CentOS 6.6 x86_64 RPM package creation tutorial

I. INTRODUCTION to RPM packages

There are five basic operation functions for the RPM Package: installation, uninstallation, upgrade, query and verification.
Linux software packages fall into two categories:
1. Binary package: including the rpm installation package (generally divided into i386 and x86_64)
2. Source code package: both the source code package and the development kit (. src. rpm) belong to this type.
Sometimes in order to facilitate the installation of the source code package and our own customized software package requirements, we will make some source code packages into rpm packages according to our needs, when the source code package is available, you can directly compile binary installation and any other packages. In addition, you can also use the rpm Package to package some files or develop a set of software, the rpm database is used to assist in software upgrade and file inspection. For users, the rpm Package is the most valuable method. The spec file is the core part of the rpm Package. The rpm Package is created based on the spec file. When creating an rpm package, it is best not to use the administrator because the administrator has too much permission. If a command is wrong, the result may be disastrous, and a general rpm package can be created. To create an rpm package, you must use the rpmbuild tool. If the rpmbuild command is not installed, use yum install rpm-build to install it.
II. Introduction and configuration of RPM packaging environment
1. Environment introduction and configuration
To use the rpmbuild tool for packaging, you must have a "workshop" and "workshop". The following six directories are required:
Directory function
The location where the BUIILD source code is stored after decompression. Compile the BUIILD in this directory.
The rpm package storage location after RPMS is created. The rpm Package is placed in the subdirectory of the corresponding platform type.
Source material files used by SOURCES to create an rpm package, including the source code package and other
The location where SPECS stores the spec file. The extension name is generally. spec.
SRPMS stores rpm packages in src format
Use install to temporarily install BUILDROOT to this directory and use this directory as the root.
If the redhat system is used, these directories can be in the/usr/local/src directory, but these directories are not in centos, so you need to create them by yourself, general user directories are used to create these directories, and the locations of these directories are controlled by macros.

Rpmbulid-showrc displays all macros, starting with an underscore (_). It defines the environment usage. It also contains two underscores (_): commands. Why define macros? Because different systems may have different storage locations for commands, you can find the real storage location of commands through macro definition.
Check the default workshop. If we modify this macro, we can customize the workshop.

[Zhanghong @ localhost ~] $ Rpmbuild -- showrc | grep topdir
-14: _ builddir % {_ topdir}/BUILD
-14: _ buildrootdir % {_ topdir}/BUILDROOT
-14: _ rpmdir % {_ topdir}/RPMS
-14: _ sourcedir % {_ topdir}/SOURCES
-14: _ specdir % {_ topdir}/SPECS
-14: _ srcrpmdir % {_ topdir}/SRPMS
-14: _ topdir/home/zhanghong/rpmbuild/

We can find that the directories in these workshops are under the macro directory % {_ topdir}. The custom _ topdir directory is/home/zhanghong/rpmbuild, then I use zhanghong, a user who creates the following directories in the home directory. Run the following command:
[Zhanghong @ localhost ~] $ Mkdir-pv rpmbuild/{RPMS, SRPMS, SOURCES, SPECS, BUILD, BUILDROOT}
To customize macros, you need to create the. rpmmacros file in the current user's home directory, and then write the macro variables and corresponding values, as shown in the figure below:
[Zhanghong @ localhost ~] $ Cat. rpmmacros
% _ Topdir/home/zhanghong/rpmbuild/
% _ Gpg_name ZhangHong
% _ Signature gpg

After writing the code, save it and run the rpmbuild-showrc command to check whether the value has taken effect.

2. rpm production process:

In the sources Directory, we put all the source code packages. In the specs Directory, we write the spec file, and then we use the rpmbuild command to create it. First, the system will read the SOURCES directory and decompress the files under the SOURCES directory to the BUILD directory. After decompression, the subdirectory of the BUILD software package will be generated, then it will jump to the package directory to execute the compilation process, configure make. After make is complete, it is necessary to install it. It will not be installed in the system, it will be installed in a temporary directory, it will be installed in the BUILDROOT directory, and the BUILDROOT directory will be treated as the root directory of the system. After the file is generated. To package the file, we need to perform the clean section, and delete the BUILDROOT and BUILD decompressed folders.
3. rpm package creation schematic

III. spec file introduction (most important)

1. Basic Introduction
The spec file contains the following information:
1) the basic information of the software is the information we see using the rpm-qi software package.
2) in the pre preparation stage, this operation is to decompress the file to the BUILD directory.
3) compile the source code package based on the compiled parameters.
4) install the compiled files in the installation phase.
5) in the cleaning phase, after the package is created, the files generated by the compilation will be cleared.
6) file list: specifies the file list that constitutes the package. The file list cannot contain many files or be small. An error is returned.
7) the modification log is the software modification log.
2. spec file examples and explanations
(The following spec file is the production of nginx-1.9.3 spec file)
% Define nginx_user nginx // use the % define command to define the nginx_user value as nginx. You can use % {nginx_user} to call this value.
Name: nginx // package Name. The "-" symbol cannot be used.
Version: 1.9.3 // Version of the software package
Release: 2% {? Dist} // software release number. The default value is 1. Add 1 at a time to indicate the number of packages.
Summary: A free, open-source, high-performance HTTP server and reverse proxy // package overview
Group: application/Internet // software package category. This category is not gibberish and must be a Group in the/usr/share/doc/rpm-4.8.0/GROUPS file.
License: BSD // authorization protocol. This authorization protocol is generally described in the software package and cannot be written in disorder.
URL: http://nginx.org/download/?name=-##version=.tar.gz // package homepage address
Source0: unzip your name‑‑‑dimensional version‑.tar.gz // create the source code file of the rpm Package. If there are multiple files, it starts from 0, such as Source0 and Source1.
Source1: nginx. sysinit // same as above. Nginx startup script
BuildRoot: % {_ topdir}/BUILDROOT // The root of the installation. During packaging, the files installed after compilation will be placed in this directory.
Vendor: http://www.lookingss.org // The identifier of the publisher or package Organization
Packager: zhanghong <1259001226@qq.com> // prepared by the package and mailbox, the format cannot be wrong
BuildRequires: the software packages required by pcre-devel, openssl-devel, and openssl // when compiling the software. It doesn't matter if the software is not fully written.
Requires: gcc // run the required software package
Provides: functions provided by webserver.
% Description // description of the software package
Nginx [engine x] is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP proxy server, originally written by Igor Sysoev. for a long time, it has been running on your heavily loaded Russian sites including Yandex, Mail. ru, VK, and Rambler. according to Netcraft, nginx served or proxied 22.27% busiest sites in July 2015. here are some of the success stories: Netflix, WordPress.com, FastMail. FM.
Note: The following sections are the basic information of the software. The four names Name Version Release Group are required.
% Prep // prepare the compilation phase
% Setup-q // In this step, extract the file to the BUILD directory.
Note:
% Setup-n % {name}-% {version} decompress the source code package and set it up. Generally, you can use % setup-c, but there are two situations: one is to compile multiple source code packages at the same time; the other is that the name of the source code tar package is different from that of the extracted Directory. In this case, you need to use the-n parameter to specify it.
Appendix:
% Build // compilation phase
Export DESTDIR = % {buildroot} specifies the installation directory as buildroot
./Configure \
-- Sbin-path =/usr/sbin/nginx \
-- Conf-path =/etc/nginx. conf \
-- Error-log-path =/var/log/nginx/error. log \
-- Http-log-path =/var/log/nginx/access. log \
-- Pid-path =/var/run/nginx. pid \
-- User = % {nginx_user }\
-- Group =%{ nginx_user }\
With-poll_module \
With-http_sub_module \
With-http_flv_module \
With-http_gzip_static_module \
-- Http-fastcgi-temp-path =/var/tmp/nginx/fastcgi \
-- Http-client-body-temp-path =/var/tmp/nginx/client // The above is the compilation parameter. The default value is % configure, we recommend that you delete the default % configure and write the compilation parameters by yourself.
Make % {? _ Smp_mflags} // for compilation, followed by % {? _ Smp_mflags} indicates that the _ smp_mflags macro is enabled. If the macro _ smp_mflags is not supported, the smp_mflags macro is enabled. If the macro is enabled on a machine with multiple cpu cores
% Install // installation phase
Rm-rf % {buildroot}
Make install DESTDIR = % {buildroot}
% {__ Install}-p-d-m 0755% {buildroot}/var/tmp/nginx/fastcgi
% {__ Install}-p-d-m 0755% {buildroot}/var/tmp/nginx/client
% {__ Install}-p-d-m 0755% {buildroot}/usr/local/nginx/proxy_temp
% {__ Install}-p-d-m 0755% {buildroot}/usr/local/nginx/scgi_temp
% {__ Install}-p-d-m 0755% {buildroot}/usr/local/nginx/uwsgi_temp
% {__ Install}-p-d-m 0755% {buildroot}/var/log/nginx
% {__ Install}-p-d-m 0755% {buildroot}/var/run/nginx
% {__ Install}-p-D-m 0755% {SOURCE1 }%{ buildroot}/etc/rc. d/init. d/nginx
Note: The preceding commands are used to operate directories and copy files. If you do not understand the parameters, see the install command, in fact, you can also use the rpmbuild -- showrc command to learn that the macro % {__ install} refers to the install command.
% Clean // cleaning stage
Rm-rf % {buildroot} // delete the buildroot Directory
% Pre // before installation
If [$1 = 1];
Then
/Usr/sbin/useradd-s/sbin/false-M % {nginx_user}>/dev/null 2> & 1 |:
Fi
% Post // operation after installation
If [$1 = 1];
Then
/Sbin/chkconfig -- add % {name}
Fi
% Preun // before detaching
If [$1 = 0];
Then
/Sbin/service % {name} stop
/Sbin/chkconfig -- del % {name}
Fi
Note: $1 has three values. 1 indicates that 0 is installed, and 2 indicates that upgrade is performed.
% Files // File list segment. This stage is to package the previously compiled content.
% Defattr (-, root, root,-) // specify the default permission
% Doc CHANGES LICENSE README
% {_ Sbindir}/% {name}
% Dir/var/run/nginx
% Dir/var/log/nginx
/Var/tmp/nginx/
/Usr/local/nginx/
/Usr/local/nginx/html/50x.html
/Usr/local/nginx/html/index.html
% Config (noreplace)/etc/nginx/% {name}. conf
% Config (noreplace)/etc/nginx/mime. types
% Config (noreplace)/etc/nginx/fastcgi. conf
% Config (noreplace)/etc/nginx/fastcgi_params
% Config (noreplace)/etc/nginx/koi-utf
% Config (noreplace)/etc/nginx/koi-win
% Config (noreplace)/etc/nginx/scgi_params
% Config (noreplace)/etc/nginx/uwsgi_params
% Config (noreplace)/etc/nginx/win-utf
% Config (noreplace)/etc/nginx/fastcgi. conf. default
% Config (noreplace)/etc/nginx/fastcgi_params.default
% Config (noreplace)/etc/nginx/mime. types. default
% Config (noreplace)/etc/nginx. conf. default
% Config (noreplace)/etc/nginx/scgi_params.default
% Config (noreplace)/etc/nginx/uwsgi_params.default
% Attr (0755, root, root)/etc/rc. d/init. d/% {name}
% Attr (0755, % {nginx_user}, % {nginx_user})/var/tmp/nginx
% Attr (0755, % {nginx_user}, % {nginx_user})/usr/local/nginx
Note:
1.% config indicates that the file is a configuration file, while noreplace indicates that the file is not replaced. For example, if you install a software package and upgrade it, if the configuration file is not modified, it will be replaced directly, if any modification is found, the original new configuration will be renamed. new
2. All files in % {buildroot} should be specified whether to be packaged into rpm. What does it mean? Assume that the % {buildroot} directory contains four directories a, B, c, and d, and only specify a and B in % files to be packaged into rpm, if you do not declare c and d with exclude, an error is returned;
3. If the file or directory that does not exist in % {buildroot} is declared, an error is returned.
% Changelog
* Tue Aug 2 2015 zhanghong <1259001226@qq.com>-1.9.3-2
-Add temp directory
* Sat Aug 1 2015 zhanghong <1259001226@qq.com>-1.9.3-1
-Initial version
Note:
1. Modify the log. The standard format is
* Date + "% a % B % d % Y" modifier email this version x. y. z-p (* English abbreviation of the week English abbreviation of the month, day, and year modifier name modifier email version number)
-Content of this change.

3. rpm packaging
After writing the spec file, you need to use the rpmbuild command for packaging.
Basic format: rpmbuild [options] [spec documentation]
Option:
-Bp # Only execute the % pre segment of the spec (patch the source code package, that is, only prepare)
-Bc # execute the % pre and build segments of spec (prepare and compile)
-Bi # execute % pre, % build and % install in spec (prepare, compile and install)
-Bl # Check the % file segment in the spec (check whether the file is complete)
-Ba # Create source code package and binary package (commonly used)
-Bb # create binary packages only (commonly used)
-Bs # create only source code packages
Generate the source code package and binary package
[Zhanghong @ localhost ~] $ Rpmbuild-ba nginx-1.9.3.spec
After successful execution, you can see the generated binary package (. src. rpm) and the source package (. src. rpm) generated by SRPMS in the RPMS directory)
Note: it is recommended that you start the package. You can test the package in one phase and one Phase first. Use bp and then use bc to ensure that there is no problem with the process in each phase. Finally, use ba to pack all the packages.

IV. RPM package signing key
1. Introduction

RPM is the standard for installing and managing software on Redhat and SUSE. Metadata package processing software such as Yum and Zypper can easily install software packages. However, RPM may be risky because it automatically executes the script with the root permission during installation. Therefore, make sure that the RPM package you are using is trustworthy. You can use the GPG key to sign your own RPM packages.
2. Operation
1) installation

[Zhanghong @ localhost ~] $ Yum install gnupg-y
# The system is basically installed. Therefore, you do not need to manually install yum.
2) generate a key
[Zhanghong @ localhost ~] $ Gpg -- gen-key
After you press enter, a large text section will pop out:
Gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is no warranty, to the extent permitted by law.
# Copyright notice
Please select what kind of key you want:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (sign only)
(4) RSA (sign only)
Your selection?
# Please select the encryption method, which is generally the default
Press Enter. The first option is selected by default, indicating that the RSA algorithm is used for encryption and signature.
Then, the system will ask you about the key length.
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
# The default value is 2048 bits. The longer the key, the more secure it is.
Press enter, and the default value is 2048 bits.
Then, set the key validity period.
Please specify how long the key shocould be valid.
0 = key does not expire
<N> = key expires in n days
<N> w = key expires in n weeks
<N> m = key expires in n months
<N> y = key expires in n years
Key is valid? (0)
# The default option is 0, 0, indicating that the instance will never expire. n indicates that the instance will expire after n, and nw indicates that the instance will expire after n weeks, which is n months and n Years in turn.
The general option will never expire.
After answering the above three questions, the system will ask you to confirm
Is this correct? (Y/N)
Enter y to ask for personal information.
GnuPG needs to construct a user ID to identify your key.
Real name:
# Real Name
After entering the information, you will be asked to enter an email.
GnuPG needs to construct a user ID to identify your key.
Real name: Zhang Hong
Email address:
# Input email
After the input, you will be asked to enter comments
Real name: Zhang Hong
Email address: 1259001226@qq.com
Comment:
# Enter comments or empty
After the input, the system will ask you to confirm.
GnuPG needs to construct a user ID to identify your key.
Real name: Zhang Hong
Email address: 1259001226@qq.com
Comment: Test Key
You selected this USER-ID:
"Zhang Hong (Test Key) <1259001226@qq.com>"
Change (N) ame, (C) omment, (E) mail or (O) kay/(Q) uit?
# Input O indicates Okay confirmation. Input other values to modify the corresponding values.
Input O to confirm. Then, wait for the key to be generated.
3) export key
[Zhanghong @ localhost ~] $ Gpg -- list-key # list keys
/Home/zhanghong/. gnupg/pubring. gpg
----------------------------------
Pub 1024R/3AB354FD 2015-08-11
Uid Zhang Hong (soft of du-game.com) <1259001226@qq.com>
Sub 1024R/D9CC5C71 2015-08-11
# The generated key is displayed.
[Zhanghong @ localhost ~] $ Gpg -- export-a 'Zhang Hong '> RPM-GPG-KEY-DUGAME
4) sign the key for the rpm Package
You need to add two rpm macro variable values. Edit ~. /Rpmmacros file
[Zhanghong @ localhost ~] $ Vim ~ /. Rpmmacros
% _ Gpg_name Zhang Hong
% _ Signature gpg
# Gpg_name corresponds to the previous Real Name
Sign the key after adding it.
[Zhanghong @ localhost ~] $ Rpm -- addsign zabbix-server-2.4.6-3.el6.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
Zabbix-server-2.4.6-3.el6.x86_64.rpm:
Then, import the public key to the machine on which the installation package is required.
[Root @ localhost RPMS] # rpm -- import RPM-GPG-KEY-DUGAME
View package status
    

Check whether the package is normal

[Root @ localhost RPMS] # rpm -- checksig wxWidgets-3.0.2-1.el6.x86_64.rpm
WxWidgets-3.0.2-1.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
Since then, the RPM Package has signed the key.
5. Add later
1. Other spec file options
Build Arch: indicates the compiled target processor architecture. The noarch identifier is not specified, but the default value is usually the content in/usr/lib/rpm/marcros.