Tuesday, 8 October 2013

Linux Package Signing and Repositories

To start my adventure into RPM signing I installed the rpm-sign utility. Next began my first experience with GNU Privacy Guard and it's uses. I tried the command gpg --gen-key to create a key for myself. It worked. To proceed, I edited my rpmmacro's file and added my email to a macro within there. Using my gettext package and a new directory, I signed the package using rpm --addsign gettext-0.18.3.1-1.fc19.x86_64.rpm. When running the command rpm -qpi gettext-0.18.3.1-1.fc19.x86_64.rpm  I can see that a signature has been added to the package.

By running the createrepo command I was able to actually create my own repository! How exciting! To continue this work, I copied an existing repo file found in the /etc/yum.repos.d directory and used it as a template to makemy own repo. After using the following repo file, I was able to get yum to use my repository. It was actually exhilarating to see this. Okay maybe not that exciting but it was pretty cool to watch. This is a sample of what the yum update command showed me after my repo file was valid.

(1/2): tsbarrasware/primary_db                             | 2.8 kB   00:00 
Updating:
 gettext                x86_64   0.18.3.1-1.fc19           tsbarrasware   2.7 M


In addition to this it also wanted me to download some the dependencies I listed in my spec file. Very cool although since the gpg key was not installed, I could not actually install my package.


After creating a gpg key of my own using gpg --export --armour I was able to at least trust the source of my package by installing the key into /etc/pki/rpm-gpg. Unfortunately, I was not able to install my packge because it conflicted with the current gettext in the fedora repository. This was the error I received.

Transaction check error:
  file /usr/share/info/dir from install of gettext-0.18.3.1-1.fc19.x86_64 conflicts with file from package info-5.1-1.fc19.x86_64
  file /usr/lib64/libasprintf.so.0.0.0 from install of gettext-0.18.3.1-1.fc19.x86_64 conflicts with file from package gettext-libs-0.18.2.1-1.fc19.x86_64
  file /usr/lib64/libgettextpo.so.0.5.2 from install of gettext-0.18.3.1-1.fc19.x86_64 conflicts with file from package gettext-libs-0.18.2.1-1.fc19.x86_64


 The link to my gpg key can be found here and the package I signed is located here.

Using Charley's spec file as a reference, I created my own repository package. With this rpm, users can download and install it to automatically have access to my repository.

0 comments :

Post a Comment