This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Making rpm packages for Centos 5.4

Recipe for building rpm standalone, but managed installer packages for Centos 5.4 i386

1. find the kernel version and gcc version used to compile the kernel

 # cat /proc/version

2. install the kernel-headers, kernel-devel and gcc packages "with" version numbers to override installing the latest version (the normal yum behavior is to install latest available versions, which usually isn't what is desired)

 # yum install kernel-headers-2.6.18-164.el5 kernel-devel-2.6.18-164.el5 gcc-4.1.2-46.el5

3. download a zipped archive of the your distribution CID and unpack it

 # unzip savlinux.zip

4. run the installer script

 # cd savlinux; chmod 744 install.sh; ./install.sh

5.  stop the currently running  sophos services

# service sav-protect stop; service sav-rms stop; service sav-web stop

6. install the rpm-build package

# yum install rpm-build

7.  run the package build script specifying the rpm option

# cd savlinux; chmod 744 mkinstpkg.sh; ./mkinstpkg.sh -r

8. provide the update source from which to update

> http://192.168.1.1/SophosUpdate/CIDs/S000/savlinux

RPM package is '/savlinux/savinstpkg-0.0-1.i386.rpm'

if using Windows 2008 IIS to distribute the linux updates, be aware of the ++ not served problem

9. enable double escaping request feature in the IIS server configuration (consider the the security implications)

C:\>%windir%\system32\inetsrv\appcmd set config "Default Web Site" -section:syst
em.webServer/security/requestFiltering -allowDoubleEscaping:true

10. copy the rpm to new end point and install

# rpm -i savinstpkg-0.0-1.i386.rpm

note: if serving updates from IIS and double escaping is not enabled, rpm will fail with a %post scriplet failure

:2712


This thread was automatically locked due to age.
Parents
  • On a patched system with access to remote repositories, the kernel and gcc versions pulled by a default yum command, do pull the most recent available versions. It's still happening.. so I'm puzzled why it's not necessary.

    Perhaps its assumed a yum.conf file is configured to be "Secure" and not trust other repositories?

     Agreed 700 would be preferred.. but didn't know what would be required by the build process.. so changed as little as possible.

    :2799
Reply
  • On a patched system with access to remote repositories, the kernel and gcc versions pulled by a default yum command, do pull the most recent available versions. It's still happening.. so I'm puzzled why it's not necessary.

    Perhaps its assumed a yum.conf file is configured to be "Secure" and not trust other repositories?

     Agreed 700 would be preferred.. but didn't know what would be required by the build process.. so changed as little as possible.

    :2799
Children
No Data