WebSVN – ALCASAR – Diff – //rpms/rpm-build-howto



By Rexy
 
ALCASAR needs the following programs that don't be included as RPM in Mageia :
  - coovachilli (the captive portal)
  - ipt_netflow kernel module (netflow log system)
  - wkhtmltopdf (html to pdf renderer)
  - nfdump (collector & processor for netflow data)
  - havp (http antivirus proxy) used only before ALCASAR V3.5
 
This howto explains how to build RPM of these programs in order to keep the distribution clean (no binary installed if not packaged)
The compilation options are set in /etc/rpm/macro.d/*
The .spec & RPM can be tested with the tool "rpmlint"
The / directory should have 10G free (install an ALCASAR with 10G in /, /home/, /var, /tmp, )
 
****  Prepare the RPM creation structure ***
- update your system : urpmi --auto-update
- install the following RPMs : urpmi kernel-userspace-headers rpm-build gengetopt libtool
- create directory structure in your home : mkdir -p ~/rpmbuild/{SRPMS,SOURCES,SPECS,tmp}
- Option : find the ".rpmmacros" file on mageia wiki (https://wiki.mageia.org/en/Packagers_RPM_tutorial) and copy it in your home directory
 
****  For Coova-chilli   *****
- install the following RPMs "lib64openssl-devel", "lib64json-c-devel"
- retrieve the last git archive of coova-chilli (https://github.com/coova/coova-chilli)
- unzip it and test the compilation process ("sh ./bootstrap", "./configure --disable-static --enable-shared --enable-largelimits --enable-chilliredir --enable-chilliscript --with-poll --enable-dhcpopt --enable-libjson --enable-json 	--enable-mdns --with-openssl", "make", "make install").
- all is in the /usr/local". Remove the installed files ("make uninstall") and the binaries ("make clean")
- rename the directory (coova-chilli-1.x) and compress it (ie : tar -cvzf coova-chilli-1.x.tar.gz coova-chilli-1.x). Copy this tarball in the directory ~/rpmbuild/SOURCES/
- copy the SPEC file from the ALCASAR archive to the directory ~/rpmbuild/SPEC
- copy the .patch and SHA256* files in the directory ~/rpmbuild/SOURCES
//- Add the option -Wno-format-truncation à la ligne "%Werror_cflags" du fichier /etc/rpm/macro.d/20build.macros (avoid the following warning : https://github.com/coova/coova-chilli/issues/509) 
- change to the directory ~/pmbuild/SPEC and run the RPM build process : "rpmbuild -bb coova-chilli.spec" (or rpmbuild -ba to create also the SRPMS) 
 
INFO : .spec tunning :
	- add this 1st line : "%define _disable_ld_no_undefined 1" to avoid errors for unused references (ld)
	- add the line "automake --add-missing" before "make"
	- for 64b version, add 2 lines with "lib64" directory in the section "removing static binaries" (rm -rf $RPM_BUILD_ROOT/usr/lib/*.la)
	- remove from the archive the unused files for ALCASAR (wpad.dat, wwwdir, etc.) via la directive '%exclude'
	- change %make (deprecated) with %make_build and change %makeinstall (deprecated) with %make_install
 
**** For HAVP ****
- install the RPM of clamav-devel
- download, uncompress, and test the compilation of the last version of havp (./configure + make)
- copy the tarball in ~/rpmbuild/SOURCES/. copy the patch file ("havp-init.diff") in ~/rpmbuil/SOURCE. Copy and adapt the .spec in ~/rpmbuid/SPEC
- rpmbuild -bb ***.spec
 
****  For ipt_netflow  ****
- Must be compiled on a system which runs the target kernel. So install manually the targeted kernel and the same version of kernel-userspace-headers and reboot (ipt_NETFLOW will not load during this reboot)
- install the RPMs "kernel-server-devel" (choose the targeted kernel), "lib64iptables-devel"
- download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory (ipt_NETFLOW.ko). The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so)
- test the module : try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to check that the module is correctly loaded).
exemple :
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: loading out-of-tree module taints kernel.
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW version 2.6, srcversion 9B0006338FF61FE7DC5507D
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: hashsize 498011 (3890K)
mai 15 01:13:55 alcasar.lan kernel: netflow: registering: /proc/net/stat/ipt_netflow

mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW protocol version 5 (NetFlow) enabled.
mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW is loaded.
mai 15 01:14:06 alcasar.lan systemd[1]: systemd-hostnamed.service: Deactivated successfully.
 
- Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok.
- if all is ok, create & copy the tarball (ipt-netflow-x.y.tar.gz) in rpmbuild/SOURCES.
- Copy and adapt the .spec in rpmbuild/SPECS (change the kversion, Versions, Release and Changelog).
- Run "rpmbuild -bb ****.spec"
- install the fresh rpm (urpmi) and load ALCASAR iptables rules (alcasar-iptables.sh). Great job ;-) 
 
**** For wkhtmltopdf ****
- download the archive of the binaries of the last version (https://wkhtmltopdf.org/downloads.html) in ~/rpmbuild/SOURCES/wkhtmltox-%{version}_linux-generic-amd64.tar.xz.

Subversion Repositories ALCASAR

(root)//rpms/rpm-build-howto – Rev 3283 → 3327

Rev 3283		Rev 3327
Line 1...		Line 1...
1	`By Rexy`	1	`By Rexy`
2		2
3	`ALCASAR need the following programs that don't be included as RPM in Mageia :`	3	`ALCASAR needs the following programs that don't be included as RPM in Mageia :`
4	`- coovachilli (the captive portal)`	4	`- coovachilli (the captive portal)`
5	`- ipt_netflow kernel module (netflow log system)`	5	`- ipt_netflow kernel module (netflow log system)`
6	`- wkhtmltopdf (html to pdf renderer)`	6	`- wkhtmltopdf (html to pdf renderer)`
7	`- nfdump (collector & processor for netflow data)`	7	`- nfdump (collector & processor for netflow data)`
8	`- havp (http antivirus proxy) used only before ALCASAR V3.5`	8	`- havp (http antivirus proxy) used only before ALCASAR V3.5`
9		9
10	`This howto explains how to build RPM of these programs in order to keep the distribution clean (no binary installed if not packaged)`	10	`This howto explains how to build RPM of these programs in order to keep the distribution clean (no binary installed if not packaged)`
11	`The compilation options are set in /etc/rpm/macro.d/*`	11	`The compilation options are set in /etc/rpm/macro.d/*`
12	`The .spec & RPM can be test with the tool "rpmlint"`	12	`The .spec & RPM can be tested with the tool "rpmlint"`
-		13	`The / directory should have 10G free (install an ALCASAR with 10G in /, /home/, /var, /tmp, )`
13		14
14	`** Prepare the RPM creation structure *`	15	`** Prepare the RPM creation structure *`
15	`- update your system : urpmi --auto-update`	16	`- update your system : urpmi --auto-update`
16	`- install the following RPMs : urpmi kernel-userspace-headers rpm-build gengetopt libtool`	17	`- install the following RPMs : urpmi kernel-userspace-headers rpm-build gengetopt libtool`
17	`- create directories structure in your home : mkdir -p ~/rpmbuild/{SRPMS,SOURCES,SPECS,tmp}`	18	`- create directory structure in your home : mkdir -p ~/rpmbuild/{SRPMS,SOURCES,SPECS,tmp}`
18	`- Option : find the ".rpmmacros" file on mageia wiki (https://wiki.mageia.org/en/Packagers_RPM_tutorial) and copy it in your home directory`	19	`- Option : find the ".rpmmacros" file on mageia wiki (https://wiki.mageia.org/en/Packagers_RPM_tutorial) and copy it in your home directory`
19		20
20	`** For Coova-chilli ***`	21	`** For Coova-chilli ***`
21	`- install the following RPMs "lib64openssl-devel", "lib64json-c-devel"`	22	`- install the following RPMs "lib64openssl-devel", "lib64json-c-devel"`
22	`- retrieve the last git archive of coova-chilli (https://github.com/coova/coova-chilli).`	23	`- retrieve the last git archive of coova-chilli (https://github.com/coova/coova-chilli)`
23	`- Unzip it and test the compilation process ("sh ./bootstrap", "./configure --disable-static --enable-shared --enable-largelimits --enable-chilliredir --enable-chilliscript --with-poll --enable-dhcpopt --enable-libjson --enable-json --enable-mdns --with-openssl", "make", "make install").`	24	`- unzip it and test the compilation process ("sh ./bootstrap", "./configure --disable-static --enable-shared --enable-largelimits --enable-chilliredir --enable-chilliscript --with-poll --enable-dhcpopt --enable-libjson --enable-json --enable-mdns --with-openssl", "make", "make install").`
24	`- all is in the /usr/local". Remove the instaled files ("make uninstall") and the binaries ("make clean").`	25	`- all is in the /usr/local". Remove the installed files ("make uninstall") and the binaries ("make clean")`
25	`- rename the directory (coova-chilli-1.x) and compress it (ie : tar -cvzf coova-chilli-1.x.tar.gz coova-chilli-1.x). Copy this tarball in the directory ~/rpmbuild/SOURCES/.`	26	`- rename the directory (coova-chilli-1.x) and compress it (ie : tar -cvzf coova-chilli-1.x.tar.gz coova-chilli-1.x). Copy this tarball in the directory ~/rpmbuild/SOURCES/`
26	`- copy the SPEC file from the ALCASAR archive to the directory ~/rpmbuild/SPEC`	27	`- copy the SPEC file from the ALCASAR archive to the directory ~/rpmbuild/SPEC`
27	`- copy the .patch and SHA256* files in the directory ~/rpmbuild/SOURCES`	28	`- copy the .patch and SHA256* files in the directory ~/rpmbuild/SOURCES`
28	`//- Add the option -Wno-format-truncation à la ligne "%Werror_cflags" du fichier /etc/rpm/macro.d/20build.macros (avoid the following warning : https://github.com/coova/coova-chilli/issues/509)`	29	`//- Add the option -Wno-format-truncation à la ligne "%Werror_cflags" du fichier /etc/rpm/macro.d/20build.macros (avoid the following warning : https://github.com/coova/coova-chilli/issues/509)`
29	`- change to the directory ~/pmbuild/SPEC and run the RPM build process : "rpmbuild -bb coova-chilli.spec" (or rpmbuild -ba to create also the SRPMS)`	30	`- change to the directory ~/pmbuild/SPEC and run the RPM build process : "rpmbuild -bb coova-chilli.spec" (or rpmbuild -ba to create also the SRPMS)`
30		31
31	`INFO : .spec tunning :`	32	`INFO : .spec tunning :`
32	`- add this 1st line : "%define _disable_ld_no_undefined 1" to avoid errors for unused references (ld)`	33	`- add this 1st line : "%define _disable_ld_no_undefined 1" to avoid errors for unused references (ld)`
33	`- add the line "automake --add-missing" before "make"`	34	`- add the line "automake --add-missing" before "make"`
34	`- for 64b version, add 2 lines with "lib64" directory in the section "removing statics binaries" (rm -rf $RPM_BUILD_ROOT/usr/lib/*.la)`	35	`- for 64b version, add 2 lines with "lib64" directory in the section "removing static binaries" (rm -rf $RPM_BUILD_ROOT/usr/lib/*.la)`
35	`- remove from the archive the unused files for ALCASAR (wpad.dat, wwwdir, etc.) via la directive '%exclude'`	36	`- remove from the archive the unused files for ALCASAR (wpad.dat, wwwdir, etc.) via la directive '%exclude'`
36	`- change %make (deprecated) with %make_build and change %makeinstall (deprecated) with %make_install`	37	`- change %make (deprecated) with %make_build and change %makeinstall (deprecated) with %make_install`
37		38
38	`** For HAVP **`	39	`** For HAVP **`
39	`- install the RPM of clamav-devel`	40	`- install the RPM of clamav-devel`
40	`- download, uncompress, and test the compilation of the last version of havp (./configure + make)`	41	`- download, uncompress, and test the compilation of the last version of havp (./configure + make)`
41	`- copy the tarball in ~/rpmbuild/SOURCES/. copy the patch file ("havp-init.diff") in ~/rpmbuil/SOURCE. Copy and adapt the .spec in ~/rpmbuid/SPEC`	42	`- copy the tarball in ~/rpmbuild/SOURCES/. copy the patch file ("havp-init.diff") in ~/rpmbuil/SOURCE. Copy and adapt the .spec in ~/rpmbuid/SPEC`
42	`- rpmbuild -bb ***.spec`	43	`- rpmbuild -bb ***.spec`
43		44
44	`** For ipt_netflow **`	45	`** For ipt_netflow **`
45	`- Must be complied on a system which runs the target kernel. So install manually the targeted kernel and the same version of kernel-userspace-headers and reboot (ipt_NETFLOW will not load during this reboot)`	46	`- Must be compiled on a system which runs the target kernel. So install manually the targeted kernel and the same version of kernel-userspace-headers and reboot (ipt_NETFLOW will not load during this reboot)`
46	`- install the RPMs "kernel-server-devel" (choose the targeted kernel), "lib64iptables-devel"`	47	`- install the RPMs "kernel-server-devel" (choose the targeted kernel), "lib64iptables-devel"`
47	`- download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory (ipt_NETFLOW.ko). The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so)`	48	`- download, uncompress and test the compilation of the last version of ipt-netflow (./configure --disable-dkms --disable-snmp-agent, make all install). The module is compiled in the same directory (ipt_NETFLOW.ko). The libs are copied in the /lib64/iptables (libip6t_NETFLOW.so & libipt_NETFLOW.so)`
48	`- test the module : go to the directory of sources and try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to check that the module is correctly loaded).`	49	`- test the module : try to load it (insmod ./ipt_NETFLOW.ko), look at "journalctrl -f" to check that the module is correctly loaded).`
49	`exemple :`	50	`exemple :`
50	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: loading out-of-tree module taints kernel.`	51	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: loading out-of-tree module taints kernel.`
51	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW version 2.6, srcversion 9B0006338FF61FE7DC5507D`	52	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW version 2.6, srcversion 9B0006338FF61FE7DC5507D`
52	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: hashsize 498011 (3890K)`	53	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW: hashsize 498011 (3890K)`
53	`mai 15 01:13:55 alcasar.lan kernel: netflow: registering: /proc/net/stat/ipt_netflow`	54	`mai 15 01:13:55 alcasar.lan kernel: netflow: registering: /proc/net/stat/ipt_netflow`
Line 61...		Line 62...
61	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW protocol version 5 (NetFlow) enabled.`	62	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW protocol version 5 (NetFlow) enabled.`
62	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW is loaded.`	63	`mai 15 01:13:55 alcasar.lan kernel: ipt_NETFLOW is loaded.`
63	`mai 15 01:14:06 alcasar.lan systemd[1]: systemd-hostnamed.service: Deactivated successfully.`	64	`mai 15 01:14:06 alcasar.lan systemd[1]: systemd-hostnamed.service: Deactivated successfully.`
64		65
65	`- Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok.`	66	`- Run "alcasar-iptables.sh" to reload netfilter rules (no errors should appear). Run "alcasar-daemon.sh" to verify that all is ok.`
66	`- if all is ok, copy the tarball (ipt-netflow-x.y.tar.gz) in rpmbuild/SOURCES.`	67	`- if all is ok, create & copy the tarball (ipt-netflow-x.y.tar.gz) in rpmbuild/SOURCES.`
67	`- Copy and adapt the .spec in rpmbuild/SPECS (change the versions of kernel, kernel source and Changelog).`	68	`- Copy and adapt the .spec in rpmbuild/SPECS (change the kversion, Versions, Release and Changelog).`
68	`- Run "rpmbuild -bb ****.spec"`	69	`- Run "rpmbuild -bb ****.spec"`
69	`- install the fresh rpm (urpmi) and load ALCASAR iptables rules (alcasar-iptables.sh). Great job ;-)`	70	`- install the fresh rpm (urpmi) and load ALCASAR iptables rules (alcasar-iptables.sh). Great job ;-)`
70		71
71	`** For wkhtmltopdf **`	72	`** For wkhtmltopdf **`
72	`- download the archive of the binaries of the last version (https://wkhtmltopdf.org/downloads.html) in ~/rpmbuild/SOURCES/wkhtmltox-%{version}_linux-generic-amd64.tar.xz.`	73	`- download the archive of the binaries of the last version (https://wkhtmltopdf.org/downloads.html) in ~/rpmbuild/SOURCES/wkhtmltox-%{version}_linux-generic-amd64.tar.xz.`