Sunday, 11 March 2012

Signing RPM package and Creating a Yum repository

Signing RPM Package
I've learned that signing a RPM package is to create a digital signature for a package to show that you are the creator. It also ensures who has produced the package and to verify that it has not been altered by someone else. The tool that I used for signing is gpg which stands for GNU Privacy Guard, which creates digital signatures and much other things. I have packaged an RPM from earlier post that I will use to sign it.

First I created a GPG key with this command: gpg --gen-key

This was the output, I noticed that the tool asked for some user input when generating the key. Such as
  • the kind of key (chose RSA)
  • the keysize between 1024 and 4096 bits (chose 1024)
  • How long it is valid in days, weeks, months or years (chose 2m)
  • user identity including real name, email, and comment
It then generates the 1024bit key by taking numbers from the system. It asks that you perform some tasks on the computer to use some processing power which it takes numbers from. I used 1024bit so it took only opening a few browsers to meet the request.

Then I had to add my email address that I used when generating the key, to add in ~/.rpmmacros file.

The exact line I added was: %_gpg_name nhnguyen@learn.senecac.on.ca

Final thing I had to do was to install rpm signing package: yum install rpm-sign


Then we are ready to sign some packages, I tested this out by using rpm --addsign with my packaged rpm. Here is a screen capture of me going to my RPM directory and selecting the rpm to sign and then signing it. The process to take to setup signing package was not to complicated and may have taken me half hour.

Creating a Yum Repository
Before creating your own repository you will need a public server that you can used to host your files. For this step I used my user account with a public http folder hosted by my college.

After having this, I created a new directory called yumrepo where I copied over my new signed rpm package. To copy from my laptop to my schools server I had used SCP

Then I created a repository metadata for the directory where my rpm was located which creates a sub directory called repodata using this command:
createrepo ~/rpmbuild/RPMS/x86_64/

This is the location of my repository: http://matrix.senecac.on.ca/~nhnguyen3/yumrepo/

Testing

        
    • for testing I created a new repository file in /etc/yum.repos.d
    • Then I copied the file fedora.repo and called it test.repo
    • confirmed gpgcheck=1 and that gpgkey line was commented
    • Then switched to regular user and ran the command , with the output below
      gpg --export --armor nhnguyen3@laern.senecac.on.ca       
    Now from this we can install using yum from this repository that was created

    Creating a Repository-release RPM
    I will post  a RPM that contains my repo file and also the GPG key once I get it working. This should allow users to install and access my repository by just downloading this package.


    The location of my repository: http://matrix.senecac.on.ca/~nhnguyen3/yumrepo/
    Posted by at

    No comments:

    Post a Comment

    Subscribe to: Post Comments (Atom)