curl命令访问ftp默认走被动模式,主动模式可能会不好使,比如说:
- curl在防火墙后面,而防火墙又不允许主动进入的连接
- curl所在机器有多个IP,控制链路使用的IP和数据链路期望使用不同的IP
- 可以通过 -P address 来指定主动模式时数据链路期望使用的IP,如果简单使用数据链路的IP,则可以直接 -P –
DevOps
curl命令访问ftp默认走被动模式,主动模式可能会不好使,比如说:
手动在gitlab上创建git仓库: http://gitlab.phpor.net/phpor/svn2gitlab.git
1 2 3 4 |
yum install git-svn.noarch git svn clone http://svn.phpor.net/svn2gitlab/ svn2gitlab git remote add origin http://gitlab.phpor.net/phpor/svn2gitlab.git git push --all |
给自己的blog添加了https访问,同时支持了http2.0,访问速度明显快了不少(假的,4G网络下没看出来差别)
开启方法: https://certbot.eff.org/
发现的几个问题:
这里的证书是3个月的有效期,马上要到期了,根据官方提供的脚本,自动更新证书的时候需要(虽然是自动的)重新安装python(而且是编译安装),结果失败了,解决办法: 官方给了一种docker的申请方式:
https://certbot.eff.org/docs/install.html#certbot-auto
如下:
1 2 3 4 5 6 |
#!/bin/bash docker run --rm -p 80:80 -p 443:443 \ -v /etc/letsencrypt:/etc/letsencrypt \ quay.io/letsencrypt/letsencrypt auth \ --standalone -m phpor@phpor.net --agree-tos \ -d phpor.net -d www.phpor.net -d blog.phpor.net |
由于国内下载docker镜像很慢,可以直接在国外的机器上完成上述操作,然后,把申请好的证书拿回来配置(这样也比去某些网站申请证书来的方便的多),注意,需要把申请证书的域名解析到这个docker的机器的IP上,验证域名要用。
为了方便下次使用,还是把这个docker容器下载到国内,放在自己博客的机器上,下次就不需要修改域名解析了
写个cron自动续签证书:
1 2 3 4 5 6 7 8 9 10 |
#!/bin/bash domain="phpor.net" now=$(date "+%s") e=$(LANG=C curl https://$domain -v 2>&1 >/dev/null |grep expire|awk -F": " '{print $2}') expire=$(date "+%s" -d "$e") left=$((expire-now)) if [[ "$left" -lt $(( 2 * 86400 )) ]]; then /data1/www/auto_apply.sh /usr/local/openresty/nginx/sbin/nginx -s reload fi |
提前两天自动续签证书
目前certbot还不支持 通配符 证书的申请 (https://certbot.eff.org/faq/#will-let-s-encrypt-issue-wildcard-certificates)
根据证书颁发的方式的不同,证书的级别也有不同,从低到高依次为: DV、OV、EV:
DV ( Domain Validation):只验证域名(这个很简单)
OV (Organization Validation): 验证域名和组织
EV(Extended Validation): 验证流程更严格
目前certbot还没有计划推出EV型证书(https://certbot.eff.org/faq/#will-certbot-issue-extended-validation-ev-certificates)
关于申请证书频繁程度是限制: https://letsencrypt.org/docs/rate-limits/
缘起:
虚拟机配置了ldap认证,由于一次断网,ldap服务器进程还在,但是无法正常服务,查看原因,发现ldap服务器进程由于大量连接导致文件描述符占满。
虚拟机上启动了nslcd,该进程会和ldap服务器保持长连接,断网的时候,ldap服务器并不知道连接已经断开(应该是服务器端没有开启探活机制,而client端开启了探活机制),网络恢复后,client重新连接,导致连接数翻倍
解决办法:
ldap认证可以不走nslcd的,参考资料:
http://www.tldp.org/HOWTO/archived/LDAP-Implementation-HOWTO/pamnss.html
confd 配置文件:
有时候,我们不想在confd启动命令中写很长的参数,那么可以通过 -config-file 来指定配置文件,如果你喜欢将配置文件的位置定义到 /etc/confd/confd.toml ,那么一个参数也不需要,因为,这就是默认搜索的配置文件
一个confd.toml 的示例:
1 2 3 4 5 6 7 8 |
username="root" password="2379" nodes=[ "http://172.16.22.36:2379", ] watch=true prefix="/" basic_auth=true |
一个conf.d/upstream.toml
1 2 3 4 5 6 7 8 9 10 11 |
[template] prefix = "/sa/nginx" src = "upstream.tmpl" dest = "/tmp/upstream.conf" owner = "www" mode = "0644" keys = [ "/upstream", ] check_cmd = "ls {{.src}}" reload_cmd = "cat /tmp/upstream.conf" |
其中:
模板文件示例:
1 2 3 4 5 6 7 8 |
{{range $dir := lsdir "/upstream/" -}} upstream {{base $dir}} { {{$custdir := printf "/upstream/%s/servers/*" $dir -}} {{range gets $custdir -}} server {{.Value}}; {{ end }} } {{end}} |
注意:
watch的实现:
从编程的角度深入分析了linux下capability的概念,相关工具 libcap
学以致用:
Docker容器往往被剥夺了很多能力,如此在容器启动之后想做一些能力之外的事情该咋办?其实,容器毕竟是容器,和虚拟机是有区别的,我们可以可以限制容器内进程的能力,我们也可以把一个具有超能力的进程放到容器里面执行,这样就可以做一些原本容器没有能力做到的事情,比如: docker exec –privileged … 。
如下图:
结论: 我们不担心容器是在非特权模式下启动的,只要我们想要权限,就可以通过某种方式(如: –privileged)将一个特权进程放到容器里面做特权的事情
https://coreos.com/etcd/docs/latest/auth_api.html
auth enable 之前必须添加root用户,添加时设置密码:
1 |
etcdctl --endpoints http://172.16.22.36:2379 user add root |
开启认证:
1 |
etcdctl --endpoints http://172.16.22.36:2379 auth enable |
添加一个非特权账号:(注意,这时候就需要有权限的用户来操作了)
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user add phpor |
查看有哪些账号:
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user list |
添加角色:
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role add test1 |
给角色添加能力:
通过 –help 查看用法:
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role grant --help |
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role grant --rw --path /test1 test1 |
注意,这里只添加了 /test1 的读写权限,不包含其子目录(文件),如果需要包含,请这么写:
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role grant --rw --path /test1/* test1 |
查看有哪些角色了:
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role list |
查看指定角色的权限:
1 2 3 4 5 6 7 8 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 role get test1 Role: test1 KV Read: /test1 /test1/* KV Write: /test1 /test1/* |
将用户添加到角色:
1 |
etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user grant --roles test1 phpor |
查看用户拥有哪些角色:
1 2 3 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user get phpor User: phpor Roles: test1 |
列出etcd中的所有key:(-p 选项在目录的后面添加 /)
1 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 ls / -r -p |
关于用户的更多操作:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# etcdctl --endpoints http://172.16.22.36:2379 --username root:2379 user --help NAME: etcdctl user - user add, grant and revoke subcommands USAGE: etcdctl user command [command options] [arguments...] COMMANDS: add add a new user for the etcd cluster get get details for a user list list all current users remove remove a user for the etcd cluster grant grant roles to an etcd user revoke revoke roles for an etcd user passwd change password for a user OPTIONS: --help, -h show help |
1 2 |
# rpm --showrc|grep rpmbuild -14: _topdir %{getenv:HOME}/rpmbuild |
1 2 |
# ls ~/rpmbuild/ BUILD BUILDROOT RPMS SPECS SRPMS SOURCES |
1 2 3 |
# rpm --showrc|grep _sourcedir RPM_SOURCE_DIR="%{u2p:%{_sourcedir}}" -14: _sourcedir %{_topdir}/SOURCES |
1 |
rpmbuild --define "_sourcedir `pwd`" ... |
1 2 |
/home/phpor/rpmbuild/RPMS/x86_64/openresty-1.9.15.1-1.x86_64.rpm /home/phpor/rpmbuild/RPMS/x86_64/openresty-debuginfo-1.9.15.1-1.x86_64.rpm |
1 2 3 4 |
# rpm -qlp /home/phpor/rpmbuild/SRPMS/openresty-1.9.15.1-1.src.rpm ngx_txid.tar.gz openresty-1.9.15.1.tar.gz openresty.spec |
1 2 3 |
Wrote: /home/phpor/rpmbuild/SRPMS/openresty-1.9.15.1-1.src.rpm Wrote: /home/phpor/rpmbuild/RPMS/x86_64/openresty-1.9.15.1-1.x86_64.rpm Wrote: /home/phpor/rpmbuild/RPMS/x86_64/openresty-debuginfo-1.9.15.1-1.x86_64.rpm |
spec文件中有一大堆的宏和类似宏的东西,搞懂这些对rpm打包极为重要。
该宏的作用是,将源码安装到BUILD目录下,无参情况下的%setup等价于:
1 2 3 4 5 6 7 8 9 10 |
cd %{_topdir}/BUILD rm -fr %{name}-%{version} gzip -dc %{_sourcedir}/%{source} | tar -xvvf - if [ $? -ne 0 ]; then exit $? fi cd %{name}-%{version} cd /usr/src/redhat/BUILD/%{name}-%{version} chown -R root.root . chmod -R a+rX,g-w,o-w . |
-n选项:
如果source解压后的目录名不是spec中定义的 %{name}-%{version}, 那么目录切换就会出错,这时候可以使用-n参数,如: %setup -n phpor ,则上面逻辑中的 %{name}-%{version}将会是-n指定的参数phpor
-c选项:
如果源码目录不是在一个指定的目录下,如: 对于软件phpor-1.0,目录结构如下:
1 2 |
#ls phpor-1.0 x1 x2 x3 |
如果: tar -zcf phpor-1.0.tar.gz phpor-1.0 则比较正常
如果: cd phpor-1.0 && tar -zcf phpor-1.0 * 则解压出来将没有phpor-1.0这个目录,而是x1 x2 x3 三个目录(或文件),这时候就需要在打rpm包的时候预先创建phpor-1.0这个目录,然后解压到该目录,这就是使用-c的作用了
更多参考: http://www.rpm.org/max-rpm/s1-rpm-inside-macros.html#S3-RPM-INSIDE-SETUP-MULTI-SOURCE
%prep
其实该宏很简单:
1 2 3 4 5 6 7 |
# rpm --eval "%prep" %prep LANG=C export LANG unset DISPLAY |
%install
1 2 3 4 5 6 7 |
# rpm --eval "%install" %install LANG=C export LANG unset DISPLAY |
%makeinstall
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# rpm --eval "%makeinstall" /usr/bin/make \ prefix=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr \ exec_prefix=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr \ bindir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/bin \ sbindir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/sbin \ sysconfdir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/etc \ datadir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/share \ includedir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/include \ libdir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/lib64 \ libexecdir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/libexec \ localstatedir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/var \ sharedstatedir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/var/lib \ mandir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/share/man \ infodir=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64/usr/share/info \ install |
%make_install
1 2 |
# rpm --eval "%make_install" make install DESTDIR=/home/phpor/rpmbuild/BUILDROOT/%{name}-%{version}-%{release}.x86_64 |
%files
最好写的细一些,不要直接写 / (根目录)
%config
配置文件可以通过该指令指定,配置文件比较特殊,有时候期望卸载软件的时候配置还能保留;rpm是这么处理配置文件的:
1 2 |
# rpm -e beebank-test warning: /etc/hello.conf saved as /etc/hello.conf.rpmsave |
-bp:只解压缩文件,不编译
-bc:编译但不安装
-bi: 编译、安装(到$RPM_BUILD_ROOT目录下),不删除 $RPM_BUILD_ROOT目录,不生成rpm文件,方便查看安装的位置是否正确
-ba:即生成源码rpm包,也生成二进制rpm包
其实源rpm包比较好创建,就是把指定的source和spec两个文件打成一个rpm压缩包;如果是自己已经编译过的目录(不让rpm来编译,就不会有debuginfo rpm包)
-bb: 只生成二进制rpm包
-bs:只生成源码rpm包
-t*:直接build指定的tar包,该tar包中包含了spec文件
rpmbuild总是根据spec文件生成一个shell脚本,该脚本是%_tmppath 下的一个临时文件,具体查看 %_tmppath 的方式:
1 2 |
#rpm --eval "%_tmppath" /var/tmp |
通过查看生成的shell脚本就能比较清楚地知道rpm是如何工作的,宏扩展后具体是什么
另: spec文件中是可以直接写shell脚本的,如:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
%define prefix /usr/local/openresty %define ln_nginx /usr/sbin/nginx Name: beebank-openresty Version: 1.9.15.1 Release: 1 Summary: OpenResty, scalable web platform by extending NGINX with Lua Group: Development/Languages License: BSD URL: https://openresty.org/ Source0: beebank-openresty-1.9.15.1.tar.gz Source1: ngx_txid.tar.gz Packager: phpor <junjie.li@beebank.com> %description Openresty build for beebank %prep %setup %setup -D -b 1 %build ./configure --prefix=%{prefix} \ --with-pcre-jit \ --with-ipv6 \ --without-http_redis2_module \ --with-http_iconv_module \ --add-module=../ngx_txid \ -j2 make %install %make_install %post for f in %{prefix}/bin/*; do ln -s $f /usr/bin/$(basename $f);done [ -e /etc/nginx ] || ln -s %{prefix}/nginx/conf /etc/nginx [ -e /usr/sbin/nginx ] || ln -s %{prefix}/nginx/sbin/nginx %{ln_nginx} %files /* %doc %changelog %preun for f in %{prefix}/bin/*; do unlink /usr/bin/$(basename $f);done [ -h %{ln_nginx} ] && [ $(readlink -f %{ln_nginx}) = "%{prefix}/nginx/sbin/nginx" ] && unlink /usr/sbin/nginx |
#标识注释, 注释中的%也需要用%%代替,否则也会执行宏扩展
关于PHP打rpm包:
办法1: 写spec文件时不删除已编译的文件,下次把%setup %config %build 部分都去掉,直接install,不过这时候需要在install的时候显式的cd到指定的目录
办法2: 直接提供编译好的文件作为源文件,然后spec文件中不写编译语句
办法3: make 时添加选项: %{?_smp_mflags} 即:如果是多处理器的话则并行编译
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
Name: beebank-test Version: 1.0.0 Release: 1 Summary: phpor's hello world Group: Development/Languages License: BSD URL: http://phpor.net Source0: beebank-test-1.0.0.tar.gz %description test %prep read -p "prep ok , press enter to continue..." %setup -q read -p "setup ok , press enter to continue..." %build read -p "build ok , press enter to continue..." %configure read -p "configure ok , press enter to continue..." make read -p "make ok , press enter to continue..." %install read -p "install ok , press enter to continue..." %makeinstall read -p "makeinstall ok , press enter to continue..." %files /usr/bin/hello %config /etc/hello.conf %doc %changelog |
实例:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
#!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}" mkdir -p `dirname "$RPM_BUILD_ROOT"` mkdir "$RPM_BUILD_ROOT" cd 'beebank-test-1.0.0' LANG=C export LANG unset DISPLAY /usr/bin/make \ prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ exec_prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ bindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/bin \ sbindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/sbin \ sysconfdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/etc \ datadir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share \ includedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/include \ libdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/lib64 \ libexecdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/libexec \ localstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var \ sharedstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var/lib \ mandir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/man \ infodir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/info \ install sleep 100 /usr/lib/rpm/find-debuginfo.sh --strict-build-id "/home/phpor/rpmbuild/BUILD/beebank-test-1.0.0" /usr/lib/rpm/check-buildroot /usr/lib/rpm/redhat/brp-compress /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump /usr/lib/rpm/brp-python-bytecompile /usr/bin/python /usr/lib/rpm/redhat/brp-python-hardlink /usr/lib/rpm/redhat/brp-java-repack-jars |
从该脚本来看,里面并没有出现解压缩源码包(%setup)部分的逻辑,即:其中没有包含%prep %setup 部分逻辑,而是从%build部分开始的,%build 逻辑:
1 2 3 4 5 6 |
# rpm --eval '%build' %build LANG=C export LANG unset DISPLAY |
其实,%prep (包含%setup逻辑)是一个单独的临时脚本文件,如下:
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.L3sv7t
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
# cat /var/tmp/rpm-tmp.L3sv7t #!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" LANG=C export LANG unset DISPLAY read -p "prep ok , press enter to continue..." cd '/home/phpor/rpmbuild/BUILD' rm -rf 'beebank-test-1.0.0' /usr/bin/gzip -dc '/home/phpor/rpmbuild/SOURCES/beebank-test-1.0.0.tar.gz' | /bin/tar -xf - STATUS=$? if [ $STATUS -ne 0 ]; then exit $STATUS fi cd 'beebank-test-1.0.0' /bin/chmod -Rf a+rX,u+w,g-w,o-w . read -p "setup ok , press enter to continue..." exit 0 |
%build 部分是一个单独的脚本,一般包含./configure && make,如下:
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.oaK7vF
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
#!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" cd 'beebank-test-1.0.0' LANG=C export LANG unset DISPLAY read -p "build ok , press enter to continue..." CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CFLAGS ; CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic}" ; export CXXFLAGS ; FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu \ --target=x86_64-redhat-linux-gnu \ --program-prefix= \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=/usr/lib64 \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --sharedstatedir=/var/lib \ --mandir=/usr/share/man \ --infodir=/usr/share/info read -p "configure ok , press enter to continue..." make read -p "make ok , press enter to continue..." exit 0 |
%install是单独一个中间shell脚本,如下:
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.f9kumb
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
#!/bin/sh RPM_SOURCE_DIR="/home/phpor/rpmbuild/SOURCES" RPM_BUILD_DIR="/home/phpor/rpmbuild/BUILD" RPM_OPT_FLAGS="-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic" RPM_ARCH="x86_64" RPM_OS="linux" export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS RPM_DOC_DIR="/usr/share/doc" export RPM_DOC_DIR RPM_PACKAGE_NAME="beebank-test" RPM_PACKAGE_VERSION="1.0.0" RPM_PACKAGE_RELEASE="1" export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE LANG=C export LANG unset CDPATH DISPLAY ||: RPM_BUILD_ROOT="/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64" export RPM_BUILD_ROOT PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig" export PKG_CONFIG_PATH set -x umask 022 cd "/home/phpor/rpmbuild/BUILD" [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf "${RPM_BUILD_ROOT}" mkdir -p `dirname "$RPM_BUILD_ROOT"` mkdir "$RPM_BUILD_ROOT" cd 'beebank-test-1.0.0' LANG=C export LANG unset DISPLAY read -p "install ok , press enter to continue..." /usr/bin/make \ prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ exec_prefix=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr \ bindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/bin \ sbindir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/sbin \ sysconfdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/etc \ datadir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share \ includedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/include \ libdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/lib64 \ libexecdir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/libexec \ localstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var \ sharedstatedir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/var/lib \ mandir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/man \ infodir=/home/phpor/rpmbuild/BUILDROOT/beebank-test-1.0.0-1.x86_64/usr/share/info \ install read -p "makeinstall ok , press enter to continue..." /usr/lib/rpm/find-debuginfo.sh --strict-build-id "/home/phpor/rpmbuild/BUILD/beebank-test-1.0.0" /usr/lib/rpm/check-buildroot /usr/lib/rpm/redhat/brp-compress /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip /usr/lib/rpm/redhat/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump /usr/lib/rpm/brp-python-bytecompile /usr/bin/python /usr/lib/rpm/redhat/brp-python-hardlink /usr/lib/rpm/redhat/brp-java-repack-jars |
其中包含生成debuginfo,如果不想生成debuginfo,则可以在 ~/.rpmmacros 中添加:
1 |
%debug_package %{nil} |
参考: 制作PHP rpm包