
				;;
			noarch)
				ARCH="i386 x86_64"
				;;
			*)
				ARCH=unknown
				echo "$i unknown architecture"
				;;
		esac
		ERROR=""
		if [ "$ARCH" != "unknown" ]; then
			for DESTARCH in $ARCH
			do
				if [ -e $DESTARCH/$i ]; then
					echo "$i already exists in $DESTARCH"
					ERROR=1
				else
					echo "linking $i into $DESTARCH"
					ln $i $DESTARCH
				fi
			done
			if [ -z "$ERROR" ]; then
				# linking was successful, remove file
				rm -f $i
			else
				echo "ERROR: could not link $i"
			fi
		fi
	done
	echo "Running createrepo now"	
	for ARCH in i386 x86_64
	do
		createrepo -g $COMPS $ARCH
	done
else
	echo "ERROR: required directories not found (i386 x86_64 SRPMS)"
fi
[signer@server0 Local]$ chmod 755 ~/bin/update_repo
[signer@server0 Local]$ ~/bin/update_repo 
ERROR: rpm Example.com-Local-1-1.noarch.rpm is NOT SIGNED

We forgot to sign the rpms we just built. Sign them now.

[signer@server0 Local]$ rpm --addsign *rpm
Enter pass phrase: 
Pass phrase is good.
Example.com-Local-1-1.noarch.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
Example.com-Local-1-1.src.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened

Now try that update again

[signer@server0 Local]$ ~/bin/update_repo 
Example.com-Local-1-1.noarch.rpm Example.com-Local-1-1.src.rpm
linking Example.com-Local-1-1.noarch.rpm into i386
linking Example.com-Local-1-1.noarch.rpm into x86_64
linking Example.com-Local-1-1.src.rpm into SRPMS
Running createrepo now
4/4 - func-0.24-1.el5.noarch.rpm                                                
Saving Primary metadata
Saving file lists metadata
Saving other metadata
8/8 - augeas-0.5.1-1.el5.x86_64.rpm                                             
Saving Primary metadata
Saving file lists metadata
Saving other metadata

Now we have our rpm signed and in our repo and can install it at install time using kickstart.