Printable Version of Topic

Click here to view this topic in its original format

Linuxhelp _ Guides Forum _ How-to Build Enterprise Srpms

Posted by: hughesjr Apr 17 2004, 09:39 AM

I use both and Both are rebuilds of RedHat Enterprise Linux 3 AS SRPMS files. (There are also several other projects that are RHEL 3 rebuilds including and

I wrote an article for called for anyone who wants an overview of what enterprise linux is ... and why you might try one of the enterprise linux clones, like WBEL or CentOS, if you don't want a full fledged (and expensive) enterprise distro with all the support, but you do want a stable system for servers with longer release cycles and a long term support cycle.

Anyway ... RedHat doesn't release binary rpm updates for RHEL (except to RHEL subscription customers) ... you have to pay them to download the binary updates. They do make the SRPMS available, and you can build the updates yourself, if you want. (all the versions listed above rebuild the Released SRPMS from RedHat within a couple days and make them available as binary files for their users, so this is not required ... but since these projects might stop in the future, some people may not want to use a rebuilt version of enterprise linux for fear of not getting updates).

This guide is how I setup a system to rebuild SRPMS for myself ... as a backup to updates being released by the above distros. This can be important if you want to show that you are really not dependant on Tao, WBEL or CentOS to release updates ... but this process is dependant upon RedHat to continue to make RHEL 3 updates avialable via SRPMS ... which they say they will do.

Enough explaination .... now to the fun:
I started with a machine that has a full install of CentOS or WBEL (or one of the other distros).

I created a user named buildsys, with a home directory of /home/buildsys. His group is also buildsys. You give him a password that you want, so he can login.

Now we need to create a directory to put the Source and built RPMS in ... I create a directory called buildsys at /usr/src ... like this as root:

mkdir /usr/src/buildsys
cd /usr/src/buildsys
cp -R ../redhat/* .
cd ..
chown -R buildsys:buildsys buildsys

I wanted to create a gpg key to sign the rpms (not absolutely required, but not hard). You can install rpms without a gpg key. I used the instructions from to generate the key. Here is my info:

[root@CentOS-31 src]# su - buildsys

[buildsys@CentOS-31 buildsys]$ mkdir .gnupg

[buildsys@CentOS-31 buildsys]$ ls

[buildsys@CentOS-31 buildsys]$ chmod 0700 .gnupg/

[buildsys@CentOS-31 buildsys]$ gpg --gen-key
gpg (GnuPG) 1.2.1; Copyright © 2002 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: keyring `/home/buildsys/.gnupg/secring.gpg' created
gpg: keyring `/home/buildsys/.gnupg/pubring.gpg' created
Please select what kind of key you want:
  (1) DSA and ElGamal (default)
  (2) DSA (sign only)
  (5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
              minimum keysize is  768 bits
              default keysize is 1024 bits
    highest suggested keysize is 2048 bits
What keysize do you want? (1024) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
        0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 5y
Key expires at Thu 16 Apr 2009 01:26:22 PM UTC
Is this correct (y/n)? y
You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
    "Heinrich Heine (Der Dichter) <>"

Real name: buildsys
Email address:
You selected this USER-ID:
    "buildsys <>"

Change (N)ame, ©omment, (E)mail or (O)kay/(Q)uit? o
You need a Passphrase to protect your secret key.
type key twice

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.

gpg: /home/buildsys/.gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.

pub  1024D/C3A032C6 2004-04-17 buildsys <>
    Key fingerprint = 33D1 23C6 6E78 F8F1 DC9B  5D8A 30CE 48CE C3A0 32C6
sub  2048g/78F4CC26 2004-04-17 [expires: 2009-04-16]

[buildsys@CentOS-31 buildsys]$ gpg --armor --export > RPM-GPG-KEY-buildsys

Now we need to create a .rpmmacros file so that the create RPMS will go into /usr/src/buildsys and set some other features .... here is the one I use (it is in the /home/sysbuild directory):

%_topdir /usr/src/buildsys
%_signature gpg
%_gpg_path /home/buildsys/.gnupg
%_gpg_name buildsys <>
%_gpgbin /usr/bin/gpg

(This is just for building updates ... if you want to rebuild the whole system, you might need to add more items to the .rpmmacros file)

Now I use the info from the ... I create the files named generaterpmlist and buildpackages ... except mine look like this:

# Make the log directory if it doesn't already exist
if [ ! -d $PKGLIST ]
       echo "Creating $PKGLIST"
       mkdir -p $PKGLIST
#Make an entry for each package.
for package in `cd $SPATH; ls *.src.rpm `
       touch ${PKGLIST}/$package

# Bail if the packagelist directory does not exist
if [ ! -d $PKGLIST ]
       echo "No packagelist.  Try generaterpmlist."
       exit 1
# Make the log directory if it doesn't already exist, otherwise clean out
# the logs from the last build attempt.
if [ ! -d $LOGDIR ]
       echo "Making $LOGDIR"
       mkdir -p $LOGDIR
       rm -f ${LOGDIR}/*
#Try making each package. If it builds, remove the log and packagelist entry
#otherwise leave both.
for package in `cd $PKGLIST; ls *.src.rpm `
       rpmbuild --rebuild ${SPATH}/$package &>$LOGDIR/$package
       if [ $? -eq 0 ]; then
               rm ${PKGLIST}/${package} ${LOGDIR}/${package}

I put both files in /usr/local/bin and do:

chmod 755 /usr/local/bin/buildpackages
chmod 755 /usr/local/bin/generaterpmlist

Now ... to build SRPMS, I put them in /home/buildsys/SRPMS and as the buildsys user, I type:


SO ...
the built rpms will be in /usr/src/buildsys

While building, the logs will be in /home/buildsys/rebuilder/logs

after everything is done, only logs with errors are left and only packages with errors are in /home/buildsys/rebuilder/pkglist, so correct the problems (dependancy not met, etc.) and rerun buildpackages.

Powered by Invision Power Board (
© Invision Power Services (