1. create ur own packages, put it into www home directory. let clients can visit from network
such as /var/www/html/my_repo
http://my_ip/my_repo even ftp://my_ip/my_repo
2. create u repo files on clients
e.g.
cat /etc/yum.repos.d/ceph.repo
[ceph]
name=My Cluster Repo $basearch
baseurl=http://my_ip/my_repo
enabled=1
gpgcheck=0 # if u read further, we should change it to “1″ for security.
3. yum search some_pkgs
u should get ur repo now.
advanced for GPG signature.
4. #gpg –gen-key
# if don’t have gpg , run yum install -y gnupg
gpg (GnuPG) 1.4.5; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Please select what kind of key you want:
(1) DSA and Elgamal (default)
(2) DSA (sign only)
(5) RSA (sign only)
Your selection? 1
DSA keypair will have 1024 bits.
ELG keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
“Heinrich Heine (Der Dichter)
Real name: Edy Liu
Email address: xfsuper@gmail.com
Comment: Test the GPG sign
You selected this USER-ID:
“Edy Liu (Test the GPG sign)
Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
You need a Passphrase to protect your secret key.
can’t connect to `/root/.gnupg/S.gpg-agent’: No such file or directory
gpg-agent[8794]: You may want to update to a newer pinentry
gpg-agent[8794]: You may want to update to a newer pinentry
We need to generate a lot of random bytes. It is a good idea to perform
some other action (type on the keyboard, move the mouse, utilize the
disks) during the prime generation; this gives the random number
generator a better chance to gain enough entropy.
u can type the keyboard ……..wait a looooooong time.
gpg: key E69DC4CC marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
pub 1024D/E69DC4CC 2009-07-03
Key fingerprint = DB61 772F 74D1 BC7A 2F10 E586 9390 14B2 E69D C4CC
uid Edy Liu (Test the GPG sign)
sub 2048g/1CD071D3 2009-07-03
Now we have our key, that we can use to sign RPM.
# have a check
gpg –list-keys
/root/.gnupg/pubring.gpg
————————
pub 1024D/E69DC4CC 2009-07-03
uid Edy Liu (Test the GPG sign)
sub 2048g/1CD071D3 2009-07-03
edit ~/.rpmmacros
%_signature gpg
%_gpg_path /root/.gnupg
%_gpg_name Edy Liu (Test the GPG sign)
%_gpgbin /usr/bin/gpg
cd /var/www/html/my_repo
rpm –addsign *.rpm
5. Make an export of our public key, so users can import it for use with the Repository.
gpg –export -a “Edy Liu” > /var/www/html/RPM-GPG-KEY-ENLAMP
rpm –import http://my_ip/RPM-GPG-KEY-ENLAMP
*****Very IMPORTANT******
rm -rf /var/www/html/my_repo/repodata/
regenerate the repodata again:
createrepo /var/www/html/my_repo
6. Now yum install -y …
Maybe some errors:
Package does not match intended download
yum clean all # on the clients.
yum install -y …