The examples scripts and container image definitions provided below to build Subscription Manager packages for Oracle Linux have been published to
Djelibeybi/build-subscription-manager
on GitHub.
Oracle Linux 7
To verify the current release version of subscription-manager
upstream, run
1
2
|
$ docker run --rm -it registry.access.redhat.com/ubi7/ubi repoquery --nvr subscription-manager
subscription-manager-1.24.45-1.el7_9
|
Run docker build -t build-rhsm:ol7
with the following Dockerfile
:
1
2
3
4
5
6
7
8
9
10
11
12
|
FROM oraclelinux:7-slim
RUN yum -y install oracle-epel-release-el7 oracle-nodejs-release-el7 \
&& yum -y --enablerepo=ol7_optional_latest install @buildsys-build tito rpm-build rpm-sign nodejs which expect \
&& rm -rf /var/cache/yum \
&& npm install -g yarn \
&& rpmdev-setuptree
COPY build-rhsm.sh rpm-sign.exp /
RUN chmod +x /build-rhsm.sh /rpm-sign.exp
CMD ["/build-rhsm.sh"]
|
Using the following build-rhsm.sh
script:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
#!/bin/bash
# Import GPG key and trust it
gpg --import --passphrase-file /gpg/passphrase < /gpg/key.asc
(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "$(gpg --list-packets < /gpg/key.asc | awk '$1=="keyid:"{print$2;exit}')" trust
# Clone the git repo
cd /root || exit
git clone https://github.com/candlepin/subscription-manager.git
# Build the SRPM using tito
cd subscription-manager || exit
tito build --tag subscription-manager-1.24.45-1 --srpm --dist=.el7 --offline
cp /tmp/tito/*.src.rpm /root/rpmbuild/SRPMS/
# Build the binary RPMs
cd /root/rpmbuild || exit
yum-builddep -y --enablerepo=ol7_optional_latest SRPMS/subscription-manager-1.24.45-1.el7.src.rpm
rpmbuild --rebuild SRPMS/subscription-manager-1.24.45-1.el7.src.rpm
# Sign the binary RPMs
echo "%_gpg_name Avi Miller <me@dje.li>" >> /root/.rpmmacros
find /root/rpmbuild/RPMS -name '*.rpm' -exec /rpm-sign.exp {} \;
# Copy the RPMs to the output location
mkdir /output/oraclelinux7
cp -r /root/rpmbuild/RPMS/* /output/oraclelinux7/
|
And rpm-sign.exp
script:
#!/usr/bin/expect -f
spawn rpmsign --addsign {*}$argv
expect -exact "Enter pass phrase: "
send -- "[read [open /gpg/passphrase r]]"
expect eof
Export and concatenate your private and public GPG keys into gpg/key.asc
and
put the passphrase in gpg/passphrase
. Create an output/
folder as well.
Then, run a container using that image:
1
|
docker run --rm --it -v ${PWD}/gpg:/gpg -v ${PWD}/output:/output build-rhsm:ol7
|
If all goes well, output/oraclelinux7/
will contain signed binary RPMs.
Oracle Linux 8
To verify the current release version of subscription-manager
upstream, run
1
2
|
$ docker run --rm -it registry.access.redhat.com/ubi8/ubi dnf --quiet repoquery --nvr subscription-manager
subscription-manager-1.27.16-1.el8
|
Run docker build -t build-rhsm:ol8 .
with the following Dockerfile
:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
FROM oraclelinux:8-slim
RUN microdnf install dnf dnf-plugins-core \
&& echo > /etc/dnf/vars/ociregion \
&& dnf config-manager --enable ol8_codeready_builder ol8_distro_builder \
&& dnf config-manager --setopt=tsflags=nodocs --save \
&& dnf -y module install nodejs \
&& dnf -y install oracle-epel-release-el8 \
&& dnf -y groups install "Development Tools" \
&& dnf -y install tito which \
&& dnf -y remove java-1.8.0-openjdk-headless-1.8.0.275.b01-1.el8_3.x86_64 'urw*' \
&& dnf -y clean all \
&& npm install -g yarn \
&& rpmdev-setuptree
COPY build-rhsm.sh /
RUN chmod +x /build-rhsm.sh
CMD ["/build-rhsm.sh"]
|
Using this build-rhsm.sh
script:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
#!/bin/bash
# Import and trust the GPG key
gpg --import --pinentry-mode loopback --passphrase-file /gpg/passphrase < /gpg/key.asc
(echo 5; echo y; echo save) | gpg --command-fd 0 --no-tty --no-greeting -q --edit-key "$(gpg --list-packets < /gpg/key.asc | awk '$1=="keyid:"{print$2;exit}')" trust
# Clone the repo
cd /root || exit
git clone https://github.com/candlepin/subscription-manager.git
# Use tito to build the source RPM
cd /root/subscription-manager || exit
tito build --tag=subscription-manager-1.27.16-1 --srpm --dist=.el8 --offline
cp /tmp/tito/*.src.rpm /root/rpmbuild/SRPMS/
# Use rpmbuild to build and sign the binary RPMs
cd /root/rpmbuild || exit
cat << EOF >> /root/.rpmmacros
%_gpg_sign_cmd_extra_args --batch --pinentry-mode loopback --passphrase-file /gpg/passphrase
%_gpg_name Avi Miller <me@dje.li>
EOF
dnf builddep -y SRPMS/subscription-manager-1.27.16-1.el8.src.rpm
rpmbuild --rebuild --sign SRPMS/subscription-manager-1.27.16-1.el8.src.rpm
# Copy the RPMs to the output location
mkdir /output/oraclelinux8
cp -r /root/rpmbuild/RPMS/* /output/oraclelinux8/
|
Export your private and public GPG keys to gpg/key.asc
and put the passphrase
in gpg/passphrase
. Create an output/
folder as well.
Then, run a container using that image:
1
|
docker run --rm --it -v ${PWD}/gpg:/gpg -v ${PWD}/output:/output build-rhsm:ol8
|
If all goes well, output/oraclelinux8/
should contain the binary RPMs signed
with the GPG key.