# after generated GPG key on EL5.x
[root@linux64-rpm-build-server ~]# uname -aLinux linux64-rpm-build-server 2.6.32-100.0.19.el5 #1 SMP Fri Sep 17 17:51:41 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
[root@linux64-rpm-build-server ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
# make GPG public/private keys
[buildmaster@linux64-rpm-build-server ~]$ gpg --list-keys/home/buildmaster/.gnupg/pubring.gpg
------------------------------------------
pub 1024D/49A8C4DE 2012-05-26
uid Build Master (RPM Development) <buildmaster@my-company-name.com>
sub 2048g/60FA8C11 2012-05-26[buildmaster@linux64-rpm-build-server ~]$ gpg --list-secret-keys
/home/buildmaster/.gnupg/secring.gpg
------------------------------------------
sec 1024D/49A8C4DE 2012-05-26
uid Build Master (RPM Development) <buildmaster@my-company-name.com>
ssb 2048g/60FA8C11 2012-05-26
[buildmaster@linux64-rpm-build-server ~]$ gpg --export-secret-key -a 49A8C4DE > MYCOMPANY-GPG-KEY.private
[buildmaster@linux64-rpm-build-server ~]$ gpg --export -a 49A8C4DE > MYCOMPANY-GPG-KEY.public
[buildmaster@linux64-rpm-build-server ~]$ file MYCOMPANY-GPG-KEY.public
MYCOMPANY-GPG-KEY.public: PGP armored data public key block
[buildmaster@linux64-rpm-build-server ~]$ file MYCOMPANY-GPG-KEY.private
MYCOMPANY-GPG-KEY.private: PGP armored data
# non-root user RPM build environment configuration
[buildmaster@linux64-rpm-build-server ~]$ echo "%_signature gpg" >> ~/.rpmmacros[buildmaster@linux64-rpm-build-server ~]$ echo "%_gpg_name Build Master" >> ~/.rpmmacros
[buildmaster@linux64-rpm-build-server ~]$ find /home/buildmaster/rpmbuild/
/home/buildmaster/rpmbuild/
/home/buildmaster/rpmbuild/RPMS
/home/buildmaster/rpmbuild/RPMS/x86_64
/home/buildmaster/rpmbuild/RPMS/noarch
/home/buildmaster/rpmbuild/RPMS/i686
/home/buildmaster/rpmbuild/BUILD
/home/buildmaster/rpmbuild/SOURCES
/home/buildmaster/rpmbuild/SPECS
/home/buildmaster/rpmbuild/SPECS/demo.spec
/home/buildmaster/rpmbuild/SRPMS
# example of demo.spec
[buildmaster@linux64-rpm-build-server ~]$ cat /home/buildmaster/rpmbuild/SPECS/demo.spec#
# spec file for package 'name' (version 'v')
#
# The software is released as specified below.
#
Name: my-rpm-demo
Version: 2.1
Release: 120628
Summary: my-rpm-demo
Vendor: my-company-name
License: Free
URL: http://my-company-name.com
Group: Application
Prefix: /usr/local
%description
This RPM contains my-rpm-demo from my-company-name
%pre
%post
%preun
%files
%defattr(-,root,root)
%doc
/usr/local/my-rpm-demo
%changelog
* Sat Jul 28 2012 Build Master <buildmaster@my-company-name.com>
- Initial Spec File
# make sure non-root user has access
[root@linux64-rpm-build-server ~]# chmod -R 777 /usr/local/my-rpm-demo[root@linux64-rpm-build-server ~]# chown -R buildmaster:buildmaster /usr/local/my-rpm-demo
[root@linux64-rpm-build-server ~]# cat /usr/local/my-rpm-demo/demo.txt
This is for testing
# non-root user build RPM
[buildmaster@linux64-rpm-build-server ~]$ rpmbuild -bb /home/buildmaster/rpmbuild/SPECS/demo.spec --target noarchBuilding target platforms: noarch
Building for target noarch
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.88391
+ umask 022
+ cd /home/buildmaster/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.88391
+ umask 022
+ cd /home/buildmaster/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.88391
+ umask 022
+ cd /home/buildmaster/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ /usr/lib/rpm/redhat/brp-compress
+ /usr/lib/rpm/redhat/brp-strip /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-python-bytecompile
+ /usr/lib/rpm/redhat/brp-java-repack-jars
Processing files: my-rpm-demo-2.1-120628
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files %{buildroot}
Wrote: /home/buildmaster/rpmbuild/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.4351
+ umask 022
+ cd /home/buildmaster/rpmbuild/BUILD
+ exit 0
# YUM repo configuration via httpd
[root@mt-olinux64-y06 ~]# find /var/www/html/test-rpm//var/www/html/test-rpm/
/var/www/html/test-rpm/2u1
/var/www/html/test-rpm/2u1/el
/var/www/html/test-rpm/2u1/el/5
/var/www/html/test-rpm/2u1/el/5/RPMS
/var/www/html/test-rpm/2u1/el/5/RPMS/x86_64
/var/www/html/test-rpm/2u1/el/5/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm
/var/www/html/test-rpm/2u1/el/5/RPMS/i686
/var/www/html/test-rpm/2u1/el/6
/var/www/html/test-rpm/2u1/el/6/RPMS
/var/www/html/test-rpm/2u1/el/6/RPMS/x86_64
/var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm
/var/www/html/test-rpm/2u1/el/6/RPMS/i686
[root@mt-olinux64-y06 html]# chown -R buildmaster:buildmaster /var/www/html/test-rpm/
# sign RPM
[buildmaster@linux64-rpm-build-server ~]$ rpm --resign /var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpmEnter pass phrase:
Pass phrase is good.
/var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm:
gpg: WARNING: standard input reopened
gpg: WARNING: standard input reopened
# check signed RPM Signature tag
[buildmaster@linux64-rpm-build-server ~]$ rpm -qip /var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpmwarning: /var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 49a8c4de
Name : my-rpm-demo Relocations: /usr/local
Version : 2.1 Vendor: my-company-name
Release : 120628 Build Date: Tue 19 Jun 2012 02:13:39 PM EDT
Install Date: (not installed) Build Host: linux64-rpm-build-server
Group : Application Source RPM: my-rpm-demo-2.1-120628.src.rpm
Size : 20 License: Free
Signature : DSA/SHA1, Tue 19 Jun 2012 04:00:43 PM EDT, Key ID 9a8f082149a8c4de
URL : http://my-company-name.com
Summary : my-rpm-demo
Description :
This RPM contains my-rpm-demo from my-company-name
[buildmaster@linux64-rpm-build-server ~]$ rpm --checksig --verbose /var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm
/var/www/html/test-rpm/2u1/el/6/RPMS/noarch/my-rpm-demo-2.1-120628.noarch.rpm:
Header V3 DSA signature: OK, key ID 49a8c4de
Header SHA1 digest: OK (225ca746e87604d2bbe4dfaccb104ba79cfb21ec)
MD5 digest: OK (fbda1a5b85a2b972c6390f9034ffce7e)
V3 DSA signature: OK, key ID 49a8c4de
# install signed RPM on EL5.x
[root@el5.x-server ~]# uname -aLinux linux64-rpm-build-server 2.6.32-100.0.19.el5 #1 SMP Fri Sep 17 17:51:41 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
[root@el5.x-server ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
[root@el5.x-server ~]# cat /etc/yum.repos.d/my.repo
[my-company-name-el-5]
name=(local yum repo of) my-company-name latest el 5
baseurl=http://my-company-name.com/test-rpm/2u1/el/5
gpgkey=http://my-company-name.com/test-rpm/MYCOMPANY-GPG-KEY
gpgcheck=1
enabled=1
[root@el5.x-server ~]# yum install my-rpm-demo
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package my-rpm-demo.noarch 0:2.1-120628 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing:
my-rpm-demo noarch 2.1-120628 my-company-name-el-5 2.2 k
Transaction Summary
=================================================================================================================================================
Install 1 Package(s)
Upgrade 0 Package(s)
Total download size: 2.2 k
Is this ok [y/N]: y
Downloading Packages:
my-rpm-demo-2.1-120628.noarch.rpm | 2.2 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 49a8c4de
my-company-name-el-6/gpgkey | 1.7 kB 00:00
Importing GPG key 0x49A8C4DE "Build Master (RPM Development) <buildmaster@my-company-name.com>" from http://my-company-name.com/test-rpm/MYCOMPANY-GPG-KEY
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : my-rpm-demo 1/1
Installed:
my-rpm-demo.noarch 0:2.1-120628
Complete!
[root@el5.x-server ~]# rpm -qi my-rpm-demo
Name : my-rpm-demo Relocations: /usr/local
Version : 2.1 Vendor: my-company-name
Release : 120628 Build Date: Tue 19 Jun 2012 02:13:39 PM EDT
Install Date: Tue 19 Jun 2012 04:11:39 PM EDT Build Host: linux64-rpm-build-server
Group : Application Source RPM: my-rpm-demo-2.1-120628.src.rpm
Size : 20 License: Free
Signature : DSA/SHA1, Tue 19 Jun 2012 04:00:43 PM EDT, Key ID 9a8f082149a8c4de
URL : http://my-company-name.com
Summary : my-rpm-demo
Description :
This RPM contains my-rpm-demo from my-company-name
# install signed RPM on EL6.x
[root@el6.x-server ~]# uname -aLinux ol6u3-y01 2.6.32-279.el6.x86_64 #1 SMP Thu Jun 21 15:00:18 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux
[root@el6.x-server ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.3 (Santiago)
[root@el6.x-server ~]# cat /etc/yum.repos.d/my.repo
[my-company-name-el-6]
name=(local yum repo of) my-company-name latest el 6
baseurl=http://my-company-name.com/test-rpm/2u1/el/6
gpgkey=http://my-company-name.com/test-rpm/MYCOMPANY-GPG-KEY
gpgcheck=1
enabled=1
[root@el6.x-server ~]# yum install my-rpm-demo
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package my-rpm-demo.noarch 0:2.1-120628 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing:
my-rpm-demo noarch 2.1-120628 my-company-name-el-6 2.2 k
Transaction Summary
=================================================================================================================================================
Install 1 Package(s)
Total download size: 2.2 k
Installed size: 20
Is this ok [y/N]: y
Downloading Packages:
my-rpm-demo-2.1-120628.noarch.rpm | 2.2 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 49a8c4de: NOKEY
Retrieving key from http://my-company-name.com/test-rpm/MYCOMPANY-GPG-KEY
Importing GPG key 0x49A8C4DE:
Userid: "Build Master (RPM Development) <buildmaster@my-company-name.com>"
From : http://my-company-name.com/test-rpm/MYCOMPANY-GPG-KEY
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : my-rpm-demo-2.1-120628.noarch 1/1
Verifying : my-rpm-demo-2.1-120628.noarch 1/1
Installed:
my-rpm-demo.noarch 0:2.1-120628
Complete!
[root@el6.x-server ~]# rpm -qi my-rpm-demo
Name : my-rpm-demo Relocations: /usr/local
Version : 2.1 Vendor: my-company-name
Release : 120628 Build Date: Tue 19 Jun 2012 02:13:39 PM EDT
Install Date: Tue 19 Jun 2012 04:14:24 PM EDT Build Host: linux64-rpm-build-server
Group : Application Source RPM: my-rpm-demo-2.1-120628.src.rpm
Size : 20 License: Free
Signature : DSA/SHA1, Tue 19 Jun 2012 04:00:43 PM EDT, Key ID 9a8f082149a8c4de
URL : http://my-company-name.com
Summary : my-rpm-demo
Description :
This RPM contains my-rpm-demo from my-company-name