As some of you visiting this blog have noticed, currently the RPM’s I made for PHP aren’t available in any yum repository, making you have to check our blog every time for updates. Although I’m quite happy to have you visiting our blog more often, things really should be easier

I’ll take you through the steps I took to setup the yum repository for labcoding.com; with my next PHP update I’ll repost the instructions on enabling this repository (as described below).

Although mock is great for creating many repositories, for now I’ll stick to a CentOS 4 and CentOS 5 repository, in which the CentOS 5 repository will eventually contain my PHP rpm’s. Unfortunately I cannot make x86_64 RPM’s at the moment, due to lack of a machine running CentOS 5 on 64 bit. However, using my source RPM’s and recompiling should give no issues.

Installing ‘createrepo’

yum install createrepo

Createrepo is a program that creates a repomd (xml-based rpm metadata) file, these files contain information on when RPM’s were last updated and which ones are actually present in the repository. This way a ‘yum’ instance only needs to refresh this file to know if there are new RPM’s available.

My repository will reside in /var/www/html/yum/centos/4

mkdir -p /var/www/html/yum/centos/4/i386
mkdir -p /var/www/html/yum/centos/5/i386

Place my RPM’s in the (CentOS 5) repository:

$ cp ~/build/redhat/RPMS/i386/php4*LAB7*.rpm /var/www/html/yum/centos/5/i386

Running creatorepo, will create a repodata directory, containing the XML (repomd) files.

$ createrepo /var/www/html/yum/centos/5/i386
15/15 – php4-ncurses-4.4.8-LAB7.i386.rpm
Saving Primary metadata
Saving file lists metadata
Saving other metadata

You’re basically all ready to use your repository!

However, I find it important to have SIGNED RPM’s, so people know for sure the RPM’s in my repository are actually the ones I build.

I’ll use PGP to sign the RPM’s. First we’ll start by creating our own PGP key.

$ mkdir ~/.gnupg
$ cd ~ && gpg –gen-key
gpg (GnuPG) 1.2.6; Copyright (C) 2004 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

Please select what kind of key you want:
(1) DSA and ElGamal (default)
(2) DSA (sign only)
(4) RSA (sign only)
Your selection?
Your selection? 1
DSA keypair will have 1024 bits.
About to generate a new ELG-E keypair.
minimum keysize is 768 bits
default keysize is 1024 bits
highest suggested keysize is 2048 bits
What keysize do you want? (1024) 2048
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
= key expires in n days
w = key expires in n weeks
m = key expires in n months
y = key expires in n years
Key is valid for? (0) 1y
Key expires at Sat 31 Jan 2009 06:17:17 PM EST
Is this correct (y/n)? y

You need a User-ID to identify your key; the software constructs the user id
from Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter) ”

Real name: Ivo Teel (CaliMonk)
Invalid character in name
Real name: Ivo Teel
Email address:
Not a valid email address
Email address: calimonk@gmail.com
Comment: a.k.a. CaliMonk
You selected this USER-ID:
“Ivo Teel (a.k.a. CaliMonk) ”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? C
Comment: CaliMonk
You selected this USER-ID:
“Ivo Teel (CaliMonk) ”

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

Enter passphrase:
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
..+++++++++++++++++++++++++..++++++++++.+++++.+++++..+++++++++++++++++++++++++++++++++++.+++++.++++++++++++++++++++.+++++..++++++++++..++++++++++>++++++++++……+++++
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
+++++…++++++++++..+++++….++++++++++++++++.++++++++++…++++++++++++++++++++.+++++..+++++++++++++++….+++++……………………………………………
gpg: /home/ivoadm/.gnupg/trustdb.gpg: trustdb created
public and secret key created and signed.
key marked as ultimately trusted.

pub 1024D/9A317F60 2008-02-01 Ivo Teel (CaliMonk)
Key fingerprint = XXXX XXXX XXXX XXXX XXXX XXXX XXXX XXX
sub 2048g/XXXXXXXX 2008-02-01 [expires: 2009-01-31]

Great! Now we have our key, that we can use to sign RPM.

Check if we indeed have a key:

$ gpg –list-keys

Make an export of our public key, so users can import it for use with the Repository. The key will be used to verify that the RPM’s are signed by the repository ‘owner’ (in this case, me).

$ gpg –export -a ‘Ivo Teel’ > RPM-GPG-KEY-Labcoding
$ sudo cp RPM-GPG-KEY-Labcoding /var/www/html/yum/centos/
$ sudo rpm –import http://www.labcoding.com/yum/centos/RPM-GPG-KEY-Labcoding

Signing the packages:

$ cd /var/www/html/yum/centos/5/i386
$ rpm –addsign *.rpm
php4-4.4.8-LAB7.i386.rpm:
php4-debuginfo-4.4.8-LAB7.i386.rpm:
php4-devel-4.4.8-LAB7.i386.rpm:
php4-domxml-4.4.8-LAB7.i386.rpm:
php4-gd-4.4.8-LAB7.i386.rpm:
php4-imap-4.4.8-LAB7.i386.rpm:
php4-ldap-4.4.8-LAB7.i386.rpm:
php4-mbstring-4.4.8-LAB7.i386.rpm:
php4-mysql-4.4.8-LAB7.i386.rpm:
php4-ncurses-4.4.8-LAB7.i386.rpm:
php4-odbc-4.4.8-LAB7.i386.rpm:
php4-pear-4.4.8-LAB7.i386.rpm:
php4-pgsql-4.4.8-LAB7.i386.rpm:
php4-snmp-4.4.8-LAB7.i386.rpm:
php4-xmlrpc-4.4.8-LAB7.i386.rpm:

$ rpm –checksig php4-4.4.8-LAB7.i386.rpm
php4-4.4.8-LAB7.i386.rpm: sha1 md5 OK

All set!

Now, to enable the Labcoding yum repository, do the following:

$ sudo rpm –import http://www.labcoding.com/yum/centos/RPM-GPG-KEY-Labcoding

Make a labcoding.repo file:

$ sudo vi /etc/yum.repos.d/labcoding.repo

Paste the following:

[Labcoding]
name=Labcoding Repository for CentOS $releasever $basearch
failovermethod=priority
baseurl=http://www.labcoding.com/yum/centos/$releasever/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Labcoding

Testing if it works:

$ sudo yum search php4-pear
Loading “security” plugin
Loading “installonlyn” plugin
Setting up repositories
Reading repository metadata in from local files

php4-pear.i386 4.4.8-LAB7 Labcoding
Matched from:
php4-pear

php4-pear.i386 4.4.8-LAB7 installed
Matched from:
php4-pear

Thats all for now!

Ivo