CSUF LogoCSUF Site Navigation
optics.csufresno.edu

F14 Hosting a Yum Repository Creating a Yum Repository

Department of Electrical and Computer Engineering
Associate Professor Gregory R. Kriehn
Forums
Wiki
F14 Creating a Yum Repository

Once you have a GnuPG key, it is fairly easy to setup a Yum Repository, if you are interested in doing so.


Create the directory structure

To start, create the directory structure:
~> sudo mkdir -p /var/www/html/fedora/14/i386
~> sudo mkdir -p /var/www/html/fedora/14/noarch
~> sudo mkdir -p /var/www/html/fedora/14/SRPMS
~> sudo mkdir -p /var/www/html/fedora/14/x86_64
Also, create a local RPM build directory structure:
~> mkdir -p ~/linux/rpm/BUILD
~> mkdir -p ~/linux/rpm/RPMS/athalon
~> mkdir -p ~/linux/rpm/RPMS/i386
~> mkdir -p ~/linux/rpm/RPMS/i486
~> mkdir -p ~/linux/rpm/RPMS/i586
~> mkdir -p ~/linux/rpm/RPMS/i686
~> mkdir -p ~/linux/rpm/RPMS/noarch
~> mkdir -P ~/linux/rpm/RPMS/x86_64
~> mkdir -p ~/linux/rpm/SOURCES
~> mkdir -p ~/linux/rpm/SPECS
~> mkdir -p ~/linux/rpm/SRPMS
~> mkdir -p ~/linux/rpm/TMP
Please note that the TMP directory is not standard, but I like using it as the temporary build directory when creating a new RPM file.

Create a ~/.rpmmacros file

Next, configure RPM to use your GnuPG key to sign all of your packages by creating a ~/.rpmmacros file with the following information:
%packager       Dr. Gregory R. Kriehn (Professor Kriehn) <gkriehn@csufresno.edu>
%distribution   Professor Kriehn
%vendor         optics.csufresno.edu

%_signature     gpg
%_gpg_name      Dr. Gregory R. Kriehn

%_topdir        /home/kriehn/linux/rpm
%_tmppath       %{_topdir}/TMP
%_sourcedir     %{_topdir}/SOURCES/

%debug_package  %{nil}

%_smp_mflags    -j3
Modify the above statements to suit your site and directory structure. Save and exit.

Create a repository spec file

Now we are ready to create the repository spec file. I am not going to give a tutorial on how to write spec files, but it is important to follow the Fedora spec file guidelines. In this case, the file is called kriehn-f14.repo.spec, and at the time of this writing looks like:
Name:       kriehn-f14-repo
Version:    1.0
Release:    16%{?dist}.prof_k
Summary:    Dr. Gregory R. Kriehn's Repository Configuration Files

Group:      System Environment/Base
License:    GPLv2
URL:        http://optics.csufresno.edu/
Source0:    RPM-GPG-KEY-kriehn
Source1:    kriehn.repo
Source2:    gpl-2.0.txt
BuildRoot:  %{_tmppath}/%{name}-%{version}-%{release}-root
BuildArch:  noarch

Requires:   fedora-release = 14

%description
This package installs the 'RPM-GPG-KEY-kriehn' file, the 'kriehn.repo'
repository file, and the GPLv2 license.


%prep
%setup -c -T

%build


%install
rm -rf %{buildroot}

# gpg
install -Dpm 0644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-kriehn

# yum
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/yum.repos.d/kriehn.repo

# GPLv2
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_prefix}/share/doc/kriehn/gpl-2.0.txt

%clean
rm -rf $RPM_BUILD_ROOT


%files
%defattr(-,root,root,-)
%{_sysconfdir}/pki/rpm-gpg/*
%config %{_sysconfdir}/yum.repos.d/*
%dir %{_prefix}/share/doc/kriehn
%{_prefix}/share/doc/kriehn/*


%changelog
* Sat Jan 8 2011 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f14-repo-1.0-16.fc14.prof_k
- Removed Mirrors


* Sat Jan 8 2011 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f14-repo-1.0-15.fc14.prof_k
- Fedora 14 Build


* Wed Nov 18 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f12-repo-1.0-1.fc12.prof_k
- Fedora 12 Build

* Tue Jul 28 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f11-repo-1.0-1.fc11.prof_k
- Fedora 11 Fix

* Sat Jun 20 2009 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f11-repo-1.0-1.fc11.prof_k
- Fedora 11 Build

* Thu Nov 27 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f10-repo-1.0-1.fc10.prof_k
- Fedora 10 Build

* Sat May 24 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f9-repo-1.0-9.fc9.prof_k
- Fedora 9 Build

* Thu Feb 28 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-8.fc8.prof_k
- BuildArch: noarch

* Mon Feb 25 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-7.fc8.prof_k
- Re-designed repository directory structure based upon Fedora & Livna

* Mon Feb 11 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-6.fc8.prof_k
- Corrected mirror typos in kriehn-source

* Sat Feb 09 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-5.fc8.prof_k
- Corrected comment in RPM-GPG-KEY-kriehn
- Removed extra white space in kriehn.repo
- Corrected typo in changelog

* Tue Feb 05 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-4.fc8.prof_k
- Corrected typo in kriehn.repo, added a mirror to baseurl

* Mon Jan 21 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-3.fc8.prof_k
- Added Mirrorlist

* Wed Dec 12 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-2.fc8.prof_k
- Cleaned spec file
- Cleaned repo file

* Wed Dec 05 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-1.fc8.prof_k
- First spec file based upon those used by other repositories.
Save and exit.

Create a repository .repo file

With the spec file finished, it is time to create a repository (.repo) file. The current kriehn.repo file has the following information in it:
[kriehn]
name=Professor Kriehn's Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn

[kriehn-source]
name=Professor Kriehn's Source Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/SRPMS/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
Save and exit.


Generate the RPM file

We are now ready to build the RPM file. Copy all relevant source files over to the ~/linux/rpm/SOURCES directory and your spec file to the ~/linux/rpm/SPECS directory. In this case, I have 3 source files: gpl-2.0.txt (the GPLv2 license), kriehn.repo, and RPM-GPG-KEY-kriehn, which was created when I generated my GnuPG key pair.
~> cp gpl-2.0.txt kriehn.repo RPM-GPG-KEY-kriehn ~/linux/rpm/SOURCES/.
~> cp kriehn-f14.repo.spec ~/linux/rpm/SPECS/.
Generate the RPM and sign it:
~> rpmbuild -bb --sign ~/linux/rpm/SPECS/kriehn-f14.repo.spec
Enter pass phrase:
Enter your GnuPG private key passphrase and hit Enter. Normally I use the -ba option in place of -bb, but I do not need to create a SRPM for my repository RPM file. If all goes well, your RPM will be created and signed.
Once finished, this particular RPM can be found in ~/linux/rpm/RPMS/noarch/. Copy it over to your repository directory:

~> sudo cp ~/linux/rpm/RPMS/noarch/kriehn-f14-repo-*.rpm /var/www/html/fedora/14/noarch/.
Create the repository metadata

Then change into your repository directory and create the metadata:
~> cd /var/www/html/fedora/14/i386/
~> sudo createrepo .
If you build any SRPMS and place them in the SPRMS directory, you will have to create the metadata for that directory as well:
~> cd /var/www/html/fedora/14/SRPMS/
~> sudo createrepo .
And...
~> cd /var/www/html/fedora/14/x86_64/
~> sudo createrepo .
Whenever you add new files to your repository, you will have to update the metadata. This can be done using the following commands:
~> sudo createrepo --update /var/www/html/fedora/14/i386/
~> sudo createrepo --update /var/www/html/fedora/14/SRPMS/
~> sudo createrepo --update /var/www/html/fedora/14/x86_64/
Since your RPM packages are signed, place your public GnuPG key online in a place that is easily accessible. You may also want to place your initial repository RPM file online as well so that people can easily setup your repository.


Set httpd Permissions

Next edit your /etc/httpd/conf/httpd.conf file using sudo and add the following in the <Directory /></Directory> section:
<Directory "/var/www/html/fedora">
  AllowOverride All
  Options Indexes SymLinksIfOwnerMatch
  Order allow,deny
  Allow from all
</Directory>
Save and exit, and restart your httpd server:
~> sudo service httpd restart
You should see httpd successfully restart:
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

Set SELinux Security Context

Finally, if you are running SELinux, set the security context of the directory to be public:
~> sudo chcon -R -t public_content_t /var/www/html/fedora/
With that, you have just create your own online Fedora repository!

References

http://www.mindtrove.info/articles/yum.html
http://fedoraproject.org/wiki/SELinux/apache
http://docs.fedoraproject.org/selinux-faq-fc3/index.html#id2825658
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/rhlcommon-chapter-0017.html