Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 9229 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Making rpm packages for Centos 5.4

jwillis

Recipe for building rpm standalone, but managed installer packages for Centos 5.4 i386

1. find the kernel version and gcc version used to compile the kernel

 # cat /proc/version

2. install the kernel-headers, kernel-devel and gcc packages "with" version numbers to override installing the latest version (the normal yum behavior is to install latest available versions, which usually isn't what is desired)

 # yum install kernel-headers-2.6.18-164.el5 kernel-devel-2.6.18-164.el5 gcc-4.1.2-46.el5

3. download a zipped archive of the your distribution CID and unpack it

 # unzip savlinux.zip

4. run the installer script

 # cd savlinux; chmod 744 install.sh; ./install.sh

5.  stop the currently running  sophos services

# service sav-protect stop; service sav-rms stop; service sav-web stop

6. install the rpm-build package

# yum install rpm-build

7.  run the package build script specifying the rpm option

# cd savlinux; chmod 744 mkinstpkg.sh; ./mkinstpkg.sh -r

8. provide the update source from which to update

> http://192.168.1.1/SophosUpdate/CIDs/S000/savlinux

RPM package is '/savlinux/savinstpkg-0.0-1.i386.rpm'

if using Windows 2008 IIS to distribute the linux updates, be aware of the ++ not served problem

9. enable double escaping request feature in the IIS server configuration (consider the the security implications)

C:\>%windir%\system32\inetsrv\appcmd set config "Default Web Site" -section:syst
em.webServer/security/requestFiltering -allowDoubleEscaping:true

10. copy the rpm to new end point and install

# rpm -i savinstpkg-0.0-1.i386.rpm

note: if serving updates from IIS and double escaping is not enabled, rpm will fail with a %post scriplet failure

:2712


This thread was automatically locked due to age.
  • 0

    Steps 1, 2, 4 & 5 shouldn't be required to create the RPM package.

    Steps 1 & 2 are required on all the machines you are installing the RPM on. (Unless you set-up custom Talpa Binary Pack distribution).

    Step 5 shouldn't be required in general - stopping sav-web is required to work-around a bug in the current SAV6 code.

    You should problem use 700 permissions, rather than 744, although it won't make an real difference.

    :2792
  • 0

    On a patched system with access to remote repositories, the kernel and gcc versions pulled by a default yum command, do pull the most recent available versions. It's still happening.. so I'm puzzled why it's not necessary.

    Perhaps its assumed a yum.conf file is configured to be "Secure" and not trust other repositories?

     Agreed 700 would be preferred.. but didn't know what would be required by the build process.. so changed as little as possible.

    :2799
  • 0

    You don't need kernel headers or compiler to create an RPM package.

    You do need matching kernel headers and compiler (to the running kernel) in order to compile Talpa, to get on-access scanning.

    You don't need to install Sophos Anti-Virus before you create a RPM package.

    :3657
  • 0

    Issues configuring Windows IIS6.1 (Windows 2008r2) to serve Sophos Linux client updates:

    Using the [ Internet Information Services (IIS) Manager ] - there may be CLI methods, but they drift so much between releases they are a moving target.. most of the time Windows standardizes and supports the GUI more often than not, so its advisable not to fight their decisions.

    1. double escape

    Default Web Site (at appropriate level) - Features View - Request Filtering - Actions: Edit Feature Settings... - Checkbox - Allow double escaping

    2. [bin] path blockage

    This effects path:

    http://www.webserver.com/SophosUpdate/CIDs/S000/savlinux/sav-linux/common/bin/_/savlog

    Which if its not available, updates will not occur.

    IIS error message page will say

    404 - File or directory not found.

    rpm package install will say

    warning: %post(savinstpkg-0.0-1.x86_64) scriptlet failed, exit status 1

    Default Web Site (at appropriate level) - Features View - Request Filtering - Hidden Segments (tab) - Select [bin] -  Actions: Remove

    3. Handler mappings (or Mime)

    Default Web Site (at appropriate level) - Features View - Handler Mappings - Actions: Add Managed Handler. - Request path: .* - Type: application/octe-stream - Name: Sophos

    4. Repository needs to be addressed with a particular managed CID when creating RPM packages

    this ->

    http://www.webserver.com/SophosUpdate/CIDs/S000

    NOT this ->

    http://www.webserver.com/SophosUpdate

    5. Restart the [entire] Web service to make sure changes go into effect.

    :35327
Unfiltered HTML