Installing a RPM-based build system

When your Linux IT infrastructure has grown to a mature complex state and you heavily use continuous integration and automation, its time to think about how to deploy code efficiently.

You may already have Jenkins to build your own code and maybe even package it and installing with Puppet. But there is enough open-source software that you need to ./configure and compile yourself. Even if you then rpmbuild it yourself, its still not satisfying to install those RPM manually, especially if you already maintain your own repositories with Spacewalk.

A good solution is to build and package all your code into RPMs and import them into your very own repository which is available to all your system.

There are a handful of open-source projects that aim to do this like Project Builder, poky and Buildbot. However we found the only two real wholesale open-source solutions that fit our needs are Koji and Open Build Service (OBS) by SUSE.

As OBS only runs on SUSE Linux (although there is a port by Martin Juhl (, we decided to use Koji.
We needed

  • building SRPM from Github (over SSH and private)
  • signing RPMs with GPG
  • syncing to Spacewalk
  • private local installed instance
  • all that automated on commits to Github or after Jenkins builds succeed

Koji is used by Fedora to build its own distribution, Spacewalk to build it for RHEL and Fedora, TomTom, Amazon, CERN…

Koji was kinda easy to install, however the configuration afterwards and getting it to nicely integrate with other software to get RPMs built from Github and then signed and output rendered to yum-able repos was alot of googling and trial and error because the information on that is sparse.

Read in the next articles, step-by-step, how we got Koji up and running, integrated with Github, signing with Sigul Server, generating repositories for testing and release and syncing them to Spacewalk in our Centos6 / RHEL6 environment. All that fully automated !

Start reading here Koji RPM Build System Installation Part 1

    • wr
    • March 8th, 2013 4:29pm

    hi, it’s seems to be a cool blog, could you write a little bit more about security aspects by building such kind of IT infrastructures? 🙂

      • admin
      • March 11th, 2013 6:23pm

      Hi wr,
      thank you for your interest. This article series will also have one about securing this setup (iptables/SELinux/httpd tweaking/SSL…)
      Please be patient and check back later.

  1. No trackbacks yet.