Wednesday, February 15, 2017

Setting up a rpm build environment

I know everyone would like me to jump right in to talking about audit, but I want to take a detour first to make a couple posts that will be referenced in future articles. So, I'd like to get the first one out of the way which is building your own packages with rpm.

The reason we need to do this is that not everything that you might want is in Fedora. Sometimes a package is so hard to package that no distribution actually has it. For example, it may violate packaging guidelines as the build scripts are too complex to change without a whole lot of study. In a future blog post we will need to build one of these.

To start off with, you may want to have a specific account on your system for building packages. If so, make one and log into that account so that we can set things up.

When I build packages, I like to have things in specific places. I like to have tar file, spec file, and patches all in one directory named after the package. I do not like all sources jumbled together. We can get this with a little planning.

I prefer to have the following directory layout:

└── working
    ├── BUILD
    ├── RPMS
    │   ├── noarch
    │   └── x86_64
    ├── SRPMS
    └── tmp

To get this layout, do the following in your build account home directory:

$ mkdir -p working/{BUILD,BUILDROOT,SRPMS,tmp}
$ mkdir -p working/RPMS/{noarch,x86_64}

Next we want to add a .rpmmacros file to the home directory that will use this structure for building packages. The following assumes the account is "builder". Copy and change it as appropriate to your build account. Save it as .rpmmacros. The explanations are all inline.

# Custom RPM macros configuration file for building RPM packages
# as a non-root user.

# %_topdir defines the top directory to be used for RPM building
# purposes. It is the default ROOT of the buildsystem.
%_topdir        /home/builder/working

# %_sourcedir is where the source code tarballs, patches, etc.
# will be placed after you do an
# "rpm -ivh somepackage.1.0-1.src.rpm"
#%_sourcedir     %{_topdir}/%{name}-%{version}
%_sourcedir     %{_topdir}/%{name}

# %_specdir is where the specfile gets placed when installing a
# src.rpm. I prefer the specfile to be in the same directory
# as the source tarballs, etc.
%_specdir       %{_sourcedir}

# %_tmppath is where temporary scripts are placed during the RPM
# build process as well as the %_buildroot where %install normally
# dumps files prior to packaging up the final binary RPM's.
%_tmppath       %{_topdir}/tmp

# %_builddir is where source code tarballs are decompressed, and
# patches then applied when building an RPM package
%_builddir      %{_topdir}/BUILD

# %_buildroot is where files get placed during the %install section
# of spec file processing prior to final packaging into rpms.
# This is oddly named and probably should have been called
# "%_installroot" back when it was initially added to RPM.
%_buildroot     %{_topdir}/%{_tmppath}/%{name}-%{version}-root

# %_rpmdir is where binary RPM packages are put after being built.
%_rpmdir        %{_topdir}/RPMS

# %_srcrpmdir is where src.rpm packages are put after being built.
%_srcrpmdir     %{_topdir}/SRPMS

Now just a couple more changes and we are all set. If this is a brand new account, you might want to have rm, cp, and mv all asking permission to prevent accidents.

 $ echo -e "alias rm='rm -i'\nalias cp='cp -i'\nalias mv='mv -i'\n" >> .bashrc

And lastly, its also good get a couple prerequisite build packages installed.

$ su - root
# dnf install redhat-rpm-config rpm-build
# exit

This concludes setting up an environment to build packages for Fedora or RHEL. You can now test your setup by building the most recent audit rpm (after installing audit prerequisite rpms).

$ wget
$ rpm -ivh audit-2.7.2-2.fc24.src.rpm

Next we need to install some prerequisite packages for building the audit package:

$ su - root
# dnf install golang kernel-headers krb5-devel libcap-ng-devel openldap-devel python-devel python3-devel swig tcp_wrappers-devel audit-libs-devel
# exit

Note that under normal circumstances, you do not install audit-libs-devel to build the audit package. There is a self-test for the golang binding that needs in the system path. One of these days I'll fixup the test so that it uses the freshly built one. In any event, we can now do the build:

$ rpmbuild -ba working/audit/audit.spec

Note that even though the above references a Fedora 24 rpm, it doesn't make any difference since its just the source rpm. If everything goes to plan, you will have packages in working/RPMS. If you want to see the exploded audit source code, after building its located in working/BUILD/audit-2.7.2/. If you want to see all the files that make up the audit build, they are in working/audit/. Everything is nice and neat.

Its good to check with a simple rpm before we build a challenging package.

No comments: