Posts Tagged ‘ rpm build system

GPG signing RPMs with Sigul Signing Server & Koji integration

When you are building your own RPMs and distributing them either on your own infrastructure or to the public, you should consider signing them with a GPG key. That way the client machines that install your RPMs can verify the integrity and authenticity of what they are installing.

GPG signing can either be done manually, which is fairly easy but unhandy or you can use a way more automated and solid way, using the Sigul Signing Server by Fedora.

Sigul keeps the private keys used for signing on its server and they arent accesible by the clients who want to sign RPMs. All requests by Sigul Clients to Sigul Server are sent over the Sigul Bridge which relays them. This allows signing RPMs from various machines, without having access to actual keys being used. So you never communicate directly with the Server which can and should be isolated from the rest of the world and only allow connections from/to the Bridge in the Firwall.

Read more

Getting RPM built by Koji into YUM-able repo

By following my article series about Fedoras RPM build system Koji, you should by now have a fully working setup that even builds RPMs from Git.
However, by design, the built RPMs cant be directly used as a yum repo. They need to be transformed first. Therefore the tool “mash” exists.
Luckily setting up mash is easy compared to Koji itself.

yum install mash
# create a storage path, this can also be a network mount
mkdir -p /mnt/custom-repo/{mash,rpm}
ln -s /mnt/custom-repo/mash/centos6-release/ /mnt/custom-repo/rpm/centos6

Read more

Building RPM from Git with Koji

If you have followed my other articles about Koji, you should have a fully working setup now. However its not very handy to only build local SRPM.
Fortunately Koji can build RPMs by spec-files and Makefiles which it gets from a Git repo or other SCM. Read on to learn how you get that going.

In /etc/kojid/kojid.conf*:no

;using any other command instead of "make sources". Example showing "fedpkg sources"

Read more

Koji RPM Build System Configuration and Usage

In the previous short article series I’ve shown you how to install Koji and all its components like Kojid, Kojira, Koji-Hub. However to fully use it we need to do some initial configuration that can only be persisted for a fresh install by a early DB Backup, I’ll remind you of that later.

To understand what we are doing here you need to know a bit more about Kojis philosophy:

Koji uses Tags to identify and mark various stages in the RPM building workflow. Some tags are logically linked together to the same flow, like building for a certain target distribution, e.g. CentOS6. We will call this target tag dist-centos6. But you can maintain multiple distribution-builds on the same Koji instance, just add more tags then according to this article.

We also need a tag that is used for builds and inherits the build target. We call this tag dist-centos6-build
Koji is building RPMs in a chroot with the mock tool. It also installs basic packages to those buildroots from the virtual yum package groups named build and srpm-build. So we need to tell Koji which packages we need. You can extend that list to your needs but choose wise: These packages are pulled in for every build then.
Also, Koji needs to know where to find/pull packages from, therefore we add external repositories, the base repo as the very first !!

Read more

Koji RPM Build System Installation Part 4

Lets see what we have running so far by the last articles of this series:

  • Postgresql DB
  • Koji-Hub
  • Koji CLI
  • Koji-Web

Thats all nice but useless unless we add something that actually does all the work, the actual RPM building…


Kojid, also called Koji-Builder, is the service that takes care of building your SRPM and RPMs. You can have dozens of builders, each on their own host, if you need to build alot of RPM. Fedoras own Koji instance is using around 50-60 build hosts ! So lets get started

Read more

Koji RPM Build System Installation Part 3

If you followed my previous articles you should by now have a rudimentary Koji system running.

Lets now proceed and add more components.


As the name suggests, Koji-Web is a webinterface to Koji. It lets you view all your builds, packages, rpms, tasks and other useful info. However you cannot control everything about Koji with it. Its nonetheless good to have. So lets go:

yum install koji-web mod_ssl

Read more

Koji RPM Build System Installation Part 2

So in Part1 we started with setting up the SSL certificates. Now we are going deeper

Database Setup

Start with installing postgresql and setting up Koji users and schema.

yum install postgresql-server koji
service postgresql initdb
service postgresql start
useradd koji;passwd -d koji
su postgres;createuser koji;createdb -O koji koji
su koji; psql koji koji < /usr/share/doc/koji*/docs/schema.sql

Read more

Koji RPM Build System Installation Part 1


So you decided to also take a shot at Koji, congrats. You won’t regret it.

At first, its helpful to understand the inner architecture of Koji for knowing when to look in which config files:

koji architecture

Koji architecture

Read more

Installing a RPM-based build system

When your Linux IT infrastructure has grown to a mature complex state and you heavily use continuous integration and automation, its time to think about how to deploy code efficiently.

You may already have Jenkins to build your own code and maybe even package it and installing with Puppet. But there is enough open-source software that you need to ./configure and compile yourself. Even if you then rpmbuild it yourself, its still not satisfying to install those RPM manually, especially if you already maintain your own repositories with Spacewalk.

A good solution is to build and package all your code into RPMs and import them into your very own repository which is available to all your system.
Read more