RPM - Preparing the Package Building Environment

From ADempiere
Jump to: navigation, search
This Wiki is read-only for reference purposes to avoid broken links.


Preparing the Package Building Environment

Required Development Tools

Install the tools required for building the Adempiere RPM. (This needs to be done as root).

# yum install rpm-build rpmdevtools gnupg mercurial java-1.6.0-openjdk-devel desktop-file-utils docbook5-style-xsl libxslt fop

RPM Build Tree

Create the RPM build tree in your home directory.

$ rpmdev-setuptree

This command creates the following directory tree required by rpmbuild and configures your build settings in ~/.rpmmacros

rpmbuild
+-- BUILD
+-- RPMS
+-- SOURCES
+-- SPECS
+-- SRPMS
			

You can move the generated rpmbuild directory to any place you like, but then you must adjust the %_topdir setting in ~/.rpmmacros to point to that location.

Digital Signature

For security reasons, the packages you build should be digitally signed. The digital signature allows users to verify that the package has been built by you, a trusted source, and has not been tampered with since then.

First, generate a public/private key pair with the gpg --gen-key command:

$ gpg --gen-key
gpg (GnuPG) 1.4.10; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Please select what kind of key you want:
	(1) RSA and RSA (default)
	(2) DSA and Elgamal
	(3) DSA (sign only)
	(4) RSA (sign only)
Your selection? 1
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
				0 = key does not expire
			<n>  = key expires in n days
			<n>w = key expires in n weeks
			<n>m = key expires in n months
			<n>y = key expires in n years
Key is valid for? (0) 0
Key does not expire at all
Is this correct? (y/N) y

You need a user ID to identify your key; the software constructs the user
ID from the Real Name, Comment and Email Address in this form:
		"Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>"

Real name: www.mycompany.com
Email address: devnull@mycompany.com
Comment: rpm signature

You selected this USER-ID:
		"www.mycompany.com (rpm signature) <devnull@mycompany.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

Enter passphrase: secret passphrase
Repeat passphrase: secret passphrase

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
.+++++
........+++++
..+++++
gpg: key F9D8EE90 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0  valid:   2  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 2u
pub   2048R/F9D8EE90 2010-10-17
			Key fingerprint = 983D 704A 024A 861F 9FCB  5CA2 4875 7B66 F9D8 EE90
uid   www.mycompany.com (rpm signature) <devnull@mycompany.com>
sub   2048R/496CD9ED 2010-10-17
			

Next, the public key needs to be extracted:

$ gpg --export --armor www.mycompany.com > MYCOMPANY-RPM-GPG-KEY

This file needs to be publicly distributed so that users can verify the signature of the RPM packages which you built and signed.

Finally, you need to configure rpmbuild to use the signature you just created by adding the %_signature and %_gpg_name macros to the .rpmmacros file in your home directory. The file should now look something like this:

%_topdir        /home/username/rpmbuild
%_signature     gpg
%_gpg_name      www.mycompany.com (rpm signature) <devnull@mycompany.com>
…
…