| 1939 |
richard |
1 |
By Rexy
|
|
|
2 |
|
| 3327 |
rexy |
3 |
ALCASAR needs the following programs that don't be included as RPM in Mageia :
|
| 2520 |
rexy |
4 |
- coovachilli (the captive portal)
|
|
|
5 |
- ipt_netflow kernel module (netflow log system)
|
|
|
6 |
- wkhtmltopdf (html to pdf renderer)
|
|
|
7 |
- nfdump (collector & processor for netflow data)
|
| 3147 |
rexy |
8 |
- havp (http antivirus proxy) used only before ALCASAR V3.5
|
| 1939 |
richard |
9 |
|
| 3258 |
rexy |
10 |
This howto explains how to build RPM of these programs in order to keep the distribution clean (no binary installed if not packaged)
|
| 2821 |
rexy |
11 |
The compilation options are set in /etc/rpm/macro.d/*
|
| 3327 |
rexy |
12 |
The .spec & RPM can be tested with the tool "rpmlint"
|
|
|
13 |
The / directory should have 10G free (install an ALCASAR with 10G in /, /home/, /var, /tmp, )
|
| 1939 |
richard |
14 |
|
|
|
15 |
**** Prepare the RPM creation structure ***
|
| 3147 |
rexy |
16 |
- update your system : urpmi --auto-update
|
| 2925 |
rexy |
17 |
- install the following RPMs : urpmi kernel-userspace-headers rpm-build gengetopt libtool
|
| 3327 |
rexy |
18 |
- create directory structure in your home : mkdir -p ~/rpmbuild/{SRPMS,SOURCES,SPECS,tmp}
|
| 1939 |
richard |
19 |
- Option : find the ".rpmmacros" file on mageia wiki (https://wiki.mageia.org/en/Packagers_RPM_tutorial) and copy it in your home directory
|
|
|
20 |
|
| 2562 |
rexy |
21 |
**** For Coova-chilli *****
|
| 2821 |
rexy |
22 |
- install the following RPMs "lib64openssl-devel", "lib64json-c-devel"
|
| 3327 |
rexy |
23 |
- retrieve the last git archive of coova-chilli (https://github.com/coova/coova-chilli)
|
| 3328 |
rexy |
24 |
- unzip it and test the compilation process ("sh ./bootstrap", "./configure --disable-static --enable-shared --enable-largelimits --enable-chilliredir --enable-chilliscript --with-poll --enable-dhcpopt --enable-libjson --enable-json --enable-mdns --with-openssl", "make", "make install").
|
|
|
25 |
- all is in the /usr/local/sbin|lib|share/man|". Remove the installed files ("make uninstall") and the binaries ("make clean")
|
| 3327 |
rexy |
26 |
- rename the directory (coova-chilli-1.x) and compress it (ie : tar -cvzf coova-chilli-1.x.tar.gz coova-chilli-1.x). Copy this tarball in the directory ~/rpmbuild/SOURCES/
|
| 1939 |
richard |
27 |
- copy the SPEC file from the ALCASAR archive to the directory ~/rpmbuild/SPEC
|
| 3088 |
rexy |
28 |
- copy the .patch and SHA256* files in the directory ~/rpmbuild/SOURCES
|
|
|
29 |
//- Add the option -Wno-format-truncation à la ligne "%Werror_cflags" du fichier /etc/rpm/macro.d/20build.macros (avoid the following warning : https://github.com/coova/coova-chilli/issues/509)
|
| 2775 |
rexy |
30 |
- change to the directory ~/pmbuild/SPEC and run the RPM build process : "rpmbuild -bb coova-chilli.spec" (or rpmbuild -ba to create also the SRPMS)
|
| 1939 |
richard |
31 |
|
| 2821 |
rexy |
32 |
INFO : .spec tunning :
|
|
|
33 |
- add this 1st line : "%define _disable_ld_no_undefined 1" to avoid errors for unused references (ld)
|
|
|
34 |
- add the line "automake --add-missing" before "make"
|
| 3327 |
rexy |
35 |
- for 64b version, add 2 lines with "lib64" directory in the section "removing static binaries" (rm -rf $RPM_BUILD_ROOT/usr/lib/*.la)
|
| 3088 |
rexy |
36 |
- remove from the archive the unused files for ALCASAR (wpad.dat, wwwdir, etc.) via la directive '%exclude'
|
| 2775 |
rexy |
37 |
- change %make (deprecated) with %make_build and change %makeinstall (deprecated) with %make_install
|
| 1939 |
richard |
38 |
|
| 2562 |
rexy |
39 |
**** For HAVP ****
|
| 1939 |
richard |
40 |
- install the RPM of clamav-devel
|
|
|
41 |
- download, uncompress, and test the compilation of the last version of havp (./configure + make)
|
|
|
42 |
- copy the tarball in ~/rpmbuild/SOURCES/. copy the patch file ("havp-init.diff") in ~/rpmbuil/SOURCE. Copy and adapt the .spec in ~/rpmbuid/SPEC
|
| 2741 |
rexy |
43 |
- rpmbuild -bb ***.spec
|
| 1939 |
richard |
44 |
|
| 2562 |
rexy |
45 |
**** For ipt_netflow ****
|
| 3327 |
rexy |
46 |
- Must be compiled on a system which runs the target kernel. So install manually the targeted kernel and the same version of kernel-userspace-headers and reboot (ipt_NETFLOW will not load during this reboot)
|
| 2968 |
rexy |
47 |
- install the RPMs "kernel-server-devel" (choose the targeted kernel), "lib64iptables-devel"
|
| 3147 |
rexy |
48 |
- download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory (ipt_NETFLOW.ko). The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so)
|
| 3327 |
rexy |
49 |
- test the module : try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to check that the module is correctly loaded).
|
| 3283 |
rexy |
50 |
exemple :
|
|
|
51 |
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: loading out-of-tree module taints kernel.
|
|
|
52 |
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW version 2.6, srcversion 9B0006338FF61FE7DC5507D
|
|
|
53 |
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: hashsize 498011 (3890K)
|
|
|
54 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registering: /proc/net/stat/ipt_netflow
|
|
|
55 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registered: /proc/net/stat/ipt_netflow
|
|
|
56 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registering: /proc/net/stat/ipt_netflow_snmp
|
|
|
57 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registered: /proc/net/stat/ipt_netflow_snmp
|
|
|
58 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registering: /proc/net/stat/ipt_netflow_flows
|
|
|
59 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registered: /proc/net/stat/ipt_netflow_flows
|
|
|
60 |
mai 15 01:13:55 alcasar.lan kernel: netflow: registered: sysctl net.netflow
|
|
|
61 |
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: added destination 127.0.0.1:2055
|
|
|
62 |
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW protocol version 5 (NetFlow) enabled.
|
|
|
63 |
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW is loaded.
|
|
|
64 |
mai 15 01:14:06 alcasar.lan systemd[1]: systemd-hostnamed.service: Deactivated successfully.
|
|
|
65 |
|
| 3147 |
rexy |
66 |
- Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok.
|
| 3327 |
rexy |
67 |
- if all is ok, create & copy the tarball (ipt-netflow-x.y.tar.gz) in rpmbuild/SOURCES.
|
|
|
68 |
- Copy and adapt the .spec in rpmbuild/SPECS (change the kversion, Versions, Release and Changelog).
|
| 2925 |
rexy |
69 |
- Run "rpmbuild -bb ****.spec"
|
| 2562 |
rexy |
70 |
- install the fresh rpm (urpmi) and load ALCASAR iptables rules (alcasar-iptables.sh). Great job ;-)
|
| 2101 |
richard |
71 |
|
| 3222 |
rexy |
72 |
**** For wkhtmltopdf ****
|
| 2169 |
tom.houday |
73 |
- download the archive of the binaries of the last version (https://wkhtmltopdf.org/downloads.html) in ~/rpmbuild/SOURCES/wkhtmltox-%{version}_linux-generic-amd64.tar.xz.
|
|
|
74 |
- build with: rpmbuild -bb --clean wkhtmltopdf-%{version}-%{release}.spec
|
| 2427 |
tom.houday |
75 |
|
| 2562 |
rexy |
76 |
**** For nfdump ****
|
| 3273 |
rexy |
77 |
- Download archive of the last stable version (https://github.com/phaag/nfdump) - Can't actually update to 1.7.6 due to rrd version (V1.7.2 --> 1.9)
|
| 3258 |
rexy |
78 |
- install lib64rrdtool-devel, bison, flex (urpmi lib64rrdtool-devel bison flex)
|
| 3203 |
rexy |
79 |
- Copy & adapt .spec
|
|
|
80 |
- rpmbuild -bb ***.spec
|
| 2757 |
rexy |
81 |
|
|
|
82 |
**** For gammu --> only if new version is needed
|
| 3203 |
rexy |
83 |
- see .spec in SRPMS and adapt it. copy 69-gammu-acl.rules in SOURCES with the tarball
|
| 3269 |
rexy |
84 |
- install cmake, doxygen, gettext-devel, mariadb-devel (lib64mariadb-devel), lib64bluez-devel, lib64gudev1.0-devel, lib64curl-devel, postgresql15-devel, lib64usb1.0-devel
|