centosphprpm包技巧_CentOS下若何制作nginx RPM包

nginx版本：1.8.1

安装工具包

[root@rpmbuild ~]# yum -y install rpm-build rpmdevtools

安装nginx编译所需的依赖包

[root@rpmbuild ~]# yum -y install zlib pcre pcre-devel openssl-devel gcc gcc-c++ make

初始化一个目录构造

[root@rpmbuild ~]# rpmdev-setuptree

[root@rpmbuild ~]# tree rpmbuild/

rpmbuild/

├── BUILD # 编译rpm包的临时目录

├── RPMS # 存放由rpmbuild终极制作好的二进制包

├── SOURCES # 所有源代码和补丁文件的存放目录

├── SPECS # 存放SPEC文件的目录(主要)

└── SRPMS # 最终生成的二进制源码包所在目录

准备要制作的源码包和所需的一些额外文件

[root@rpmbuild ~]# cd rpmbuild/SOURCES/

[root@rpmbuild SOURCES]# ll

总用量 824

-rw-r--r-- 1 root root 2474 9月 25 16:57 init.nginx

-rw-r--r-- 1 root root 833473 12月 6 2016 nginx-1.8.1.tar.gz

-rw-r--r-- 1 root root 673 9月 25 17:03 nginx.conf

编写启动做事脚本，让其可以利用service和chkconfig来管理

[root@rpmbuild SOURCES]# cat init.nginx

====================================================

#!/bin/sh

#

# nginx - this script starts and stops the nginx daemon

#

# chkconfig: - 85 15

# description: Nginx is an HTTP(S) server, HTTP(S) reverse \

# proxy and IMAP/POP3 proxy server

# processname: nginx

# pidfile: /var/run/nginx/nginx.pid

# Source function library.

. /etc/rc.d/init.d/functions

# Source networking configuration.

. /etc/sysconfig/network

# Check that networking is up.

[ \"大众$NETWORKING\"大众 = \公众no\"大众 ] && exit 0

nginx=\公众/usr/local/nginx/sbin/nginx\"大众

prog=$(basename $nginx)

NGINX_CONF_FILE=\"大众/usr/local/nginx/conf/nginx.conf\"大众

[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx

lockfile=/var/lock/subsys/nginx

make_dirs() {

# make required directories

user=`nginx -V 2>&1 | grep \公众configure arguments:\公众 | sed 's/[^]--user=\([^ ]\)./\1/g' -`

options=`$nginx -V 2>&1 | grep 'configure arguments:'`

for opt in $options; do

if [ `echo $opt | grep '.-temp-path'` ]; then

value=`echo $opt | cut -d \"大众=\公众 -f 2`

if [ ! -d \"大众$value\"大众 ]; then

# echo \"大众creating\"大众 $value

mkdir -p $value && chown -R $user $value

fi

fi

done

}

start() {

[ -x $nginx ] || exit 5

[ -f $NGINX_CONF_FILE ] || exit 6

make_dirs

echo -n $\公众Starting $prog: \"大众

daemon $nginx -c $NGINX_CONF_FILE

retval=$?

echo

[ $retval -eq 0 ] && touch $lockfile

return $retval

}

stop() {

echo -n $\"大众Stopping $prog: \"大众

killproc $prog -QUIT

retval=$?

echo

[ $retval -eq 0 ] && rm -f $lockfile

return $retval

}

restart() {

configtest || return $?

stop

sleep 1

start

}

reload() {

configtest || return $?

echo -n $\"大众Reloading $prog: \"大众

killproc $nginx -HUP

RETVAL=$?

echo

}

force_reload() {

restart

}

configtest() {

$nginx -t -c $NGINX_CONF_FILE

}

rh_status() {

status $prog

}

rh_status_q() {

rh_status >/dev/null 2>&1

}

case \"大众$1\"大众 in

start)

rh_status_q && exit 0

$1

;;

stop)

rh_status_q || exit 0

$1

;;

restart|configtest)

$1

;;

reload)

rh_status_q || exit 7

$1

;;

force-reload)

force_reload

;;

status)

rh_status

;;

condrestart|try-restart)

rh_status_q || exit 0

;;

)

echo $\"大众Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}\"大众

exit 2

esac

====================================================

创建或上传nginx自定义配置文件

[root@rpmbuild SOURCES]# cat nginx.conf

====================================================

#user nobody;

worker_processes 4;

#error_log logs/error.log;

#pid logs/nginx.pid;

events {

worker_connections 1024;

}

http {

include mime.types;

default_type application/octet-stream;

#access_log logs/access.log main;

sendfile on;

#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

server {

listen 80;

server_name localhost;

location / {

root html;

index index.html index.htm;

}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html

#

error_page 500 502 503 504 /50x.html;

location = /50x.html {

root html;

}

}

}

====================================================

进入SPECS目录并创建nginx.spec文件

[root@rpmbuild SOURCES]# cd ../SPECS/

[root@rpmbuild SPECS]# rpmdev-newspec nginx.spec

Skeleton specfile (minimal) has been created to \公众nginx.spec\公众.

[root@rpmbuild SPECS]# ls

nginx.spec

[root@rpmbuild SPECS]# vim nginx.spec

====================================================

Name: nginx

Version: 1.8.1 # 版本号，不能利用“-”

Release: 1%{?dist}

Summary: Made from nginx-1.8.1.tar.gz # 大略描述信息，最好不超过50个字符

Group: Applications/Archiving # 用“less /usr/share/doc/rpm-4.8.0/GROUPS”里的一组

License: GPLv2 # 一定要带上（最好是对方源码包的LICENSE）BSD，GPL，GPLv2

URL: http://nginx.org

Packager: CentOS

Vendor: CentOS

Source0: %{name}-%{version}.tar.gz # source紧张是引用一下自己定义好的脚本，配置文件之类的内容。

Source1: init.nginx # nginx在主配置文件里面做了很多优化，包括cpu抢占，各种缓存策略，进程数等。

Source2: nginx.conf # 每增加一个Source，都须要在%install段和%files段做相应配置，如果是启动脚本的话。

BuildRoot: %_topdir/BUILDROOT

BuildRequires: gcc # 编译代码须要的软件。

Requires: zlib,pcre,pcre-devel,openssl,openssl-devel # 定义nginx rpm安装时依赖的包，须要提提高行手动安装。

%description # 软件包的描述，可多行编写，段中间空行隔开

Custom a rpm by yourself! Build nginx-1.8.1.tar.gz to nginx-1.8.1-1.el6.x86_64.rpm

%prep # 编译之前的处理，如解压

%setup -q

%build # 开始编译，如make

%configure # 这行必须删掉，否则会报“./configure: error: invalid option \"大众--host=x86_64-redhat-linux-gnu\"大众”这样的缺点

./configure \

--user=nginx \

--group=nginx \

--prefix=/usr/local/nginx \

--error-log-path=/usr/local/nginx/logs/error.log \

--http-log-path=/usr/local/nginx/logs/access.log \

--pid-path=/usr/local/nginx/logs/nginx.pid \

--lock-path=/usr/local/nginx/logs/nginx.lock \

--with-http_ssl_module \

--with-http_flv_module \

--with-http_stub_status_module \

--with-http_gzip_static_module \

--with-pcre

make %{?_smp_mflags}

%install # 开始安装，如make install

rm -rf $RPM_BUILD_ROOT

make install DESTDIR=$RPM_BUILD_ROOT

%{__install} -p -D -m 0755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/nginx

%{__install} -p -D %{SOURCE2} $RPM_BUILD_ROOT/usr/local/nginx/conf/nginx.conf

%pre # 安装前实行的动作

useradd -s /sbin/nologin nginx 2> /dev/null

%post # 安装后实行的动作

chmod +x /etc/init.d/nginx

chkconfig --add nginx

chkconfig nginx on

%preun # 卸载之前的动作

/etc/init.d/nginx stop > /dev/null 2>&1

userdel -r nginx 2> /dev/null

%clean

rm -rf $RPM_BUILD_ROOT

%files # 指定哪些文件须要被打包

%defattr(-,nginx,nginx,-)

/usr/local/nginx # 表示包含此目录下的所有文件

%attr(0755,root,root) /etc/rc.d/init.d/nginx # 此宏是定义单个文件的权限

%config(noreplace) /usr/local/nginx/conf/nginx.conf # 指定为配置文件

%doc

%changelog

====================================================

[root@rpmbuild SPECS]# rpmbuild -bb nginx.spec # 制作二进制包

[root@rpmbuild SPECS]# rpmbuild -ba nginx.spec # 既制作二进制包又制作src格式包

[root@rpmbuild SPECS]# du -sh ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

256K ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

[root@rpmbuild SPECS]# rpm -qpl ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

/etc/rc.d/init.d/nginx

/usr/local/nginx

/usr/local/nginx/conf

/usr/local/nginx/conf/fastcgi.conf

/usr/local/nginx/conf/fastcgi.conf.default

/usr/local/nginx/conf/fastcgi_params

/usr/local/nginx/conf/fastcgi_params.default

/usr/local/nginx/conf/koi-utf

/usr/local/nginx/conf/koi-win

/usr/local/nginx/conf/mime.types

/usr/local/nginx/conf/mime.types.default

/usr/local/nginx/conf/nginx.conf

/usr/local/nginx/conf/nginx.conf.default

/usr/local/nginx/conf/scgi_params

/usr/local/nginx/conf/scgi_params.default

/usr/local/nginx/conf/uwsgi_params

/usr/local/nginx/conf/uwsgi_params.default

/usr/local/nginx/conf/win-utf

/usr/local/nginx/html

/usr/local/nginx/html/50x.html

/usr/local/nginx/html/index.html

/usr/local/nginx/logs

/usr/local/nginx/sbin

/usr/local/nginx/sbin/nginx

[root@rpmbuild SPECS]# rpm -ivh ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

Preparing... ########################################### [100%]

1: nginx ########################################### [100%]

[root@rpmbuild SPECS]# rpm -qi nginx

Name : nginx Relocations: (not relocatable)

Version : 1.8.1 Vendor: CentOS

Release : 1.el6 Build Date: 2018年09月25日 星期二 18时02分06秒

Install Date: 2018年09月25日 星期二 18时04分30秒 Build Host: rpmbuild.test.org

Group : Applications/Archiving Source RPM: nginx-1.8.1-1.el6.src.rpm

Size : 706370 License: GPLv2

Signature : (none) # rpm包未署名

Packager : CentOS

URL : http://nginx.org

Summary : Made from nginx-1.8.1.tar.gz

Description :

Custom a rpm by yourself! Build nginx-1.8.1.tar.gz to nginx-1.8.1-1.el6.x86_64.rpm

利用gpg办法天生署名密钥

[root@rpmbuild SPECS]# gpg --gen-key # 在图形界面下操作

gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.

gpg: 已创建目录‘/root/.gnupg’

gpg: 新的配置文件‘/root/.gnupg/gpg.conf’已建立

gpg: 警告：在‘/root/.gnupg/gpg.conf’里的选项于这次运行期间未被利用

gpg: 钥匙环‘/root/.gnupg/secring.gpg’已建立

gpg: 钥匙环‘/root/.gnupg/pubring.gpg’已建立

请选择您要利用的密钥种类：

(1) RSA and RSA (default)

(2) DSA and Elgamal

(3) DSA (仅用于署名)

(4) RSA (仅用于署名)

您的选择？

RSA 密钥长度应在 1024 位与 4096 位之间。

您想要用多大的密钥尺寸？(2048)

您所哀求的密钥尺寸是 2048 位

请设定这把密钥的有效期限。

0 = 密钥永不过期

<n> = 密钥在 n 天后过期

<n>w = 密钥在 n 周后过期

<n>m = 密钥在 n 月后过期

<n>y = 密钥在 n 年后过期

密钥的有效期限是？(0)

密钥永久不会过期

以上精确吗？(y/n)y

You need a user ID to identify your key; the software constructs the user ID

from the Real Name, Comment and Email Address in this form:

\公众Heinrich Heine (Der Dichter) <heinrichh@duesseldorf.de>\公众

真实姓名：rpmbuild

电子邮件地址：rpmbuild@test.org

注释：GPG-RPM-KEY

您选定了这个用户标识：

“rpmbuild (GPG-RPM-KEY) <rpmbuild@test.org>”

变动姓名(N)、注释(C)、电子邮件地址(E)或确定(O)/退出(Q)？O

您须要一个密码来保护您的私钥。

can't connect to `/root/.gnupg/S.gpg-agent': 没有那个文件或目录

gpg-agent[15055]: 已创建目录‘/root/.gnupg/private-keys-v1.d’

我们须要天生大量的随机字节。
这个时候您可以多做些琐事(像是敲打键盘、移动

鼠标、读写硬盘之类的)，这会让随机数字发生器有更好的机会得到足够的熵数。

# 这里不须要输入东西，只须要移动鼠标即可

gpg: /root/.gnupg/trustdb.gpg：建立了信赖度数据库

gpg: 密钥 D75962BF 被标记为绝对信赖

公钥和私钥已经天生并经署名。

gpg: 正在检讨信赖度数据库

gpg: 须要 3 份勉强信赖和 1 份完备信赖，PGP 信赖模型

gpg: 深度：0 有效性： 1 已署名： 0 信赖度：0-，0q，0n，0m，0f，1u

pub 2048R/D75962BF 2018-09-26

密钥指纹 = 6EF5 BF25 DA5D 1216 4710 4CD7 0A95 3DE9 D759 62BF

uid rpmbuild (GPG-RPM-KEY) <rpmbuild@test.org>

sub 2048R/0C94E7EA 2018-09-26

查看天生的密钥

[root@rpmbuild SPECS]# gpg --list-key

/root/.gnupg/pubring.gpg

------------------------

pub 2048R/D75962BF 2018-09-26

uid rpmbuild (GPG-RPM-KEY) <rpmbuild@test.org>

sub 2048R/0C94E7EA 2018-09-26

导出公钥以供验证

[root@rpmbuild SPECS]# gpg --export -a \"大众rpmbuild\"大众 > RPM-GPG-KEY-rpmbuild

在~/.rpmmacros宏中定义加密密钥

[root@rpmbuild SPECS]# cat ~/.rpmmacros

%_topdir %(echo $HOME)/rpmbuild

%_smp_mflags -j3

%__arch_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot

%_gpg_name rpmbuild # 添加这一行

为rpm包署名

[root@rpmbuild SPECS]# rpm --addsign ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

Enter pass phrase: # 输入私钥密码

Pass phrase is good.

../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm:

将公钥导入rpm包

[root@rpmbuild SPECS]# rpm --import RPM-GPG-KEY-rpmbuild

验证rpm包密钥

[root@rpmbuild SPECS]# rpm --checksig ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

重新安装nginx，验证安装包的署名信息

[root@rpmbuild SPECS]# rpm -qa | grep nginx

nginx-1.8.1-1.el6.x86_64

[root@rpmbuild SPECS]# rpm -e nginx-1.8.1-1.el6.x86_64

[root@rpmbuild SPECS]# rpm -ivh ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm

Preparing... ########################################### [100%]

1: nginx ########################################### [100%]

[root@rpmbuild SPECS]# rpm -qi nginx

Name : nginx Relocations: (not relocatable)

Version : 1.8.1 Vendor: CentOS

Release : 1.el6 Build Date: 2018年09月26日 星期三 14时23分16秒

Install Date: 2018年09月26日 星期三 17时51分17秒 Build Host: rpmbuild.test.org

Group : Applications/Archiving Source RPM: nginx-1.8.1-1.el6.src.rpm

Size : 706370 License: GPLv2

Signature : RSA/SHA1, 2018年09月26日 星期三 17时43分57秒, Key ID 0a953de9d75962bf

Packager : CentOS

URL : http://nginx.org

Summary : Made from nginx-1.8.1.tar.gz

Description :

Custom a rpm by yourself! Build nginx-1.8.1.tar.gz to nginx-1.8.1-1.el6.x86_64.rpm

[root@rpmbuild SPECS]# /etc/init.d/nginx configtest

nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok

nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@rpmbuild SPECS]# ll /usr/local/

总用量 48

drwxr-xr-x. 2 root root 4096 9月 23 2011 bin

drwxr-xr-x. 2 root root 4096 9月 23 2011 etc

drwxr-xr-x. 2 root root 4096 9月 23 2011 games

drwxr-xr-x. 2 root root 4096 9月 23 2011 include

drwxr-xr-x. 2 root root 4096 9月 23 2011 lib

drwxr-xr-x. 2 root root 4096 9月 23 2011 lib64

drwxr-xr-x. 2 root root 4096 9月 23 2011 libexec

drwxr-xr-x 5 nginx nginx 4096 9月 25 18:04 nginx

drwxr-xr-x. 2 root root 4096 9月 23 2011 sbin

drwxr-xr-x. 5 root root 4096 9月 20 2017 share

drwxr-xr-x. 2 root root 4096 9月 23 2011 src

[root@rpmbuild SPECS]# chkconfig --list nginx

nginx 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭

[root@rpmbuild SPECS]# /etc/init.d/nginx start

正在启动 nginx： [确定]

[root@rpmbuild SPECS]# netstat -tnlp | grep nginx

tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 14991/nginx