Rpmbuild
From Ezee.co.uk
Contents |
[edit] How to Roll your own RPM's
Recently I had need to roll software across multiple servers. most of the packages I needed to roll out were in source.tar.gz format and the job of installing a compiler and -devel packages, doing the ./configure make make install cycle for this many servers was going to be a nightmare. I decided to make them into RPM's and include everything including the configuration files for each package. This turned out to be harder than I thought as documentation for making rpm's is not that easy to find. Below I cover as much as I can on how to make your own RPM. Please note it took me a couple of hours to figure it out and the information below although works for the specified packages may not work for other software as I had to experiment to get it to work. It should help though.
[edit] Caveats and bad habits
In most of the instructions and old tutorials I could find they generally said it was a bad idea to do this as root. They didn't explain why so I started doing this a user called rpmmaker. This turned out to be a nightmare having to su to root then come back again to do anything. I ended up just working as root and getting on with it. Personally I am comfortable working as root and can work much much quicker. However if you want to ensure you are not causing any security issues please don't do this as root.
[edit] Create the base directory structure
Create a directory to keep everything in, I called mine rpm
Within this directory make the following directories
SOURCE
BUILD
RPMS
SRPMS
SPEC
[edit] SOURCE
This is where you put the source.tar.gz file and any patch files you want to apply
[edit] BUILD
This directory is where the source is extracted to and the build actually takes place.
[edit] RPMS
This is where the .rpm will be saved to after creation. for an i386 rpm it will go in a sub-directory called i386.
[edit] SRPM
This is where the source .rpm will be saved after creation.
[edit] SPEC
This is where the nightmare .spec files are stored.
[edit] create your SPEC/package-name.spec file
This is the meat and bones of the thing and is what will cause the most headaches.
Here is my .spec file for modsecurity running under centos 5
%define name modsecurity-apache
%define version 2.1.2
%define release 1
Summary: Mod Security for Apache.
Name: %{name}
Version: %{version}
Release: %{release}
Source: http://www.modsecurity.org/download/modsecurity-apache-2.1.2.tar.gz
Patch0: modsecurity.patch
Vendor: Mod Security
URL: http://www.modsecurity.org/
License: LGPL
Group: System Environment/Libraries
Prefix: %{_prefix}
%description
This package contains the software for mod_security.
%package devel
Summary: Libraries, includes to develop applications with %{name}.
Group: Development/Tools
Requires: %{name} = %{version}
%description devel
The %{name}-devel package contains the header files and static libraries for
building applications which use %{name}.
%prep
%setup -q
%patch -p0
%build
cd apache2
make
%install
cd apache2
make install
cd ../rules
cp *conf /etc/httpd/conf.d/
echo >/etc/httpd/conf.d/anti-hack.conf LoadModule unique_id_module modules/mod_unique_id.so
echo >>/etc/httpd/conf.d/anti-hack.conf LoadFile /usr/lib/libxml2.so
echo >>/etc/httpd/conf.d/anti-hack.conf LoadModule security2_module modules/mod_security2.so
/etc/rc.d/init.d/httpd restart
%clean
%files
/usr/lib/httpd/modules/mod_security2.so
/etc/httpd/conf.d/anti-hack.conf
/usr/lib/libxml2.so
/etc/httpd/conf.d/modsecurity_crs_10_config.conf
/etc/httpd/conf.d/modsecurity_crs_20_protocol_violations.conf
/etc/httpd/conf.d/modsecurity_crs_21_protocol_anomalies.conf
/etc/httpd/conf.d/modsecurity_crs_30_http_policy.conf
/etc/httpd/conf.d/modsecurity_crs_35_bad_robots.conf
/etc/httpd/conf.d/modsecurity_crs_40_generic_attacks.conf
/etc/httpd/conf.d/modsecurity_crs_45_trojans.conf
/etc/httpd/conf.d/modsecurity_crs_50_outbound.conf
%doc CHANGES LICENSE README.TXT
