Not so easy

The easy way is APT or some­thing sim­i­lar, the hard way is just liv­ing with­out them, this is the not-­so-easy way.

Sit down, this is a rather long sto­ry.

I man­age a pret­ty large num­ber of Lin­ux sys­tems be­long­ing to a bunch of dif­fer­ent com­pa­nies. I do it in Ar­genti­na. That means I don't charge a lot of mon­ey for it. So, any­thing that makes a sys­tem main­te­nance chore take less time (so I can have more clients) is good news for me.

One of the good news is stan­darized soft­ware: I al­ways in­stall the same stuff ev­ery­where, and cur­rent­ly that is the Fe­do­ra dis­tri­bu­tion. While I don't like Red Hat (the com­pa­ny) much, and find their dis­tros rather bland, it works for me, and don't in­tend to change (re­mem­ber, I would change a num­ber of server­s) just out of taste. In the same way, as a mail server, I al­ways in­stall qmail, with a num­ber of patch­es.

I start­ed with the pack­age from http://un­trou­bled.org, but it has evolved over the years in­to a dif­fer­ent beast al­to­geth­er, which I re­al­ly should pub­lish some­where, some­day.

For ex­am­ple, my pack­ages come with SMTP au­then­ti­ca­tion en­abled by de­fault, be­cause I sim­ply need it ev­ery­where. Qmail's au­then­ti­ca­tion sys­tem is ad­mirably mod­u­lar. You could write an au­then­ti­ca­tor in bash if you were in­sane enough. But my favourite au­then­ti­ca­tor is check­pass­word-­pam which guess what? does it us­ing the reg­u­lar PAM stuf found on ev­ery Lin­ux dis­tro.

So, I have even made my Qmail RPMs re­quire check­pass­word-­pam, that's sim­ple.

But an­oth­er thing I de­cid­ed a while ago is that I don't want un­man­aged soft­ware pack­ages in my server­s. I will not in­stall some­thing I can't unin­stall eas­i­ly, and in the usu­al man­ner of rpm -e so, I need­ed a check­pass­word-­pam RPM pack­age.

The rea­sons for that de­ci­sion are many, but the big one is: I can main­tain my own ap­t-rpm repos­i­to­ry and make all my very-nice-and-sim­i­lar servers up­date from it in the same way with two sim­ple com­mands if there is a need, so I al­ways have the ex­act same stuff ev­ery­where. That's good.

Sure, mak­ing a pack­age is not ter­ri­bly hard. It's just that I have no idea how it's done. I can hack an ex­ist­ing .spec file just fine, but start­ing one from scratch? I have no idea.

So, here is the lat­est good news: check­in­stall

What it does

Check­in­stall is an in­stal­la­tion track­er. Sup­pose you have the sources for a pro­gram, and want to in­stall it. Usu­al­ly, you do this:

./configure
make
make install

And you end with some files in­stalled some­where in your sys­tem. Maybe you can re­move them with a make unin­stall, prob­a­bly you can't. Maybe next ver­sion will in­stall on the same place, maybe it won't and you will have two copies of some stuff around, maybe you will even end up run­ning the old ver­sion any­way be­cause it end­ed first in the PATH. Ba­si­cal­ly, you just lost con­trol of your sys­tem.

The goal of an in­stal­la­tion track­er is to track down what you in­stalled. There are sev­er­al of the­se, but I will on­ly talk about check­in­stal­l, be­cause it's what I use ;-)

Check­in­stall will cre­ate a RPM (or DEB or TGZ) pack­age for you, which you can lat­er in­stal­l. I will fo­cus on the RPM side of things, but I don't ex­pect life to be much hard­er in the oth­er side(s) of the fence(s).

Getting checkinstall

You should get it from its web­page how­ev­er, if you are run­ning Fe­do­ra, it won't work for a cou­ple of rea­son­s:

• There's a bug in check­in­stall that re­quires a patch
• The de­faults in the check­in­stall script in­stall the docs in the wrong place (/us­r/­doc in­stead of /us­r/share/­doc)

So, if you wan­t, you can fix those two is­sues. If you don't, just get my own RPM (made with check­in­stal­l, of course ;-) via freecache .

Using checkinstall

Check­in­stall has rather good docs, so I won't go in­to ex­haus­tive de­tail about how you can tweak it, but just give a sim­ple ex­am­ple us­ing check­pass­word-­pam.

First, ex­pand the ar­chive in the usu­al man­ner:

[root@roberto qmail]# tar xzvf checkpassword-pam-0.98.tar.gz
checkpassword-pam-0.98/
checkpassword-pam-0.98/debian/
checkpassword-pam-0.98/debian/changelog
:
:
:
checkpassword-pam-0.98/checkpassword-pam.8
checkpassword-pam-0.98/interface.html
[root@roberto qmail]#

En­ter the di­rec­to­ry that was just cre­at­ed:

[root@roberto qmail]# cd checkpassword-pam-0.98
[root@roberto checkpassword-pam-0.98]#

Call con­fig­ure as you like it:

[root@roberto checkpassword-pam-0.98]# ./configure --prefix=/usr
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
:
:
:
config.status: creating config.h
config.status: executing depfiles commands
[root@roberto checkpassword-pam-0.98]#

Call make as usu­al:

[root@roberto checkpassword-pam-0.98]# make
make  all-am
:
:
:
make[1]: Leaving directory `/home/ralsina/qmail/checkpassword-pam-0.98'
[root@roberto checkpassword-pam-0.98]#

And now's the new stuff. In­stead of call­ing make in­­stall, call check­­in­stall make in­­stall. No­tice that this works for what­ev­er the com­mand to in­stall is, you just pre­fix it with check­in­stal­l.

[root@roberto checkpassword-pam-0.98]# checkinstall make install

checkinstall 1.6.0beta3, Copyright 2002 Felipe Eduardo Sanchez Diaz Duran
        This software is released under the GNU GPL.


The package documentation directory ./doc-pak does not exist.
Should I create a default set of package docs?  [y]:

If you say yes, check­in­stall will copy the usu­al doc files (READ­ME, for in­stance) in­to some place. Please no­tice that by de­fault check­in­stall will use /us­r/­doc, and in Red Hat or Fe­do­ra it should be /us­r/share/­doc.

To cor­rect that, ei­ther use my RPM or ed­it your check­in­stall­rc file.

You can tell check­in­stall what files should go in­to docs by cre­at­ing a doc-­pak di­rec­to­ry and copy­ing them in.

Preparing package documentation... OK

Please choose the packaging method you want to use.
Slackware [S], RPM [R] o Debian [D]?

Now it asks me what kind of pack­age I wan­t. You tell it what­ev­er you need, I use RPM pack­ages.

Please write a description for the package.
End your description with an empty line or EOF.
>> A checkpwd implementation using PAM. Useful for Qmail.
>>

As you can see, I en­tered a short de­scrip­tion of the pack­age.

This package will be built according to these values:

1 -  Summary: [ A checkpwd implementation using PAM. Useful for Qmail. ]
2 -  Name:    [ checkpassword-pam ]
3 -  Version: [ 0.98 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ Applications/System ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ checkpassword-pam-0.98 ]
9 -  Alternate source location: [  ]
10 - Provides: [  ]
11 - Requires: [  ]

Enter a number to change any of them or press ENTER to continue:

This step asks you to set val­ues that ap­pear lat­er in the pack­age in­for­ma­tion. Please do it. You may think now that you will al­ways know what check­pass­wd-­pam is. Well, maybe you won't. Maybe you won't even be around.

Spe­cial­ly im­por­tant is that when­ev­er you mod­i­fy the pack­age and re­build it, you in­crease the re­lease num­ber, so up­grad­ing is seam­less, and you can avoid stupid stuff like --­force.

Here's how I left it:

1 -  Summary: [ A checkpwd implementation using PAM. Useful for Qmail. ]
2 -  Name:    [ checkpassword-pam ]
3 -  Version: [ 0.98 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ Applications/System ]
7 -  Architecture: [ i386 ]
8 -  Source location: [ checkpassword-pam-0.98 ]
9 -  Alternate source location: [ http://checkpasswd-pam.sourceforge.net/ ]
10 - Provides: [  ]
11 - Requires: [ pam >= 0.59 ]

The re­quires, I got from check­pass­word-­pam's README file.

Installing with make install...

========================= Installation results ===========================
make[1]: Entering directory `/home/ralsina/qmail/checkpassword-pam-0.98'
/bin/sh ./mkinstalldirs /usr/bin
:
:
:
**************************************
**** RPM package creation selected ***
**************************************

Building RPM package...OK

NOTE: The package will not be installed

Erasing temporary files...OK

Writing backup package...OK

Deleting temp dir...OK


**********************************************************************

Done. The new package has been saved to

/usr/src/redhat/RPMS/i386/checkpassword-pam-0.98-1.i386.rpm
You can install it in your system anytime using:

rpm -i checkpassword-pam-0.98-1.i386.rpm

**********************************************************************

[root@roberto checkpassword-pam-0.98]#

And that's al­l. You have a nice RPM pack­age you can dis­trib­ute and use at will.

Hope you liked this ar­ti­cle. If you have any doubt or ques­tion about any of this, just post a com­ment or email me. The best thing is prob­a­bly to post a com­ment and email me telling me you post­ed it.

That way, you make sure I no­tice your com­men­t, and the ques­tion (hope­ful­ly al­so the an­swer) stay with the ar­ti­cle.

The ul­ti­mate goal of the ar­ti­cle is that you no­tice how mak­ing a RPM is not too ter­ri­bly hard, and fur­ther, that if you make some nice ones, you share them with the rest of us, so we can stop cre­at­ing them ;-)