通过定制nginx的rpm包学习如何制作rpm安装包
RPM是RedHat Package Manager(RedHat软件包管理工具)的缩写,是一种用于互联网下载包的打包及安装工具,它包含在某些Linux分发版中。它生成具有.RPM扩展名的文件。使用rpm安装软件和管理软件非常的方便。
1.安装rpm-build
#yum -y install rpm-build redhat-rpm-config
2.建立目录结构
#mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS} # tree -n ~/rpmbuild/ /root/rpmbuild/ ├── BUILD 存放源代码 ├── RPMS 存放用于管理rpm制作进程的spec文件 ├── SOURCES 解压后的文件存放在这里 ├── SPECS 存放由rpmbuild制作好的二进制包 └── SRPMS 存放由rpmbuild制作好的源码包 5 directories, 0 files
3.下载源码包
将nginx、nginx-rtmp-module放在SOURCE目录下
SOURCES]# ll 总用量 71320 -rw-r--r--. 1 root root 69195965 8月 15 09:09 nginx-1.15.3.tar.gz -rw-r--r--. 1 root root 4876 8月 15 09:59 nginx.conf-rw-r--r--. 1 root root 3821160 8月 14 16:39 nginx-rtmp-module.tar.gz
4.制作.spec文件
在SPECS下执行:vim nginx.spec
# cat nginx.spec Name: nginx Version: 1.15.3 Release: 1%{?dist} Summary: nginx rmp package production Group: Applications/Archiving License: GPLv2 URL: http://www.baijiayun.com/ Packager: lizhenqi <lizhenqi@baijiayun.com> Vendor: 百家云 Source0: %{name}-%{version}.tar.gz Source1: nginx-rtmp-module.tar.gz Source2: nginx.conf BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: gcc Requires: openssl,openssl-devel,pcre-devel,pcre %description Custom nginx rpm package. Nginx: Github: https://github.com/nginx/nginx Branch: master Date : 2018.08.08 Nginx-Rtmp-Module: Github: https://github.com/arut/nginx-rtmp-module Branch: master Date : 2018.07.30 %prep rm -rf $RPM_BUILD_DIR/nginx-1.15.3 rm -rf $RPM_BUILD_DIR/nginx-rtmp-module tar fx $RPM_SOURCE_DIR/nginx-1.15.3.tar.gz tar fx $RPM_SOURCE_DIR/nginx-rtmp-module.tar.gz %build cd nginx-1.15.3 ./configure \ --prefix=/usr/local/nginx \ --with-openssl=/usr/local/openssl \ --with-pcre \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-stream \ --add-module=../nginx-rtmp-module #--with-http_perl_module \ make %{?_smp_mflags} %install rm -rf %{buildroot} cd nginx-1.15.3 make install DESTDIR=%{buildroot} %{__install} -p -D %{SOURCE2} %{buildroot}/usr/local/nginx/conf/nginx.conf %pre if [ $1 == 1 ];then # $1有3个值,代表动作,安装类型,处理类型 /usr/sbin/useradd -r www -s /sbin/nologin 2> /dev/null # 1:表示安装 fi # 2:表示升级 # 0:表示卸载 %preun if [ $1 == 0 ];then /usr/sbin/userdel -r www 2> /dev/null /etc/init.d/nginx stop > /dev/null 2>&1 fi %postun %clean rm -rf %{buildroot} %files %defattr(-,root,root,-) /usr/local/nginx %config(noreplace) /usr/local/nginx/conf/nginx.conf
5.spec文件解释
#:以#开头是注释,rpm会忽略它。 Summary: 简单描述软件。 Name : 定义rpm的名称。 Version: 定义软件版本 Release: 发行版本 License: 定义许可证 Group: 软件分类 Source: 源码下载地址 URL: 源码相关网站 Distribution: 发行版系列 Packager: 打包人的信息 %description:软件详细描述,可多行 %prep :软件编译之前的处理,如解压。 %build :开始编译软件,如make %install :开始安装软件,如make install %files :指定哪些文件需要被打包,如/usr/local/nginx %preun :定义卸载之前的动作,如杀掉进程。 这里只介绍了几个常用的tag,更详细的请参考:http://www.rpm.org/max-rpm/ch-rpm-inside.html
6.开始RPM制作
# rpmbuild -bb nginx.spec
rpmbuild -bp nginx.spec 制作到%prep段 rpmbuild -bc nginx.spec 制作到%build段 rpmbuild -bi nginx.spec 执行 spec 文件的 "%install" 阶段 (在执行了 %prep 和 %build 阶段之后)。这通常等价于执行了一次 "make install" rpmbuild -bb nginx.spec 制作二进制包 rpmbuild -ba nginx.spec 表示既制作二进制包又制作src格式包
7.测试RPM包
x86_64]# yum reinstall nginx-1.15.3-1.el7.centos.x86_64.rpm
8.查看软件包信息
x86_64]# rpm -qi nginx Name : nginx Version : 1.15.3 Release : 1.el7.centos Architecture: x86_64 Install Date: 2018年08月15日 星期三 11时45分05秒 Group : Applications/Archiving Size : 4344453 License : GPLv2 Signature : (none) # rpm包未签名状态 Source RPM : nginx-1.15.3-1.el7.centos.src.rpm Build Date : 2018年08月15日 星期三 11时43分15秒 Build Host : baijiayun Relocations : (not relocatable) Packager : lizhenqi <lizhenqi@baijiayun.com> Vendor : 百家云 URL : http://www.baijiayun.com/ Summary : nginx rmp package production Description : Custom nginx rpm package. Nginx: Github: https://github.com/nginx/nginx Branch: master Date : 2018.08.08 Nginx-Rtmp-Module: Github: https://github.com/arut/nginx-rtmp-module Branch: master Date : 2018.07.30
---------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------
以下未验证
9.生成密钥并验证
9.1.使用gpg方式生成签名密钥
# gpg --gen-key Your selection?1<Enter> #默认即可 What keysize do you want? (2048) 1024<Enter> #选择密钥长度 Key is valid for? (0) 1y<Enter> #有效期 Is this correct? (y/N) y<Enter> #确认 Real name: nmshuishui<Enter> #密钥名称 Email address: 353025240@qq.com<Enter> #邮件 Comment: GPG-RPM-KEY<Enter> #备注 Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O<ENTER> #okay确认 Enter passphrase OK <Enter> #按Enter输入密码 <Take this one anyway> <Enter> #确认使用此密码 ##### 在生成密钥的时候,会报这么一个信息:can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory,可以不用理会它。 接下来就是一些随机数的说明了:We need to generate a lot of random bytes. It is a good idea to perform some other action (type on the keyboard, move the mouse, utilize the disks) during the prime generation; this gives the random number generator a better chance to gain enough entropy. 就狂敲键盘和移动鼠标吧,也可以链接一个伪随机数(不过不安全),接下来的活儿就是等了 生成密钥后会是这样的: gpg: checking the trustdb gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u pub 2048R/DF63EDFB 2014-11-26 Key fingerprint = 338D 476F 29C9 E2D6 6604 1D96 6F73 1E81 DF63 EDFB uid nmshuishui (gen-key) <353025240@qq.com> sub 2048R/263FB359 2014-11-26
9.2.查看生成的密钥
# gpg --list-keys /root/.gnupg/pubring.gpg ------------------------ pub 2048R/DF63EDFB 2014-11-26 uid nmshuishui (gen-key) <353025240@qq.com> sub 2048R/263FB359 2014-11-26
9.3.导出公钥以供验证
# gpg --export -a "nmshuishui" > RPM-GPG-KEY-nmshuishui
9.4.在~/.rpmmacros宏中定义加密密钥
# vim ~/.rpmmacros
%_gpg_name nmshuishui
9.5.为rpm包签名
# rpm --addsign /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm Enter pass phrase: Pass phrase is good. /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm:
9.6.将公钥导入rpm包
# rpm --import RPM-GPG-KEY-nmshuishui
9.7.验证
# rpm --checksig /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
9.8.重新安装nginx,验证安装包的签名信息
# rpm -ivh /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm Preparing... ########################################### [100%] 1:nginx ########################################### [100%] [root@localhost ~]# [root@localhost ~]# rpm -qi nginx Name : nginx Relocations: (not relocatable) Version : 1.7.7 Vendor: nmshuishui Release : 3.el6 Build Date: Wed 26 Nov 2014 06:39:00 PM CST Install Date: Thu 27 Nov 2014 10:58:44 AM CST Build Host: localhost Group : Applications/Archiving Source RPM: nginx-1.7.7-3.el6.src.rpm Size : 793593 License: GPLv2 Signature : RSA/SHA1, Thu 27 Nov 2014 10:40:02 AM CST, Key ID 6f731e81df63edfb # 与 1 比起来,多了签名信息 Packager : nmshuishui <353025240@qq.com> URL : http://nmshuishui.blog.51cto.com/ Summary : nginx-1.7.7.tar.gz to nginx-1.7.7.rpm Description : Custom a rpm by yourself!Build nginx-1.7.7.tar.gz to nginx-1.7.7.rpm