RPM - Preparing the Package Building Environment
From ADempiere ERP Wiki
Preparing the Package Building Environment
Install the tools required for building the Adempiere RPM. (This needs to be done as
# yum install rpm-build rpmdevtools gnupg mercurial java-1.6.0-openjdk-devel desktop-file-utils docbook5-style-xsl libxslt fop
Create the RPM build tree in your home directory.
This command creates the following directory tree required by rpmbuild and configures your build settings
rpmbuild +-- BUILD +-- RPMS +-- SOURCES +-- SPECS +-- SRPMS
You can move the generated
rpmbuild directory to any place you like, but then you must adjust
%_topdir setting in
~/.rpmmacros to point to that location.
For security reasons, the packages you build should be digitally signed. The digital signature allows users to verify that the package has been built by you, a trusted source, and has not been tampered with since then.
First, generate a public/private key pair with the gpg --gen-key command:
$ gpg --gen-key gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Please select what kind of key you want: (1) RSA and RSA (default) (2) DSA and Elgamal (3) DSA (sign only) (4) RSA (sign only) Your selection? 1 RSA keys may be between 1024 and 4096 bits long. What keysize do you want? (2048) 2048 Requested keysize is 2048 bits Please specify how long the key should be valid. 0 = key does not expire <n> = key expires in n days <n>w = key expires in n weeks <n>m = key expires in n months <n>y = key expires in n years Key is valid for? (0) 0 Key does not expire at all Is this correct? (y/N) y You need a user ID to identify your key; the software constructs the user ID from the Real Name, Comment and Email Address in this form: "Heinrich Heine (Der Dichter) <email@example.com>" Real name: www.mycompany.com Email address: firstname.lastname@example.org Comment: rpm signature You selected this USER-ID: "www.mycompany.com (rpm signature) <email@example.com>" Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O You need a Passphrase to protect your secret key. Enter passphrase: secret passphrase Repeat passphrase: secret passphrase We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. .+++++ ........+++++ ..+++++ gpg: key F9D8EE90 marked as ultimately trusted public and secret key created and signed. gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u pub 2048R/F9D8EE90 2010-10-17 Key fingerprint = 983D 704A 024A 861F 9FCB 5CA2 4875 7B66 F9D8 EE90 uid www.mycompany.com (rpm signature) <firstname.lastname@example.org> sub 2048R/496CD9ED 2010-10-17
Next, the public key needs to be extracted:
$ gpg --export --armor www.mycompany.com > MYCOMPANY-RPM-GPG-KEY
This file needs to be publicly distributed so that users can verify the signature of the RPM packages which you built and signed.
Finally, you need to configure rpmbuild to use the signature you just created
by adding the
%_gpg_name macros to the
file in your home directory. The file should now look something like this:
%_topdir /home/username/rpmbuild %_signature gpg %_gpg_name www.mycompany.com (rpm signature) <email@example.com> … …