Once you have a GnuPG key, it is fairly easy to setup a yum repository, if you are interested in doing so.
Create the directory structure
To start, create the directory structure:
~>
sudo mkdir -p /var/www/html/fedora/9/i386
~> sudo mkdir -p /var/www/html/fedora/9/SRPMS
~> sudo mkdir -p /var/www/html/fedora/9/x86_64
Also, create a local RPM build directory
structure:~> sudo mkdir -p /var/www/html/fedora/9/SRPMS
~> sudo mkdir -p /var/www/html/fedora/9/x86_64
~>
mkdir -p ~/linux/rpm/BUILD
~> mkdir -p ~/linux/rpm/RPMS/athalon
~> mkdir -p ~/linux/rpm/RPMS/i386
~> mkdir -p ~/linux/rpm/RPMS/i486
~> mkdir -p ~/linux/rpm/RPMS/i586
~> mkdir -p ~/linux/rpm/RPMS/i686
~> mkdir -p ~/linux/rpm/RPMS/noarch
~> mkdir -p ~/linux/rpm/SOURCES
~> mkdir -p ~/linux/rpm/SPECS
~> mkdir -p ~/linux/rpm/SRPMS
~> mkdir -p ~/linux/rpm/TMP
Please note that the TMP directory is not
standard, but
I like using it as the temporary build directory when creating a new
RPM file. ~> mkdir -p ~/linux/rpm/RPMS/athalon
~> mkdir -p ~/linux/rpm/RPMS/i386
~> mkdir -p ~/linux/rpm/RPMS/i486
~> mkdir -p ~/linux/rpm/RPMS/i586
~> mkdir -p ~/linux/rpm/RPMS/i686
~> mkdir -p ~/linux/rpm/RPMS/noarch
~> mkdir -p ~/linux/rpm/SOURCES
~> mkdir -p ~/linux/rpm/SPECS
~> mkdir -p ~/linux/rpm/SRPMS
~> mkdir -p ~/linux/rpm/TMP
Create a ~/.rpmmacros file
Next, configure RPM to use your GnuPG key to sign all of your packages by creating a ~/.rpmmacros file with the following information:
%packager
Dr. Gregory R. Kriehn (Professor Kriehn)
<gkriehn@csufresno.edu>
%distribution Professor Kriehn
%vendor optics.csufresno.edu
%_signature gpg
%_gpg_name Dr. Gregory R. Kriehn
%_topdir /home/kriehn/linux/rpm
%_tmppath %{_topdir}/TMP
%_sourcedir %{_topdir}/SOURCES/
%debug_package %{nil}
Modify the above statements to suit your
site and directory structure. Save and exit. %distribution Professor Kriehn
%vendor optics.csufresno.edu
%_signature gpg
%_gpg_name Dr. Gregory R. Kriehn
%_topdir /home/kriehn/linux/rpm
%_tmppath %{_topdir}/TMP
%_sourcedir %{_topdir}/SOURCES/
%debug_package %{nil}
Create a repository spec file
Now we are ready to create the repository spec file. I am not going to give a tutorial on how to write spec files, but it is important to follow the Fedora spec file guidelines. In this case, the file is called kriehn.spec, and at the time of this writing looks like:
Name: kriehn-f9-repo
Version: 1.0
Release: 1%{?dist}.prof_k
Summary: Dr. Gregory R. Kriehn's Repository Configuration Files
Group: System Environment/Base
License: GPLv2
URL: http://optics.csufresno.edu/
Source0: RPM-GPG-KEY-kriehn
Source1: kriehn.repo
Source2: gpl-2.0.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildArch: noarch
Requires: fedora-release = 9
%description
This package installs the 'RPM-GPG-KEY-kriehn' file, the 'kriehn.repo'
repository file, and the GPLv2 license.
%prep
%setup -c -T
%build
%install
rm -rf %{buildroot}
# gpg
install -Dpm 0644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-kriehn
# yum
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/yum.repos.d/kriehn.repo
# GPLv2
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_prefix}/share/doc/kriehn/gpl-2.0.txt
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%{_sysconfdir}/pki/rpm-gpg/*
%config %{_sysconfdir}/yum.repos.d/*
%dir %{_prefix}/share/doc/kriehn
%{_prefix}/share/doc/kriehn/*
%changelog
* Sat May 24 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f9-repo-1.0-9.fc9.prof_k
- Fedora 9 Build
* Thu Feb 28 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-8.fc8.prof_k
- BuildArch: noarch
- Mon Feb 25 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-7.fc8.prof_k
- Re-designed repository directory structure based upon Fedora & Livna
* Mon Feb 11 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-6.fc8.prof_k
- Corrected mirror typos in kriehn-source
* Sat Feb 09 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-5.fc8.prof_k
- Corrected comment in RPM-GPG-KEY-kriehn
- Removed extra white space in kriehn.repo
- Corrected typo in changelog
* Tue Feb 05 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-4.fc8.prof_k
- Corrected typo in kriehn.repo, added a mirror to baseurl
* Mon Jan 21 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-3.fc8.prof_k
- Added Mirrorlist
* Wed Dec 12 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-2.fc8.prof_k
- Cleaned spec file
- Cleaned repo file
* Wed Dec 05 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-1.fc8.prof_k
- First spec file based upon those used by other repositories.
Save and exit.Version: 1.0
Release: 1%{?dist}.prof_k
Summary: Dr. Gregory R. Kriehn's Repository Configuration Files
Group: System Environment/Base
License: GPLv2
URL: http://optics.csufresno.edu/
Source0: RPM-GPG-KEY-kriehn
Source1: kriehn.repo
Source2: gpl-2.0.txt
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildArch: noarch
Requires: fedora-release = 9
%description
This package installs the 'RPM-GPG-KEY-kriehn' file, the 'kriehn.repo'
repository file, and the GPLv2 license.
%prep
%setup -c -T
%build
%install
rm -rf %{buildroot}
# gpg
install -Dpm 0644 %{SOURCE0} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-kriehn
# yum
install -Dpm 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/yum.repos.d/kriehn.repo
# GPLv2
install -Dpm 0644 %{SOURCE2} %{buildroot}%{_prefix}/share/doc/kriehn/gpl-2.0.txt
%clean
rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root,-)
%{_sysconfdir}/pki/rpm-gpg/*
%config %{_sysconfdir}/yum.repos.d/*
%dir %{_prefix}/share/doc/kriehn
%{_prefix}/share/doc/kriehn/*
%changelog
* Sat May 24 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f9-repo-1.0-9.fc9.prof_k
- Fedora 9 Build
* Thu Feb 28 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-8.fc8.prof_k
- BuildArch: noarch
- Mon Feb 25 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-7.fc8.prof_k
- Re-designed repository directory structure based upon Fedora & Livna
* Mon Feb 11 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-6.fc8.prof_k
- Corrected mirror typos in kriehn-source
* Sat Feb 09 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-5.fc8.prof_k
- Corrected comment in RPM-GPG-KEY-kriehn
- Removed extra white space in kriehn.repo
- Corrected typo in changelog
* Tue Feb 05 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-4.fc8.prof_k
- Corrected typo in kriehn.repo, added a mirror to baseurl
* Mon Jan 21 2008 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-3.fc8.prof_k
- Added Mirrorlist
* Wed Dec 12 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-2.fc8.prof_k
- Cleaned spec file
- Cleaned repo file
* Wed Dec 05 2007 Dr. Gregory R. Kriehn <gkriehn@csufresno.edu> kriehn-f8-repo-1.0-1.fc8.prof_k
- First spec file based upon those used by other repositories.
Create a repository .repo file
With the spec file finished, it is time to create a repository (.repo) file. The current kriehn.repo file has the following information in it:
[kriehn]
name=Professor Kriehn's Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/$basearch/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/$basearch/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
[kriehn-source]
name=Professor Kriehn's Source Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/SRPMS/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/SRPMS/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/SRPMS/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
Save and exit.name=Professor Kriehn's Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/$basearch/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/$basearch/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/$basearch/
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
[kriehn-source]
name=Professor Kriehn's Source Repository for Fedora $releasever - $basearch
baseurl=http://optics.csufresno.edu/fedora/$releasever/SRPMS/
http://www.atsweb.neu.edu/bcasse/fedora/$releasever/SRPMS/
http://repo.fedoramd.org/mirrors/kriehn/$releasever/SRPMS/
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-kriehn
Generate the RPM file
We are now ready to build the RPM file. Copy all relevant source files over to the ~/linux/rpm/SOURCES directory and your spec file to the ~/linux/rpm/SPECS directory. In this case, I have 3 source files: gpl-2.0.txt (the GPLv2 license), kriehn.repo, and RPM-GPG-KEY-kriehn, which was created when I generated my GnuPG key pair.
~>
cp gpl-2.0.txt kriehn.repo RPM-GPG-KEY-kriehn ~/linux/rpm/SOURCES/.
~> cp kriehn.spec ~/linux/rpm/SPECS/.
Generate the RPM and sign it:~> cp kriehn.spec ~/linux/rpm/SPECS/.
~>
rpmbuild -bb --sign ~/linux/rpm/SPECS/kriehn.spec
Enter pass phrase:
Enter your GnuPG private key passphrase
and hit Enter. Normally I use the -ba option in
place of -bb,
but I do not need to create a SRPM for my repository RPM file. If all
goes well, your RPM will be created and signed. Enter pass phrase:
Once finished, it can be found in ~/linux/rpm/RPMS/i386/. Copy it over to your repository directory:
~>
sudo cp ~/linux/rpm/RPMS/i386/kriehn-f9-repo-*.rpm
/var/www/html/fedora/9/i386/.
Create
the repository metadataThen change into your repository directory and create the metadata:
~>
cd /var/www/html/fedora/9/i386/
~> sudo createrepo .
If you build any SRPMS and place them in
the SPRMS directory, you will have to create the metadata for that
directory as well:~> sudo createrepo .
~>
cd /var/www/html/fedora/9/SRPMS/
~> sudo createrepo .
And...~> sudo createrepo .
~>
cd /var/www/html/fedora/9/x86_64/
~> sudo createrepo .
Whenever you add new files to your
repository, you will
have to update the metadata. This can be done using the following
commands:~> sudo createrepo .
~>
sudo createrepo --update /var/www/html/fedora/9/i386/
~> sudo createrepo --update /var/www/html/fedora/9/SRPMS/
~> sudo createrepo --update /var/www/html/fedora/9/x86_64/
Since
your RPM packages are signed, place your public GnuPG key online in a
place that is easily accessible. You may also want to place your
initial repository RPM file online as well so that people can easily
setup your repository.~> sudo createrepo --update /var/www/html/fedora/9/SRPMS/
~> sudo createrepo --update /var/www/html/fedora/9/x86_64/
Set httpd Permissions
Next edit your /etc/httpd/conf/httpd.conf file using sudo and add the following in the <Directory /></Directory> section:
<Directory
"/var/www/html/fedora">
AllowOverride All
Options Indexes SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
Save
and exit, and restart your httpd server:AllowOverride All
Options Indexes SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
~>
sudo service httpd restart
You should see httpd
successfully restart:Stopping
httpd:
[ OK
]
Starting httpd: [ OK ]
Set SELinux Security ContextStarting httpd: [ OK ]
Finally, if you are running SELinux, set the security context of the directory to be public:
~>
sudo chcon -R -t public_content_t /var/www/html/fedora/
With that, you have just create your own online Fedora repository!References
http://www.mindtrove.info/articles/yum.html
http://fedoraproject.org/wiki/SELinux/apache
http://docs.fedoraproject.org/selinux-faq-fc3/index.html#id2825658
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/rhlcommon-chapter-0017.html