Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Task 1
- •
- •
- RPM CREATION
- Set up non-root RPM build environment
- Rebuild a binary package from a src.rpm
- This lab will primarily be done while logged in as a non-root user. Occasionally
- you will need root privileges. The lab will direct you to use the su command to
- become root when required. Start by logging in —or obtaining a shell as a non-
- root user.
- 1. The creation of RPMs requires the use of several developer tools. These
- include both the standard development tools such as the GNU Compiler
- Collection, GNU make, and related packages, as well as specific RPM building
- 12-39tools. Verify that you have the following standard development tool packages
- installed:
- $ rpm -q gcc
- gcc-3.2.2-5
- • The exact version returned on this package and others will vary
- depending on what version of RHEL/FC or SLES/SL Linux you are
- $ rpm -q gcc-c++
- using. What matters is that the packages are installed, not the
- rpm-c++-3.2.2-5
- exact versions which are installed.
- $ rpm -q make
- make-3.79.1-17
- $ rpm -q bison
- bison-1.35-6
- $ rpm -q binutils
- binutils-2.13.90.0.18-9
- Note that a full development environment will have many more related
- packages installed as well. However, if the above packages are installed, it is a
- strong indication that the other needed packages are also installed.
- Now, verify that you have the proper RPM building utilities installed. On
- RHEL/FC the utilites are part of the rpm-build RPM package which can be
- optionally installed. On SLES/SL the utilties are part of the rpm package which
- is always installed. Run the following command only on RHEL/FC:
- [RHEL/FC]$ rpm -q rpm-build
- rpm-build-4.3.2-21
- Also determine which RPM version you have installed:
- $ rpm -q rpm
- rpm-4.3.2-21
- Different RPM versions support different features and are used differently, so it
- is important to determine which version of RPM is being used.
- 2. Remove any installed packages that will conflict with packages built manually in
- upcoming steps:
- [SLES/SL]# rpm -e ltris nmap lbreakout
- [RHEL/FC]# rpm -e nmap nmap-frontend
- 3. Out of the box on RHEL/FC, the system RPM build directory structure,
- /usr/src/redhat/, is only writable by the root user. On SLES/SL the RPM
- 12-40build directory structure is located at /usr/src/packages/ and is writable
- by everyone.
- The recommended practice is NOT to build RPMs as the root user, create a
- RPM build directory tree in your non-root user’s home directory for isolation
- from other users.
- Make sure your present working directory is your home directory, and then
- create the RPM build directory structure:
- $ cd
- $ mkdir -p rpmbuild/{SOURCES,SPECS,BUILD,SRPMS,RPMS}
- $ mkdir rpmbuild/RPMS/{i386,i586,i686}
- 4. When building RPMs using the rpmbuild command, the RPM software must
- locate the RPM build directory structure. To do this, it reads the value of the
- %_topdir RPM macro. The macro container files that macros are read from
- start with the RPM default /usr/lib/rpm/macros file, then the local system
- override file /etc/rpm/macros is consulted (if it exists), and finally, the per-
- user macro file is read, ~/.rpmmacros (if it exists). Any macro found in the
- per-user macro file will override the same macro in the local system override
- file, and any macro found in the local system override file will override macros
- from the RPM default file.
- Create a ~/.rpmmacros file and set the %_topdir RPM macro to point to • Red Hat Linux 9 and later RHEL/FC releases generate debuginfo
- packages by default. These debuginfo RPMs can be installed
- the directory structure you created in the previous step. Also, set the
- when installing an application to get more capability to debug
- %debug_package macro to turn off the automatic creation of the debuginfo
- the application. They are not typically necessary, and are often
- RPM.
- not desired, as they are quite large.
- Use your favorite text editor and create the file ~/.rpmmacros with the
- following contents:
- %_topdir
- %(echo $HOME)/rpmbuild
- %debug_package
- %{nil}
- • This %debug_package macro is only needed on systems with
- RPM 4.2 or newer.
- 5. Test your non-root RPM building environment by rebuilding a binary RPM from • This is something that is commonly done when obtaining RPMs
- off of the Internet. Unless you know for sure that an Internet
- an existing source RPM.
- binary RPM was built specifically against your version of Red Hat
- The LTris game is a popular Tetris clone. Verify that your RPM build
- Linux, it is preferable to download the src.rpm of the
- environment works by creating a binary LTris RPM from the source RPM:
- package and rebuild a binary RPM with the application linked
- $ rpmbuild --rebuild /labfiles/ltris-1.0.4-2.src.rpm
- against the exact versions of the libraries provided by your
- Installing /labfiles/ltris-1.0.4-2.src.rpm
- system, and not other, hopefully compatible libraries, or even
- library versions that are not on your system.
- Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.2652
- 12-41+ umask 022
- + cd /home/guru/rpmbuild/BUILD
- + LANG=C
- + export LANG
- + cd /home/guru/rpmbuild/BUILD
- + rm -rf ltris-1.0.4
- + /usr/bin/gzip -dc /home/guru/rpmbuild/SOURCES/ltris-
- 1.0.4.tar.gz
- + tar -xf -
- + STATUS=0
- ...Output Omitted...
- After a few minutes have elapsed, look for the Wrote: line near the end of the
- output:
- Requires: SDL >= 1.1.4 config(ltris) = 1.0.4-2 libSDL-1.2.so.0 libSDL_mixer-1.2.so.0 libc.so.6
- libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3) libm.so.6
- libpthread.so.0
- Checking for unpackaged file(s): /usr/lib/rpm/check-files
- /var/tmp/ltris-root
- Wrote: /home/guru/rpmbuild/RPMS/i386/ltris-1.0.4-2.i386.rpm • This is the line you are looking for.
- Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.9014
- + umask 022
- + cd /home/guru/rpmbuild/BUILD
- + cd ltris-1.0.4
- + rm -rf /var/tmp/ltris-root
- + exit 0
- 6. Install the binary RPM which was created in the previous step. The path to the
- binary RPM was displayed on the Wrote: line. Remember, you must switch to
- the root user to install binary RPMs to the system.
- $ su -
- Password:
- # rpm -Uvh /home/guru/rpmbuild/RPMS/i386/ltris-1.0.4-2.i386.rpm
- # exit
- $ ltris
- • Test the LTris program as a non-root user. You must be working
- in the GUI environment for this to work.
- 12-42Task 2
- •
- Update an existing source RPM with the latest software version
- Linux distributions are a collection of software packages that have been tested
- and validated together. The Linux distributions are released periodically,
- typically on a 6 month interval, while the individual packages are developed
- independently and released on separate release schedules.
- Most Linux distribution vendors release updated packages only in two
- circumstances, to fix security vulnerabilities, and to fix major bugs that impact
- many people. In all other cases, Linux distribution vendors normally wait until
- the next version of their distribution to upgraded to any other updated versions.
- Sometimes there will be a newer version of a package available —with features
- that you need— than what came with the Linux distribution version you are
- using. However, this update does not meet the requirements to be released as
- an official update for the Linux distribution. In such circumstances, you can
- create your own RPM update for the application. This is desirable over just
- downloading, compiling and installing the package to /usr/local/ in a un-
- tracked state.
- 1. To update an RPM that shipped with your distribution, start by installing an
- existing source RPM, such as one provided with your distribution. The
- distribution source RPMs for Nmap have been placed in the /labfiles/
- directory.
- $ rpm -Uvh /labfiles/nmap-3.70-1.src.rpm
- warning: /labfiles/nmap-3.70-1.src.rpm: V3 DSA signature: NOKEY, key ID 4f2a6fd2
- 1:nmap
- ########################################### [100%]
- Note that this may not be the actual source RPM for for Nmap for your specific
- Linux distribution but for the sake of consistency in the lab, will be used as
- such.
- This places the pristine source and any patches for this package into the
- ~/rpmbuild/SOURCES/ directory, and the spec file for this package into the
- ~/rpmbuild/SPECS/ directory.
- 2. Copy the newer pristine tarball of Nmap source code into your
- ~/rpmbuild/SOURCES/ directory. The tarball has been placed in
- /labfiles/ for you.
- 12-43$ cp /labfiles/nmap-3.81.tar.bz2 ~/rpmbuild/SOURCES/
- List the contents of the ~rpmbuild/SOURCES/ directory. You should see the
- tarball you just copied, plus the files provided by the source RPM you installed
- in the previous step.
- $ ls -al ~/rpmbuild/SOURCES/
- total 2574
- drwxrwxr-x
- 2 guru
- guru
- 1024 Apr 28 12:03 .
- drwxrwxr-x
- 7 guru
- guru
- 1024 Apr 26 23:45 ..
- -rw-rw-r--
- 1 guru
- guru
- 836 Sep 9 2004 inet_aton.patch
- -rw-rw-r--
- 1 guru
- guru
- 324 Sep 9 2004 makefile.patch
- -rw-rw-r--
- 1 guru
- guru
- 922293 Sep 13 2004 nmap-3.00.tar.bz2
- -rw-r--r--
- 1 guru
- guru
- 871101 Mar 22 11:29 nmap-3.81.tar.bz2
- $
- 3. The next step requires modifying the spec file. This can involve two or more
- edits, depending on the differences between the older version and the current
- version. The two major changes which are always necessary include updating
- the version and release numbers (in one or more locations), and adding a
- %changelog entry. Additional changes that may be required are forward-
- porting patches to the current version, or removing patches that are no longer
- required. Finally, sometimes the newer package changes which files are to be
- installed, requiring adjustment of the %files section.
- Open the Nmap spec file with your favorite text editor, and display the headers
- of the file ~/rpmbuild/SPECS/nmap.spec. The following example uses the
- nmap-3.70-1 spec file, with line numbers added for reference; small differences
- may exist if you are starting from a different spec file.
- 1 %{!?withgtk1:%define withgtk1 1}
- 2
- 3 Summary: Network exploration tool and security scanner
- 4 Name: nmap
- 5 Version: 3.70
- 6 Release: 1
- 7 License: GPL
- 8 Group: Applications/System
- 9 Source0: http://download.insecure.org/nmap/dist/%{name}-%{version}.tar.bz2
- 10 #Source1: nmapfe.desktop
- 12-4411 Patch0: inet_aton.patch
- 12 Patch1: makefile.patch
- 13 URL: http://www.insecure.org/nmap/
- 14 BuildRoot: %{_tmppath}/%{name}-root
- 15 Epoch: 2
- 16 BuildRequires: openssl-devel, gtk+-devel, pcre-devel, libpcap
- Change lines 5 to match the version of the newer Nmap, version 3.81.
- Verify that on line 6 the release number is set to 1 since this will be the first
- RPM release of version 3.81.
- (SLES/SL only) Change part of line 16 from gtk+-devel to gtk-devel
- since on SLES/SL this package has the needed dependencies.
- (SLES/SL only) On lines 30 and 31 make a similar changing references to
- gtk+ and gtk+-devel to gtk and gtk-devel.
- Move to the line starting with %changelog. Add a new entry by adding the
- following two lines —changing the date to today’s date— followed by a blank
- line right beneath it, for example:
- * Tue Mar 22 2005 Firstname Lastname <your@emailaddr.com> - 2:3.81-1
- - ver 3.81
- The number at the end of the first line is a common, yet not required
- convention, for including the epoch, version, and release info linked to each
- changelog entry.
- Finally, save and exit the file.
- 4. The changes that have been made may be enough. The next step is to verify
- that all current patches still apply to the newer source code. To find out, change
- into the spec file directory, and execute the Prep stage of the build:
- $ cd ~rpmbuild/SPECS/
- $ rpmbuild -bp nmap.spec
- ...Output Omitted...
- If everything works out, it should finish with no error messages or prompting for
- user input .
- If there were problems, be sure to read the next two steps for examples
- problems and their solutions. If there were no problems, you may skip to step 8
- if you wish.
- 12-455. You will know that the initial spec file changes are not enough if you get an error
- message. The most likely problem you might encounter is that patches which
- were previously applied to the older source code no longer apply against the
- newer source code. This problem might be caused by any of three different
- reasons:
- • Perhaps the old patch has been adopted and applied by the software
- maintainer, and as such should be dropped from the spec file.
- • Perhaps the patch is no longer needed since the software maintainer addressed
- the problem using some other mechanism, and as such should be dropped
- from the spec file.
- • Perhaps the old patch is still needed, but will not apply to the new source. In
- this case, a new patch against the current software should be generated to
- replace the old patch in the spec file.
- Which of these three situations is the cause of any errors, and what action to
- take, requires intelligent analysis of the patches and source code of the
- software. For example, the Nmap 3.00-4 spec file includes a patch to Nmap,
- nmap-3.00-nowarn.patch. When updating to 3.27 and leaving the patch in
- place in the spec file, the following error is produced when trying to prepare the
- new RPMs:
- $ rpmbuild -bp nmap.spec
- [snip]
- + echo 'Patch #2 (nmap-3.00-nowarn.patch):'
- Patch #2 (nmap-3.00-nowarn.patch):
- + patch -p1 -b --suffix .nowarn -s
- The text leading up to this was:
- --------------------------
- |--- nmap-3.00/tcpip.c.nowarn
- 2003-01-09 15:46:53.000000000 +0100
- |+++ nmap-3.00/tcpip.c 2003-01-09 15:49:34.000000000 +0100
- --------------------------
- File to patch:
- At this point the build process stops, with the patch command waiting for input.
- Press <CTRL-C> to abort.
- Examining the directory listing of the ~rpmbuild/BUILD/nmap-3.27/
- directory reveals that it is likely that the file tcpip.c in the 3.00 source has
- been renamed to tcpip.cc in the 3.27 source. This change prevents the
- patch from applying.
- 12-46However, more inspection is needed. Examining the patch file itself,
- ~rpmbuild/SOURCE/nmap-3.00-nowarn.patch, reveals that the patch is
- changing the following lines of code:
- printf("Data portion:\n");
- while(i < tot_len) printf("%2X%c", data[i], (++i%16)? ' ' : '\n');
- To:
- printf("Data portion:\n");
- while(i < tot_len) {
- printf("%2X%c", data[i], ((i+1)%16)? ' ' : '\n');
- i++;
- }
- in two spots in the tcpip.c file. It is important to note that you DO NOT have
- to understand the C code to analyze if the patch has already been applied.
- Opening the file ~rpmbuild/BUILD/nmap-3.27/tcpip.cc and searching
- for the string Data portion, we find the lines (in two different locations):
- printf("Data portion:\n");
- while(i < tot_len) {
- printf("%2X%c", data[i], ((i+1) %16)? ' ' : '\n');
- i++;
- }
- So, it appears as if the official 3.27 Nmap has integrated the patch that was
- being applied in the RPM building process to the 3.00 Nmap. So, the proper
- course of action is to remove references to this patch in our new spec file.
- 6. Open the file ~rpmbuild/SPECS/nmap.spec using a text editor and remove
- the two lines (prefixed here by their line numbers):
- 12 Patch2: nmap-3.00-nowarn.patch
- 36 %patch2 -p 1 -b .nowarn
- Save the file and exit the text editor, and re-run the Prep by running the
- following command:
- $ rpmbuild -bp nmap.spec
- 12-47Repeat this process until all patching failures are resolved.
- 7. Once the spec file successfully patches the software without any errors, run the
- following command to compile packages of the Nmap software:
- $ rpmbuild -ba nmap.spec
- 8. Another common problem that can prevent the successful building of the new
- RPMs are difference in files installed to the virtual root filesystem. If any files
- are installed in the virtual root filesystem, but are not referenced in the %files
- section, RPM 4.1 and higher releases will display an error and abort the build
- process. You will encounter this problem in subsequent lab sequences,
- assuming you are using RPM version 4.1 or newer.
- When you encounter those sorts of problems, you will have two possible
- solutions:
- • If the file is needed, add an entry to the %files section so that the file gets
- packaged.
- • If the file is not needed, use commands in the Install stanza to delete the
- unwanted file from the virtual root filesystem.
- On RHEL4/FC3 you will see an example of the 2nd scenario with the following
- error message will be displayed:
- error: Installed (but unpackaged) file(s) found:
- /usr/share/applications/nmapfe.desktop
- RPM build errors:
- Installed (but unpackaged) file(s) found:
- /usr/share/applications/nmapfe.desktop
- This refers to a menu desktop file. Open the spec file with a text editor, and
- examine the %install section. You will notice the following lines:
- # remove unused files
- rm -f $RPM_BUILD_ROOT/usr/share/gnome/apps/Utilities/nmapfe.desktop
- The intent is to delete the menu desktop file, but in this newer version it is
- being installed into a different location so this deletion attempt is failing.
- Correct the line to point to the new location by editing the line to read:
- rm -f $RPM_BUILD_ROOT/usr/share/applications/nmapfe.desktop
- 12-48Re-run the following command to compile packages of the Nmap software:
- $ rpmbuild -ba nmap.spec
- This should complete with out error.
- On SLES9/SL92 you will encounter two problems. The first build attempt should
- end with the following error:
- RPM build errors:
- File not found: /var/tmp/nmap-root/usr/share/nmap
- This indicates that a required directory was not found in the virtual root. Under
- the /usr/share/nmap/ directory the file nmap.dtd should exist. Do a
- search to find where it is is located inside of the virtual root:
- $ find /var/tmp/nmap-root -name nmap.dtd
- /var/tmp/nmap-root/var/tmp/nmap-root/usr/share/nmap/nmap.dtd
- If you examine the path you’ll notice that there is a var/tmp/nmap-root/
- inside of /var/tmp/nmap-root/. This is likely a error that occurs during the
- installation phase, open the spec file and locate the line make install line:
- %makeinstall nmapdatadir=$RPM_BUILD_ROOT%{_datadir}/nmap
- Edit the line and remove the extra parameter as the stock %makeinstall
- macro should be sufficient. Change the line to read:
- %makeinstall
- Re-run the following command to compile packages of the Nmap software:
- $ rpmbuild -ba nmap.spec
- You will see an example of the 2nd scenario with the following error message
- will be displayed:
- error: Installed (but unpackaged) file(s) found:
- /usr/share/applications/nmapfe.desktop
- RPM build errors:
- Installed (but unpackaged) file(s) found:
- /usr/share/applications/nmapfe.desktop
- This refers to a menu desktop file. Open the spec file with a text editor, and
- examine the %install section. You will notice the following lines:
- # remove unused files
- rm -f $RPM_BUILD_ROOT/usr/share/gnome/apps/Utilities/nmapfe.desktop
- 12-49The intent is to delete the menu desktop file, but in this newer version it is
- being installed into a different location so this deletion attempt is failing.
- Correct the line to point to the new location by editing the line to read:
- rm -f $RPM_BUILD_ROOT/usr/share/applications/nmapfe.desktop
- Re-run the following command to compile packages of the Nmap software:
- $ rpmbuild -ba nmap.spec
- This should complete with out error.
- 9. Install the new updated Nmap RPMs as root:
- $ su -
- Password:
- [RHEL4/FC3 ]# rpm -Uvh /home/guru/rpmbuild/RPMS/i386/nmap-*
- [SLES9/SL92]# rpm -Uvh /home/guru/rpmbuild/RPMS/i586/nmap-*
- Preparing...
- ########################################### [100%]
- 1:nmap
- ########################################### [ 50%]
- 2:nmap-frontend
- ########################################### [100%]
- 10. Newer Nmap versions supports version scans that report the version of
- services. Try using this feature during a confirmation run to see that your new
- Nmap RPM is working properly.
- # nmap -sV 127.0.0.1
- Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-25 18:39 MST
- Interesting ports on localhost (127.0.0.1):
- (The 1659 ports scanned but not shown below are in state: closed)
- PORT
- STATE SERVICE VERSION
- 22/tcp open ssh
- OpenSSH 3.9p1 (protocol 1.99)
- 25/tcp open smtp
- Postfix smtpd
- 111/tcp open rpcbind 2 (rpc #100000)
- 631/tcp open ipp
- CUPS 1.1
- Nmap finished: 1 IP address (1 host up) scanned in 5.379 seconds
- An older version of NMAP without the version scanning feature would have
- returned the error:
- 12-50Illegal Argument to -P, use -P0, -PI, -PB, -PM, -PP, -PT, or -PT80 (or whatever number you want for
- the TCP probe destination port)
- QUITTING!
- 12-51Task 3
- •
- •
- •
- Create a spec file from scratch for an unpackaged software application.
- Revise packages to correct packaging errors.
- Create multiple RPMs from a single source RPM.
- LBreakout2, http://lgames.sourceforge.net/index.php?project=LBreakout2, is
- a popular Breakout-style game for Linux. Unfortunately, it is not provided in
- RPM format, though the source code is readily available from the
- http://lgames.sourceforge.net/ home page. Being a devotee of all things
- Breakout and Breakout-related, you have decided to prepare an RPM of
- LBreakout2 for your system.
- This lab task requires that following packages are installed so that LBreakout2
- can be compiled:
- SDL-devel
- libpng-devel
- The RPM packages have the same name on RHEL/FC and SLES/SL. Verify that
- the packages are installed, and if not, install them now.
- 1. When creating an RPM from scratch, most packagers start with a skeleton
- spec file which lists common lines used in most spec files. Through a trial-and-
- error process, this template file can be modified and tested until it produces a
- good set of RPMs. A template spec file has been provided in your /labfiles
- directory; begin by copying this spec file for use with LBreakout2:
- $ cp /labfiles/template.spec ~/rpmbuild/SPECS/lbreakout2.spec
- 2. A copy of the source code for LBreakout2 has been provided for you. Copy this
- source code into your SOURCES directory:
- $ cp /labfiles/lbreakout2-2.4.1.tar.gz ~/rpmbuild/SOURCES
- 3. Once the source code for an application is in place and a spec file exists, the
- next task is to modify the spec to compile your software. Open your spec file
- for editing:
- $ cd rpmbuild/SPECS/
- 12-52$ vim lbreakout2.spec
- 4. Complete the Header stanza. At a minimum, you will need Summary, Name,
- Version, Release, Epoch, License, Group, Source, URL, and BuildRoot
- directives. Try creating these yourself, then compare your solution with the
- following possible solution:
- Summary: Breakout clone
- Name: lbreakout2
- Version: 2.4.1
- Release: 1
- Epoch: 0
- License: GPL
- Group: Amusements/Games
- Source0: http://ftp1.sourceforge.net/lgames/%{name}-%{version}.tar.gz
- URL: http://lgames.sourceforge.net/index.php?project=LBreakout2
- BuildRoot: %{_tmppath}/%{name}-root
- 5. The Header stanza also requires a %description directive which provides
- users with a fuller description of the purpose of the packaged application.
- Create your own %description block, similar to the following:
- %description
- The polished successor to LBreakout offers you a new challenge in more than 50 levels with loads of
- new bonuses (goldshower, joker, explosive balls, bonus magnet ...), maluses (chaos, darkness, weak
- balls, malus magnet ...) and special bricks (growing bricks, explosive bricks, regenerative bricks,
- indestructible bricks, chaotic bricks).
- And if you're through with all the levels you can create complete new level sets with the integrated
- easy-to-use level editor!
- 6. Save your spec file and quit the editor. At this point, you can test your spec file
- to be certain that your Header stanza works:
- $ rpmbuild -bp lbreakout2.spec
- Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.39167
- • RPM tells you it is executing the %prep section of the spec file.
- + umask 022
- + cd /home/guru/rpmbuild/BUILD
- 12-53+ LANG=C
- + export LANG
- + cd /home/guru/rpmbuild/BUILD
- + rm -rf lbreakout2-2.4.1
- + /usr/bin/gzip -dc /home/guru/rpmbuild/SOURCES/lbreakout2-2.4.1.tar.gz
- + tar -xf -
- + STATUS=0
- + '[' 0 -ne 0 ']'
- + cd lbreakout2-2.4.1
- ++ /usr/bin/id -u
- + '[' 50016 = 0 ']'
- ++ /usr/bin/id -u
- + '[' 50016 = 0 ']'
- + /bin/chmod -Rf a+rX,g-w,o-w .
- + exit 0
- • RPM indicates that the %prep section was processed
- successfully.
- $
- 7. The template spec file you used as a starting place has a commonly used Build
- stanza already created. Try compiling your software to see if this default Build
- stanza will work:
- $ rpmbuild -bc lbreakout2.spec
- Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.62876
- • First, the %prep stanza is processed
- ...Output Omitted...
- Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.81466
- • After the software is prepared, the %build stanza compiles it
- ...Output Omitted...
- gcc -O2 -g -pipe -march=i386 -mcpu=i686 -Wall -
- • This line shows the step of actually linking together the compiled
- objects to produce the lbreakout2 executable.
- I/usr/include/SDL -D_REENTRANT -o lbreakout2 credit.o
- shine.o extras.o balls.o shrapnells.o shots.o event.o pad-
- dle.o frame.o misc.o bricks.o difficulty.o player.o game.o
- file.o levels.o config.o item.o menu.o manager.o value.o
- chart.o editor.o help.o hint.o theme.o client.o
- client_recv.o client_data.o client_game.o client_handlers.o
- comm.o display.o main.o -lSDL_mixer ../common/libcommon.a
- ../gui/libGui.a -lpng -lz -lm -L/usr/lib -Wl,-
- rpath,/usr/lib -lSDL -lpthread
- make[3]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- 12-54make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- Making all in docs
- make[2]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[2]: Nothing to be done for `all'.
- make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[2]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- make[1]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- + exit 0
- • This exit 0 indicates that the %build completed successfully.
- $
- 8. So far, it looks like the default Build stanza should work. Next, test out the
- commonly used Install stanza which was provided in the template spec file:
- On RHEL/FC run the following command and examine the output produced, on
- SLES/SL skip to step 18. on page 62 (unless you want to read about the types of
- problems that can occur).
- $ rpmbuild -bi lbreakout2.spec
- Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.89196
- • First, the %prep
- ...Output Omitted...
- Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.89196
- • Next, the %build
- ...Output Omitted...
- Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.70963
- • Next, the %install
- ...Output Omitted...
- Making install in client
- make[1]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- Making install in gfx
- make[2]: Entering directory
- `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx'
- Making install in AbsoluteB
- make[3]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx/AbsoluteB'
- make[4]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx/AbsoluteB'
- make[4]: Nothing to be done for `install-exec-am'.
- /bin/sh ../../../mkinstalldirs /usr/share/games/lbreakout2/gfx/AbsoluteB
- mkdir /usr/share/games/lbreakout2
- mkdir: cannot create directory `/usr/share/games/lbreakout2': Permission denied
- mkdir /usr/share/games/lbreakout2/gfx
- 12-55mkdir: cannot create directory `/usr/share/games/lbreakout2/gfx': No such file or directory
- mkdir /usr/share/games/lbreakout2/gfx/AbsoluteB
- mkdir: cannot create directory `/usr/share/games/lbreakout2/gfx/AbsoluteB': No such file or directory
- make[4]: *** [install-data-local] Error 1
- make[4]: Leaving directory
- `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx/AbsoluteB'
- make[3]: *** [install-am] Error 2
- make[3]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx/AbsoluteB'
- make[2]: *** [install-recursive] Error 1
- make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx'
- make[1]: *** [install-recursive] Error 1
- make[1]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- make: *** [install-recursive] Error 1
- error: Bad exit status from /var/tmp/rpm-tmp.70963 (%install)
- RPM build errors:
- Bad exit status from /var/tmp/rpm-tmp.70963 (%install)
- $
- 9. The default %install script will NOT work for this software. So, try to figure
- out why. Looking at the spec file, you’ll see that the current %build script
- does:
- %install
- rm -rf %{buildroot}
- %makeinstall
- The problem here is that %makeinstall is not working. Looking through the
- output from the %install, you see that the %makeinstall did:
- make prefix=/var/tmp/lbreakout2-root/usr
- exec_prefix=/var/tmp/lbreakout2-root/usr
- bindir=/var/tmp/lbreakout2-root/usr/bin
- sbindir=/var/tmp/lbreakout2-root/usr/sbin syscon-
- fdir=/var/tmp/lbreakout2-root/etc data-
- dir=/var/tmp/lbreakout2-root/usr/share
- includedir=/var/tmp/lbreakout2-root/usr/include lib-
- dir=/var/tmp/lbreakout2-root/usr/lib libex-
- 12-56
- • RPM indicates that the %install script did NOT complete
- successfully.ecdir=/var/tmp/lbreakout2-root/usr/libexec
- localstatedir=/var/tmp/lbreakout2-root/var sharedstate-
- dir=/var/tmp/lbreakout2-root/usr/com
- mandir=/var/tmp/lbreakout2-root/usr/share/man info-
- dir=/var/tmp/lbreakout2-root/usr/share/info install
- That is, it ran the make install command with options intented to get it to
- install software to a virtual directory structure under the
- /var/tmp/lbreakout2-root/ directory rather than under /. However, as
- the error indicates, this failed:
- make[4]: Entering directory
- `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gfx/AbsoluteB'
- make[4]: Nothing to be done for `install-exec-am'.
- /bin/sh ../../../mkinstalldirs /usr/share/games/lbreakout2/gfx/AbsoluteB
- mkdir /usr/share/games/lbreakout2
- • This should have been /var/tmp/lbreakout2-
- root/usr/share/games/lbreakout2.
- mkdir: cannot create directory
- `/usr/share/games/lbreakout2': Permission denied
- For some reason, the %makeinstall macro is not capable of getting this
- software to install into the Buildroot. These sorts of problems are quite
- common-place, and correcting them typically requires either a modification of
- the spec file, an addition of a patch to modify the Makefiles which specify
- how the software gets compiled and installed, or some combination of both
- spec modifications and code patches.
- 10. To get this software packaged, you must figure out why it cannot currently be
- installed into the Buildroot. So far, you know that executing the
- make install command in the client subdirectory of the source code fails
- because it tries to install software to /usr/share/games/lbreakout2/
- rather than /var/tmp/lbreakout2-
- root/usr/share/games/lbreakout2/. Looking at the
- /home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/Makefile,
- you’ll see that it does:
- ...
- hi_inst_flag = -DHI_DIR=\"/var/lib/games\"
- inst_dir = /usr/share/games/lbreakout2
- inst_flag = -DSRC_DIR=\"/usr/share/games/lbreakout2\"
- ...
- 12-57The problem here is this middle line, line 81. If this Makefile were written
- correctly, that line would instead look something like:
- inst_dir = $(datadir)/games/lbreakout2
- where it uses a shell variable which can be overridden to specify where the
- software gets installed.
- 11. Fixing this problem can be done in a couple of different ways:
- • You could create a patch for the Makefile and apply it during the %prep
- section. This is the “correct” solution, but is actually quite difficult, since the
- Makefiles for this program, like many other Linux applications, are automatically
- generated during the %build process by the autoconf software suite.
- • You could add a script as the first line of the %install stanza which edits the
- incorrect Makefiles. This is a little bit easier to do, but is a less “correct”
- solution.
- In many cases, though, a third option will also be available: you might simply be
- able to modify the incorrect Makefile variable by passing the correct value to
- the %makeinstall macro. If possible, that solution will be the simplest. In this
- case, the value of the inst_dir variable is incorrect, so modify the spec file to
- correct that variable. In the %install stanza, change the %makeinstall line
- to:
- • This line is too long to fit on a single 80-column line on the
- %makeinstall \
- screen. For readability, it can be typed on two lines, as is done
- inst_dir=${RPM_BUILD_ROOT}/usr/share/games/lbreakout2
- here, with a back-slash (\) at the end of the first line. This back-
- slash indicates to rpm that this line continues on to a
- subsequent line.
- 12. Once you have made this change, save the spec file and then try once again to
- compile the software and install it to a virtual root directory:
- $ rpmbuild -bi lbreakout2.spec
- ...Output Omitted...
- Making install in gui_theme
- make[2]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gui_theme'
- make[3]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/gui_theme'
- make[3]: Nothing to be done for `install-exec-am'.
- /bin/sh ../../mkinstalldirs /var/tmp/lbreakout2-root/usr/share/games/lbreakout2/gui_theme
- mkdir /var/tmp/lbreakout2-
- • This solved the problem -- the directory is now being created in
- the virtual directory tree.
- root/usr/share/games/lbreakout2/gui_theme
- ...Output Omitted...
- 12-58if ! test -f /var/lib/games/lbreakout2.hscr; then \
- /usr/bin/install -c -m 644 -m 666 empty.hscr /var/lib/games/lbreakout2.hscr; \
- fi;
- /usr/bin/install: cannot create regular file `/var/lib/games/lbreakout2.hscr': Permission denied
- make[3]: *** [install-data-local] Error 1
- make[3]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- make[2]: *** [install-am] Error 2
- make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- make[1]: *** [install-recursive] Error 1
- make[1]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- make: *** [install-recursive] Error 1
- error: Bad exit status from /var/tmp/rpm-tmp.72065 (%install)
- RPM build errors:
- Bad exit status from /var/tmp/rpm-tmp.72065 (%install)
- $
- 13. You’ve solved the first problem, but this revealed a new problem to solve. Here,
- the make install command is doing:
- make[3]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client'
- ...
- if ! test -f /var/lib/games/lbreakout2.hscr; then \
- /usr/bin/install -c -m 644 -m 666 empty.hscr
- /var/lib/games/lbreakout2.hscr; \
- fi;
- /usr/bin/install: cannot create regular file
- `/var/lib/games/lbreakout2.hscr': Permission denied
- make[3]: *** [install-data-local] Error 1
- This is a similar problem to the previous one. If you search through the
- /home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/client/Makefile
- file for the string /var/lib/games, you’ll see that the Makefile does:
- ...
- doc_dir = /usr/doc
- hi_dir = /var/lib/games
- hi_inst_flag = -DHI_DIR=\"/var/lib/games\"
- 12-59...
- The problem here is this middle line, line 79. If this Makefile were written
- correctly, that line would instead look something like:
- hi_dir = $(localstatedir)/lib/games
- where it uses a shell variable which can be overridden to specify where the
- software gets installed.
- 14. As with the previous problem, this problem can be fixed by patching the
- Makefiles, modifying the Makefiles within the %install script, or by passing a
- variable to the %makeinstall macro. Edit the spec file again, and modify the
- %makeinstall macro so that it reads:
- %makeinstall \
- inst_dir=${RPM_BUILD_ROOT}/usr/share/games/lbreakout2 \
- hi_dir=${RPM_BUILD_ROOT}/var/lib/games
- 15. Once you have made this change, save the spec file and then try once again to
- compile the software and install it to a virtual root directory:
- $ rpmbuild -bi lbreakout2.spec
- ...Output Omitted...
- if ! test -f /var/tmp/lbreakout2-
- • This solved the problem -- the directory is now being created in
- the virtual directory tree.
- root/var/lib/games/lbreakout2.hscr; then \
- /usr/bin/install -c -m 644 -m 666 empty.hscr
- /var/tmp/lbreakout2-root/var/lib/games/lbreakout2.hscr; \
- fi;
- ...Output Omitted...
- Making install in docs
- make[1]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[2]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[2]: Nothing to be done for `install-exec-am'.
- /bin/sh ../mkinstalldirs /usr/doc/lbreakout2
- mkdir /usr/doc
- mkdir: cannot create directory `/usr/doc': Permission denied
- mkdir /usr/doc/lbreakout2
- mkdir: cannot create directory `/usr/doc/lbreakout2': No such file or directory
- make[2]: *** [install-data-local] Error 1
- 12-60make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[1]: *** [install-am] Error 2
- make[1]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make: *** [install-recursive] Error 1
- error: Bad exit status from /var/tmp/rpm-tmp.33062 (%install)
- RPM build errors:
- Bad exit status from /var/tmp/rpm-tmp.33062 (%install)
- $
- 16. You’ve solved the second problem, but now you’ve got a new problem to solve.
- Here, the make install command is doing:
- make[1]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- ...
- /bin/sh ../mkinstalldirs /usr/doc/lbreakout2
- mkdir /usr/doc
- mkdir: cannot create directory `/usr/doc': Permission denied
- ...
- If you look at the /home/guru/rpmbuild/BUILD/lbreakout2-
- 2.4.1/docs/Makefile file for the string /usr/doc, you’ll find that it does:
- ...
- audio_flag = -DAUDIO_ENABLED
- doc_dir = /usr/doc
- hi_dir = /var/lib/games
- ...
- 17. As with the other problems, the trouble here is this middle line, line 78. It needs
- to be corrected to install to the virtual directory tree. This line also has another
- flaw. On RHEL/FC systems, all documentation files should be put in the
- directory /usr/share/doc but this line specifies that they will be placed in
- the /usr/doc directory.
- As with the previous problems, this mistake could be fixed in three different
- ways. To solve this problem, edit the lbreakout2 spec file again, and change
- the %makeinstall line to the following:
- 12-61%makeinstall \
- inst_dir=${RPM_BUILD_ROOT}/usr/share/games/lbreakout2 \
- hi_dir=${RPM_BUILD_ROOT}/var/lib/games \
- doc_dir=${RPM_BUILD_ROOT}/usr/share/doc
- 18. Once you have made this change, save the spec file and then try once again to
- compile the software and install it to a virtual root directory:
- $ rpmbuild -bi lbreakout2.spec
- ...Output Omitted...
- mkdir /var/tmp/lbreakout2-root/usr/share/doc
- • Problem solved!
- mkdir /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2
- /usr/bin/install -c -m 644 index.html /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2/index.html
- make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[1]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1/docs'
- make[1]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- make[2]: Entering directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- make[2]: Nothing to be done for `install-exec-am'.
- make[2]: Nothing to be done for `install-data-am'.
- make[2]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- make[1]: Leaving directory `/home/guru/rpmbuild/BUILD/lbreakout2-2.4.1'
- + /usr/lib/rpm/redhat/brp-compress
- • At this point, the %install has finished, and RPM is now
- processing the %files stanza.
- + /usr/lib/rpm/redhat/brp-strip /usr/bin/strip
- + /usr/lib/rpm/redhat/brp-strip-static-archive
- /usr/bin/strip
- + /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
- Processing files: lbreakout2-2.4.1-1
- error: File not found by glob: /var/tmp/lbreakout2-root/usr/lib/*.so.*
- error: File not found: /var/tmp/lbreakout2-root/usr/share/lbreakout2
- error: File not found by glob: /var/tmp/lbreakout2-root/usr/share/man/man8/*
- Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.22825
- + umask 022
- + cd /home/guru/rpmbuild/BUILD
- + cd lbreakout2-2.4.1
- + DOCDIR=/var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + export DOCDIR
- + rm -rf /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- 12-62+ /bin/mkdir -p /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + cp -pr AUTHORS COPYING ChangeLog NEWS README TODO /var/tmp/lbreakout2-
- root/usr/share/doc/lbreakout2-2.4.1
- + exit 0
- RPM build errors:
- File not found by glob: /var/tmp/lbreakout2-root/usr/lib/*.so.*
- File not found: /var/tmp/lbreakout2-root/usr/share/lbreakout2
- File not found by glob: /var/tmp/lbreakout2-root/usr/share/man/man8/*
- $
- 19. At this point, the %build and %install sections of the spec file are correct.
- Now, the RPM compile is failing because the default %files stanza in the
- template file is not correct. To solve this problem, first use the ls command to
- explore what files and directories are in the Buildroot,
- /var/tmp/lbreakout2-root. You should find the following files and
- directories:
- /var/lib/games/lbreakout2.hscr
- /usr/share/games/lbreakout2/{gfx,gui_theme,levels,sounds}
- /usr/share/doc/lbreakout2
- /usr/share/doc/lbreakout2-2.4.1
- /usr/bin/lbreakout2
- /usr/bin/lbreakout2server
- 20. There are two problems here. One is that these files and directories need to be
- listed in the %files section of the spec file.
- There is another, more subtle problem, however. Looking again at this ls
- output, you should notice that there are two documentation directories:
- RHEL/FC: /usr/share/doc/lbreakout2
- RHEL/FC: /usr/share/doc/lbreakout2-2.4.1
- ---------
- SLES/SL: /usr/doc/lbreakout2
- SLES/SL: /usr/share/doc/packages/lbreakout2
- There should only be one documentation directory.
- 12-63On RHEL/FC it should be the one with the application version,
- /usr/share/doc/lbreakout2-2.4.1.
- On SLES/SL it should be /usr/share/doc/packages/lbreakout2/.
- 21. If you look at the contents of the wrongly located documentation
- directory you should discover that it's all HTML documentation. To combine
- these two directories, you should put the contents of the rouge directory as
- subdirectory named html in the proper documentation directory.
- On RHEL/FC modify the %install stanza of the spec file to end with the line:
- mv ${RPM_BUILD_ROOT}/usr/share/doc/lbreakout2 html
- On SLES/SL modify the %install stanza of the spec file to end with the line:
- mv ${RPM_BUILD_ROOT}/usr/doc/lbreakout2 html
- On RHEL/FC When you finish, your Install stanza should read:
- %install
- rm -rf %{buildroot}
- %makeinstall \
- inst_dir=${RPM_BUILD_ROOT}/usr/share/games/lbreakout2 \
- hi_dir=${RPM_BUILD_ROOT}/var/lib/games \
- doc_dir=${RPM_BUILD_ROOT}/usr/share/doc
- mv ${RPM_BUILD_ROOT}/usr/share/doc/lbreakout2 html
- %clean
- rm -rf %{buildroot}
- On SLES/SL When you finish, your Install stanza should read:
- %install
- rm -rf %{buildroot}
- %makeinstall
- mv ${RPM_BUILD_ROOT}/usr/doc/lbreakout2 html
- %clean
- rm -rf %{buildroot}
- 12-6422. After modifying the contents of the documentation directory, you need to
- adjust the %files section to list the newly included documentation files. Add
- the html directory to the %doc macro within the %files stanza, so that it
- reads:
- %doc AUTHORS COPYING ChangeLog NEWS README TODO html
- 23. Look at the rest of your %files stanza. It currently reads:
- %files
- %defattr(-, root, root)
- %doc AUTHORS COPYING ChangeLog NEWS README TODO html
- %{_bindir}/*
- %{_libdir}/*.so.*
- %{_datadir}/%{name}
- %{_mandir}/man8/*
- Compare this with the list you obtained in step 19 of the files which you wish to
- package. When you compare the two lists, you will find that the %{_bindir}
- file-matching macro is needed, but that the %{_libdir} and the %{_mandir}
- statements need to be deleted.
- • This statement sets ownership on the packaged files and
- directories.
- • The files in /var/tmp/lbreakout2-root/usr/bin
- • The files in /var/tmp/lbreakout2-root/usr/lib/*.so.*
- • The files in /var/tmp/lbreakout2-root/usr/share/lbreakout2
- • The files in /var/tmp/lbreakout2-root/usr/share/man/man8
- 24. Correct your %files stanza to define the correct files produced with
- LBreakout2 by changing it to the following:
- %files
- %defattr(-, root, root)
- %doc AUTHORS COPYING ChangeLog NEWS README TODO html
- %{_bindir}/*
- %{_datadir}/%{name}
- 25. Once you have made this change, save the spec file and then try once again to
- compile the software and install it to a virtual root directory:
- $ rpmbuild -bi lbreakout2.spec
- ...Output Omitted...
- Processing files: lbreakout2-2.4.1-1
- error: File not found: /var/tmp/lbreakout2-
- • The %files stanza listed a file which could not be found.
- root/usr/share/lbreakout2
- Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.546
- 12-65+ umask 022
- + cd /home/guru/rpmbuild/BUILD
- + cd lbreakout2-2.4.1
- + DOCDIR=/var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + export DOCDIR
- + rm -rf /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + /bin/mkdir -p /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + cp -pr AUTHORS COPYING ChangeLog NEWS README TODO html
- /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + exit 0
- RPM build errors:
- File not found: /var/tmp/lbreakout2-root/usr/share/lbreakout2
- $
- 26. At this point, the spec file is almost working. This procedure failed because the
- %files stanza is still slightly incorrect. The %files stanza is currently trying
- to package the directory /usr/share/lbreakout2, which does not exist.
- Looking back at the list of files and directories produced in step 19. on page 63,
- you’ll see that this should instead be /usr/share/games/lbreakout2. To
- fix this problem, edit the spec file and change the line:
- %{_datadir}/%{name}
- to:
- %{_datadir}/games/%{name}
- 27. Once you have made this change, save the spec file and then try once again to
- compile the software and install it to a virtual root directory:
- $ rpmbuild -bi lbreakout2.spec
- ...Output Omitted...
- 28. If you are using RPM 4.1 or later versions, when you complete the previous
- step, you will get output similar to the following:
- Checking for unpackaged file(s): /usr/lib/rpm/check-files
- /var/tmp/lbreakout2-root
- 12-66error: Installed (but unpackaged) file(s) found:
- /var/lib/games/lbreakout2.hscr
- • This error indicates that a file is installed in the virtual root, but is
- not listed in the %files stanza.
- RPM build errors:
- Installed (but unpackaged) file(s) found:
- /var/lib/games/lbreakout2.hscr
- • This is the problem mentioned in Step 8 of Task 2. RPM 4.1 and
- This build attempt is getting closer to succeeding. Now, the build is exiting
- later releases check for installed but unpackaged files and
- because a file, /var/lib/games/lbreakout2.hscr, was found in the virtual
- produce a warning or error when any are encountered.
- root, but was not listed in the %files stanza. Skip the next step, and proceed
- to step 30 which explains how to add this missing file to the spec file.
- 29. If you are using RPM 4.0 or older versions, you will not get output similar to that • If you are using RPM 4.1 or newer versions, you DO NOT have to
- complete the commands in this step. Be grateful!
- in the previous step. Instead, your build will actually appear to complete
- successfully, producing output similar to the following:
- ...Output Omitted...
- + exit 0
- Finding Provides: (using /usr/lib/rpm/find-provides)...
- Finding Requires: (using /usr/lib/rpm/find-requires)...
- PreReq: rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(Com-
- pressedFileNames) <= 3.0.4-1
- Requires(rpmlib): rpmlib(PayloadFilesHavePrefix) <= 4.0-1
- rpmlib(CompressedFileNames) <= 3.0.4-1
- Requires: ld-linux.so.2 libartsc.so.0 libaudiofile.so.0
- libc.so.6 libdl.so.2 libesd.so.0 libm.so.6 libpng.so.2
- libpthread.so.0 libSDL-1.2.so.0 libX11.so.6 libXext.so.6
- libz.so.1 libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1)
- libc.so.6(GLIBC_2.1.3) libm.so.6(GLIBC_2.0)
- libpthread.so.0(GLIBC_2.0)
- RPM 4.1 and later automatically “validate” installations to make sure that all
- • Remember, these commands are only used if you are using RPM
- 4.0 or earlier releases.
- files installed into the ${RPM_BUILD_ROOT}, complaining if any files were
- installed but not packaged. RPM 4.0 and earlier releases do not do this, so you
- must manually validate your installation. To do this, first prepare a list of the
- files installed by the completed LBreakout2 install, and store these files into a
- text file in your home directory:
- $ find /var/tmp/lbreakout2-root | sort > ~/lbreakout2-installed-files
- 12-67This list of files will incorrectly prepend the ${RPM_BUILD_ROOT} at the
- beginning of every file name. Strip this path off:
- $ perl -pi -e 's/^\/var\/tmp\/lbreakout2-root//g' ~/lbreakout2-installed-files
- Now, actually build a package:
- $ rpmbuild -ba lbreakout2.spec
- ...Output Omitted...
- Wrote: /home/guru/rpmbuild/SRPMS/lbreakout2-2.4.1-1.src.rpm
- Wrote: /home/guru/rpmbuild/RPMS/i386/lbreakout2-2.4.1-
- • This is the location of the built package.
- 1.i386.rpm
- Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.63876
- + umask 022
- + cd /home/guru/rpmbuild/BUILD
- + cd lbreakout2-2.4.1
- + rm -rf /var/tmp/lbreakout2-root
- + exit 0
- Once your package is built, query it for the files it contains, and store those file
- names in a text file in your home directory:
- $ rpm -qlp ../RPMS/i386/lbreakout2-2.4.1-1.i386.rpm | sort >
- ~/lbreakout2-packaged-files
- Finally, compare the list of packaged files with the list of installed files:
- $ diff -Naur ~/lbreakout2-packaged-files ~/lbreakout2-
- • In this output, a plus sign (+) indicates a file which was
- installed but not packaged.
- installed-files
- --- /home/guru/lbreakout2-packaged-files
- +++ /home/guru/lbreakout2-installed-files
- @@ -1,5 +1,10 @@
- +
- +/usr
- +/usr/bin
- /usr/bin/lbreakout2
- /usr/bin/lbreakout2server
- +/usr/share
- +/usr/share/doc
- /usr/share/doc/lbreakout2-2.4.1
- /usr/share/doc/lbreakout2-2.4.1/AUTHORS
- 12-68
- Thu May 22 14:43:42 2003
- Thu May 22 14:44:15 2003/usr/share/doc/lbreakout2-2.4.1/ChangeLog
- @@ -42,6 +47,7 @@
- /usr/share/doc/lbreakout2-2.4.1/NEWS
- /usr/share/doc/lbreakout2-2.4.1/README
- /usr/share/doc/lbreakout2-2.4.1/TODO
- +/usr/share/games
- /usr/share/games/lbreakout2
- /usr/share/games/lbreakout2/gfx
- /usr/share/games/lbreakout2/gfx/AbsoluteB
- @@ -247,3 +253,7 @@
- /usr/share/games/lbreakout2/sounds/wall.wav
- /usr/share/games/lbreakout2/sounds/weak_ball.wav
- /usr/share/games/lbreakout2/sounds/wontgiveup.wav
- +/var
- +/var/lib
- +/var/lib/games
- +/var/lib/games/lbreakout2.hscr
- Looking over that list, you’ll see that the following files or directories are
- installed, but are not included in the package:
- /usr
- /usr/bin
- /usr/share
- /usr/share/doc
- /usr/share/games
- /var
- /var/lib
- /var/lib/games
- /var/lib/games/lbreakout2.hscr
- Of those files and directories, most are shared directories which should NOT be
- part of the package, but one file, /var/lib/games/lbreakout2.hscr, does
- need to be added to the package.
- 12-6930. Your spec file currently correctly compiles LBreakout2, but it fails to install one
- file which is needed by LBreakout2. To fix this problem, add this file to the
- %files list in the spec file by adding the line:
- %{_localstatedir}/lib/games/lbreakout2.hscr
- When you finish, your Files stanza should now look like:
- %files
- %defattr(-, root, root)
- %doc AUTHORS COPYING ChangeLog NEWS README TODO html
- %{_bindir}/*
- %{_datadir}/games/%{name}
- %{_localstatedir}/lib/games/lbreakout2.hscr
- 31. Once you have made this change, save the spec file and then try once again to
- compile the software and install it to a virtual root directory:
- $ rpmbuild -bi lbreakout2.spec
- ...Output Omitted...
- Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1
- rpmlib(PayloadFilesHavePrefix) <= 4.0-1
- Requires: /sbin/ldconfig libSDL-1.2.so.0 libSDL_mixer-1.2.so.0 libc.so.6
- libc.so.6(GLIBC_2.0) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3)
- libc.so.6(GLIBC_2.3) libm.so.6 libm.so.6(GLIBC_2.0) libpng12.so.0
- libpthread.so.0 libpthread.so.0(GLIBC_2.0) libz.so.1
- Checking for unpackaged file(s): /usr/lib/rpm/check-files
- /var/tmp/lbreakout2-root
- $
- 32. This time, the build worked! To finish packaging your software, edit the spec
- file one final time and update the Changelog with contents similar to the
- following:
- %changelog
- * Tue Apr 02 2005 John Doe <student@gurulabs.com> 2.4.1-1
- - Initial package
- 12-7033. Once you have made this change, save the spec file and then try once again to
- compile the software, install it to a virtual root directory, and package it:
- $ rpmbuild -ba lbreakout2.spec
- Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.1332
- • First, the %prep
- ...Output Omitted...
- Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.1332
- • Next, the %build
- ...Output Omitted...
- Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.41692
- • Next, the %install
- ...Output Omitted...
- Processing files: lbreakout2-2.4.1-3
- • Next, the %files
- Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.60710
- • The %doc macro in %files
- + umask 022
- + cd /home/guru/rpmbuild/BUILD
- + cd lbreakout2-2.4.1
- + DOCDIR=/var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + export DOCDIR
- + rm -rf /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + /bin/mkdir -p /var/tmp/lbreakout2-root/usr/share/doc/lbreakout2-2.4.1
- + cp -pr AUTHORS COPYING ChangeLog NEWS README TODO html /var/tmp/lbreakout2-
- root/usr/share/doc/lbreakout2-2.4.1
- + exit 0
- Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
- Requires: /sbin/ldconfig libSDL-1.2.so.0 libSDL_mixer-1.2.so.0 libc.so.6 libc.so.6(GLIBC_2.0)
- libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.1.3) libc.so.6(GLIBC_2.3) libm.so.6 libm.so.6(GLIBC_2.0)
- libpng12.so.0 libpthread.so.0 libpthread.so.0(GLIBC_2.0) libz.so.1
- Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/lbreakout2-root
- Wrote: /home/guru/rpmbuild/SRPMS/lbreakout2-2.4.1-3.src.rpm • Next, build the SRPM
- Wrote: /home/guru/rpmbuild/RPMS/i386/lbreakout2-2.4.1-
- • Next, build all RPMs
- 3.i386.rpm
- Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.81877
- • Finish by executing the %clean macro from the %install section
- + umask 022
- + cd /home/guru/rpmbuild/BUILD
- + cd lbreakout2-2.4.1
- + rm -rf /var/tmp/lbreakout2-root
- + exit 0
- $
- 12-7134. You've now got the RPM
- /home/guru/rpmbuild/RPMS/i386/lbreakout2-2.4.1-1.i386.rpm!
- To try it out, install it as root:
- RHEL/FC $ su -c "rpm -Uvh ../RPMS/i386/lbreakout2-2.4.1-1.i386.rpm"
- SLES/SL $ su -c "rpm -Uvh ../RPMS/i586/lbreakout2-2.4.1-1.i586.rpm"
- Password:
- Preparing...
- 1:lbreakout2
- $
- ########################## [100%]
- ########################## [100%]
- 35. Rn the LBreakout2 program to verify that it works:
- $ lbreakout2
- 36. After playing a game of LBreakout2, verify the RPM:
- $ rpmverify -V lbreakout2
- S.5....T
- /var/lib/games/lbreakout2.hscr
- $
- Here, you see that the file /var/lib/games/lbreakout2.hscr has been
- modified in various ways:
- • Its size is modified (S)
- • Its MD5 hash is different, meaning its contents are changed (5)
- • Its timestamps are changed (T)
- 37. Good Linux administrators periodically verify the files on their systems to make
- sure they are not modified, since most installed files should never change.
- However, some files (such as this high scores file) might reasonably be
- modified. RPM allows files which might change to be flagged as configuration
- files, so that administrators verifying the system won’t panic when they notice
- changes to these files.
- To accomodate your administrators, you decide to revise your lbreakout2 RPM.
- Fix your lbreakout2 spec file to indicate that the high-scores file for LBreakout2
- is a configuration file. To do this, edit your spec file and change the line in the
- %files stanza for the high-scores file from:
- %{_localstatedir}/lib/games/lbreakout2.hscr
- 12-72
- • You must be in X for this program to run.
- • This is the high-scores file. It will appear modified, as it does
- here, as long as you’ve beaten one of the previous high scores.to
- %config %{_localstatedir}/lib/games/lbreakout2.hscr
- Also, modify the Release field in the Header stanza, changing it to:
- Release: 2
- Finally, document the change you’ve made to the package by adding an entry
- to the %changelog section similar to the following:
- * Tue Apr 02 2005 John Doe <student@gurulabs.com> 2.4.1-2
- - Mark high-scores file as config file
- • The %config macro in the %files section indicates that the
- packaged file is a configuration file, and might reasonably
- change on a production system.
- 38. Once you have made these three changes to revise your package, save the
- spec file and then try once again to compile the software, install it to a virtual
- root directory, and package it:
- $ rpmbuild -ba lbreakout2.spec
- ...Output Omitted...
- Wrote: /home/guru/rpmbuild/SRPMS/lbreakout2-2.4.1-2.src.rpm
- Wrote: /home/guru/rpmbuild/RPMS/i386/lbreakout2-2.4.1-2.i386.rpm
- ...Output Omitted...
- $
- 39. Now that you’ve built this revised package, upgrade using the -F option to the
- rpm command and test it out:
- RHEL/FC $ su -c "rpm -Fvh ../RPMS/i386/lbreakout2-2.4.1-2.i386.rpm"
- SLES/SL $ su -c "rpm -Fvh ../RPMS/i586/lbreakout2-2.4.1-2.i586.rpm"
- Password:
- Preparing...
- ########################## [100%]
- 1:lbreakout2
- ########################## [100%]
- $ lbreakout2
- 40. Play a couple more games of LBreakout2, making sure to get on the High
- Scores list, then verify the RPM again:
- $ rpmverify -V lbreakout2
- S.5....T c /var/lib/games/lbreakout2.hscr
- $
- 12-73The high-scores file is now correctly flagged as a configuration file (c), so your
- administrators will not panic when they notice it has changed.
- 41. At this point, you have created an RPM from scratch for LBreakout2, and have
- successfully revised it to fix a minor packaging error. Depending on how
- thoroughly you have tested LBreakout2, you might have discovered one other
- problem with your package -- due to a packaging mistake, your LBreakout2
- game does not actually handle high score logging correctly, though you
- probably will not notice this unless you play as multiple different users.
- The basic mistake made here is this: when a program runs on Unix or Linux, it
- normally runs as the user who executes it, which means it only has write access
- to the files which that user can write. For high-score tracking to work correctly
- for LBreakout2, its high-score file, /var/lib/games/lbreakout2.hscr,
- must be writable by every user who runs the lbreakout2 binary.
- To accomplish this, two changes are necessary:
- • The /var/lib/games/lbreakout2.hscr file should have permissions of
- rw-rw-r-- and be owned by the games user and games group
- • The /usr/bin/lbreakout2 file should have permissions of r-xr-sr-x and
- owned by the root user and the games group
- To make these changes, edit your spec file and modify the %files section to
- the following:
- %files
- %defattr(-, root, root)
- %doc AUTHORS COPYING ChangeLog NEWS README TODO html
- %{_bindir}/lbreakout2server
- • List each binary separately, since they need different
- permissions.
- %attr(2555,root,games) %{_bindir}/lbreakout2
- • Make /usr/bin/lbreakout2 belong to the games group and SGID.
- %{_datadir}/games/%{name}
- %defattr(0664,games,games)
- • Make the /var/lib/games/lbreakout2.hscr file group-writable and
- owned by the games group.
- %config %{_localstatedir}/lib/games/lbreakout2.hscr
- Also, modify the Release token in the Header stanza to:
- Release: 3
- Finally, document your changes in the %changelog with a new entry similar to
- the following:
- * Tue Apr 02 2005 John Doe <student@gurulabs.com> 2.4.1-3
- - Make SGID games and fix ownership and perms of
- 12-74high-scores file so that high scores work
- 42. Once you have made these three changes to revise your package, save the
- spec file and then try once again to compile the software, install it to a virtual
- root directory, and package it:
- $ rpmbuild -ba lbreakout2.spec
- ...Output Omitted...
- Wrote: /home/guru/rpmbuild/SRPMS/lbreakout2-2.4.1-3.src.rpm
- Wrote: /home/guru/rpmbuild/RPMS/i386/lbreakout2-2.4.1-3.i386.rpm
- ...Output Omitted...
- $
- 43. Now that you’ve built this revised package, uninstall the existing package and
- install the new package:
- $ su -c "rpm -e lbreakout2"
- Password:
- $ su -c "rpm -Uvh ../RPMS/i386/lbreakout2-2.4.1-3.i386.rpm"
- Password:
- Preparing...
- ########################## [100%]
- 1:lbreakout2
- ########################## [100%]
- $
- 44. Notice the new permissions on the files installed by your revised package:
- $ ls -l /usr/bin/lbreakout2* /var/lib/games/lbreakout2.hscr
- -r-xr-sr-x
- 1 root
- games
- 279698 Apr 29 12:58 /usr/bin/lbreakout2
- -rwxr-xr-x
- 1 root
- root
- 49665 Apr 29 12:58 /usr/bin/lbreakout2server
- -rw-rw-r--
- 1 games
- games
- 227 Apr 29 12:58 /var/lib/games/lbreakout2.hscr
- $
- Congratulations! At this point you have a high-quality, usable RPM for the
- LBreakout2 application which you can give to your users....
- 45. There is one additional customization which you can make to your LBreakout2
- RPM which might be useful to some of your users. RPM supports “sub
- 12-75•
- •
- •
- •
- packages” -- the creation of multiple binary RPMs from a single source RPM
- file. Look at the binaries installed by your current lbreakout2 RPM:
- $ rpm -ql lbreakout2 | grep bin
- /usr/bin/lbreakout2
- /usr/bin/lbreakout2server
- $
- Also, examine the number and size of the graphics and sound files installed by
- LBreakout2:
- $ rpm -ql lbreakout2 | grep "/usr/share/games" | wc -l
- 205
- $ du -sh /usr/share/games/lbreakout2
- 3.4M
- /usr/share/games/lbreakout2
- $
- The /usr/bin/lbreakout2 binary is the stand-alone application users run
- to play LBreakout2. In addition, however, LBreakout2 also provides the
- /usr/bin/lbreakout2server binary. This is a network daemon which can
- be run on a server. Once started on a server, clients can run
- /usr/bin/lbreakout2 on their systems, connect to this server daemon,
- and start a network game of LBreakout2. The directory
- /usr/share/games/lbreakout2 contains 205 files consuming about 3.4
- megabytes of space for artwork required by the client, but not by the server.
- For convenience, you might choose to package LBreakout2 in four files:
- lbreakout2, which provides the client binary
- lbreakout2-server, which provides the server binary
- lbreakout2-graphics, which provides the graphics and sound files needed
- by the client and optionally useful on the server
- lbreakout2-doc, which provides the documentation files
- Splitting LBreakout2 in this fashion will provide your users more flexibility -- they
- can install just the parts of LBreakout2 they need, on just the machines on
- which they need them.
- 46. To split LBreakout2 into sub packages, edit the spec file one final time. Sub
- packages are made simply by adding additional %package and
- %description stanzas to the Header section, then adding additional %files
- stanzas which indicate which files get put in which sub packages. First, add a
- 12-76line to the current %description stanza, indicating that the lbreakout2
- package supplies the LBreakout2 client, like the following:
- This package supplies only the lbreakout2 client, suitable
- for use in single-player games.
- 47. After that %description stanza, add additional %package and
- %description stanzas for the new sub packages:
- %package server
- Summary: lbreakout2 network server
- Group: Amusements/Games
- • The “main” %description and %package information applies to
- the “base” package, in this case lbreakout2
- • Create a new sub package, lbreakout2-server
- %description server
- This package supplies the lbreakout2server daemon, useful for creating
- multi-player LBreakout2 servers
- %package graphics
- Summary: lbreakout2 graphics, sound, and level files
- Group: Amusements/Games
- • Create a new sub package, lbreakout2-graphics
- %description graphics
- This package supplies LBreakout2 graphics, sound, and level files. This package must be installed on
- client systems, and can be installed on server systems if desired.
- %package doc
- Summary: lbreakout2 documentation
- Group: Amusements/Games
- • Create a new sub package, lbreakout2-doc
- %description doc
- This package supplies documentation of LBreakout2.
- 48. Next, split the %files section up into individual sections for each sub
- package. When you finish, your %files section should look something like:
- %files
- %attr(2555,root,games) %{_bindir}/lbreakout2
- %defattr(0664,games,games)
- • Files to put in the lbreakout2 package
- 12-77%config %{_localstatedir}/lib/games/lbreakout2.hscr
- %files server
- %defattr(-, root, root)
- %{_bindir}/lbreakout2server • Files to put in the lbreakout2-server package
- %files graphics
- %defattr(-, root, root)
- %{_datadir}/games/%{name} • Files to put in the lbreakout2-graphics package
- %files doc
- %defattr(-, root, root)
- %doc AUTHORS COPYING ChangeLog NEWS README TODO html • Files to put in the lbreakout2-doc package
- 49. Now, add an entry to the Changelog documenting your latest change, similar to
- the following:
- * Tue Apr 02 2005 John Doe <student@gurulabs.com> 2.4.1-4
- - Split into multiple packages for user convenience
- 50. In the Header stanza, increase the Release field one more time:
- Release: 4
- 51. One additional change is required in the Header stanza. The
- /usr/bin/lbreakout2 binary will not run without the graphics, sound, and
- level files installed, so the lbreakout2 package needs to require the lbreakout2-
- graphics package. Change the Requires field in the Header to require the
- lbreakout2-graphics package:
- Requires: /sbin/ldconfig lbreakout2-graphics
- • The graphics, art, and music files could just be put in the
- lbreakout2 package, but then they could not be installed on the
- server easily without also unnecessarily installing the client....
- 52. Once you have made these changes to revise your package, save the spec file
- and then try once again to compile the software, install it to a virtual root
- directory, and package it:
- $ rpmbuild -ba lbreakout2.spec
- ...Output Omitted...
- Wrote: /export/home/rpmtestuser/rpmbuild/SRPMS/lbreakout2-2.4.1-4.src.rpm
- 12-78Wrote: /export/home/rpmtestuser/rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm
- Wrote: /export/home/rpmtestuser/rpmbuild/RPMS/i386/lbreakout2-server-2.4.1-4.i386.rpm
- Wrote: /export/home/rpmtestuser/rpmbuild/RPMS/i386/lbreakout2-graphics-2.4.1-4.i386.rpm
- Wrote: /export/home/rpmtestuser/rpmbuild/RPMS/i386/lbreakout2-doc-2.4.1-4.i386.rpm
- ...Output Omitted...
- $
- 53. Congratulations! You’ve now packaged LBreakout2 from scratch, creating four
- sub packages from one source package.
- 12-79Task 4
- •
- •
- Create a GPG key pair.
- Sign and verify your LBreakout2 RPMs.
- This lab explores the functionality built into the RPM command for signing
- packages, ensuring package authenticity and integrity.
- 1. In a previous lab task, you created an RPM for the LBreakout2 application. RPM
- provides a variety of built-in integrity and authenticity signatures which can be
- checked on RPM packages. First, check the existing signatures of your
- lbreakout2-2.4.1-4 RPM file:
- RHEL/FC $ rpmsign -K ~/rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm
- SLES/SL $ rpmsign -K ~/rpmbuild/RPMS/i586/lbreakout2-2.4.1-4.i586.rpm
- rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm: sha1 md5 OK • On RPM 4.1 and later, you should see both SHA-1 digests and
- MD5 checksums. On RPM 4.0 and earlier, you should only see
- $
- MD5 checksums. Both MD5 and SHA-1 are used to provide
- Here, you see that the SHA-1 and MD5 signatures of this package are correct.
- digital signatures of the package.
- These are both file integrity checks, assuring you that the contents of the
- package have not been modified.
- 2. RPM also provides the capability to digitally sign packages using GPG or PGP.
- GPG / PGP signatures are useful to the users who install your software because
- these types of signatures allow both the integrity of the package to be verified
- (much like MD5 and SHA-1), and also the authenticity of the package to be
- verified -- if you sign your packages with GPG, your users can be guaranteed
- that the software they install comes from you, and not from someone creating
- Trojan Horses which appear to come from you.
- • The output below is from GnuPG 1.2. Older releases of GnuPG,
- To utilize this GPG functionality, you must first create GPG keys which will be
- such as GnuPG 1.0, will produce different output, and will
- used to sign your packages. To create keys, first run the gpg command to
- actually exit immediately after creating initial configuration files
- create the GPG configuration files in your home directory:
- RHEL/FC $ mkdir ~/.gnupg; chmod 700 ~/.gnupg
- $ gpg
- gpg: /home/guru/.gnupg: directory created
- gpg: new configuration file `/home/guru/.gnupg/gpg.conf' created
- gpg: keyblock resource `/home/guru/.gnupg/secring.gpg': file open error
- gpg: keyring `/home/guru/.gnupg/pubring.gpg' created
- 12-80gpg: Go ahead and type your message ...
- CTRL-C
- gpg: some signal caught ... exiting
- • Press CTRL-C to exit out of gpg. You will not need to do this on
- older versions of gpg.
- $
- 3. Once the GPG configuration files have been created, generate GPG keys:
- $ gpg --gen-key
- gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
- This program comes with ABSOLUTELY NO WARRANTY.
- This is free software, and you are welcome to redistribute it
- under certain conditions. See the file COPYING for details.
- Please select what kind of key you want:
- (1) DSA and ElGamal (default)
- (2) DSA (sign only)
- (5) RSA (sign only)
- Your selection? 1
- DSA keypair will have 1024 bits.
- About to generate a new ELG-E keypair.
- minimum keysize is 768 bits
- default keysize is 1024 bits
- highest suggested keysize is 2048 bits
- What keysize do you want? (1024) 1024
- Requested keysize is 1024 bits
- Please specify how long the key should be valid.
- 0 = key does not expire
- <n> = key expires in n days
- <n>w = key expires in n weeks
- <n>m = key expires in n months
- <n>y = key expires in n years
- Key is valid for? (0) 0
- Key does not expire at all
- Is this correct (y/n)? y
- • Output seen here will vary slightly with GnuPG version. Select
- the default on your version of GnuPG.
- • Select 1 here.
- • 1024 bits is fine here, or 2048 bits if you’re more paranoid.
- • 0 is fine here. In production use, people typically expire keys on a
- periodic basis, however.
- • If you haven’t made any mistakes, say y here. If you have made
- mistakes, say n and correct them.
- 12-81You need a User-ID to identify your key; the software constructs the user id
- from Real Name, Comment and Email Address in this form:
- "Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"
- Real name: RPM Test
- Email address: guru@gurulabs.com
- Comment: RPM Package Builder
- You selected this USER-ID:
- "RPM Test (RPM Package Builder) <guru@gurulabs.com>" • Enter your first and last name here.
- • Enter your email address.
- • If you want, enter a descriptive comment here.
- Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? o • If you haven’t made any mistakes, say o here. If you have made
- mistakes, correct them.
- • Enter a password here. This password is all that prevents
- someone from stealing your key file and impersonating you, so
- guard it carefully.
- You need a Passphrase to protect your secret key.
- Enter passphrase:password
- Repeat passphrase:password
- We need to generate a lot of random bytes. It is a good idea
- to perform some other action (type on the keyboard, move the
- mouse, utilize the disks) during the prime generation; this
- gives the random number
- generator a better chance to gain enough entropy.
- ++++++++++.+++++++++++++++++++++++++++++++++++...++++++++++
- ++++++++++++++++++++..++++++++++++++++++++++++++++++.+++++.
- ...++++++++++....++++++++++>++++++++++..>+++++.<.+++++.....
- .>+++++.....<+++++.>.+++++......<+++++...............+++++
- We need to generate a lot of random bytes. It is a good idea • Entropy (sources of “random” data) are needed by GnuPG. It
- uses seemingly random events like keyboard key presses or
- to perform some other action (type on the keyboard, move the
- mouse movement as sources of entropy. If enough entropy is
- mouse, utilize the disks) during the prime generation; this
- not available, it will actually prompt you to generate more
- gives the random number generator a better chance to gain
- entropy by carrying out activities such as moving the mouse,
- enough entropy.
- typing on the keyboard, or generating hard disk traffic.
- +++++++++++++++++++++++++.++++++++++++++++++++.++++++++++++
- +++.+++++++++++++++++++++++++++++++++++++++++++++.+++++.+++
- +++++++++++++++++>+++++.......+++++^^^
- gpg: /home/guru/.gnupg/trustdb.gpg: trustdb created
- • The output seen here will vary slightly with GnuPG version.
- public and secret key created and signed.
- key marked as ultimately trusted.
- 12-82pub
- sub
- 1024D/87786C00 2003-04-29 RPM Test (RPM Package Builder) <guru@gurulabs.com>
- Key fingerprint = 24ED F0C7 2148 E88C 51B8 1CA2 8D2A FB9A 8778 6C00
- 1024g/9B24A1DC 2003-04-29
- $
- 4. At this point, you have generated public and private GPG keys. To verify that
- they were created correctly, you can view them:
- $ gpg --list-keys
- /home/guru/.gnupg/pubring.gpg
- --------------------------
- pub 1024D/87786C00 2003-04-29 RPM Test (RPM Package Builder) <guru@gurulabs.com>
- sub 1024g/9B24A1DC 2003-04-29
- $
- 5. Now that you have created a GPG key, you must configure RPM to allow you to
- use it. First, configure RPM to use GPG:
- $ echo "%_signature gpg" >> ~/.rpmmacros
- $ echo "%_gpg_path $HOME/.gnupg" >> ~/.rpmmacros
- $
- Also, configure RPM to locate the GPG key you just created:
- $ echo "%_gpg_name guru@gurulabs.com" >> ~/.rpmmacros
- • Make sure you use the same email address here you used in
- step 3 when you generated your GPG keys.
- $
- 6. Once RPM is configured to support GPG, use it to sign a package with your
- new GPG private key:
- RHEL/FC $ rpmsign --addsign ~/rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm
- SLES/SL $ rpmsign --addsign ~/rpmbuild/RPMS/i586/lbreakout2-2.4.1-4.i586.rpm
- Enter pass phrase: password
- • Enter your GPG password that you created in step 3.
- Pass phrase is good.
- rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm:
- $
- 12-837. Next, examine the signatures of your freshly signed package. If you are using
- RPM 4.0 or older, you will see:
- RHEL/FC $ rpmsign -K ~/rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm
- SLES/SL $ rpmsign -K ~/rpmbuild/RPMS/i586/lbreakout2-2.4.1-4.i586.rpm
- rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm: md5 gpg OK
- $
- This indicates that the package has a correct MD5 signature, is signed using
- • When you generated your public and private key pair in step 3,
- GPG automatically added your public key to your personal public
- GPG, and that the GPG signature of the package can be decrypted using a GPG
- keyring. When you ran rpmsign -K, rpmsign used this
- public key on your GPG keyring. Congratulations! You have signed a package,
- public
- key to decrypt the GPG signature within the package file.
- and verified that it is correctly signed. You may skip the rest of the steps in this
- lab; they are only necessary for users running RPM 4.1 and newer releases.
- 8. If you are using RPM 4.1 and newer releases, when you examine the signatures
- of your package, you will instead see:
- RHEL/FC $ rpmsign -K ~/rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm
- SLES/SL $ rpmsign -K ~/rpmbuild/RPMS/i586/lbreakout2-2.4.1-4.i586.rpm
- rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm: (SHA1) DSA
- sha1 md5 (GPG) NOT OK (MISSING KEYS: GPG#87786c00)
- $
- Although your package is signed with your correct GPG key, it still shows up as
- NOT OK with RPM 4.1 and newer releases. This is because RPM 4.1 and newer
- releases use their own separate GPG keyring, rather than reading the keyring of
- the user running the RPM command. RPM is trying to verify the signature on
- your package using the RPM GPG keyring, and RPM does not yet have your
- public key installed on its keyring, so it cannot verify the signature.
- 9. To correct this, you will first need to export your public key in a format RPM can
- understand. To see your public key, use the command:
- $ gpg --export --armor
- • Fortunately, this output makes more sense to the GPG software
- than it does to you!
- -----BEGIN PGP PUBLIC KEY BLOCK-----
- Version: GnuPG v1.2.1 (GNU/Linux)
- mQGiBD6u2hQRBAC1wEn+cJvjz8P94ogeE/PCwX4mUBbY4QvKiklrXgr+bpD
- d9OmaM+JqbnqyBIq9KfsxVLK651VFB7jBqKwzjBVQER+xsDJW79vKE2mDv0
- zNRJuxG2ull8iwwlyub3H9Jky+VXJ4upA3CxhwDRMjZ1PShhJzPSX0paHwC
- 12-84x29FQOTKZ6tfgDopoDbq4bUD/1rwocepHES4EOrzz4TVKXAtwASP+Z18OkI
- RPmRQ2nkawnRMhIl+taTcbjBJapm1YiKAyqkGwiWtBMTQER9Ox+Uz1p4SmQ
- VO0SAGpi+2jjmD79ViRAqdAd+JcgLSI8c9TEZo3D3UFWZI/8yv5PHJMgGQo
- nmbFA/0XeJH5aluTFgFnJCP2JMFvMDG2SwiGmwOyDiAWZ7/RTulOt7Y8fMk
- OgLlN9wsAZ6JNCmkUP/jiQFYpyMULI1Soca2h+PKYUenEjmwo1LRWUGkdLa
- 3t8PA92mAhcJynRG+JEEYL5x3NHDVSIzBxz3mTedWj7YQLkkCrRBVGVzdCB
- YWdlIChSUE0gUGFja2FnZSBCdWlsZGVyKSA8a2Fib29tQHdpbnN1Y2tzLmd
- YWJzLmNvbT6IWQQTEQIAGQUCPq7aFAQLBwMCAxUCAwMWAgECHgECF4AACgk
- mod4bABO7QCfWJoP+QFploVay2FPAskbrle4DjgAnAhdbdFJ27Wbolk1xob
- IPd/uQENBD6u2hUQBACOgzjL5Wz0Tg/avYSfiswAC5wwKGXTxG9RZPF3cdB
- F/k2KsFpoDg/5p9nzSM/h3MjH+1Lr/ZOJgMr/Bz8TunnJg+I+vx00vh0Tw2
- tV3B+0jx+ots3A+Opmn77eUGSm+lOv1PQYfQ9kwRsE7+BO9ylgHsrbx9myA
- BQP/aJl2yC5H9MTyiK8PvVzr2hrAdykZYGCmJzcmSJ1guiLEgQ7qG0i3Ycm
- z+YxIvon42w6EqaoDBp9RHkK2KQpuvNgQfUSMUcr5tIUf3EqDAy37wgdFPx
- eh4yem1zigQ12M/Vk5BkQGBs/8Ol+7VfZ1pvgtvZiXtKSoqIRgQYEQIABgU
- FQAKCRCNKvuah3hsAGH6AJ9jgyNiBSEf9a5LcetnZqQez/a9dwCfeNEmgUo
- /ZxE3l/sTe5Nb+8=
- =OnkZ
- -----END PGP PUBLIC KEY BLOCK-----
- $
- 10. Now, save your GPG public key to a file:
- $ gpg --export --armor > /tmp/gpg-public-key.asc
- $
- 11. Next, import your public key into RPM’s GPG keyring:
- $ su -c "rpmsign --import /tmp/gpg-public-key.asc"
- Password:
- $
- 12. Once your public key is imported into the RPM GPG keyring, examine the
- signed LBreakout2 package signatures again:
- $ rpmsign -K ~/rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm
- rpmbuild/RPMS/i386/lbreakout2-2.4.1-4.i386.rpm: (sha1) dsa sha1 md5 gpg OK
- $
- 12-8513. This time, your GPG signature verified correctly because RPM now has your
- GPG public key installed correctly. You can also give your GPG public key to
- your users, and they can import it into RPM using the same process you did in
- step 11. Once they have imported your public key, they can verify the
- authenticity and integrity of any RPMs you create for them!
- 12-86
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement