Secure Servers: Package Building With EnGarde Secure Linux
Contributors: Eckie Silapaswang and William Keys from Guardian Digital
Introduction
Although EnGarde Secure Linux does not include a development environment "out of the box," all of the tools to set one up are available via the Guardian Digital Secure Network. The purpose of this document is to provide you, the software developer, with the instructions to set up a package building environment of your own. After building the environment, we will walk you through building a package for the popular object oriented programming language, Ruby.
Setting Up Your Environment
What you'll need:
- A machine to do your development on. It's not recommended to do this on a production machine. This machine should be somewhat powerful, or you should have a lot of patience. This machine should have the latest version of EnGarde Secure Linux Community installed on it.
- Hints on how to build RPM's. There are a lot of HOWTO's out there.
Once you have all of the above you may log in as root, transition over to sysadm_r, and disable SELinux:
[root@engarde ~]# newrole -r sysadm_r
Authenticating root.
Password:
[root@engarde ~]# setenforce 0
Next you must install the following packages:
[root@engarde ~]# apt-get update
Get:1 gdsn://updates.guardiandigital.com rapier release
Fetched 478B in 0s (1794B/s)
Get:1 gdsn://updates.guardiandigital.com rapier/core pkglist
Get:2 gdsn://updates.guardiandigital.com rapier/core release
Fetched 149kB in 0s (176kB/s)
Reading Package Lists... Done
Building Dependency Tree... Done
[root@engarde ~]# apt-get install rpm-build rpm-devel autoconf automake gcc gcc-c++ make patch binutils glibc-devel kernel-headers libstdc++-devel
Reading Package Lists... Done
Building Dependency Tree... Done
The following NEW packages will be installed:
autoconf automake binutils gcc gcc-c++ glibc-devel kernel-headers
libstdc++-devel make patch rpm-build rpm-devel
0 upgraded, 12 newly installed, 0 removed and 6 not upgraded.
Need to get 48.3MB of archives.
After unpacking 154MB of additional disk space will be used.
...
Committing changes...
Preparing... ########################################### [100%]
1:binutils ########################################### [100%]
12:rpm-build ########################################### [100%]
Done.
The other way to install the needed packages is via the EnGarde WebTool:
At this point you have most of the core development package installed. As you build packages which link against other packages, you'll most definitely have to install other -devel packages. You may install the packages via WebTool or the command-line using apt-get.
[root@engarde ~]# echo "rpm-src gdsn://updates.guardiandigital.com/GDSNROOT rapier core" >> /etc/apt/sources.list
Then run apt-get update:
[root@engarde ~]# apt-get update
[root@engarde ~]# apt-get source ruby
Reading Package Lists... Done
Building Dependency Tree... Done
Need to get 4324kB of source archives.
Get:1 gdsn://updates.guardiandigital.com rapier/core ruby 1.8.4-1 (srpm) [4324kB]
Fetched 4324kB in 5s (861kB/s)
1:ruby ########################################### [100%]
At this point the package sources are installed in /usr/src/engarde/SOURCES, and the spec file is in /usr/src/engarde/SPECS:
...
Group: Development/Languages
Requires: %{name}-libs = %{version}-%{release}
BuildRequires: readline readline-devel ncurses ncurses-devel gdbm
gdbm-devel
BuildRequires: glibc-devel autoconf gcc unzip
BuildRequires: groff bison openssl-devel zlib-devel
BuildRequires: db4-devel libtermcap-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-root
...
Install the required packages shown above using apt-get:
[root@engarde ~]# apt-get install readline readline-devel ncurses ncurses-devel gdbm gdbm-devel glibc-devel autoconf gcc unzip groff bison openssl-devel zlib-devel db4-devel libtermcap-devel
From here you should check the architecture of your environment. Go to the /usr/include directory and note the 'asm' symbolic links:
[root@xen8 include]# cd /usr/include [root@xen8 include]# rm asm
[root@xen8 include]# ln -s ../src/linux/include/asm-i386/ asm
To build the package, use rpmbuild (this step may take a while):
[root@engarde SPECS]# rpmbuild -ba ruby.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.69447
+ umask 022
+ cd /usr/src/engarde/BUILD
+ cd /usr/src/engarde/BUILD
+ rm -rf ruby-1.8.4
+ /bin/mkdir -p ruby-1.8.4
+ cd ruby-1.8.4
+ /usr/bin/gzip -dc /usr/src/engarde/SOURCES/ruby-1.8.4.tar.gz
...
Wrote: /usr/src/engarde/SRPMS/ruby-1.8.4-1.src.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-1.8.4-1.i686.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-libs-1.8.4-1.i686.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-devel-1.8.4-1.i686.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-docs-1.8.4-1.i686.rpm
...
Of course, we'd like to build the latest possible package for Ruby. At the time of this article, the latest version of Ruby is 1.8.6.
[root@xen8 SOURCES]# wget ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6.tar.gz
--10:28:00-- ftp://ftp.ruby-lang.org/pub/ruby/1.8/ruby-1.8.6.tar.gz
...
100%[==========================================================>]
4,589,394 346.30K/s ETA 00:00
10:28:17 (308.40 KB/s) - `ruby-1.8.6.tar.gz' saved [4589394]
Change to the spec file directory and edit the ruby.spec file with your favorite text editor.
Release: 1
to
Release: 2
We then change the Ruby version from 1.8.4 to 1.8.6:
%doc %{name}-%{version}/ToDo
%doc %{name}-%{version}/doc/NEWS
%doc tmp-ruby-docs/ruby/*
to this:
%doc %{name}-%{version}/ToDo
%doc %{name}-%{version}/doc/NEWS-1.8.0
%doc tmp-ruby-docs/ruby/*
This should be enough to build the source. One last thing you should do for all your hard work is to credit yourself for putting together this package - go to the end of the spec file and add yourself in:
[root@engarde SPECS]# rpmbuild -ba ruby.spec
...
+ umask 022
+ cd /usr/src/engarde/BUILD
+ cd /usr/src/engarde/BUILD
+ rm -rf ruby-1.8.6
+ /bin/mkdir -p ruby-1.8.6
+ cd ruby-1.8.6
+ /usr/bin/gzip -dc /usr/src/engarde/SOURCES/ruby-1.8.6.tar.gz
...
Wrote: /usr/src/engarde/SRPMS/ruby-1.8.6-2.src.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-1.8.6-2.i686.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-libs-1.8.6-2.i686.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-devel-1.8.6-2.i686.rpm
Wrote: /usr/src/engarde/RPMS/i686/ruby-docs-1.8.6-2.i686.rpm
...
Great work! You've just built an updated package for the latest version of Ruby!
References
- Packaging software with RPM, Parts 1-3
- Maximum RPM
- Ruby Programming Language