1

I have to create 3 RPMs like this:

  1. key.rpm : Does an rpm import of the RPM GPG public key(/etc/sw-key/gpg.key) in it's post-install script.
  2. software1.rpm : Requires key.rpm and signed by /etc/sw-key/gpg.key's private key.
  3. software2.rpm : Requires key.rpm and signed by /etc/sw-key/gpg.key's private key.

The intention behind the above is, I want to install all the 3 RPMs at once using the DNF with gpgcheck enabled. The dependancy created above, would allow the key.rpm to get installed first and then followed by the installation of the remaining 2 RPMs. But, the installation of the key.rpm itself fails because I am doing an "rpm --import" in it's post-install script. The rpm import is failing to acquire a transaction lock. I understand that the post-install script is called within the context of the main RPM command and hence the rpm import is failing while acquiring the lock.

Is there any other way to achieve what I am trying to do above? I want to install all the signed RPMs in a single DNF command, with one among those RPMs carrying and installing the RPM GPG key needed by others.

4

2 回答 2

1

正确的解决方案是通过创建 RPM 存储库来正确分发您的 RPM 包。

这将使您的 RPM 可以在 2 个命令中安装(而不是一个),但是您为向用户分发进一步的更新提供了很多可能性。

key.rpm你现在拥有的应该变成一个发布包。它应该/etc/yum.repos.d/foo.repo包含存储库配置文件,所有指令都指向您在 Web 上的存储库,以及本地 GPG 密钥的路径(如果它也安装了它)或它的 URL。它应该由您的 GPG 密钥签名。

software1.rpm并且software2.rpm将由相同的 GPG 密钥签名,根本不需要依赖key.rpm

它如何为最终用户工作:

sudo dnf install https://example.com/your-release.rpm

然后:

sudo dnf install software1 software2

提示用户信任在软件包安装期间安装/下载的 GPG 密钥。简单明了。

于 2019-12-05T00:52:44.110 回答
-1

三点:

1) RPM 不可重入。您不应从 rpm 调用 rpm。否则你可能会破坏数据库和系统。

2)这是不可能的。如今,标准是提供 Ansible 剧本或角色。例如,请参见下文。

3) RPM 不可重入。您不应从 rpm 调用 rpm。否则你可能会破坏数据库和系统。现在用感叹号!!!

执行此操作的 Ansible 代码段:

- name: install the gpg key
  yum:
    name: /usr/local/src/key.rpm
    state: present

- rpm_key:
    state: present
    key: /path/to/key1.gpg.key

- name: install sw1 and sw2
  yum:
    name:
      - /usr/local/src/software1.rpm
      - /usr/local/src/software2.rpm
    state: present
于 2019-12-04T12:13:37.843 回答