RPM是RedHat Package Manager(RedHat软件包管理工具)的缩写,是一种用于互联网下载包的打包及安装工具,它包含在某些Linux分发版中。它生成具有.RPM扩展名的文件。使用rpm安装软件和管理软件非常的方便。

1.安装rpm-build

#yum -y install rpm-build redhat-rpm-config

2.建立目录结构

#mkdir -p ~/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
# tree -n ~/rpmbuild/
/root/rpmbuild/
├── BUILD        存放源代码
├── RPMS         存放用于管理rpm制作进程的spec文件
├── SOURCES      解压后的文件存放在这里
├── SPECS        存放由rpmbuild制作好的二进制包
└── SRPMS        存放由rpmbuild制作好的源码包
5 directories, 0 files

3.下载源码包

将nginx、nginx-rtmp-module放在SOURCE目录下

SOURCES]# ll
总用量 71320
-rw-r--r--.  1 root root 69195965 8月  15 09:09 nginx-1.15.3.tar.gz
-rw-r--r--.  1 root root     4876 8月  15 09:59 nginx.conf-rw-r--r--.  1 root root  3821160 8月  14 16:39 nginx-rtmp-module.tar.gz

4.制作.spec文件

在SPECS下执行:vim nginx.spec

# cat nginx.spec
Name: nginx
Version: 1.15.3
Release: 1%{?dist}
Summary: nginx rmp package production
Group: Applications/Archiving
License: GPLv2
URL: http://www.baijiayun.com/
Packager: lizhenqi <lizhenqi@baijiayun.com>
Vendor: 百家云
Source0: %{name}-%{version}.tar.gz
Source1: nginx-rtmp-module.tar.gz
Source2: nginx.conf
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
BuildRequires: gcc
Requires: openssl,openssl-devel,pcre-devel,pcre

%description
              Custom nginx rpm package. 
              Nginx: 
                    Github: https://github.com/nginx/nginx 
                    Branch: master  
                    Date  : 2018.08.08
              Nginx-Rtmp-Module: 
                    Github: https://github.com/arut/nginx-rtmp-module 
                    Branch: master 
                    Date  : 2018.07.30

%prep
rm -rf $RPM_BUILD_DIR/nginx-1.15.3
rm -rf $RPM_BUILD_DIR/nginx-rtmp-module
tar fx $RPM_SOURCE_DIR/nginx-1.15.3.tar.gz
tar fx $RPM_SOURCE_DIR/nginx-rtmp-module.tar.gz

%build
cd nginx-1.15.3
./configure \
--prefix=/usr/local/nginx \
--with-openssl=/usr/local/openssl \
--with-pcre \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_flv_module \
--with-http_mp4_module \
--with-stream \
--add-module=../nginx-rtmp-module
#--with-http_perl_module \
make %{?_smp_mflags}

%install
rm -rf %{buildroot}
cd nginx-1.15.3
make install DESTDIR=%{buildroot}
%{__install} -p -D %{SOURCE2} %{buildroot}/usr/local/nginx/conf/nginx.conf

%pre
if [ $1 == 1 ];then                                              # $1有3个值,代表动作,安装类型,处理类型
    /usr/sbin/useradd -r www -s /sbin/nologin 2> /dev/null       # 1:表示安装
fi                                                               # 2:表示升级      
                                                                 # 0:表示卸载
%preun
if [ $1 == 0 ];then
    /usr/sbin/userdel -r www 2> /dev/null
    /etc/init.d/nginx stop > /dev/null 2>&1
fi

%postun

%clean
rm -rf %{buildroot}

%files
%defattr(-,root,root,-)
/usr/local/nginx
%config(noreplace) /usr/local/nginx/conf/nginx.conf

5.spec文件解释

#:以#开头是注释,rpm会忽略它。
Summary:   简单描述软件。
Name :    定义rpm的名称。
Version:   定义软件版本
Release:   发行版本
License:   定义许可证
Group:    软件分类
Source:   源码下载地址
URL:      源码相关网站
Distribution: 发行版系列
Packager: 打包人的信息
%description:软件详细描述,可多行
%prep :软件编译之前的处理,如解压。
%build :开始编译软件,如make
%install :开始安装软件,如make install
%files :指定哪些文件需要被打包,如/usr/local/nginx
%preun :定义卸载之前的动作,如杀掉进程。
这里只介绍了几个常用的tag,更详细的请参考:http://www.rpm.org/max-rpm/ch-rpm-inside.html

6.开始RPM制作

# rpmbuild -bb nginx.spec

 

rpmbuild -bp nginx.spec 制作到%prep段
rpmbuild -bc nginx.spec 制作到%build段
rpmbuild -bi nginx.spec 执行 spec 文件的 "%install" 阶段 (在执行了 %prep 和 %build 阶段之后)。这通常等价于执行了一次 "make install"
rpmbuild -bb nginx.spec 制作二进制包
rpmbuild -ba nginx.spec 表示既制作二进制包又制作src格式包

7.测试RPM包

x86_64]# yum reinstall nginx-1.15.3-1.el7.centos.x86_64.rpm

8.查看软件包信息

x86_64]# rpm -qi nginx
Name        : nginx
Version     : 1.15.3
Release     : 1.el7.centos
Architecture: x86_64
Install Date: 2018年08月15日 星期三 11时45分05秒
Group       : Applications/Archiving
Size        : 4344453
License     : GPLv2
Signature   : (none)   # rpm包未签名状态
Source RPM  : nginx-1.15.3-1.el7.centos.src.rpm
Build Date  : 2018年08月15日 星期三 11时43分15秒
Build Host  : baijiayun
Relocations : (not relocatable)
Packager    : lizhenqi <lizhenqi@baijiayun.com>
Vendor      : 百家云
URL         : http://www.baijiayun.com/
Summary     : nginx rmp package production
Description :
              Custom nginx rpm package.
              Nginx:
                    Github: https://github.com/nginx/nginx
                    Branch: master
                    Date  : 2018.08.08
              Nginx-Rtmp-Module:
                    Github: https://github.com/arut/nginx-rtmp-module
                    Branch: master
                    Date  : 2018.07.30

---------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------------------------------

以下未验证

9.生成密钥并验证

9.1.使用gpg方式生成签名密钥

# gpg --gen-key
Your selection?1<Enter>  #默认即可
What keysize do you want? (2048) 1024<Enter>  #选择密钥长度
Key is valid for? (0) 1y<Enter>  #有效期
Is this correct? (y/N) y<Enter>  #确认
Real name: nmshuishui<Enter>  #密钥名称
Comment: GPG-RPM-KEY<Enter>  #备注
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O<ENTER> #okay确认
Enter passphrase  OK <Enter>  #按Enter输入密码                    
<Take this one anyway> <Enter> #确认使用此密码
#####
在生成密钥的时候,会报这么一个信息:can't connect to `/root/.gnupg/S.gpg-agent': No such file or directory,可以不用理会它。
接下来就是一些随机数的说明了:We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
就狂敲键盘和移动鼠标吧,也可以链接一个伪随机数(不过不安全),接下来的活儿就是等了
生成密钥后会是这样的:
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
pub   2048R/DF63EDFB 2014-11-26
      Key fingerprint = 338D 476F 29C9 E2D6 6604  1D96 6F73 1E81 DF63 EDFB
sub   2048R/263FB359 2014-11-26

9.2.查看生成的密钥

# gpg --list-keys
/root/.gnupg/pubring.gpg
------------------------
pub   2048R/DF63EDFB 2014-11-26
sub   2048R/263FB359 2014-11-26

9.3.导出公钥以供验证

# gpg --export -a "nmshuishui" > RPM-GPG-KEY-nmshuishui

9.4.在~/.rpmmacros宏中定义加密密钥

# vim ~/.rpmmacros
%_gpg_name nmshuishui

9.5.为rpm包签名

# rpm --addsign /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm 
Enter pass phrase: 
Pass phrase is good.
/home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm:

9.6.将公钥导入rpm包

# rpm --import RPM-GPG-KEY-nmshuishui

9.7.验证

# rpm --checksig /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm
/home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

9.8.重新安装nginx,验证安装包的签名信息

# rpm -ivh /home/hero/rpmbuild/RPMS/x86_64/nginx-1.7.7-3.el6.x86_64.rpm 
Preparing...                ########################################### [100%]
   1:nginx                  ########################################### [100%]
[root@localhost ~]# 
[root@localhost ~]# rpm -qi nginx
Name        : nginx                        Relocations: (not relocatable)
Version     : 1.7.7                             Vendor: nmshuishui
Release     : 3.el6                         Build Date: Wed 26 Nov 2014 06:39:00 PM CST
Install Date: Thu 27 Nov 2014 10:58:44 AM CST      Build Host: localhost
Group       : Applications/Archiving        Source RPM: nginx-1.7.7-3.el6.src.rpm
Size        : 793593                           License: GPLv2
Signature   : RSA/SHA1, Thu 27 Nov 2014 10:40:02 AM CST, Key ID 6f731e81df63edfb   # 与 1 比起来,多了签名信息
URL         : http://nmshuishui.blog.51cto.com/
Summary     : nginx-1.7.7.tar.gz to nginx-1.7.7.rpm
Description :
Custom a rpm by yourself!Build nginx-1.7.7.tar.gz to nginx-1.7.7.rpm