Not so easy

The easy way is APT or something similar, the hard way is just living without them, this is the not-so-easy way.

Sit down, this is a rather long story.

I manage a pretty large number of Linux systems belonging to a bunch of different companies. I do it in Argentina. That means I don't charge a lot of money for it. So, anything that makes a system maintenance chore take less time (so I can have more clients) is good news for me.

One of the good news is standarized software: I always install the same stuff everywhere, and currently that is the Fedora distribution. While I don't like Red Hat (the company) much, and find their distros rather bland, it works for me, and don't intend to change (remember, I would change a number of servers) just out of taste. In the same way, as a mail server, I always install qmail, with a number of patches.

I started with the package from http://untroubled.org, but it has evolved over the years into a different beast altogether, which I really should publish somewhere, someday.

For example, my packages come with SMTP authentication enabled by default, because I simply need it everywhere. Qmail's authentication system is admirably modular. You could write an authenticator in bash if you were insane enough. But my favourite authenticator is checkpassword-pam which guess what? does it using the regular PAM stuf found on every Linux distro.

So, I have even made my Qmail RPMs require checkpassword-pam, that's simple.

But another thing I decided a while ago is that I don't want unmanaged software packages in my servers. I will not install something I can't uninstall easily, and in the usual manner of rpm -e so, I needed a checkpassword-pam RPM package.

The reasons for that decision are many, but the big one is: I can maintain my own apt-rpm repository and make all my very-nice-and-similar servers update from it in the same way with two simple commands if there is a need, so I always have the exact same stuff everywhere. That's good.

Sure, making a package is not terribly hard. It's just that I have no idea how it's done. I can hack an existing .spec file just fine, but starting one from scratch? I have no idea.

So, here is the latest good news: checkinstall

What it does

Checkinstall is an installation tracker. Suppose you have the sources for a program, and want to install it. Usually, you do this:

    ./configure
    make
    make install

And you end with some files installed somewhere in your system. Maybe you can remove them with a make uninstall, probably you can't. Maybe next version will install on the same place, maybe it won't and you will have two copies of some stuff around, maybe you will even end up running the old version anyway because it ended first in the PATH. Basically, you just lost control of your system.

The goal of an installation tracker is to track down what you installed. There are several of these, but I will only talk about checkinstall, because it's what I use ;-)

Checkinstall will create a RPM (or DEB or TGZ) package for you, which you can later install. I will focus on the RPM side of things, but I don't expect life to be much harder in the other side(s) of the fence(s).

Getting checkinstall

You should get it from its webpage however, if you are running Fedora, it won't work for a couple of reasons:

There's a bug in checkinstall that requires a patch
The defaults in the checkinstall script install the docs in the wrong place (/usr/doc instead of /usr/share/doc)

So, if you want, you can fix those two issues. If you don't, just get my own RPM (made with checkinstall, of course ;-) via freecache .

Using checkinstall

Checkinstall has rather good docs, so I won't go into exhaustive detail about how you can tweak it, but just give a simple example using checkpassword-pam.

First, expand the archive in the usual manner:

    [root@roberto qmail]# tar xzvf checkpassword-pam-0.98.tar.gz
    checkpassword-pam-0.98/
    checkpassword-pam-0.98/debian/
    checkpassword-pam-0.98/debian/changelog
    :
    :
    :
    checkpassword-pam-0.98/checkpassword-pam.8
    checkpassword-pam-0.98/interface.html
    [root@roberto qmail]#

Enter the directory that was just created:

    [root@roberto qmail]# cd checkpassword-pam-0.98
    [root@roberto checkpassword-pam-0.98]#

Call configure as you like it:

    [root@roberto checkpassword-pam-0.98]# ./configure --prefix=/usr
    checking for a BSD-compatible install... /usr/bin/install -c
    checking whether build environment is sane... yes
    :
    :
    :
    config.status: creating config.h
    config.status: executing depfiles commands
    [root@roberto checkpassword-pam-0.98]#

Call make as usual:

    [root@roberto checkpassword-pam-0.98]# make
    make  all-am
    :
    :
    :
    make[1]: Leaving directory `/home/ralsina/qmail/checkpassword-pam-0.98'
    [root@roberto checkpassword-pam-0.98]#

And now's the new stuff. Instead of calling make install, call checkinstall make install. Notice that this works for whatever the command to install is, you just prefix it with checkinstall.

    [root@roberto checkpassword-pam-0.98]# checkinstall make install
    
    checkinstall 1.6.0beta3, Copyright 2002 Felipe Eduardo Sanchez Diaz Duran
            This software is released under the GNU GPL.
    
    
    The package documentation directory ./doc-pak does not exist.
    Should I create a default set of package docs?  [y]:

If you say yes, checkinstall will copy the usual doc files (README, for instance) into some place. Please notice that by default checkinstall will use /usr/doc, and in Red Hat or Fedora it should be /usr/share/doc.

To correct that, either use my RPM or edit your checkinstallrc file.

You can tell checkinstall what files should go into docs by creating a doc-pak directory and copying them in.

    Preparing package documentation... OK
    
    Please choose the packaging method you want to use.
    Slackware [S], RPM [R] o Debian [D]?

Now it asks me what kind of package I want. You tell it whatever you need, I use RPM packages.

    Please write a description for the package.
    End your description with an empty line or EOF.
    >> A checkpwd implementation using PAM. Useful for Qmail.
    >>

As you can see, I entered a short description of the package.

    This package will be built according to these values:
    
    1 -  Summary: [ A checkpwd implementation using PAM. Useful for Qmail. ]
    2 -  Name:    [ checkpassword-pam ]
    3 -  Version: [ 0.98 ]
    4 -  Release: [ 1 ]
    5 -  License: [ GPL ]
    6 -  Group:   [ Applications/System ]
    7 -  Architecture: [ i386 ]
    8 -  Source location: [ checkpassword-pam-0.98 ]
    9 -  Alternate source location: [  ]
    10 - Provides: [  ]
    11 - Requires: [  ]
    
    Enter a number to change any of them or press ENTER to continue:

This step asks you to set values that appear later in the package information. Please do it. You may think now that you will always know what checkpasswd-pam is. Well, maybe you won't. Maybe you won't even be around.

Specially important is that whenever you modify the package and rebuild it, you increase the release number, so upgrading is seamless, and you can avoid stupid stuff like --force.

Here's how I left it:

    1 -  Summary: [ A checkpwd implementation using PAM. Useful for Qmail. ]
    2 -  Name:    [ checkpassword-pam ]
    3 -  Version: [ 0.98 ]
    4 -  Release: [ 1 ]
    5 -  License: [ GPL ]
    6 -  Group:   [ Applications/System ]
    7 -  Architecture: [ i386 ]
    8 -  Source location: [ checkpassword-pam-0.98 ]
    9 -  Alternate source location: [ http://checkpasswd-pam.sourceforge.net/ ]
    10 - Provides: [  ]
    11 - Requires: [ pam >= 0.59 ]

The requires, I got from checkpassword-pam's README file.

    Installing with make install...
    
    ========================= Installation results ===========================
    make[1]: Entering directory `/home/ralsina/qmail/checkpassword-pam-0.98'
    /bin/sh ./mkinstalldirs /usr/bin
    :
    :
    :
    **************************************
    **** RPM package creation selected ***
    **************************************
    
    Building RPM package...OK
    
    NOTE: The package will not be installed
    
    Erasing temporary files...OK
    
    Writing backup package...OK
    
    Deleting temp dir...OK
    
    
    **********************************************************************
    
    Done. The new package has been saved to
    
    /usr/src/redhat/RPMS/i386/checkpassword-pam-0.98-1.i386.rpm
    You can install it in your system anytime using:
    
    rpm -i checkpassword-pam-0.98-1.i386.rpm
    
    **********************************************************************
    
    [root@roberto checkpassword-pam-0.98]#

And that's all. You have a nice RPM package you can distribute and use at will.

Hope you liked this article. If you have any doubt or question about any of this, just post a comment or email me. The best thing is probably to post a comment and email me telling me you posted it.

That way, you make sure I notice your comment, and the question (hopefully also the answer) stay with the article.

The ultimate goal of the article is that you notice how making a RPM is not too terribly hard, and further, that if you make some nice ones, you share them with the rest of us, so we can stop creating them ;-)