Koji RPM Build System Installation Part 4

Lets see what we have running so far by the last articles of this series:

  • Postgresql DB
  • Koji-Hub
  • Koji CLI
  • Koji-Web

Thats all nice but useless unless we add something that actually does all the work, the actual RPM building…


Kojid, also called Koji-Builder, is the service that takes care of building your SRPM and RPMs. You can have dozens of builders, each on their own host, if you need to build alot of RPM. Fedoras own Koji instance is using around 50-60 build hosts ! So lets get started

yum install koji-builder

Now we need to generate another SSL certificate

cd /etc/pki/koji
./certgen.sh kojid   #OU/CN=kojid

Then in /etc/kojid/kojid.conf set

;same as you will use with koji add-host


;client certificate
cert = /etc/pki/koji/kojid.pem

;certificate of the CA that issued the client certificate
ca = /etc/pki/koji/koji_ca_cert.crt

;certificate of the CA that issued the HTTP server certificate
serverca = /etc/pki/koji/koji_ca_cert.crt

Now we need to add this build host to Koji. Its the same procedure for every build-host you will add in the future.

su kojiadmin
#you can name the builder whatever you want, e.g. kojid-1, koji.example.com, its only a name
#you can add any architectures you want this builder to handle, e.g x86_64, i368, ppc, armhfp, ppc64
koji add-host kojid.example.com x86_64 i386
koji add-host-to-channel kojid createrepo

service kojid start

Now your new builder should show up in Koji-Web under “Hosts” Tab. If its shown as “not ready”, then check your logs in /var/logs/kojid.log


Next and last service we need to setup is Kojira. Its a janitor service that cleans up your old repos and creates new ones whenever you build a RPM.

yum install koji-utils

And again a SSL certificate (you love that generation script by now, dont you?)

cd /etc/pki/koji

./certgen.sh kojira #OU/CN=kojira

And in /etc/kojira/kojira.conf set


;client certificate
cert = /etc/pki/koji/kojira.pem

;certificate of the CA that issued the client certificate
ca = /etc/pki/koji/koji_ca_cert.crt

;certificate of the CA that issued the HTTP server certificate
serverca = /etc/pki/koji/koji_ca_cert.crt

Finishing steps

su kojiadmin
koji add-user kojira
koji grant-permission repo kojira

service kojira start

That was it for installing and setting up Koji and all its components. In the next article I will go over the initial configuration of Koji and security aspects like iptables and SELinux.

    • Tomasz K.
    • February 8th, 2014 10:51am


    Thank you so much for your instructive articles. Why did you stop at this point? Are you planning to continue the series? Could you suggest some links or tips on how to configure koji further (that is adding git repos, adding source rpm/srpm repos, etc)?

    Kind regards,
    Tomasz K.

      • phil
      • February 9th, 2014 12:45pm

      I got distracted with other things and peoples interest in Koji wasnt that big. However I still have some more text and info somewhere. I’ll turn it into an article this week.

      Edit: Just to make sure, you did see http://www.devops-blog.net/koji/koji-rpm-build-system-configuration-and-usage ?

        • Tomasz K.
        • February 10th, 2014 10:34am

        That would be awesome. There aren’t many resources about koji around. I’m especially interested in adding git repo with sources and spec files, so that koji could use them to build an rpm, and then (using mash) create a yum repo. It is strange that folks aren’t interested in koji, since automation is now very hot topic.

        Thanks for the link. I’ve missed that.

    • Tomasz K.
    • February 8th, 2014 10:54am

    BTW. Do you know if it is possible with koji to add CentOS binary rpms yum repository and use it to build my own packages and to create my own yum repository including both CentOS rpms and my rpms? Do you have any tips how to configure that?

      • phil
      • February 9th, 2014 12:56pm

      If I get you correct, that is how Koji actually works: You add external repos like CentOS, EPEL.. to your build channel(s) so dependencies can be resolved. Then you can build any RPM, either 3-rd party or your very own.
      The repo/folder structure they end up in cant be used directly by yum. However there is inherent tool “mash” that turns/copies all RPMs to a real yum-able structure.

    • Tomasz K.
    • February 10th, 2014 10:36am

    Ow. I thought koji has to use SRPMS (of complete distribution), I haven’t been aware that it can use yum repo with binary RPMs. That is very interesting. Thank you very much for help.

  1. April 16th, 2013
  2. April 21st, 2013