系統環境:CentOS 6.8 x64
nginx版本:1.8.1
安裝工具包
[root@rpmbuild ~]# yum -y install rpm-build rpmdevtools
安裝nginx編譯所需的依賴包
[root@rpmbuild ~]# yum -y install zlib pcre pcre-devel openssl-devel gcc gcc-c++ make
初始化一個目錄結構
[root@rpmbuild ~]# rpmdev-setuptree
[root@rpmbuild ~]# tree rpmbuild/
rpmbuild/
├── BUILD # 編譯rpm包的臨時目錄
├── RPMS # 存放由rpmbuild最終制作好的二進制包
├── SOURCES # 所有源代碼和補丁文件的存放目錄
├── SPECS # 存放SPEC文件的目錄(重要)
└── SRPMS # 最終生成的二進制源碼包所在目錄
準備要製作的源碼包和所需的一些額外文件
[root@rpmbuild ~]# cd rpmbuild/SOURCES/
[root@rpmbuild SOURCES]# ll
總用量 824
-rw-r--r-- 1 root root 2474 9月 25 16:57 init.nginx
-rw-r--r-- 1 root root 833473 12月 6 2016 nginx-1.8.1.tar.gz
-rw-r--r-- 1 root root 673 9月 25 17:03 nginx.conf
編寫啟動服務腳本,讓其可以使用service和chkconfig來管理
[root@rpmbuild SOURCES]# cat init.nginx
====================================================
#!/bin/sh
#
# nginx - this>
#
# chkconfig: - 85 15
# description: Nginx is an HTTP(S) server, HTTP(S) reverse \
# proxy and IMAP/POP3 proxy server
# processname: nginx
# pidfile: /var/run/nginx/nginx.pid
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0
nginx="/usr/local/nginx/sbin/nginx"
prog=$(basename $nginx)
NGINX_CONF_FILE="/usr/local/nginx/conf/nginx.conf"
[ -f /etc/sysconfig/nginx ] && . /etc/sysconfig/nginx
lockfile=/var/lock/subsys/nginx
make_dirs() {
# make required directories
user=`nginx -V 2>&1 | grep "configure arguments:" | sed 's/[^*]*--user=\([^ ]*\).*/\1/g' -`
options=`$nginx -V 2>&1 | grep 'configure arguments:'`
for opt in $options; do
if [ `echo $opt | grep '.*-temp-path'` ]; then
value=`echo $opt | cut -d "=" -f 2`
if [ ! -d "$value" ]; then
# echo "creating" $value
mkdir -p $value && chown -R $user $value
fi
fi
done
}
start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
make_dirs
echo -n $"Starting $prog: "
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}
stop() {
echo -n $"Stopping $prog: "
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}
restart() {
configtest || return $?
stop
sleep 1
start
}
reload() {
configtest || return $?
echo -n $"Reloading $prog: "
killproc $nginx -HUP
RETVAL=$?
echo
}
force_reload() {
restart
}
configtest() {
$nginx -t -c $NGINX_CONF_FILE
}
rh_status() {
status $prog
}
rh_status_q() {
rh_status >/dev/null 2>&1
}
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}"
exit 2
esac
====================================================
創建或上傳nginx自定義配置文件
[root@rpmbuild SOURCES]# cat nginx.conf
====================================================
#user nobody;
worker_processes 4;
#error_log logs/error.log;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
====================================================
進入SPECS目錄並創建nginx.spec文件
[root@rpmbuild SOURCES]# cd ../SPECS/
[root@rpmbuild SPECS]# rpmdev-newspec nginx.spec
Skeleton specfile (minimal) has been created to "nginx.spec".
[root@rpmbuild SPECS]# ls
nginx.spec
[root@rpmbuild SPECS]# vim nginx.spec
====================================================
Name: nginx
Version: 1.8.1 # 版本號,不能使用“-”
Release: 1%{?dist}
Summary: Made from nginx-1.8.1.tar.gz # 簡單描述信息,最好不超過50個字符
Group: Applications/Archiving # 用“less /usr/share/doc/rpm-4.8.0/GROUPS”裡的一組
License: GPLv2 # 一定要帶上(最好是對方源碼包的LICENSE)BSD,GPL,GPLv2
URL: http://nginx.org
Packager: CentOS
Vendor: CentOS
Source0: %{name}-%{version}.tar.gz # source主要是引用一下自己定義好的腳本,配置文件之類的內容。
Source1: init.nginx # nginx在主配置文件裡面做了很多優化,包括cpu搶佔,各種緩存策略,進程數等。
Source2: nginx.conf # 每增加一個Source,都需要在%install段和%files段做相應配置,如果是啟動腳本的話。
BuildRoot: %_topdir/BUILDROOT
BuildRequires: gcc # 編譯代碼需要的軟件。
Requires: zlib,pcre,pcre-devel,openssl,openssl-devel # 定義nginx rpm安裝時依賴的包,需要提前進行手動安裝。
%description # 軟件包的描述,可多行編寫,段中間空行隔開
Custom a rpm by yourself! Build nginx-1.8.1.tar.gz to nginx-1.8.1-1.el6.x86_64.rpm
%prep # 編譯之前的處理,如解壓
%setup -q
%build # 開始編譯,如make
%configure # 這行必須刪掉,否則會報“./configure: error: invalid option "--host=x86_64-redhat-linux-gnu"”這樣的錯誤
./configure \
--user=nginx \
--group=nginx \
--prefix=/usr/local/nginx \
--error-log-path=/usr/local/nginx/logs/error.log \
--http-log-path=/usr/local/nginx/logs/access.log \
--pid-path=/usr/local/nginx/logs/nginx.pid \
--lock-path=/usr/local/nginx/logs/nginx.lock \
--with-http_ssl_module \
--with-http_flv_module \
--with-http_stub_status_module \
--with-http_gzip_static_module \
--with-pcre
make %{?_smp_mflags}
%install # 開始安裝,如make install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
%{__install} -p -D -m 0755 %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/nginx
%{__install} -p -D %{SOURCE2} $RPM_BUILD_ROOT/usr/local/nginx/conf/nginx.conf
%pre # 安裝前執行的動作
useradd -s /sbin/nologin nginx 2> /dev/null
%post # 安裝後執行的動作
chmod +x /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
%preun # 卸載之前的動作
/etc/init.d/nginx stop > /dev/null 2>&1
userdel -r nginx 2> /dev/null
%clean
rm -rf $RPM_BUILD_ROOT
%files # 指定哪些文件需要被打包
%defattr(-,nginx,nginx,-)
/usr/local/nginx # 表示包含此目錄下的所有文件
%attr(0755,root,root) /etc/rc.d/init.d/nginx # 此宏是定義單個文件的權限
%config(noreplace) /usr/local/nginx/conf/nginx.conf # 指定為配置文件
%doc
%changelog
====================================================
[root@rpmbuild SPECS]# rpmbuild -bb nginx.spec # 製作二進制包
[root@rpmbuild SPECS]# rpmbuild -ba nginx.spec # 既製作二進制包又製作src格式包
[root@rpmbuild SPECS]# du -sh ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
256K ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
[root@rpmbuild SPECS]# rpm -qpl ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
/etc/rc.d/init.d/nginx
/usr/local/nginx
/usr/local/nginx/conf
/usr/local/nginx/conf/fastcgi.conf
/usr/local/nginx/conf/fastcgi.conf.default
/usr/local/nginx/conf/fastcgi_params
/usr/local/nginx/conf/fastcgi_params.default
/usr/local/nginx/conf/koi-utf
/usr/local/nginx/conf/koi-win
/usr/local/nginx/conf/mime.types
/usr/local/nginx/conf/mime.types.default
/usr/local/nginx/conf/nginx.conf
/usr/local/nginx/conf/nginx.conf.default
/usr/local/nginx/conf/scgi_params
/usr/local/nginx/conf/scgi_params.default
/usr/local/nginx/conf/uwsgi_params
/usr/local/nginx/conf/uwsgi_params.default
/usr/local/nginx/conf/win-utf
/usr/local/nginx/html
/usr/local/nginx/html/50x.html
/usr/local/nginx/html/index.html
/usr/local/nginx/logs
/usr/local/nginx/sbin
/usr/local/nginx/sbin/nginx
[root@rpmbuild SPECS]# rpm -ivh ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
Preparing... ########################################### [100%]
1: nginx ########################################### [100%]
[root@rpmbuild SPECS]# rpm -qi nginx
Name : nginx Relocations: (not relocatable)
Version : 1.8.1 Vendor: CentOS
Release : 1.el6 Build Date: 2018年09月25日 星期二 18時02分06秒
Install Date: 2018年09月25日 星期二 18時04分30秒 Build Host: rpmbuild.test.org
Group : Applications/Archiving Source RPM: nginx-1.8.1-1.el6.src.rpm
Size : 706370 License: GPLv2
Signature : (none) # rpm包未簽名
Packager : CentOS
URL : http://nginx.org
Summary : Made from nginx-1.8.1.tar.gz
Description :
Custom a rpm by yourself! Build nginx-1.8.1.tar.gz to nginx-1.8.1-1.el6.x86_64.rpm
使用gpg方式生成簽名密鑰
[root@rpmbuild SPECS]# gpg --gen-key # 在圖形界面下操作
gpg (GnuPG) 2.0.14; Copyright (C) 2009 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
gpg: 已創建目錄‘/root/.gnupg’
gpg: 新的配置文件‘/root/.gnupg/gpg.conf’已建立
gpg: 警告:在‘/root/.gnupg/gpg.conf’裡的選項於此次運行期間未被使用
gpg: 鑰匙環‘/root/.gnupg/secring.gpg’已建立
gpg: 鑰匙環‘/root/.gnupg/pubring.gpg’已建立
請選擇您要使用的密鑰種類:
(1) RSA and RSA (default)
(2) DSA and Elgamal
(3) DSA (僅用於簽名)
(4) RSA (僅用於簽名)
您的選擇?
RSA 密鑰長度應在 1024 位與 4096 位之間。
您想要用多大的密鑰尺寸?(2048)
您所要求的密鑰尺寸是 2048 位
請設定這把密鑰的有效期限。
0 = 密鑰永不過期
密鑰的有效期限是?(0)
密鑰永遠不會過期
以上正確嗎?(y/n)y
You need a user ID to identify your key; the software constructs the user ID
from the Real Name, Comment and Email Address in this form:
"Heinrich Heine (Der Dichter) <heinrichh>"/<heinrichh>
真實姓名:rpmbuild
電子郵件地址:[email protected]
註釋:GPG-RPM-KEY
您選定了這個用戶標識:
“rpmbuild (GPG-RPM-KEY) <rpmbuild>”/<rpmbuild>
更改姓名(N)、註釋(C)、電子郵件地址(E)或確定(O)/退出(Q)?O
您需要一個密碼來保護您的私鑰。
can't connect to `/root/.gnupg/S.gpg-agent': 沒有那個文件或目錄
gpg-agent[15055]: 已創建目錄‘/root/.gnupg/private-keys-v1.d’
我們需要生成大量的隨機字節。這個時候您可以多做些瑣事(像是敲打鍵盤、移動
鼠標、讀寫硬盤之類的),這會讓隨機數字發生器有更好的機會獲得足夠的熵數。
# 這裡不需要輸入東西,只需要移動鼠標即可
gpg: /root/.gnupg/trustdb.gpg:建立了信任度數據庫
gpg: 密鑰 D75962BF 被標記為絕對信任
公鑰和私鑰已經生成並經簽名。
gpg: 正在檢查信任度數據庫
gpg: 需要 3 份勉強信任和 1 份完全信任,PGP 信任模型
gpg: 深度:0 有效性: 1 已簽名: 0 信任度:0-,0q,0n,0m,0f,1u
pub 2048R/D75962BF 2018-09-26
密鑰指紋 = 6EF5 BF25 DA5D 1216 4710 4CD7 0A95 3DE9 D759 62BF
uid rpmbuild (GPG-RPM-KEY) <rpmbuild>
sub 2048R/0C94E7EA 2018-09-26
查看生成的密鑰
[root@rpmbuild SPECS]# gpg --list-key
/root/.gnupg/pubring.gpg
------------------------
pub 2048R/D75962BF 2018-09-26
uid rpmbuild (GPG-RPM-KEY) <rpmbuild>
sub 2048R/0C94E7EA 2018-09-26
導出公鑰以供驗證
[root@rpmbuild SPECS]# gpg --export -a "rpmbuild" > RPM-GPG-KEY-rpmbuild
在~/.rpmmacros宏中定義加密密鑰
[root@rpmbuild SPECS]# cat ~/.rpmmacros
%_topdir %(echo $HOME)/rpmbuild
%_smp_mflags -j3
%__arch_install_post /usr/lib/rpm/check-rpaths /usr/lib/rpm/check-buildroot
%_gpg_name rpmbuild # 添加這一行
為rpm包簽名
[root@rpmbuild SPECS]# rpm --addsign ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
Enter pass phrase: # 輸入私鑰密碼
Pass phrase is good.
../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm:
將公鑰導入rpm包
[root@rpmbuild SPECS]# rpm --import RPM-GPG-KEY-rpmbuild
驗證rpm包密鑰
[root@rpmbuild SPECS]# rpm --checksig ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
重新安裝nginx,驗證安裝包的簽名信息
[root@rpmbuild SPECS]# rpm -qa | grep nginx
nginx-1.8.1-1.el6.x86_64
[root@rpmbuild SPECS]# rpm -e nginx-1.8.1-1.el6.x86_64
[root@rpmbuild SPECS]# rpm -ivh ../RPMS/x86_64/nginx-1.8.1-1.el6.x86_64.rpm
Preparing... ########################################### [100%]
1: nginx ########################################### [100%]
[root@rpmbuild SPECS]# rpm -qi nginx
Name : nginx Relocations: (not relocatable)
Version : 1.8.1 Vendor: CentOS
Release : 1.el6 Build Date: 2018年09月26日 星期三 14時23分16秒
Install Date: 2018年09月26日 星期三 17時51分17秒 Build Host: rpmbuild.test.org
Group : Applications/Archiving Source RPM: nginx-1.8.1-1.el6.src.rpm
Size : 706370 License: GPLv2
Signature : RSA/SHA1, 2018年09月26日 星期三 17時43分57秒, Key ID 0a953de9d75962bf
Packager : CentOS
URL : http://nginx.org
Summary : Made from nginx-1.8.1.tar.gz
Description :
Custom a rpm by yourself! Build nginx-1.8.1.tar.gz to nginx-1.8.1-1.el6.x86_64.rpm
[root@rpmbuild SPECS]# /etc/init.d/nginx configtest
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@rpmbuild SPECS]# ll /usr/local/
總用量 48
drwxr-xr-x. 2 root root 4096 9月 23 2011 bin
drwxr-xr-x. 2 root root 4096 9月 23 2011 etc
drwxr-xr-x. 2 root root 4096 9月 23 2011 games
drwxr-xr-x. 2 root root 4096 9月 23 2011 include
drwxr-xr-x. 2 root root 4096 9月 23 2011 lib
drwxr-xr-x. 2 root root 4096 9月 23 2011 lib64
drwxr-xr-x. 2 root root 4096 9月 23 2011 libexec
drwxr-xr-x 5 nginx nginx 4096 9月 25 18:04 nginx
drwxr-xr-x. 2 root root 4096 9月 23 2011 sbin
drwxr-xr-x. 5 root root 4096 9月 20 2017 share
drwxr-xr-x. 2 root root 4096 9月 23 2011 src
[root@rpmbuild SPECS]# chkconfig --list nginx
nginx 0:關閉 1:關閉 2:啟用 3:啟用 4:啟用 5:啟用 6:關閉
[root@rpmbuild SPECS]# /etc/init.d/nginx start
正在啟動 nginx: [確定]
[root@rpmbuild SPECS]# netstat -tnlp | grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14991/nginx
閱讀更多 YosonXu 的文章
