rpm 包创建
安装 rpmbuild 和 rpmdevtools工具
1
2[root@localhost ~]# yum -y install rpm-build
[root@localhost ~]# yum -y install rpmdevtools查看rpm包版本
1
2[root@localhost ~]# rpm --version
RPM version 4.11.3查看rpmbuild的默认位置
1
2
3
4
5
6//查看rpmbuild位置
[root@localhost ~]# grep -w '%_topdir' /usr/lib/rpm/macros
%_topdir %{getenv:HOME}/rpmbuild
//手动指定rpmbuild位置
[root@localhost ~]# echo "%_topdir $HOME/rpmbuild" | tee ~/.rpmmacros生成rpmbuild目录
1
2
3
4
5
6
7
8[root@localhost ~]# rpmdev-setuptree
[root@localhost ~]# tree rpmbuild/
rpmbuild/
├── BUILD
├── RPMS
├── SOURCES
├── SPECS
└── SRPMS生成SPEC配置文件
1
[root@localhost ~]# rpmdev-newspec -o rpmbuild/SPECS/wisdom-nginx-1.10.2.spec
SPEC配置文件说明
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144[root@localhost ~]# vim rpmbuild/SPECS/wisdom-nginx-1.10.2.spec
# 定义变量
%define realname wisdom-nginx
%define realver 1.10.2
%if 0%{?suse_version}
%define USER apache
%define GROUP apache
%define PREFIX /mnt/app/nginx
%else
%define USER apache
%define GROUP apache
%define PREFIX /mnt/app/nginx
%endif
# 第一阶段:设置基础信息
# 1.软件包信息
Name: %{realname}
Version: %{realver}
Release: 1%{?dist}
Summary: wisdom nginx
Group: Applications/Archiving
License: GPLv2
URL: http://nginx.org/en/download.html
Packager: 刘朋 <smallasa@sina.com>
Vendor: 众荟
# 2.源码包和文件
Source0: nginx-1.10.2.tar.gz
Source1: init.nginx
Source2: nginx.conf
# 3.安装位置
BuildRoot: %{PREFIX}
# 4.软件依赖包
BuildRequires: gcc
Requires: openssl,openssl-devel,pcre,pcre-devel
# 5.软件详细信息
%description
众荟 慧通 nginx 软件包 wisdom-nginx-1.10.2.tar.gz
# 第二阶段: 准备阶段(解压,并进入目录)
%prep
%setup -q
# 第三阶段: 编译阶段
%build
./configure \
--prefix=%{PREFIX} \
--user=%{USER} \
--group=%{GROUP} \
--with-select_module \
--with-poll_module \
--with-threads \
%if 0%{?suse_version} || 0%{?fedora} || 0%{?rhel_version} || 0%{?centos_version} >= 600
--with-file-aio \
%endif
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_v2_module \
--with-http_realip_module \
--with-http_addition_module \
--with-http_geoip_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_auth_request_module \
--with-http_degradation_module \
--with-google_perftools_module \
--with-pcre \
--with-libatomic
make %{?_smp_mflags}
# 第四阶段: 安装阶段
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=%{buildroot}
%{__install} -p -D -m 0755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/nginx
%{__install} -p -D %{SOURCE2} %{buildroot}/usr/local/nginx/conf/nginx.conf
%{__install} -p -D %{SOURCE3} %{buildroot}/usr/local/nginx/conf/fastcgi_params
# 第五阶段: 将文件拷贝到相应目录,并授权
%files
%defattr(-,root,root,0755) /usr/local/nginx/
%attr(0755,root,root) /etc/rc.d/init.d/nginx
%config(noreplace) /usr/local/nginx/conf/nginx.conf
%config(noreplace) /usr/local/nginx/conf/fastcgi_params
%doc
%dir
# 第六阶段: 在安装/卸载 rpm包 前/后 执行的脚本
# 1.rpm 安装前执行的脚本
%pre
# 1:表示安装;2:表示升级;3:表示卸载
if [ $1 == 1 ];then
/usr/sbin/useradd -s /sbin/nologin nginx 2>/dev/null
fi
# 2.rpm 安装后执行的脚本
%post
if [ $1 == 1 ];then
echo '# Add sysctl.conf
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000927000000
net.ipv4.tcp_max_orphans = 3276800
#net.ipv4.tcp_fin_timeout = 30
#net.ipv4.tcp_keepalive_time = 120
net.ipv4.ip_local_port_range = 1024 65535' |tee -a /etc/sysctl.conf
sysctl -p 2>&1 /dev/null
fi
# 3.rpm卸载前执行的脚本
%preun
if [ $1 == 0 ];then
/etc/init.d/nginx stop > /dev/null 2>&1
userdel -r nginx 2>/dev/null
fi
# 4.rpm卸载后执行的脚本
%postun
第七阶段: 更新日志
%changelog
* Thu Wed 26 2014 smallasa <smallasa@sina.com> - 1.10.2
- Initial version制作rpm包
1
2
3
4
5rpmbuild -bp nginx.spec 制作到%prep段
rpmbuild -bc nginx.spec 制作到%build段
rpmbuild -bi nginx.spec 执行spec文件的 "%install" 阶段(在执行了%prep和%build阶段之后).这通常等价于执行了一次 "make install"
rpmbuild -bb nginx.spec 制作二进制包
rpmbuild -ba nginx.spec 表示既制作二进制包又制作src格式包
rpm包的签名
查询软件包信息
1
2
3
4
5
6
7
8
9
10
11
12
13[root@localhost ~]# rpm -qi nginx
Name : nginx Relocations: (not relocatable)
Version : 1.7.7 Vendor: smallasa
Release : 3.el6 Build Date: Wed 26 Nov 2014 06:39:00 PM CST
Install Date: Wed 26 Nov 2014 06:42:19 PM CST Build Host: localhost
Group : Applications/Archiving Source RPM: nginx-1.7.7-3.el6.src.rpm
Size : 793593 License: GPLv2
Signature : (none) # rpm包未签名状态
Packager : nmshuishui <353025240@qq.com>
URL : http://nmshuishui.blog.51cto.com/
Summary : nginx-1.7.7.tar.gz to nginx-1.7.7.rpm
Description :
Custom a rpm by yourself!Build nginx-1.7.7.tar.gz to nginx-1.7.7.rpm使用gpg方式生成签名密钥
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25[root@localhost ~]# gpg --gen-key
Your selection?1<Enter> #默认即可
What keysize do you want? (2048) 1024<Enter> #选择密钥长度
Key is valid for? (0) 1y<Enter> #有效期
Is this correct? (y/N) y<Enter> #确认
Real name: smallasa<Enter> #密钥名称
Email address: smallasa@sina.com<Enter> #邮件
Comment: GPG-RPM-KEY<Enter> #备注
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O<ENTER> #okay确认
Enter passphrase OK <Enter> #按Enter输入密码
<Take this one anyway> <Enter> #确认使用此密码
#####
在生成密钥的时候,会报这么一个信息:can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory,可以不用理会它.接下来就是一些随机数的说明了:We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
就狂敲键盘和移动鼠标吧,也可以链接一个伪随机数(不过不安全),接下来就是等待了
生成密钥后会是这样的:
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 2048R/DF63EDFB 2014-11-26
Key fingerprint = 338D 476F 29C9 E2D6 6604 1D96 6F73 1E81 DF63 EDFB
uid smallasa (gen-key) <smallasa@sina.com>
sub 2048R/263FB359 2014-11-26查看生成的密钥
1
2
3
4
5
6[root@localhost ~]# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/DF63EDFB 2014-11-26
uid smallasa (gen-key) <smallasa@sina.com>
sub 2048R/263FB359 2014-11-26导出公钥以供验证
1
[root@localhost ~]# gpg --export -a "smallasa" > RPM-GPG-KEY-smallasa
在~/.rpmmacros宏中定义加密密钥
1
2[root@localhost ~]# vim ~/.rpmmacros
%_gpg_name smallasa为rpm包签名
1
2
3
4[root@localhost ~]# rpm --addsign /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm
Enter pass phrase:
Pass phrase is good.
/home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm:将公钥导入rpm包
1
[root@localhost ~]# rpm --import RPM-GPG-KEY-smallasa
验证
1
2[root@localhost ~]# rpm --checksig /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm
/home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK重新安装nginx,验证安装包的签名信息
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17[root@localhost ~]# rpm -ivh /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm
Preparing... ########################################### [100%]
1:nginx ########################################### [100%]
[root@localhost ~]#
[root@localhost ~]# rpm -qi nginx
Name : nginx Relocations: (not relocatable)
Version : 1.7.7 Vendor: smallasa
Release : 3.el6 Build Date: Wed 26 Nov 2014 06:39:00 PM CST
Install Date: Thu 27 Nov 2014 10:58:44 AM CST Build Host: localhost
Group : Applications/Archiving Source RPM: nginx-1.7.7-3.el6.src.rpm
Size : 793593 License: GPLv2
Signature : RSA/SHA1, Thu 27 Nov 2014 10:40:02 AM CST, Key ID 6f731e81df63edfb # 与 1 比起来,多了签名信息
Packager : nmshuishui <353025240@qq.com>
URL : http://nmshuishui.blog.51cto.com/
Summary : nginx-1.7.7.tar.gz to nginx-1.7.7.rpm
Description :
Custom a rpm by yourself!Build nginx-1.7.7.tar.gz to nginx-1.7.7.rpm