Setup an RPM Build Server

Tags:

Important Note

This document is incredibly outdated and as such is probably only of limited use. I have left it here because the general procedure is still valid even if the specifics are not.

Overview

This article details how to setup an existing CentOS Server to build your own RPMs.

Related External Documentation:

Changing the timezone,date, and time in Linux

Set Up an RPM Build Environment under CentOS

Fedora - Extra Packages for Enterprise Linux

RHEL/CentOS - Enable EPEL Repository

Make sure you are On Time!

I found that if you tried to pull down EPEL packages while the time on the Build Server was off, there were issues with pulling any associated packages. As a preemptive measure, lets set the time on the Build Server to match those of a North American NTP Server.

  1. Install the ntp package

    sudo yum install ntp

    If you are prompted to install the CentOS Official Signing Key type y and press Enter.

  2. Update the time on your machine

    sudo /sbin/ntpdate 0.north-america.pool.ntp.org

  3. Check and make sure the date and time on the Build Server is accurate.

    date

Download the EPEL Package repository

The EPEL Repository is necessary for the perl-NET-SNMP Dependencies that are required of NRPE.

  1. Download the EPEL Repository and use rpm to install it

    sudo wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

    sudo rpm -i epel-release-5-4.noarch.rpm

  2. Verify that the EPEL Repository is installed

    sudo yum repolist

    The Extra Packages for Enterprise Linux 5 - x86_64 should appear in the repo name list.

    repo id                              repo   name                                              status
addons                               CentOS-5 -     Addons                                   enabled: 0
base                                 CentOS-5 -     Base                                     enabled:   3,566
epel                                 Extra  Packages for Enterprise Linux 5 - x86_64         enabled: 6,923
extras                               CentOS-5 -     Extras                                   enabled:   290
updates                              CentOS-5 -     Updates                                  enabled:   720
repolist: 11,499

....

  3. Install the following RPM Build Packages.

    sudo yum install rpm-build redhat-rpm-config make gcc

    During the installation you will be prompted to import a GPG Key that is the CentOS 5 Official Signing Key, make sure you respond with y.

Create an Account to build the RPM Packages

Note: you can skip this section if you already have a non-root account.

  1. Create the user pacman for all of your RPM Packaging needs! 
    sudo adduser pacman -m
    Type in a new password for the pacman user: 
    sudo passwd pacman
  2. Add pacman to the sudoers file 
    /usr/sbin/visudo
    Add in the following entry below the root entry 
    pacman ALL=(ALL) ALL

Create RPM Build Directories under your home folder

NOTE: NEVER EVER EVER BUILD AN RPM AS ROOT….and I mean EVER!!!! not even if a Squirrel comes up to you and tries to steal your nuts! You can do untold damage to the system you are working on if you build packages as root!

  1. Make the rpmbuild directories for the RPM Build Environment. 
    su - pacman

    cd /home/pacman

    mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}

    echo '%_topdir %(echo $HOME)/rpmbuild' > ~/.rpmmacros

Optional vim editor Configuration Change

Note that this section has been moved to a different document to improve readability.

Signing keys

If your RPMs will be used by anyone other than you, you should sign them. Doing this allows others to verify that the package came from you and is exactly the way you intended it to be.

If you don’t already have a GPG key you can follow these directions.

If you have a key from another machine or a departmental key, you will need to import it. To do that get both the public and private (secret) parts of the key.

gpg --import key.pub

gpg --import key.sec

You can verify the were imported correctly with:

$ gpg --list-sigs

You should see something similar to this:

/home/pacman/.gnupg/pubring.gpg
------------------------------
pub   1024D/1CDB2BA8 2011-05-09
uid                  Pacman (Pacman RPM Build) <pacman@example.com>
sig 3        1CDB2BA8 2011-05-09  Pacman (Pacman RPM Build) <pacman@example.com>
sub   2048g/80C30782 2011-05-09
sig          1CDB2BA8 2011-05-09  Pacman (Pacman RPM Build) <pacman@example.com>

Now that you have the GPG key in your keyring, you need to tell rpmbuild which one it is.

vi /home/pacman/.rpmmacros

Add the following lines:

%_signature gpg
%_gpg_name Pacman (Pacman RPM Build) <pacman@example.com>