Simplest Enterprise Continuous Integration Solutions

Saturday, September 14, 2013

Enterprise Linux: WebDav Subversion configuration with authentication and authorization

An example about how to configure WebDav Subversion with authentication and authorization

Requirements:

1. /svn/acme/trunk has been configured with Read/Write access (authorization) for all of users under dev_eng LDAP group (authentication)
2. require to congiure an outsourcing development under /svn/acme/branches/outsourcing with only Read/Write access (authorization) for all of users under outsourcing_dev (authentication)

Configuration procedures:

1. create a new outsourcing_dev LDAP group (for authentication) with all of outsourcing developers
2. create a svn access file for outsourcing_dev Read/Write access (for authorization), /etc/httpd/conf.d/svn-access-control with contents as below
[groups]
outsourcing_dev = user1, user2

[acme_outsourcing:/branches/outsourcing]
@outsourcing_dev = rw
3. insert outsourcing_dev under /etc/httpd/conf.d/subversion.conf
# acme outsourcing repository
<Location "/svn/acme-outsourcing">
        DAV svn
        SVNPath /svn/repositories/acme
        SVNReposName "Subversion Repository [acme-outsourcing]"
        AuthzSVNAccessFile /etc/httpd/conf.d/svn-access-control

# Specify the type of authentication system to use.
        AuthType Basic

# Specify the authorization realm for use in HTTP authentication.
        AuthName "ACME Subversion Repository"

# Specify the authentication provider for this location.
        AuthBasicProvider ldap

# Prevent other authentication modules from authenticating the user if this one fails.
        AuthzLDAPAuthoritative on

# Specify the LDAP server, the base DN, the attribute to use in the search,
# as well as the extra search filter to use.
        AuthLDAPURL "ldap://acme:389/OU=Corp Accounts,DC=acme,DC=com?sAMAccountName?sub?(objectClass=*)" NONE

# Specify the DN to bind with during the search phase.
        AuthLDAPBindDN "CN=srv-svn-ldap,OU=No-logon-rights,OU=Generic,OU=Corp Accounts,DC=acme,DC=com"

# Specify the password to bind with during the search phase.
        AuthLDAPBindPassword uCG4Q79hkG

# Require a valid user.
        Require ldap-group CN=acme_outsourcing,OU=Distribution,OU=Corp Groups,DC=acme,DC=com
</Location>


4. restart Apache Web service

Saturday, August 17, 2013

Enterprise Linux: Use YUM Groups command

How to use yum group commands:

grouplist
groupinfo
groupinstall
groupremove
groupupdate


How to configure own YUM group in own repository for yum groups command

1. yum-groups-manager command execution, for example, DEMO 3.0.0

[root@linux64-app-server ~]# yum-groups-manager -n "DEMO 3.0.0" --id=demo3.0.0 --save=demo3.0.0.xml --mandatory demo-core demo-application
[root@linux64-app-server ~]# cat demo3.0.0.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE comps PUBLIC "-//Red Hat, Inc.//DTD Comps info//EN" "comps.dtd">
<comps>

  <group>
   <id>demo3.0.0</id>
   <default>false</default>
   <uservisible>true</uservisible>
   <display_order>1024</display_order>
   <name>DEMO 3.0.0</name>
   <description></description>
    <packagelist>
      <packagereq type="mandatory">demo-core</packagereq>
      <packagereq type="mandatory">demo-application</packagereq>
    </packagelist>
  </group>
</comps>

2. createrepo command execution with demo3.0.0.xml yum group file

[root@linux64-app-server ~]# createrepo -g /root/demo3.0.0.xml --update /var/www/html/demo-repo/el/6


2.1 repodata with group file looks like

[root@linux64-app-server ~]# find /var/www/html/demo-repo/el/6/repodata
/var/www/html/demo-repo/el/6/repodata
/var/www/html/demo-repo/el/6/repodata/9c6c9a5c272f1dc5b8b0600da36b221c2f3ba27534947ac85dda74ead3fc1932-demo3.0.0.xml
/var/www/html/demo-repo/el/6/repodata/294ee3556b87cc20d28047c46a61b20f17423bd5ffe06869bd625613dff49c68-filelists.sqlite.bz2
/var/www/html/demo-repo/el/6/repodata/repomd.xml
/var/www/html/demo-repo/el/6/repodata/653d4aa8c51772f506dd805d3a2cf3ce645875d871b32324cadff15afeda3751-demo3.0.0.xml.gz
/var/www/html/demo-repo/el/6/repodata/6be82151e5dc44e9d520883151e60356a6c5c93619595578231330aa49467ab3-filelists.xml.gz
/var/www/html/demo-repo/el/6/repodata/3edf95b23750b20e9707e8b4fe247355fd516475655a8f355cf1f1dcdd8cdc70-primary.xml.gz
/var/www/html/demo-repo/el/6/repodata/c0225427874c49ca6cd5f285c40686e487cf30e8327b7e0f95e860724ce8763d-other.xml.gz
/var/www/html/demo-repo/el/6/repodata/3331bfd414bb08c33c26adf51c209d8a9b2c0403821f514bfe4cc1c9560022c3-primary.sqlite.bz2
/var/www/html/demo-repo/el/6/repodata/3d9422756573f00068b6cee6281aec9985775f82abd91f75070c7a2cf7c7549c-other.sqlite.bz2

3. demo-repo.repo file looks like

[root@linux64-app-server ~]# cat /etc/yum.repos.d/demo-repo.repo
[demo-repo]
name=(local yum repo of) DEMO-REPO
baseurl=http://<YUM-REPO-Server>/demo-repo/el/6
enabled=1
gpgcheck=0

4. yum grouplist, yum groupinfo command execution, for example, DEMO 3.0.0

[root@linux64-app-server ~]# yum grouplist | grep DEMO
   DEMO 3.0.0
[root@linux64-app-server ~]#  yum groupinfo "DEMO 3.0.0"
Loaded plugins: security
Setting up Group Process

Group: DEMO 3.0.0
Mandatory Packages:
   demo-core
   demo-application

5. yum groupinstall command execution, for example, DEMO 3.0.0

[root@linux64-app-server ~]# yum groupinstall "DEMO 3.0.0"
Loaded plugins: security
Setting up Group Process
Resolving Dependencies
--> Running transaction check
---> Package demo-core.x86_64 0:3.0.0-19683 will be installed
---> Package demo-application.noarch 0:3.0.0-21746 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================
Package                                                  Arch              Version                                   Repository            Size
=================================================================================================================================================
Installing:
demo-core                                                x86_64            3.0.0-19683                               demo-repo             87 M
demo-application                                         noarch            3.0.0-21746                               demo-repo             25 M

Transaction Summary
=================================================================================================================================================
Install       2 Package(s)

Total download size: 112 M
Installed size: 197 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): demo-core-3.0.0-19683.x86_64.rpm                                                                                   |  87 MB     00:01
(2/2): demo-application-3.0.0-21746.noarch.rpm                                                                            |  25 MB     00:00
-------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                             65 MB/s | 112 MB     00:01
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : demo-application-3.0.0-21746.noarch                                                                    1/2
  Installing : demo-core-3.0.0-19683.x86_64                                                                           2/2
  Verifying  : demo-application-3.0.0-21746.noarch                                                                    1/2
  Verifying  : demo-core-3.0.0-19683.x86_64                                                                           2/2

Installed:
  demo-core.x86_64 0:3.0.0-19683    demo-application.noarch 0:3.0.0-21746

Complete!

6. yum groupremove command execution, for example, DEMO 3.0.0

[root@linux64-app-server ~]# yum groupremove "DEMO 3.0.0"
Loaded plugins: security
Setting up Group Process
Resolving Dependencies
--> Running transaction check
---> Package demo-core.x86_64 0:3.0.0-19683 will be erased
---> Package demo-application.noarch 0:3.0.0-21746 will be erased
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================
Package                                                  Arch              Version                                  Repository             Size
=================================================================================================================================================
Removing:
demo-core                                               x86_64             3.0.0-19683                              @demo-repo            168 M
demo-application                                        noarch             3.0.0-21746                              @demo-repo             29 M

Transaction Summary
=================================================================================================================================================
Remove        2 Package(s)

Installed size: 197 M
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : demo-core-3.0.0-19683.x86_64                                                                           1/2
  Erasing    : demo-application-3.0.0-21746.noarch                                                                    2/2
  Verifying  : demo-application-3.0.0-21746.noarch                                                                    1/2
  Verifying  : demo-core-3.0.0-19683.x86_64                                                                           2/2

Removed:
  demo-core.x86_64 0:3.0.0-19683    demo-application.noarch 0:3.0.0-21746

Complete!

7. yum groupremove command execution, for example, DEMO 3.0.0

[root@linux64-app-server ~]# yum groupupdate "DEMO 3.0.0"
Loaded plugins: security
Setting up Group Process
Package demo-core-3.0.0-19683.x86_64 already installed and latest version
Package demo-application-3.0.0-21746.noarch already installed and latest version
Warning: Group demo3.0.0 does not have any packages.
No packages in any requested group available to install or update

Saturday, July 20, 2013

Bamboo security: Bamboo 5.0 runs over HTTPS

Bamboo 5.0 runs on http looks like


Configure Bamboo 5.0 runs over HTTPS

# Login as root on Bamboo Linux server.

[root@linux64-bamboo-server ~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)

# su to bamboo running user

[root@linux64-bamboo-server ~]# su - bamboo

# Change dir to bamboo install directory

[root@linux64-bamboo-server ~]$ cd /opt/atlassian-bamboo-5.0

# Generate a private key

[bamboo@linux64-bamboo-server atlassian-bamboo-5.0]$ $JAVA_HOME/bin/keytool -genkey -keyalg RSA -alias jetty
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  linux64-bamboo-server.domain.com
What is the name of your organizational unit?
  [Unknown]:  <my unit>
What is the name of your organization?
  [Unknown]:  <my organization>
What is the name of your City or Locality?
  [Unknown]:  <my city>
What is the name of your State or Province?
  [Unknown]:  <my state>
What is the two-letter country code for this unit?
  [Unknown]:  <my country>
Is CN=linux64-bamboo-server.domain.com, OU=<my unit>, O=<my organization>., L=<my city>, ST=<my state>, C=<my country> correct?
  [no]:  y

Enter key password for <jetty>
        (RETURN if same as keystore password):

# Generate a CSR (Certificate Signing Request)

[bamboo@linux64-bamboo-server atlassian-bamboo-5.0]$ $JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias jetty -file certreq.csr
Enter keystore password:

# Submit certreq.csr to a certificate authority

Submit the generated certreq.csr to a Certificate Authority (for example, MY-ENTCASERVER) with “Web Server” Certificate template and download certificate chain (DER encoded or Base 64 encoded), save it as bamboo_Base64.p7b.

# Import signed certificate into keystore

[bamboo@linux64-bamboo-server atlassian-bamboo-5.0]$ $JAVA_HOME/bin/keytool -importcert -alias jetty -file bamboo_Base64.p7b -keystore keystore

# Modify wrapper.conf and jetty.xml as below accordingly

[bamboo@linux64-bamboo-server ~]$ diff -u /opt/atlassian-bamboo-5.0/conf/wrapper.conf.orig /opt/atlassian-bamboo-5.0/conf/wrapper.conf
--- /opt/atlassian-bamboo-5.0/conf/wrapper.conf.orig    2014-08-28 17:48:40.000000000 -0400
+++ /opt/atlassian-bamboo-5.0/conf/wrapper.conf 2014-08-28 17:48:46.000000000 -0400
@@ -7,15 +7,16 @@

# The Bamboo port number - this is the port number the Bamboo web server listens on.
#
-wrapper.app.parameter.2=8085
+#wrapper.app.parameter.2=8085
+wrapper.app.parameter.2=../webapp/WEB-INF/classes/jetty.xml

# The location of the Bamboo web application files
#
-wrapper.app.parameter.3=../webapp
+#wrapper.app.parameter.3=../webapp

# The webapp context path. Which must be of form / or /your-context
#
-wrapper.app.parameter.4=/
+#wrapper.app.parameter.4=/

# Specify which version of java you use to run Bamboo
#


[bamboo@linux64-bamboo-server ~]$ diff -u /opt/atlassian-bamboo-5.0/webapp/WEB-INF/classes/jetty.xml.orig /opt/atlassian-bamboo-5.0/webapp/WEB-INF/classes/jetty.xml
--- /opt/atlassian-bamboo-5.0/webapp/WEB-INF/classes/jetty.xml.orig     2014-08-28 17:06:03.000000000 -0400
+++ /opt/atlassian-bamboo-5.0/webapp/WEB-INF/classes/jetty.xml  2014-08-28 17:39:03.000000000 -0400
@@ -30,9 +30,17 @@

     <Call name="addConnector">
         <Arg>
+<!--
             <New class="org.eclipse.jetty.server.nio.SelectChannelConnector">
                 <Set name="host"><Property name="jetty.host" /></Set>
                 <Set name="port"><Property name="jetty.port" default="8085"/></Set>
+-->
+            <New class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
+                <Set name="Port">8443</Set>
+                <Set name="Keystore"><SystemProperty name="jetty.home" default=""/>keystore</Set>
+
+                <Set name="Password">bamboo</Set>
+                <Set name="KeyPassword">bamboo</Set>
                 <!--<Set name="Host">127.0.0.1</Set>-->
                 <!--<Set name="ConfidentialPort">8443</Set>-->
                 <!--<Set name="IntegralPort">8443</Set>-->
@@ -60,7 +68,7 @@
                     <!--SystemProperty name="bamboo.webapp" default="/opt/dev/src/atlassian/bamboo-trunk/components/bamboo-web-app/src/main/webapp"/-->
                     <SystemProperty name="bamboo.webapp" default="./webapp"/>
                 </Arg>
-                <Arg name="contextPath">/bamboo</Arg>
+                <Arg name="contextPath">/</Arg>
                 <!--<Set name="parentLoaderPriority">true</Set>-->
                 <Set name="defaultsDescriptor">webdefault.xml</Set>
                 <Get name="sessionHandler">

# Restart bamboo service

# Bamboo runs over HTTPS looks like


# Bamboo signed own SSL certificate looks like




Enterprise Linux: Subversion Edge + own SSL Certificate

By default, Subversion Edge has self-signed certificate

Subversion Edge out of the box comes with the Apache Subversion Server https configuration, simply by selecting the check box "Apache Encryption" for "Subversion Server should serve via https." from CSVN Console Administration tab, installs an initial self-signed certificate provided with Subversion Edge.



Because above Subversion Edge self-signed certificate hostname, svnedge.collab.net, is always different from your svn repository server hostname (for instance, linux64-svn-server). In this way, your imported Java keystore always contains wrong hostname about your svn reposiotory server hostname.

Procedures to use own SSL certificate

# Backup existing "server.key", "server.crt" and "svnedge.jks"

By default, those files are located as below:
/opt/csvn/data/conf/server.key
/opt/csvn/data/conf/server.crt
/opt/csvn/appserver/etc/svnedge.jks

# Make sure openssl and openssl-devel RPMs installed 

# Generate a private key

[root@linux64-svn-server ~]# cd /opt/csvn/data/conf
[root@linux64-svn-server conf]# openssl genrsa -out server.key 1024
Generating RSA private key, 1024 bit long modulus
...............++++++
................++++++
e is 65537 (0x10001) 

# Generate a CSR (Certificate Signing Request)

[root@linux64-svn-server conf]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:<my_country>
State or Province Name (full name) [Berkshire]:<my_state>
Locality Name (eg, city) [Newbury]:<my_city>
Organization Name (eg, company) [My Company Ltd]:<my_org>
Organizational Unit Name (eg, section) []:<my_unit>
Common Name (eg, your name or your server's hostname) []:linux64-svn-server.domain.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

# check server.csr 

[root@linux64-svn-server conf]# openssl req -noout -text -in server.csr 

# Remove Passphrase from key

[root@linux64-svn-server conf]# cp server.key server.key.org
[root@linux64-svn-server conf]# openssl rsa -in server.key.org -out server.key
writing RSA key 

# Generate a Self-Signed Certificate

[root@linux64-svn-server conf]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Or

# Submit server.csr to a certificate authority

Submit the generated server.csr to a Certificate Authority (for example, MY-ENTCASERVER) with “Web Server” Certificate template and download certificate in Base64 format, save it as server.crt.

# Check server.crt

[root@linux64-svn-server conf]# openssl x509 -in server.crt -text -noout 

# Convert the Apache certificate into PKCS#12 format

[root@linux64-svn-server conf]# openssl pkcs12 -export -in /opt/csvn/data/conf/server.crt -inkey /opt/csvn/data/conf/server.key -name svnedge –out /opt/csvn/data/conf/server.p12
Enter Export Password:
Verifying - Enter Export Password:

# Check server.p12

[root@linux64-svn-server conf]# openssl pkcs12 -info -in server.p12 

# Create the java keystore to store the certificate

[root@linux64-svn-server conf]# $JAVA_HOME/bin/keytool -importkeystore -srckeystore /opt/csvn/data/conf/server.p12 -srcstoretype PKCS12 -destkeystore /opt/csvn/data/conf/svnedge.jks
Enter destination keystore password:
Enter source keystore password:
Entry for alias svnedge successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

# Copy java keystore int INSTALL)DIR/appserver/etc

[root@linux64-svn-server conf]# cp /opt/csvn/data/conf/svnedge.jks /opt/csvn/appserver/etc/

# Restart csvn console 

[root@linux64-svn-server conf]# service csvn restart

# Subversion Edge own SSL Certificate

get own SSL certificate from https://linux64-svn-server.domain.com:4434/csvn as below


Saturday, July 6, 2013

Software Development: Forge puppet module with an automated processes




1. Developer commits changes about puppet module (for example: with Puppet Geppetto Editor) on VCS (Version Control System, for example: Subversion/Git) branches/trunk accordingly
2. Puppet Forge Automation, which has been enabled with Continue-Integration system (for example: Cruise Control/Jenkins), will be triggered periodically based upon VCS commits to execute "puppet module build" for a new revision of puppet module located under DEV repo (for example: http://pulp-server.local.lab/pulp/puppet/qxc_dev/system/releases/q/qxc)


    if [ -e ${puppet_forge_working_directory} ]; then
      # copy the VCS checkout into ${puppet_forge_modules_folder}
      cp -rf ${puppet_forge_working_directory}/${puppet_forge_author}/* ${puppet_forge_modules_folder}
      # make sure all text file in unix format
      find ${puppet_forge_modules_folder} -type f -exec dos2unix {} \;
      # execute puppet module build
      cd ${puppet_forge_modules_folder}
      for i in `ls`; do puppet module build $i; done
      # publish puppet module to dev repoid
      cd ${puppet_forge_modules_folder}
      for i in `ls`; do pulp-admin -u ${pulp_server_admin_name} -p ${pulp_server_admin_password} puppet repo uploads upload --repo-id ${puppet_forge_dev_repoid} --dir ${puppet_forge_modules_folder}/$i/pkg; done
      pulp-admin -u ${pulp_server_admin_name} -p ${pulp_server_admin_password}  puppet repo publish run --repo-id ${puppet_forge_dev_repoid}
    fi


3. Developer should update a new version for all of Modulefile ready for new changes
4. After puppet module verification successfully, Puppet Forge Automation will promote puppet module into PROD repo (for example: http://pulp-server.local.lab/pulp/puppet/qxc/system/releases/q/qxc) to release.


    # publish module from dev repo to prod repo
    for i in `echo "common thirdparty qxc"`
    do
       pulp-admin -u ${pulp_server_admin_name} -p ${pulp_server_admin_password} puppet repo copy --from-repo-id ${puppet_forge_dev_repoid} --to-repo-id ${puppet_forge_prod_repoid} --str-eq="name=$i" --str-eq="author=${puppet_forge_author}" --str-eq="version=${puppet_forge_version}"
    done
    pulp-admin -u ${pulp_server_admin_name} -p ${pulp_server_admin_password} puppet repo publish run --repo-id ${puppet_forge_prod_repoid}
    
    # create puppet modules tar gz
    if [ -d ${puppet_forge_modules_folder} ];
    then
      rm -rf ${puppet_forge_modules_folder}
    fi
    
    if [ -d /etc/puppet/modules ];
    then
      rm -rf /etc/puppet/modules
    fi
    
    mkdir -p ${puppet_forge_modules_folder}
    mkdir -p ${puppet_forge_modules_folder}/${my_puppet_module_name}/etc/puppet/modules
    cd ${puppet_forge_modules_folder}/${my_puppet_module_name}/etc/puppet/modules
    puppet module install --module_repository http://.:${puppet_forge_prod_repoid}@${pulp_server} ${puppet_forge_author}/${my_puppet_module_name} --version ${puppet_forge_version} -i .
    cd ${puppet_forge_modules_folder}/${my_puppet_module_name}
    tar -zPcvpf ${puppet_forge_tar_gz_folder}/${my_puppet_module_name}-${3_digit_rtm_info}-`date +"%Y%m%d"`.${ci_buildnumber}.tar.gz `find etc -type f`



Saturday, June 15, 2013

Software Development: A simple branching strategies

Here a simple branching strategies example - one main stream (trunk) based linear development with multiple parallel Post-RTM maintenance branches.


Saturday, May 18, 2013

Enterprise Linux: Get RPM info built by RPM Maven Plugin

Install a RPM package built by RPM Maven Plugin

# get RPM info
[root@rpm-build-server ~]# rpm -qi qxc-rpm-demo
Name        : qxc-rpm-demo                 Relocations: /opt/qxc
Version     : 1.0                          Vendor: http://www.qxconsultant.com
Release     : 215708                       Build Date: Thu Nov 22 2012 22:47:14 UTC
Install Date: Thu Nov 22 2012 22:56:16 UTC Build Host: rpm-build-server
Group       : qxc/build                    Source RPM: qxc-rpm-demo-1.0-215708.src.rpm
Size        : 48                           License: Academic Free License
Signature   : (none)
Packager    : info@qxconsutlant.com
URL         : http://www.qxconsultant.com
Summary     : qxc-rpm-demo
Description :
This is a sample RPM generated by RPM Maven Plugin

# get RPM package content list info
[root@rpm-build-server ~]# rpm -ql qxc-rpm-demo
/opt/qxc/qxc-rpm-demo/conf
/opt/qxc/qxc-rpm-demo/conf/configuration.properties
/opt/qxc/qxc-rpm-demo/scripts/demo.sh

# get RPM scriptlets info
[root@rpm-build-server ~]# rpm -q --scripts qxc-rpm-demo
preinstall scriptlet (using /bin/sh):
#!/bin/sh
#
# RPM pre Scriptlet Section
#

# do something if necessary

exit 0
postinstall scriptlet (using /bin/sh):
#!/bin/sh
#
# RPM post Scriptlet Section
#
# ----- Initialization ----- #

PACKAGE_NAME=qxc-rpm-demo
BASEDIR=$RPM_INSTALL_PREFIX/$PACKAGE_NAME
SETUP_SH=$BASEDIR/SETUP.sh
SETUP_CSH=$BASEDIR/SETUP.csh
PROFILED_SETUP_SH=/etc/profile.d/SETUP-${PACKAGE_NAME}.sh
PROFILED_SETUP_CSH=/etc/profile.d/SETUP-${PACKAGE_NAME}.csh
# ----- SETUP_SH ----- #
cat <<EOF > $SETUP_SH
#!/bin/sh

export QXCHOME=$BASEDIR
export JAVA_HOME=\`/bin/rpm -q --queryformat '%{INSTPREFIXES}' jdk\`/latest

EOF
# ----- SETUP_CSH ----- #
cat <<EOF > $SETUP_CSH
#!/bin/csh

setenv QXCHOME $BASEDIR
setenv JAVA_HOME  \`/bin/rpm -q --queryformat '%{INSTPREFIXES}' jdk\`/latest

EOF

# make SETUP scripts executable
/bin/chmod a+x $SETUP_SH
/bin/chmod a+x $SETUP_CSH

# Create symbolic link to SETUP scripts
if [ -d /etc/profile.d ]; then
    /bin/ln -sf $SETUP_SH $PROFILED_SETUP_SH
    /bin/ln -sf $SETUP_CSH $PROFILED_SETUP_CSH
fi
preuninstall scriptlet (using /bin/sh):
#!/bin/sh
#
# RPM preun Scriptlet Section
#
# ----- Initialization ----- #
PACKAGE_NAME=qxc-rpm-demo
BASEDIR=$RPM_INSTALL_PREFIX/$PACKAGE_NAME
SETUP_SH=$BASEDIR/SETUP.sh
SETUP_CSH=$BASEDIR/SETUP.csh
PROFILED_SETUP_SH=/etc/profile.d/SETUP-${PACKAGE_NAME}.sh
PROFILED_SETUP_CSH=/etc/profile.d/SETUP-${PACKAGE_NAME}.csh

if [ $1 -lt 1 ]; then
   #
   # Stop the watcher daemon if it is running
   #
   if ! /usr/bin/test `/bin/ps -e | /bin/grep watcher-daemon|wc -l` = 0
   then
      /bin/sh /etc/rc.d/init.d/nuance-wd stop
   fi

   # Remove SETUP* symbolic links
   /bin/rm -f $PROFILED_SETUP_SH
   /bin/rm -f $PROFILED_SETUP_CSH

   # Remove SETUP scripts
   /bin/rm -f $SETUP_SH
   /bin/rm -f $SETUP_CSH
   /bin/rm -rf $BASEDIR
fi

# get RPM changelog info 
[root@rpm-build-server ~]# rpm -q --changelog qxc-rpm-demo
* Thu Nov 22 2012 RPM Builder <info@qxconsutlant.com>
- Initial Spec File

# get installed RPM content list info 
[root@rpm-build-server ~]# find /opt/qxc
/opt/qxc
/opt/qxc/qxc-rpm-demo
/opt/qxc/qxc-rpm-demo/SETUP.sh
/opt/qxc/qxc-rpm-demo/SETUP.csh
/opt/qxc/qxc-rpm-demo/scripts
/opt/qxc/qxc-rpm-demo/scripts/demo.sh
/opt/qxc/qxc-rpm-demo/conf
/opt/qxc/qxc-rpm-demo/conf/configuration.properties

# get symbolic link setup scripts info
[root@rpm-build-server ~]# ls -al /etc/profile.d/SETUP-qxc-rpm-demo*
lrwxrwxrwx   1 root root    31 Nov 22 22:56 SETUP-qxc-rpm-demo.csh -> /opt/qxc/qxc-rpm-demo/SETUP.csh
lrwxrwxrwx   1 root root    30 Nov 22 22:56 SETUP-qxc-rpm-demo.sh -> /opt/qxc/qxc-rpm-demo/SETUP.sh

# uninstall RPM 
[root@rpm-build-server ~]# rpm -e qxc-rpm-demo

# nothing should be left over after uninstalled RPM
[root@rpm-build-server ~]# ls -al /opt/qxc/
total 8
drwxr-xr-x  2 root root 4096 Nov 22 23:07 .
drwxr-xr-x. 6 root root 4096 Nov 22 21:49 ..
[root@rpm-build-server ~]# ls -al /etc/profile.d/SETUP-qxc-rpm-demo*


ls: cannot access /etc/profile.d/SETUP-qxc-rpm-demo*: No such file or directory