Repositories and Distribution
The Purpose of this lab is to sign and create a repository in order to distribute my newly created and tested RPM file.
To sign my RPM package first I have to generate a key. This is done using GPG.
This application asks you a few questions including
- Type of key
- Key expiry
- Email address
After generating my key, I edit my ~/.rpmmacros file and add in the line:
Now I can sign my RPM with the newly generated key and then export the public key in to be used later :
rpm –addsign rpmbuild/RPMS/i686/spell-1.1-1.fc15.i686.rpm
gpg –export –armour firstname.lastname@example.org > mygpg
Using root privileges I moved my exported key in to the /etc/pki/rpm-gpg directory:
mv /home/nick/mygpg /etc/pki/rpm-gpg/RPM-GPG-KEY-nlambertrepo
I then created a temporary directory to make my repository in and copied my RPM to it. From there I ran the “createrepo” command to generate the repo data folder.
cp rpmbuild/RPMS/i686/spell-1.1-1.fc15.i686.rpm temp
I then copied the contents of the repodata folder and my source file to a web host (Matrix)
scp -r spell-1.1-1.fc15.i686.rpm repodata nlambert@matrix:~/public_html/myrepo
SSHing into my matrix account I moved the files into their proper places:
mv *.gz public_html/myrepo/repodata/
mv *.bz2 public_html/myrepo/repodata/
mv repomd.xml public_html/myrepo/repodata/
mv spell-1.1-1.fc15.i686.rpm public_html/myrepo/
In order to test my newly signed and created repository, I copied one of the files in /etc/yum.repos.d in order to create my own.
cp /etc/yum.repos.d/fedora /fedora.repo etc/yum.repos.d/nlambert.repo
The contents of my custom repository file
- name= NLambert Repo
Line 1 is the listed name of the custom repository.
Line 4 is the location of my repository where the RPM may be downloaded from.
Line 5 enables the repo file for use when installing files.
Line 6 specifies when the client must update their version of this repo in order to check for new updates.
Line 7 specifies that the RPMs served from this repo are signed with a key.
Line 8 specifies that the public key to be used to verify the signing of the RPMs should be located in /etc/pki/rpm-gpg and named RPM-GPG-KEY-nlambertrepo
Using this file I am now able to install from my very own repository!
A method I used to check my custom repo was “rpm repolist” which displays all repositories which you may install/update from.
From here I’m able to install from my repository with the command “yum install spell”. Because my version of spell has a higher version number it is able to install it from my repository.
In order to make my repo available to others I can package my repo file and my GPG key into an rpm of its own.
I have yet to do this but will be detailing my attempt at it in my next blog post.