Friday, February 21, 2014

Another RPM Guide

Well, ARG certainly is a good abbreviation for this post...

RPMs are special kind of tar archives and they work well enough, but nobody really like to make them because the process is somewhat unforgiving.  The best way to do this is to make your own example and then copy and paste next time you need to do it, or you can turn the whole process into a special script and even generate the SPEC file on the fly with a bunch of echo statements.

Let's say that you have a script called test.sh that you want to install into /usr/local/bin and want to use an RPM for that.

Virtualbox


Software development and RPM tasks are best done on a Virtual Machine, to ensure that you don't accidentally mess up your regular desktop system.  So see first this: http://www.aeronetworks.ca/2014/01/fedora-20-on-virtualbox.html

Tools and Utilities

First do an update and install a few tools:
# yum update -y
# yum install rpm-build gvim system-config-users -y


Build Account

Make a special user account just for making RPMs.  Don't mess up your own home directory.  Run system-config-users and create a new user called rpmguru.

Log out and log in as rpmguru.

RPM Recipe

1. Make a directory called testscript-1 for the script.
$ mkdir testscript-1

2. Copy test.sh into the testscript-1 directory.
$ cp test.sh testscript-1/.

3. Make a tar ball
$ tar -cvzf testscript-1.tar.gz testscript-1

4. Make a spec file with  
$ gvim testscript-1.spec

5. Make the RPM directories
$ rpmbuild testscript-1.spec
(It will fail with “…no such file...”, but will create the ~/rpmbuild directory structure)

6. Copy the script and spec files
$ cp testscript-1.tar.gz rpmbuild/SOURCES/ && cp testscript-1.spec rpmbuild/SPECS/

7. Make the RPM
$ rpmbuild -ba rpmbuild/SPECS/testscript-1.spec

8. Now you can install the file with
# rpm -ivh rpmbuild/RPMS/tetscript[tab]
and see if it worked.

SPEC File

Name:        testscript       
Version:    1   
Release:    1%{?dist}
Summary:    Test script   

Group:        none
License:    GPL
URL:        none
Source0:    %{name}-%{version}.tar.gz   

BuildRequires:    /bin/cp, /bin/rm, /bin/mkdir
Requires:    /bin/bash

%description   
Example RPM, displays Hello World

%prep
%setup -q

%build
echo OK

%install
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/usr/local/bin
cp test.sh $RPM_BUILD_ROOT/usr/local/bin/

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root,-)
%attr(0775,root,root) /usr/local/bin/test.sh

%doc

%changelog
* Fri Feb 21 2014 Herman 1
- Example Hello World script


More

https://fedoraproject.org/wiki/How_to_create_a_GNU_Hello_RPM_package

La voila!

Herman.

Tuesday, February 18, 2014

Fedora 20 Yum Problems

Corrupted Database

Sometimes the RPM database becomes corrupted and then it and the Yellowdog Update Manager (yum) won't work.
  • Remove old RPM db: rm -f /var/lib/rpm/__db*
  • Rebuild RPM db: rpm -vv --rebuilddb
  • Try to update: yum update -y

Timeouts

Sometimes all the mirrors time out, all the time when you have a super slow company network and then yum won't work at all.

Add timeout=60 (or more) to /etc/yum.conf and try again.

Lock File

Sometimes yum gets hung up if you have a really rotten internet link and then you have to kill it.  This may result in yum refusing to run the next time.

Kill yum:
# pkill yum
(or killall yum)

Delete the PID file:
# rm /var/run/yum.pid

La Voila!

Monday, February 17, 2014

SUID Root

Once in a blue moon, I run into a problem where an application program needs to run a utility which requires super user privileges.  The latest example was the need to set the date and time from a GPS, so the simplest solution was to change the date command to SUID Root.

# whereis date
/bin/date

# chmod u+s /bin/date

A ls -l will now show rws instead of rwx and the date command will run with root privileges when it is launched by an unprivileged user.

Here is a little script that I use to make my life easier in the lab:

#! /bin/bash
echo Set the network utilitites to SUID root so that a common user can run them
chmod u+s /usr/sbin/dhclient
chmod u+s /usr/sbin/ifconfig
chmod u+s /usr/sbin/route
chmod u+s /usr/sbin/ip
chmod u+s /usr/bin/systemctl


You should of course do this with care and think about the security implications when you enable this feature on a command.

La voila!

Saturday, February 1, 2014

BBC TV Terrorists

Mr Cameron said that the GCHQ and NSA dragnets are very effective against fictional threats:

"David Cameron wants a fresh push after the next election to "modernise" laws to allow monitoring of people's online activity, after admitting there was little chance of progress before then.

The prime minister told a parliamentary committee that gathering communications data was "politically contentious" but vital to keep citizens safe.

He said TV crime dramas illustrated the value of monitoring mobile data."
-- BBC, 2 Feb 2014.

Fantastic.  We can all sleep well now, knowing that no BBC TV Terrorist will be able to attack us.

The dragnets are misguided IT job creation projects and should be stopped.  The money should be used for real life policing.  We need rubber pounding the pavement to track real criminals and would be terrorists.  

Fascist mass monitoring of law abiding citizens is a waste of time and resources.

It is sad how Mr Obama's 'Yes, we can' slogan became 'Because we can'.