Learn to Create an RPM Package

The steps to build an RPM package:

Download the source code
Create the spec file (use the rpmdev-newspec command)
Build the package (use the rpmbuild command)
GPG sign the package (use the rpmsign command)
Test the package (use rpm -qip command)

In this post, I’m going to learn to create an RPM package of fpaste-4.0.1.1.tar.gz on Red Hat Enterprise Linux 7 (variant).

First we need to ensure the necessary packages are installed:

$ sudo yum install rpmdevtools rpm-build rpm-sign rpmlint rgn-tools

The next step is create a directory structure for a few directories under ~/rpmbuild. For this, we can use a helping script rpmdev-setuptree:

$ rpmdev-setuptree
$ tree -F rpmbuild
rpmbuild
├── BUILD/
├── RPMS/
├── SOURCES/
├── SPECS/
└── SRPMS/

Download the fpaste source code, and copy or move it to ~/rpmbuild/SOURCES/ directory.

[student@workstation ~]$ cp fpaste-0.4.1.1.tar.gz rpmbuild/SOURCES/
[student@workstation ~]$ cd rpmbuild/SPECS/
[student@workstation SPECS]$ rpmdev-newspec fpaste
fpaste.spec created; type minimal, rpm version >= 4.11.

Update the ~/rpmbuild/SPECS/fpaste.spec. Here is my final version:

iName:           fpaste
Version:        0.4.1.1
Release:        1%{?dist}
Summary:        A simple tool for pasting info onto sticky notes instances

License:        GPLv3+
URL:            https://pagure.io/fpaste
Source0:        https://releases.pagure.org/fpaste/fpaste-0.4.1.1.tar.gz

Requires:       python3

%description
It is often useful to be able to easily paste text to the Fedora
Pastebin at http://paste.fedoraproject.org and this simple script
will do that and return the resulting URL so that people may
examine the output. This can hopefully help folks who are for
some reason stuck without X, working remotely, or any other
reason they may be unable to paste something into the pastebin


%prep
%autosetup

%build
# nothing required


%install
mkdir -p %{buildroot}%{_bindir}
make install BINDIR=%{buildroot}%{_bindir} MANDIR=%{buildroot}%{_mandir}
#rm -rf $RPM_BUILD_ROOT


%files
%{_bindir}/%{name}
%doc README.rst TODO
%{_mandir}/man1/%{name}.1.gz
%license COPYING

%changelog
* Fri Mar 05 2021 <student@workstation.lab.example.com> - 0.4.1.1-1
- Initial package build

Check the spec file:

[student@workstation SPECS]$ rpmlint fpaste.spec 
0 packages and 1 specfiles checked; 0 errors, 0 warnings.

Let’s build the binary and source:

[student@workstation ~]$ cd ~/rpmbuild/SPECS/
[student@workstation ~]$ rpmbuild -ba fpaste.spec 

[student@workstation ~]$ ls -1 ~/rpmbuild/RPMS/noarch/
fpaste-0.4.1.1-1.el7.noarch.rpm

Th next step is signing the newly built RPM package. By default the package is not signed. This can be further verified by running the command below and look for Signature: (none):

[student@workstation SPECS]$ rpm -qip ~/rpmbuild/RPMS/noarch/fpaste-0.4.1.1-1.el7.noarch.rpm 
Name        : fpaste
Version     : 0.4.1.1
Release     : 1.el7
Architecture: noarch
Install Date: (not installed)
Group       : Unspecified
Size        : 68908
License     : GPLv3+
Signature   : (none)
Source RPM  : fpaste-0.4.1.1-1.el7.src.rpm
Build Date  : Fri 05 Mar 2021 09:47:40 PM AEDT
Build Host  : workstation.lab.example.com
Relocations : (not relocatable)
URL         : https://pagure.io/fpaste
Summary     : A simple tool for pasting info onto sticky notes instances
Description :
It is often useful to be able to easily paste text to the Fedora
Pastebin at http://paste.fedoraproject.org and this simple script
will do that and return the resulting URL so that people may
examine the output. This can hopefully help folks who are for
some reason stuck without X, working remotely, or any other
reason they may be unable to paste something into the pastebin

In my case, I don’t have a GPG key yet. So, let’s create a GPG key pair first.

[student@workstation ~]$ gpg --gen-key
gpg (GnuPG) 2.0.22; Copyright (C) 2013 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

gpg: keyring `/home/student/.gnupg/secring.gpg' created
Please select what kind of key you want:
   (1) RSA and RSA (default)
   (2) DSA and Elgamal
   (3) DSA (sign only)
   (4) RSA (sign only)
Your selection? 
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Please specify how long the key should be valid.
         0 = key does not expire
      <n>  = key expires in n days
      <n>w = key expires in n weeks
      <n>m = key expires in n months
      <n>y = key expires in n years
Key is valid for? (0) 
Key does not expire at all
Is this correct? (y/N) y

GnuPG needs to construct a user ID to identify your key.

Real name: Student User
Email address: student@example.com
Comment: 
You selected this USER-ID:
    "Student User <student@example.com>"

Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.

We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
gpg: key A1B7A2B9 marked as ultimately trusted
public and secret key created and signed.

gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/A1B7A2B9 2021-03-05
      Key fingerprint = 8FBE 31D6 0191 113E 1298  0171 1697 AD0D A1B7 A2B9
uid                  Student User <student@example.com>
sub   2048R/C0D2143F 2021-03-05

We need to add our GPG name to a ~/.rpmmacros. (Tip: Run man rpmsign and scroll down to the bottom section.)

$ echo '%_gpg_name Student User <student@example.com>' >> ~/.rpmmacros

Without setting the gpg_name, we’ll get some hint to do this:

$ rpmsign --addsign ~/rpmbuild/RPMS/noarch/fpaste-0.4.1.1-1.el7.noarch.rpm 
You must set "%_gpg_name" in your macro file

Then we’re ready to sign the package.

$ rpmsign --addsign ~/rpmbuild/RPMS/noarch/fpaste-0.4.1.1-1.el7.noarch.rpm 
Enter pass phrase: 
Pass phrase is good.
/home/student/rpmbuild/RPMS/noarch/fpaste-0.4.1.1-1.el7.noarch.rpm:

We can now verify that the package is properly signed:

[student@workstation ~]$ rpm -qip ~/rpmbuild/RPMS/noarch/fpaste-0.4.1.1-1.el7.noarch.rpm 
warning: /home/student/rpmbuild/RPMS/noarch/fpaste-0.4.1.1-1.el7.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID a1b7a2b9: NOKEY
Name        : fpaste
Version     : 0.4.1.1
Release     : 1.el7
Architecture: noarch
Install Date: (not installed)
Group       : Unspecified
Size        : 68908
License     : GPLv3+
Signature   : RSA/SHA1, Fri 05 Mar 2021 10:05:47 PM AEDT, Key ID 1697ad0da1b7a2b9
Source RPM  : fpaste-0.4.1.1-1.el7.src.rpm
Build Date  : Fri 05 Mar 2021 09:47:40 PM AEDT
Build Host  : workstation.lab.example.com
Relocations : (not relocatable)
URL         : https://pagure.io/fpaste
Summary     : A simple tool for pasting info onto sticky notes instances
Description :
It is often useful to be able to easily paste text to the Fedora
Pastebin at http://paste.fedoraproject.org and this simple script
will do that and return the resulting URL so that people may
examine the output. This can hopefully help folks who are for
some reason stuck without X, working remotely, or any other
reason they may be unable to paste something into the pastebin

References: