RPM Package Manager

From Omnia
Jump to navigation Jump to search

RPM Package Manager (RPM)

RPM Package Manager (RPM):

"The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. Each software package consists of an archive of files along with information about the package like its version, a description, and the like." [1]

RPM Commands

# List all installed packages
rpm -qa
# List installed package by name
rpm -q <package>
# List installed package details
rpm -qi <package>
# List files in an installed package
rpm -ql <package>
# List state of all files in an installed package (similar to -l)
rpm -qs <package>
# Verify installed package (check to see if any files have been changed)
rpm -V <package>
rpm -Vv <package>
rpm -qa -V  # show all files that have changed from all packages
# List package details (does not have to be installed)
# Tell me all about the package contained in <file>.rpm, which doesn't have to be installed.
rpm -qpi <file>.rpm
# List package contents (does not have to be installed)
rpm -qpl <file>.rpm
rpm -qpvl <file>.rpm
# Show which package file came from
rpm -qf <file>
# List packaged documentation
rpm -qpd <file>.rpm
# List packaged configuration files
rpm -qpc <file>.rpm
# Check if you were bitten by the FC6 i686 bug:
rpm -q --qf='%{name}-%{version}-%{release}.%{arch}\n' kernel
rpm -qa --queryformat "%{NAME}-%{VERSION}.%{RELEASE} (%{ARCH})\n"
# Rebuild RPM database: (generally does not happen with FC)
rm -f /var/lib/rpm/__db*
rpmdb -vv --rebuilddb
# List RPM dependencies: [2]
rpm -qpR [file.rpm]
rpm -qR [package]
rpm -q --requires [package]
# Remove a package:
rpm -e [package]
# Install a package:
rpm -Uvh [file.rpm]

How to extract SPEC file from a Source RPM

How to extract spec file from rpm file:

"A .spec is similar to a Makefile. When you install an application from tarball it (usually) doesnt automagically install the Makefile. When you make a rpm from spec it doesnt include the spec file. So, no there isnt any way."

To see scripts:

rpm -qp --scripts <file>.rpm

Extract SPEC file from source RPM:

"You can extract the spec file from a source rpm file (some times a binary rpm file), using command:"
rpm2cpio {FullNameOfSourceRPM} | cpio -iumd {NameOfSourceRPM.spec}

List files in rpm file:

rpm -qpl [file.rpm]
rpm2cpio [file.rpm] | cpio -t

Extract RPM contents from RPM:

rpm2cpio [file.rpm] | cpio -idmv
i: Restore archive
d: Create leading directories where needed
m: Retain previous file modification times when creating files
v: Verbose i.e. display progress

Signing

Signing RPM [3]

Generate gpg key:

gpg --gen-key
gpg --armor --export kenneth@kennethburgener.org > RPM-GPG-KEY-kenneth

Configure rpm (~/.rpmmacros):

%_signature gpg
%_gpg_name kenneth@kennethburgener.org
#or %_gpg_name Kenneth Burgener

Check signatures:

rpm --checksig [file(s).rpm]
rpm -K [file(s).rpm]

# signed:
[file.rpm]: (sha1) dsa sha1 md5 gpg OK

# not signed:
[file.rpm]: md5 OK

Delete signature:

rpm --delsign [file(s).rpm]

NOTE: You cannot resign an RPM v3 file with RPM v4. When you go to check the signature you will see an error.

# Check RPM file version
rpm -qp [file.rpm] --qf '%{rpmversion}\n'
# Error when trying to install a bad signed RPM with Yum
warning: rpmts_HdrFromFdno:  Header V3 DSA signature: NOKEY, key ID [ID]
Public key for [PACKAGE] is not installed

Resign package:

rpm --resign [file(s).rpm]
rpm --addsign [file(s).rpm]
[trogdor@hal i386]$ rpm --resign *rpm
error: You must set "%_gpg_name" in your macro file
Pass phrase check failed

[trogdor@hal i386]$ cat > ~/.rpmmacros
%_gpg_name      Kenneth Burgener

You cannot sign a version 3 RPM file. Show RPM file's version:

rpm -qp [file.rpm] --qf '%{rpmversion}\n'

Import signature:

rpm --import [signature_file]

List imported signatures:

rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> %{summary}\n'

Automate Signing

"You can automate it by not putting a password on the gpgkey. most of the rpms are manually signed for this reason. and all of extras are manually signed. the only automated signed would be in rawhide and i think they are generally not signed at all.

iirc, even with a blank passwd, rpm's default behavior is to ask for a password anyway,

'expect' knows what to do :)

Yes, rpm always asks... And yes, expect knows what to do:

#!/usr/bin/expect
set p ""
set f [lindex $argv 0]
spawn rpm --resign $f
expect "Enter pass phrase:"
send -- "$p\r"
expect eof

The other way; Use perl (

http://search.cpan.org/~nanardon/RPM4-0.20/lib/RPM4.pm). RPM4 also knows how to do it..."

Reference: Re: automate rpm signing?: msg#00056

Rebuilding a SRPM

RPM Building Crash Course

Avoiding root

By default, RPM packages are built in the /usr/src/redhat directory, which is only writable by root. You can have the rpmbuild command use another directory (e.g., /home/your_userid/rpm) by putting this line in a file called .rpmmacros in your home directory:

%_topdir /home/your_userid/rpm

You must then create the following subdirectories in that directory:

cd /home/your_userid/rpm
mkdir SOURCES SPECS BUILD SRPMS
mkdir -p RPMS/i386 RPMS/athlon RPMS/i486 RPMS/i586 RPMS/i686 RPMS/noarch

Example:

echo "%_topdir $HOME" > ~/.rpmmacros
mkdir $HOME/rpm
cd $HOME/rpm
mkdir SOURCES SPECS BUILD SRPMS
mkdir -p RPMS/i386 RPMS/athlon RPMS/i486 RPMS/i586 RPMS/i686 RPMS/noarch

Building from a source RPM (SRPM)

Install the .src.rpm file this way:

rpm -i somepackage-1.0-1.src.rpm

This will create files in the SOURCES directory of your RPM building directory tree, and a .spec file in the SPECS directory.

Then go the SPECS directory and give the command to build the RPM:

cd /home/your_userid/rpm/SPECS
rpmbuild -bb somepackage.spec

Give the -ba option instead if you also want to build the SRPM. The binary RPM packages will typically be created in the RPMS/i386 directory (on a PC-based system).


Rebuilding a source RPM (SRPM)

mkdir -p /usr/src/redhat/
rpmbuild --rebuild sourcerpm.src.rpm

Building from a source archive

When a source archive (e.g., somepackage-1.0.tar.gz) contains a .spec file, one can give the following command to build the RPM without having to deploy the archive:

rpmbuild -tb somepackage-1.0.tar.gz

Give the -ta option instead if you also want to build the SRPM.

7. Building RPMS from SOURCE or SRPMS

7. Building RPMS from SOURCE or SRPMS

If you haven't done so before: It is easy to build or rebuild RPMS from SRPMS. Let's get a quick overview how we build RPMS in our HOWTO.

IMPORTANT NOTE: Never build RPMS as root.

  1. Log into your machine as a regular user.
  2. create a mirror image of the main RPM directory structure in your $HOME and
  3. tell RPM to use these directories instead of the original ones.

7.1. Create RPM directories

RPM needs a certain directory structure to build RPMS from SOURCE or from SRPMS. When we build them as non-root user, we cannot use the default location because only root is allowed to write to those directories. So we create the same directory structure in our regular users $HOME-directory:

[user@example.com]$ mkdir $HOME/rpm $HOME/rpm/SOURCES $HOME/rpm/SPECS $HOME/rpm/BUILD $HOME/rpm/SRPMS $HOME/rpm/RPMS $HOME/rpm/RPMS/i386

When we are done with this, the directory tree of the new rpm directory in our $HOME-directory should look like that:

Example 1. directory tree of new rpm directory

rpm
|-- BUILD
|-- RPMS
|   `-- i386
|-- SOURCES
|-- SPECS
`-- SRPMS

7.2. Set environment variables

Now we need to tell the RPM-Manager that the non-root user wants this location to build RPMS instead of the default location.

[user@example.com]$ echo "%_topdir $HOME/rpm" >> $HOME/.rpmmacros

Note: If you want to dig deeper into building RPMS you can find excellent information in the Maximum RPM HOWTO at rpm.org.

Building a RPM

Max RPM

Install rpm build tools:

yum install rpm-build

Configuring your ~/.rpmmacros:

%packager	Kenneth Burgener <kenneth.burgener@oeey.com>
%vendor		Name of your project

%_topdir	/home/build/rpm
%_tmppath	/home/build/rpm/tmp

%_signature	gpg
%_gpg_name	kenneth.burgener@oeey.com
# %_gpg_name	Kenneth Burgener <kenneth.burgener@oeey.com>
%_gpgbin	/usr/bin/gpg
%_sourcedir	/home/build/rpm/SOURCE
%_specdir	/home/build/rpm/SPEC
%_srcrpmdir	/home/build/rpm/SRPMS
%_builddir	/home/build/rpm/BUILD
%_rpmdir	/home/build/rpm/RPMS

See current rpm configurations:

rpm --showrc | grep -i specdir

Create folders:

mkdir ~/rpm; cd ~/rpm
mkdir -p BUILD RPMS RPMS/i386 RPMS/noarch SOURCES SPECS SRPMS tmp

Building RPM and SRPM:

rpmbuild -ba package.spec

# spec in tar file:
rpmbuild -ta package.tar.gz

Check your binary packages for commonly overlooked errors (rpmlint website):

rpmlint [file.rpm]

Steps of: rpmbuild -ba [file.spec]

  • Read and parse the filename.spec file
  • Run the %prep section to unpack the source code into a temporary directory and apply any patches
  • Run the %build section to compile the code
  • Run the %install section to install the code into directories on the build machine
  • Read the list of files from the %files section, gather them up, and create binary and source RPM files
  • Run the %clean section to remove the temporary build directory

SPEC file

Install and uninstall scripts:

%pre     Runs before the package is installed
%post    Runs after the package is installed
%preun   Runs before the package is uninstalled
%postun  Runs after the package is uninstalled 
%pre-install
%post-install
%verify
%pre-uninstall
%post-uninstall

Tips:

  • These scripts will be deleted upon termination of a section, preventing you from looking at them. You can cheat and get a look at them by forcing an error in that section. Just add "exit 1" to your spec file in the appropriate section. Another useful thing is to "set; exit 1" in a spec file. This will exit and spit out a list of defined environment variables. Finally, you can place "bash -i" in a spec file to stop rpmbuild and drop to a shell where you can take a look around.
  • Use %config(noreplace) - this will save configuration files from being replaced or over-written on update.

Simple SPEC

Summary: CP Worker
Name: cp-worker
Version: 1.0
Release: 1
License: Commercial
BuildArch: noarch
Group: Applications
Source0: nx-thirdparty.jar
Source1: nx-upgrade.jar
Source2: log4j.properties
Source3: memcached.xml
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
Requires: cp-bootstrap


%description
%{summary}


%prep
#%setup -q
#

%build


%install
# Clean build root
%{__rm} -rf %{buildroot}

# Copy upgrade files
%{__mkdir} -p %{buildroot}/usr/cca/loader %{buildroot}/usr/cca/conf
%{__cp} -a %{SOURCE0} %{SOURCE1} %{buildroot}/usr/cca/loader
%{__cp} -a %{SOURCE2} %{SOURCE3} %{buildroot}/usr/cca/conf


%clean
%{__rm} -rf %{buildroot}


%pre

%post

%preun

%postun

%files
%defattr(-,cca,cca)
%doc README docs/*
/usr/*
%config /usr/cca/conf/memcache.xml
%config(noreplace) /usr/cca/conf/memcache2.xml


%changelog
* Wed Jul 12 2007 Jesse Keating <jkeating@redhat.com> - 2.10.0-2
- item 1
- item 2

* Wed Feb 12 2006 Jesse Keating <jkeating@redhat.com> - 2.10.0-1
- item 1
- item 2

Sample SPEC Files

nail

Summary: Nail
Name: nail
Version: 12.2
Release: 1
License: GPL
BuildArch: i386
Group: Applications
Source0: nail-12.2.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot


%description
Nail is a replacement for the mail command.  Nail allows for attachments.


%prep
%setup -q


%build
# Make nail
make

%install
# Clean build root
%{__rm} -rf %{buildroot}

# Install nail
make DESTDIR=%{buildroot} install


%clean
# Clean build root
rm -rf %{buildroot}


%pre


%files
%defattr(-,root,root,-)
/etc/nail.rc
/usr/local/bin/nail
/usr/local/share/man/man1/nail.1
%config /etc/nail.rc

Building a RPM Tutorials

IBM Packaging software with RPM:


Examples

RPM Version

Manual Dependencies - http://www.rpm.org/max-rpm-snapshot/s1-rpm-depend-manual-dependencies.html

Version Requirements

Version:

Version: 0.13.1
Version: 2.7
Requires: bar >= 2.7, baz = 2.1

Version with Release:

Release: 4
Requires: bar >= 2.7-4, baz = 2.1-1

Epoch numbers:

Epoch: 42
Requires: foo = 42:
Requires: foo >= 42:
Requires: foo >= 42:1.0

Note: You must include the epoch in a requires if it exists in the package. If you think of epoch numbers as being nothing more than very simple version numbers, you'll be on the mark. Epoch is the most significant component of a package's complete version identifier with regards to RPM's version comparison algorithm. It might seem that using epoch numbers is a lot of extra trouble, and you're right.

RPM HOWTO

To Read











References

Issues

error unpacking file

error: unpacking of archive failed on file /usr/java/jdk1.5.0_14/src.zip;481a3ec9: cpio: read

The rpm is corrupted. In this case it was the rpm in the yum cache was bad. Clean cache and try again.

yum clean all
yum install [package]

Sample SPEC files

Apache sample

Summary: apache web server
Name: apache
Version: 2.0.54
Release: 1
License: Apache
Group: application
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
%description
Apache is a great webserver

%prep
%setup -q

%build
./configure --prefix=/usr/local
make
make test

%install
rm -rf $RPM_BUILD_ROOT
make root=$RPM_BUILD_ROOT install

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%doc
/usr/*

Sample1

%define name skstream
%define version 0.2.2
%define release 1

Summary: Portable C++ classes for IP(sockets) applications.
Name: %{name}
Version: %{version}
Release: %{release}
Source: ftp://ftp.worldforge.org/pub/worldforge/libs/%{name}-%{version}.tar.gz
Vendor: The WorldForge Project
URL: http://www.worldforge.org/
License: LGPL
Group: System Environment/Libraries
Prefix: %{_prefix}

%description
This library contains C++ utility classes for using IP(sockets).

%package devel
Summary: Libraries, includes to develop applications with %{name}.
Group: Development/Libraries
Requires: %{name} = %{version}

%description devel
The %{name}-devel package contains the header files and static libraries for
building applications which use %{name}.

%prep
%setup -q

%build
if [ -x ./configure ]; then
  CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%{_prefix}
else
  CFLAGS="$RPM_OPT_FLAGS" ./autogen.sh --prefix=%{_prefix}
fi
make

%install
rm -rf $RPM_BUILD_ROOT
make DESTDIR=$RPM_BUILD_ROOT install

%clean
rm -rf $RPM_BUILD_ROOT

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%files
%defattr(-,root,root)
%doc AUTHORS ChangeLog COPYING INSTALL NEWS README TODO
%{_prefix}/lib/lib*.so.*

%files devel
%defattr(-,root,root)
%doc AUTHORS ChangeLog COPYING INSTALL NEWS README TODO
%{_prefix}/bin/*-config
%{_prefix}/lib/lib*.a
%{_prefix}/lib/lib*.so
%{_prefix}/include/*
%{_prefix}/share/aclocal/*

%changelog
* Thu Mar 7 2002 T.R. Fullhart <kayos@kayos.org>
- First draft of the spec file

Font RPM Example

Name: myfonts
Summary: Collection of My Funny Fonts
Version: 1.0
Release: 1
License: GPL
Group: User Interface/X
Source: %{name}.tar.gz
BuildRoot: %{_tmppath}/build-root-%{name}
BuildArch: noarch
Requires: freetype
Packager: Avi Alkalay <avi@unix.sh>
Prefix: /usr/share/fonts
Url: http://myfonts.com/

%description
These are the fonts used in our marketing campaign, designed by our marketing agency specially for us.
The package includes the following fonts: Bodoni, Bodoni Black, Company Logo, Outline Company Logo, etc.


%prep

%setup -q -n %{name}

%build

%install
mkdir -p $RPM_BUILD_ROOT/%{prefix}
cp -r %{name}/ $RPM_BUILD_ROOT/%{prefix}


%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(-,root,root,0755)
%{prefix}/%{name}


%post
{
	ttmkfdir -d %{prefix}/%{name} \
		-o %{prefix}/%{name}/fonts.scale
	umask 133
	/usr/X11R6/bin/mkfontdir %{prefix}/%{name}
	/usr/sbin/chkfontpath -q -a %{prefix}/%{name}
	[ -x /usr/bin/fc-cache ] && /usr/bin/fc-cache
} &> /dev/null || :


%preun
{
	if [ "$1" = "0" ]; then
		cd %{prefix}/%{name}
		rm -f fonts.dir fonts.scale fonts.cache*
	fi
} &> /dev/null || :

%postun
if [ "$1" = "0" ]; then
  /usr/sbin/chkfontpath -q -r %{prefix}/%{name}
fi
[ -x /usr/bin/fc-cache ] && /usr/bin/fc-cache



%changelog
* Thu Dec 14 2002 Avi Alkalay <avi@unix.sh> 1.0
- Tested
- Ready for deployment
* Thu Dec 10 2002 Avi Alkalay <avi@unix.sh> 0.9
- First version of the template

freshrpm-release

# $Id: freshrpms-release.spec 3341 2005-06-28 18:40:26Z thias $
# Authority: matthias

Summary: Freshrpms.net release file and package configuration
Name: freshrpms-release
Version: 1.1
Release: 1.fc
License: GPL
Group: System Environment/Base
Source0: GPL
Source1: RPM-GPG-KEY-freshrpms
Source2: freshrpms.repo
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildArch: noarch

%description
Freshrpms.net release file. This package also contains yum configuration to
use the freshrpms.net provided rpm packages, as well as the public gpg key
used to sign them.


%prep


%build


%install
%{__rm} -rf %{buildroot}
# Install license to be included in the docs and gpg key as pubkey
%{__cp} -a %{SOURCE0} %{SOURCE1} .
# Install gpg public key
%{__install} -D -p -m 0644 %{SOURCE1} \
    %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-freshrpms
# Install yum repo file
%{__install} -D -p -m 0644 %{SOURCE2} \
    %{buildroot}%{_sysconfdir}/yum.repos.d/freshrpms.repo


%clean
%{__rm} -rf %{buildroot}


%post
# Import Freshrpms.net gpg key if needed
rpm -q gpg-pubkey-e42d547b-3960bdf1 >/dev/null 2>&1 || \
    rpm --import %{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-freshrpms
# We don't want a possible error to leave the previous package installed
exit 0


%files
%defattr(-, root, root, 0755)
%doc GPL
%pubkey RPM-GPG-KEY-freshrpms
%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-freshrpms
%config(noreplace) %{_sysconfdir}/yum.repos.d/freshrpms.repo


%changelog
* Tue Jun 28 2005 Matthias Saou <http://freshrpms.net/> 1.1-1
- Put gpg public key in /etc/pki/rpm-gpg and add gpgkey line to yum file.

* Wed Nov 10 2004 Matthias Saou <http://freshrpms.net/> 1-1
- Initial RPM release, inspired by fedora-release.
- No /etc/freshrpms-release (for now at least), as it's basically useless :-)

apache scripts

[build@build rpm]$ rpm -q --scripts httpd

preinstall scriptlet (using /bin/sh):
# Add the "apache" user
/usr/sbin/useradd -c "Apache" -u 48 \
        -s /sbin/nologin -r -d /var/www apache 2> /dev/null || :

postinstall scriptlet (using /bin/sh):
# Register the httpd service
/sbin/chkconfig --add httpd

preuninstall scriptlet (using /bin/sh):
if [ $1 = 0 ]; then
        /sbin/service httpd stop > /dev/null 2>&1
        /sbin/chkconfig --del httpd
fi

Verify System Packages

Crackers frequently hack system utilities to hide their presence on the system, particularly things like /bin/ps, /bin/login, /bin/netstat (pretty much anything in the /bin, /usr/bin, /sbin, and /usr/sbin directories). For a quick list of rpm packages that might be affected you can do:

rpm -qf /bin/* /sbin/* | sort -u > /tmp/critpackages

Then a quick check for changed files. This doesn't show the package names, but that's easy to find with ``rpm -qf fname.

rpm -V `cat /tmp/critpackages`

Source: CentOS - OT: Ping failed (SOLVED)

Check Dependencies

rpmcheck.pl:

#!/usr/bin/perl

use strict;
use warnings;

my $result=0;
my @packagelist=`rpm -qa --queryformat "%{NAME}-%{VERSION}.%{RELEASE} (%{ARCH})\n" | sort`;

PACKAGES:
foreach my $package (<DATA>) {
  foreach my $item (@packagelist) {
    next PACKAGES if ( "$package" eq "$item" );
  }
  print "Package missing: $package";
  $result=1;
}
exit $result;


__DATA__
binutils-2.17.50.0.6.9.el5 (x86_64)
compat-db-4.2.52.5.1 (i386)
compat-db-4.2.52.5.1 (x86_64)

simplerpmcheck.pl:

#!/usr/bin/perl

use strict;
use warnings;

my $result=0;
my @packagelist=`rpm -qa --queryformat "%{NAME}\n"`;

PACKAGES:
foreach my $package (<DATA>) {
  foreach my $item (@packagelist) {
    next PACKAGES if ( "$package" eq "$item" );
  }
  print "Package missing: $package";
  $result=1;
}
exit $result;


__DATA__
compat-libstdc++-33
elfutils-libelf
elfutils-libelf-devel

Issues

Error: rpmdb open failed

Error:

Error: rpmdb open failed

Solution: [4]

yum clean all
rm -f /var/lib/rpm/__db*
rpm --rebuilddb
yum update

error: cannot open Packages database

Error:

error: cannot open Packages database in /var/lib/rpm

Solution: [5]

yum clean all
rm -f /var/lib/rpm/__db*
rpm --rebuilddb
yum update

keywords