摘要:深入理解的学习教程实验测试创建私有库上传未签名的包至添加构建索引查询安装安装失败加签名
深入理解 Yum 的 gpgcheck 学习教程
Secure distribution of RPM packages
实验测试 gpg
创建私有库 privateRepo
mkdir /home/privateRepo/
上传未签名的 rpm 包至/home/privateRepo/
rpm -pqi /home/privateRepo/jdk-10.0.1_linux-x64_bin.rpm Name : jdk-10.0.1 Relocations: /usr/java Version : 10.0.1 Vendor: Oracle America Release : ga Build Date: Tue 27 Mar 2018 01:24:18 AM GMT Install Date: (not installed) Build Host: sca00ida.us.oracle.com Group : Development/Tools Source RPM: jdk-10.0.1-10.0.1-ga.src.rpm Size : 578524676 License: http://java.com/license Signature : (none) URL : URL_REF Summary : Java Platform Standard Edition Development Kit Description : The Java Platform Standard Edition Development Kit (JDK) includes both the runtime environment (Java Virtual Machine, the Java platform classes and supporting files) and development tools (compilers, debuggers,
添加 gpgcheck
vi /etc/yum.repos.d/privateRepo.repo [privateRepo] name=privateRepo-gpg-test baseurl=file:///home/privateRepo enabled=1 gpgcheck=1
构建索引
createrepo /home/privateRepo/ Spawning worker 0 with 1 pkgs Workers Finished Gathering worker results Saving Primary metadata Saving file lists metadata Saving other metadata Generating sqlite DBs Sqlite DBs complete
yum 查询
yum clean all yum list|grep jdk jdk-10.0.1.x86_64 2000:10.0.1-ga privateRepo
安装 jdk-10.0.1.x86_64
yum install jdk-10.0.1.x86_64 Loaded plugins: fastestmirror, post-transaction-actions Setting up Install Process Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package jdk-10.0.1.x86_64 2000:10.0.1-ga will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================ Installing: jdk-10.0.1 x86_64 2000:10.0.1-ga privateRepo 306 M Transaction Summary ============================================================================================================================================ Install 1 Package(s) Total download size: 306 M Installed size: 552 M Is this ok [y/N]: y Downloading Packages: Package jdk-10.0.1_linux-x64_bin.rpm is not signed
安装失败
加签名
gpg --list-keys /home/nobody/.gnupg/pubring.gpg ------------------------------- pub 2048R/230C0099 2016-03-15 uid Gavin Nisub 2048R/3E679AEF 2016-03-15
gpg --export -a guani@cisco.com > /home/nobody/privateRepo.key
rpm --define "_gpg_name Gavin Ni" --define "_gpg_path /home/nobody/.gnupg" --addsign /home/privateRepo/jdk-10.0.1_linux-x64_bin.rpm Enter pass phrase: gpg: WARNING: unsafe ownership on homedir `/home/nobody/.gnupg" Pass phrase is good. /home/privateRepo/jdk-10.0.1_linux-x64_bin.rpm: gpg: WARNING: unsafe ownership on homedir `/home/nobody/.gnupg" gpg: WARNING: unsafe ownership on homedir `/home/nobody/.gnupg"
验证 sign
rpm -pqi /home/privateRepo/jdk-10.0.1_linux-x64_bin.rpm Name : jdk-10.0.1 Relocations: /usr/java Version : 10.0.1 Vendor: Oracle America Release : ga Build Date: Tue 27 Mar 2018 01:24:18 AM GMT Install Date: (not installed) Build Host: sca00ida.us.oracle.com Group : Development/Tools Source RPM: jdk-10.0.1-10.0.1-ga.src.rpm Size : 578524676 License: http://java.com/license Signature : RSA/SHA1, Thu 30 Aug 2018 03:30:08 AM GMT, Key ID 952e62c3230c0099 URL : URL_REF Summary : Java Platform Standard Edition Development Kit Description : The Java Platform Standard Edition Development Kit (JDK) includes both the runtime environment (Java Virtual Machine, the Java platform classes and supporting files) and development tools (compilers, debuggers, tool libraries and other tools).
安装,不过安装失败
yum install jdk-10.0.1.x86_64 Loaded plugins: fastestmirror, post-transaction-actions Setting up Install Process Loading mirror speeds from cached hostfile qa_mav_centos6 | 1.2 kB 00:00 qa_mav_centos6.7_noarch | 1.2 kB 00:00 qa_mav_centos6.7_x86_64 | 1.2 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package jdk-10.0.1.x86_64 2000:10.0.1-ga will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================ Installing: jdk-10.0.1 x86_64 2000:10.0.1-ga privateRepo 306 M Transaction Summary ============================================================================================================================================ Install 1 Package(s) Total download size: 306 M Installed size: 552 M Is this ok [y/N]: y Downloading Packages: Error Downloading Packages:2000:jdk-10.0.1-10.0.1-ga.x86_64: failure: jdk-10.0.1_linux-x64_bin.rpm from privateRepo: [Errno 256] No more mirrors to try.
需要重新 createrepo
createrepo /home/privateRepo/
仍然安装失败
[root@mtRobincmc001 yum.repos.d]# yum install jdk-10.0.1.x86_64 Loaded plugins: fastestmirror, post-transaction-actions Setting up Install Process Loading mirror speeds from cached hostfile qa_mav_centos6 | 1.2 kB 00:00 qa_mav_centos6.7_noarch | 1.2 kB 00:00 qa_mav_centos6.7_x86_64 | 1.2 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package jdk-10.0.1.x86_64 2000:10.0.1-ga will be installed --> Finished Dependency Resolution Dependencies Resolved Package Arch Version Repository Size ============================================================================================================================================ Installing: jdk-10.0.1 x86_64 2000:10.0.1-ga privateRepo 306 M Transaction Summary ============================================================================================================================================ Install 1 Package(s) Total download size: 306 M Installed size: 552 M Is this ok [y/N]: y Downloading Packages: jdk-10.0.1_linux-x64_bin.rpm | 306 MB 00:04 warning: rpmts_HdrFromFdno: Header V4 RSA/SHA1 Signature, key ID 230c0099: NOKEY Public key for jdk-10.0.1_linux-x64_bin.rpm is not installed
导入public key
gpg --export -a rpmsign@example.com > /home/privateRepo/example-com.key
yum添加gpgkey
[privateRepo] name=privateRepo-gpg-test baseurl=file:///home/privateRepo enabled=1 gpgcheck=1 gpgkey=file:///home/privateRepo/privateRepo.key
再次安装,安装成功
root@mtRobincmc001 ~]# yum install jdk Loaded plugins: fastestmirror, post-transaction-actions Setting up Install Process Loading mirror speeds from cached hostfile qa_mav_centos6 | 1.2 kB 00:00 qa_mav_centos6.7_noarch | 1.2 kB 00:00 qa_mav_centos6.7_x86_64 | 1.2 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package jdk-10.0.1.x86_64 2000:10.0.1-ga will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================ Installing: jdk-10.0.1 x86_64 2000:10.0.1-ga privateRepo 306 M Transaction Summary ============================================================================================================================================ Install 1 Package(s) Total download size: 306 M Installed size: 552 M Is this ok [y/N]: y Downloading Packages: jdk-10.0.1_linux-x64_bin.rpm | 306 MB 00:03 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 2000:jdk-10.0.1-10.0.1-ga.x86_64 1/1 Unpacking JAR files... plugin.jar... javaws.jar... deploy.jar... cp: cannot stat `/usr/java/jdk-10.0.1/lib/desktop/icons/hicolor/16x16/apps/sun-java.png": No such file or directory cp: cannot stat `/usr/java/jdk-10.0.1/lib/desktop/icons/hicolor/16x16/apps/sun-javaws.png": No such file or directory cp: cannot stat `/usr/java/jdk-10.0.1/lib/desktop/icons/hicolor/48x48/apps/sun-java.png": No such file or directory cp: cannot stat `/usr/java/jdk-10.0.1/lib/desktop/icons/hicolor/48x48/apps/sun-javaws.png": No such file or directory cp: cannot stat `/usr/java/jdk-10.0.1/lib/desktop/icons/hicolor/48x48/apps/sun-java.png": No such file or directory cp: cannot stat `/usr/java/jdk-10.0.1/lib/desktop/icons/hicolor/48x48/apps/sun-javaws.png": No such file or directory Running post transaction command: /opt/mav/bin/mav-event "yum_event" "install jdk-10.0.1-10.0.1-ga.x86_64 @ %DTE% from privateRepo 2000" Verifying : 2000:jdk-10.0.1-10.0.1-ga.x86_64 1/1 Installed: jdk-10.0.1.x86_64 2000:10.0.1-ga Complete!
总结
/etc/yum.repos.d/privateRepo.repo 作用域为 yum 客户端
privateRepo.repo 中的 gpgcheck=1 只影响 install 环节,不影响服务器端的索引建立(createrepo),不过 加签后,需要重新 createrepo
安全的 RPM 私有库用 https 下载 RPM
用 gpg 给 RPM 加签
确保 gpgcheck=1
用 https 下载 gpg 的公钥 public key
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/33609.html
摘要:因为很多公司都有自己的源,所以直接配置其他的源升级的话是不允许的,为了能方便的升级,并且安全的测试,先拿一台测试机做测试。 因为很多公司都有自己的 yum 源,所以直接配置其他的 yum 源升级的话是不允许的,为了能方便的升级,并且安全的测试,先拿一台测试机做测试。 CentOS 的修复方案 安装 yum 插件 yum-downloadonly 注: yum-downloa...
摘要:因为很多公司都有自己的源,所以直接配置其他的源升级的话是不允许的,为了能方便的升级,并且安全的测试,先拿一台测试机做测试。 因为很多公司都有自己的 yum 源,所以直接配置其他的 yum 源升级的话是不允许的,为了能方便的升级,并且安全的测试,先拿一台测试机做测试。 CentOS 的修复方案 安装 yum 插件 yum-downloadonly 注: yum-downloa...
摘要:文章内容来自一命令管理命名规则安装命令包全名选项安装显示详细信息显示进度不检测依赖性这个作用不大升级与卸载升级包全名选项卸载包名卸载,普通卸载,考虑到依赖性,可能会报错包名强制卸载,不考虑依赖性选项卸载不检查依 文章内容来自 一、rpm 命令管理 1. rpm 命名规则 showImg(https://segmentfault.com/img/bVDYYJ?w=697&h=394); ...
摘要:文章内容来自一命令管理命名规则安装命令包全名选项安装显示详细信息显示进度不检测依赖性这个作用不大升级与卸载升级包全名选项卸载包名卸载,普通卸载,考虑到依赖性,可能会报错包名强制卸载,不考虑依赖性选项卸载不检查依 文章内容来自 一、rpm 命令管理 1. rpm 命名规则 showImg(https://segmentfault.com/img/bVDYYJ?w=697&h=394); ...
摘要:我们在需要升级的版本。但是为了软件的稳定和版本支持,上版本也是,所以无法使用进行软件更新,需要安装源升级。更换国内镜像源执行替换命令将软件仓库地址替换为国内镜像地址。Centos7 gcc 版本默认 4.8.5,而有些软件(例如:Redis6、Mariadb10 等)的编译安装需要最低支持 c++11 的 gcc 5.x 版本。我们在需要升级 gcc 的版本。但是 Red Hat 为了软件的...
阅读 3565·2021-11-24 09:38
阅读 1069·2021-11-19 09:40
阅读 2561·2021-11-18 10:02
阅读 3557·2021-11-09 09:46
阅读 1462·2021-09-22 15:27
阅读 2998·2019-08-29 15:24
阅读 820·2019-08-29 12:40
阅读 1573·2019-08-28 18:24