Once you have a GnuPG key, it is fairly easy to setup a Yum Repository, if you are interested in doing so.
Create the directory structure
To start, create the directory structure:
~>
sudo mkdir -p /var/www/html/fedora/12/i386
~> sudo mkdir -p /var/www/html/fedora/12/noarch
~> sudo mkdir -p /var/www/html/fedora/12/SRPMS
~> sudo mkdir -p /var/www/html/fedora/12/x86_64
Also, create a local RPM build directory
structure:~> sudo mkdir -p /var/www/html/fedora/12/noarch
~> sudo mkdir -p /var/www/html/fedora/12/SRPMS
~> sudo mkdir -p /var/www/html/fedora/12/x86_64
~>
mkdir -p ~/linux/rpm/BUILD
~> mkdir -p ~/linux/rpm/RPMS/athalon
~> mkdir -p ~/linux/rpm/RPMS/i386
~> mkdir -p ~/linux/rpm/RPMS/i486
~> mkdir -p ~/linux/rpm/RPMS/i586
~> mkdir -p ~/linux/rpm/RPMS/i686
~> mkdir -p ~/linux/rpm/RPMS/noarch
~> mkdir -P ~/linux/rpm/RPMS/x86_64
~> mkdir -p ~/linux/rpm/SOURCES
~> mkdir -p ~/linux/rpm/SPECS
~> mkdir -p ~/linux/rpm/SRPMS
~> mkdir -p ~/linux/rpm/TMP
Please note that the TMP directory is not
standard, but
I like using it as the temporary build directory when creating a new
RPM file. ~> mkdir -p ~/linux/rpm/RPMS/athalon
~> mkdir -p ~/linux/rpm/RPMS/i386
~> mkdir -p ~/linux/rpm/RPMS/i486
~> mkdir -p ~/linux/rpm/RPMS/i586
~> mkdir -p ~/linux/rpm/RPMS/i686
~> mkdir -p ~/linux/rpm/RPMS/noarch
~> mkdir -P ~/linux/rpm/RPMS/x86_64
~> mkdir -p ~/linux/rpm/SOURCES
~> mkdir -p ~/linux/rpm/SPECS
~> mkdir -p ~/linux/rpm/SRPMS
~> mkdir -p ~/linux/rpm/TMP
Create a ~/.rpmmacros file
Next, configure RPM to use your GnuPG key to sign all of your packages by creating a ~/.rpmmacros file with the following information:
%packager
Dr. Gregory R. Kriehn (Professor Kriehn)
<gkriehn@csufresno.edu>
%distribution Professor Kriehn
%vendor optics.csufresno.edu
%_signature gpg
%_gpg_name Dr. Gregory R. Kriehn
%_topdir /home/kriehn/linux/rpm
%_tmppath %{_topdir}/TMP
%_sourcedir %{_topdir}/SOURCES/
%debug_package %{nil}
%_smp_mflags -j3
Modify the above statements to suit your
site and directory structure. Save and exit. %distribution Professor Kriehn
%vendor optics.csufresno.edu
%_signature gpg
%_gpg_name Dr. Gregory R. Kriehn
%_topdir /home/kriehn/linux/rpm
%_tmppath %{_topdir}/TMP
%_sourcedir %{_topdir}/SOURCES/
%debug_package %{nil}
%_smp_mflags -j3
Create a repository spec file
Now we are ready to create the repository spec file. I am not going to give a tutorial on how to write spec files, but it is important to follow the Fedora spec file guidelines. In this case, the file is called kriehn-f12.repo.spec, and at the time of this writing looks like:
Name:
kriehn-f12-repo
Version: 1.0
Release: 1%{?dist}.prof_k
Summary: Dr. Gregory R. Kriehn's Repository Configuration Files
Group: System Environment/Base
License: GPLv2
URL: http://optics.csufresno.edu/
Source0: RPM-GPG-KEY-kriehn
Source1: kriehn.repo
Source2: gpl-2.0.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildArch: noarch
Requires: fedora-release = 12
%description
This package installs the 'RPM-GPG-KEY-kriehn' file, the 'kriehn.repo'
repository file, and the GPLv2 license.
%prep
%setup -c -T
%build
%install
rm -rf %{buildroot}
# gpg
install -Dpm 0644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-kriehn
# yum
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/yum.repos.d/kriehn.repo
# GPLv2
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_prefix}/share/doc/kriehn/gpl-2.0.txt
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%{_sysconfdir}/pki/rpm-gpg/*
%config %{_sysconfdir}/yum.repos.d/*
%dir %{_prefix}/share/doc/kriehn
%{_prefix}/share/doc/kriehn/*
%changelog
* Wed Nov 18 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f12-repo-1.0-1.fc12.prof_k
- Fedora 12 Build
* Tue Jul 28 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f11-repo-1.0-1.fc11.prof_k
- Fedora 11 Fix
* Sat Jun 20 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f11-repo-1.0-1.fc11.prof_k
- Fedora 11 Build
* Thu Nov 27 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f10-repo-1.0-1.fc10.prof_k
- Fedora 10 Build
* Sat May 24 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f9-repo-1.0-9.fc9.prof_k
- Fedora 9 Build
* Thu Feb 28 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-8.fc8.prof_k
- BuildArch: noarch
- Mon Feb 25 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-7.fc8.prof_k
- Re-designed repository directory structure based upon Fedora & Livna
* Mon Feb 11 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-6.fc8.prof_k
- Corrected mirror typos in kriehn-source
* Sat Feb 09 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-5.fc8.prof_k
- Corrected comment in RPM-GPG-KEY-kriehn
- Removed extra white space in kriehn.repo
- Corrected typo in changelog
* Tue Feb 05 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-4.fc8.prof_k
- Corrected typo in kriehn.repo, added a mirror to baseurl
* Mon Jan 21 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-3.fc8.prof_k
- Added Mirrorlist
* Wed Dec 12 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-2.fc8.prof_k
- Cleaned spec file
- Cleaned repo file
* Wed Dec 05 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-1.fc8.prof_k
- First spec file based upon those used by other repositories.
Save and exit.Version: 1.0
Release: 1%{?dist}.prof_k
Summary: Dr. Gregory R. Kriehn's Repository Configuration Files
Group: System Environment/Base
License: GPLv2
URL: http://optics.csufresno.edu/
Source0: RPM-GPG-KEY-kriehn
Source1: kriehn.repo
Source2: gpl-2.0.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildArch: noarch
Requires: fedora-release = 12
%description
This package installs the 'RPM-GPG-KEY-kriehn' file, the 'kriehn.repo'
repository file, and the GPLv2 license.
%prep
%setup -c -T
%build
%install
rm -rf %{buildroot}
# gpg
install -Dpm 0644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-kriehn
# yum
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/yum.repos.d/kriehn.repo
# GPLv2
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_prefix}/share/doc/kriehn/gpl-2.0.txt
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%{_sysconfdir}/pki/rpm-gpg/*
%config %{_sysconfdir}/yum.repos.d/*
%dir %{_prefix}/share/doc/kriehn
%{_prefix}/share/doc/kriehn/*
%changelog
* Wed Nov 18 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f12-repo-1.0-1.fc12.prof_k
- Fedora 12 Build
* Tue Jul 28 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f11-repo-1.0-1.fc11.prof_k
- Fedora 11 Fix
* Sat Jun 20 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f11-repo-1.0-1.fc11.prof_k
- Fedora 11 Build
* Thu Nov 27 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f10-repo-1.0-1.fc10.prof_k
- Fedora 10 Build
* Sat May 24 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f9-repo-1.0-9.fc9.prof_k
- Fedora 9 Build
* Thu Feb 28 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-8.fc8.prof_k
- BuildArch: noarch
- Mon Feb 25 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-7.fc8.prof_k
- Re-designed repository directory structure based upon Fedora & Livna
* Mon Feb 11 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-6.fc8.prof_k
- Corrected mirror typos in kriehn-source
* Sat Feb 09 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-5.fc8.prof_k
- Corrected comment in RPM-GPG-KEY-kriehn
- Removed extra white space in kriehn.repo
- Corrected typo in changelog
* Tue Feb 05 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-4.fc8.prof_k
- Corrected typo in kriehn.repo, added a mirror to baseurl
* Mon Jan 21 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-3.fc8.prof_k
- Added Mirrorlist
* Wed Dec 12 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-2.fc8.prof_k
- Cleaned spec file
- Cleaned repo file
* Wed Dec 05 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-1.fc8.prof_k
- First spec file based upon those used by other repositories.
Create a repository .repo file
With the spec file finished, it is time to create a repository (.repo) file. The current kriehn.repo file has the following information in it:
[kriehn]
name=Professor Kriehn's Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/$basearch/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/$basearch/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
[kriehn-source]
name=Professor Kriehn's Source Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/SRPMS/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/SRPMS/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/SRPMS/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
Save and exit.name=Professor Kriehn's Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/$basearch/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/$basearch/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
[kriehn-source]
name=Professor Kriehn's Source Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/SRPMS/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/SRPMS/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/SRPMS/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
Generate the RPM file
We are now ready to build the RPM file. Copy all relevant source files over to the ~/linux/rpm/SOURCES directory and your spec file to the ~/linux/rpm/SPECS directory. In this case, I have 3 source files: gpl-2.0.txt (the GPLv2 license), kriehn.repo, and RPM-GPG-KEY-kriehn, which was created when I generated my GnuPG key pair.
~>
cp gpl-2.0.txt kriehn.repo RPM-GPG-KEY-kriehn ~/linux/rpm/SOURCES/.
~> cp kriehn-f12.repo.spec ~/linux/rpm/SPECS/.
Generate the RPM and sign it:~> cp kriehn-f12.repo.spec ~/linux/rpm/SPECS/.
~>
rpmbuild -bb --sign ~/linux/rpm/SPECS/kriehn-f12.repo.spec
Enter pass phrase:
Enter your GnuPG private key passphrase
and hit Enter. Normally I use the -ba option in
place of -bb,
but I do not need to create a SRPM for my repository RPM file. If all
goes well, your RPM will be created and signed. Enter pass phrase:
Once finished, this particular RPM can be found in ~/linux/rpm/RPMS/noarch/. Copy it over to your repository directory:
~>
sudo cp ~/linux/rpm/RPMS/noarch/kriehn-f12-repo-*.rpm
/var/www/html/fedora/12/noarch/.
Create
the repository metadataThen change into your repository directory and create the metadata:
~>
cd /var/www/html/fedora/12/i386/
~> sudo createrepo .
If you build any SRPMS and place them in
the SPRMS directory, you will have to create the metadata for that
directory as well:~> sudo createrepo .
~>
cd /var/www/html/fedora/12/SRPMS/
~> sudo createrepo .
And...~> sudo createrepo .
~>
cd /var/www/html/fedora/12/x86_64/
~> sudo createrepo .
Whenever you add new files to your
repository, you will
have to update the metadata. This can be done using the following
commands:~> sudo createrepo .
~>
sudo createrepo --update /var/www/html/fedora/12/i386/
~> sudo createrepo --update /var/www/html/fedora/12/SRPMS/
~> sudo createrepo --update /var/www/html/fedora/12/x86_64/
Since
your RPM packages are signed, place your public GnuPG key online in a
place that is easily accessible. You may also want to place your
initial repository RPM file online as well so that people can easily
setup your repository.~> sudo createrepo --update /var/www/html/fedora/12/SRPMS/
~> sudo createrepo --update /var/www/html/fedora/12/x86_64/
Set httpd Permissions
Next edit your /etc/httpd/conf/httpd.conf file using sudo and add the following in the <Directory /></Directory> section:
<Directory
"/var/www/html/fedora">
AllowOverride All
Options Indexes SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Save
and exit, and restart your httpd server:AllowOverride All
Options Indexes SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
~>
sudo service httpd restart
You should see httpd
successfully restart:Stopping
httpd:
[ OK
]
Starting httpd: [ OK ]
Starting httpd: [ OK ]
Set SELinux Security Context
Finally, if you are running SELinux, set the security context of the directory to be public:
~>
sudo chcon -R -t public_content_t /var/www/html/fedora/
With that, you have just create your own online Fedora
repository!References
http://www.mindtrove.info/articles/yum.html
http://fedoraproject.org/wiki/SELinux/apache
http://docs.fedoraproject.org/selinux-faq-fc3/index.html#id2825658
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/rhlcommon-chapter-0017.html