The source for the file utility + library is available from
ftp://ftp.astron.com/pub/file/
-The NSS library for encryption, and NSPR library which NSS uses.
-Both NSPR and NSS libraries and headers need to be installed during RPM
-compilation. As NSPR and NSS typically install their headers outside
-the regular include search path, you need to tell configure about this,
-eg something like:
+You will need a cryptographic library to support digests and signatures.
+This library may be Mozilla NSS, OpenSSL or beecrypt. Which library to use
+must be specified with the --with-crypto=[beecrypt|nss|openssl] argument
+to configure.
+
+If using the Mozilla NSS library for encyption (and NSPR library which
+NSS uses) it must be version 3.12 or later. Both NSPR and NSS libraries and
+headers need to be installed during RPM compilation. As NSPR and NSS
+typically install their headers outside the regular include search path,
+you need to tell configure about this, eg something like:
./configure <......> CPPFLAGS="-I/usr/include/nspr -I/usr/include/nss"
The NSPR and NSS libraries are available from
http://www.mozilla.org/projects/security/pki/nss/
http://www.mozilla.org/projects/nspr/
+If using the OpenSSL library for encryption, it must be version 1.0.2 or
+later. Note: when compiling against OpenSSL, there is a possible license
+incompatibility. For more details on this, see
+https://people.gnome.org/~markmc/openssl-and-the-gpl.html
+Some Linux distributions have different legal interpretations of this
+possible incompatibility. It is recommended to consult with a lawyer before
+building RPM against OpenSSL.
+Fedora: https://fedoraproject.org/wiki/Licensing:FAQ#What.27s_the_deal_with_the_OpenSSL_license.3F
+Debian: https://lists.debian.org/debian-legal/2002/10/msg00113.html
+
+The OpenSSL crypto library is available from https://www.openssl.org/
+
The Berkeley DB >= 4.3.x (4.5.x or newer recommended) is required for the
default database backend. BDB can be downloaded from
http://www.oracle.com/technology/software/products/berkeley-db/index.html
make
make install
-If you want to use the alternative SQLite backend for RPM database instead
-of the default Berkeley DB, it can be enabled with --enable-sqlite3 option
-to configure. Note that the SQLite backend is not as tested as BDB.
-SQLite >= 3.x is required and is available from
- http://www.sqlite.org/
-
For embedded Lua scripting support (recommended and enabled by default),
you'll need Lua >= 5.1 library + development environment installed.
Note that only the library is needed at runtime, RPM never calls external
is available from
http://www.nsa.gov/selinux/
-It may be desired to install bzip2, gzip, and lzma so that RPM can use these
+It may be desired to install bzip2, gzip, and xz/lzma so that RPM can use these
formats. Gzip is necessary to build packages that contain compressed
tar balls, these are quite common on the Internet.
-These are availible from
+These are available from
http://www.gzip.org
http://www.bzip.org
- http://tukaani.org/lzma/
+ http://tukaani.org/xz/
If you want to build the Python bindings to RPM library, it can be enabled
with --enable-python option to configure. You'll need to have Python (>= 2.3)
runtime and C API development environment installed, this is available from
http://www.python.org/
+To enable POSIX.1e draft 15 file capabilities support, configure with
+--with-cap. You'll also need recent libcap, available from:
+ http://ftp.kernel.org/pub/linux/libs/security/linux-privs/libcap2/
+
+To enable POSIX 1003.1e draft 17 ACL verification support, configure with
+--with-acl. You'll also need the ACL library, available from:
+ ftp://oss.sgi.com/projects/xfs/cmd_tars/
+
For best results you should compile with GCC and GNU Make. Users have
reported difficulty with other build tools (any patches to lift these
dependencies are welcome). Both GCC and GNU Make available from
make install
-If you wish to make a tarfile of the binaries so that you may easily
-install on machines with OS package managers other then rpm (ed note:
-what about putting gzip and bzip2 in the tar, modifying the
-/etc/rpmrc?):
-
- make tar
-
-when installing. If you do install from a tarball, you will need to do
-something like
-
- mkdir /var/lib/rpm
- rpm --initdb
+Rpm comes with an automated self-test suite. The test-suite relies heavily
+on fakechroot (https://github.com/dex4er/fakechroot/) and cannot be executed
+without it. Provided that fakechroot was found during configure,
+it can be executed after a successful build with:
-to initialize your rpm database.
+ make check
Finally, if you wish to prepare an rpm source tar ball, you should do
If you are going to install rpm on machines with OS package managers
other then rpm, you may choose to install the base rpm package via a
cpio instead of a tar file. Instead of running "make tar" during the
-build process, as discribed above, use the base rpm packages to create
+build process, as described above, use the base rpm packages to create
a cpio. After the rpms have been created run rpm2cpio on the base rpm
package, this will give you a cpio package which can then use to
install rpm on a new system.
RPM will need to be informed of all the dependencies which were
satisfied before RPM was installed. Typically this only refers to
libraries that are installed by the OS, but may include other
-libraries and packages which are availible at the time RPM is
+libraries and packages which are available at the time RPM is
installed and will not under RPM control. Another common example of
libraries which may need dependency provisions are precompiled
libraries which are installed by the OS package manager during system
build time. The list of dependencies you will wish to load into RPM
will depend on exactly how you bootstrap RPM onto your system and what
-parts of the sytem you put into packages as well as on the specific OS
+parts of the system you put into packages as well as on the specific OS
you are using.
The script vpkg-provides.sh can be used to generate a package which
and if you wish to ensure that some directories are not traversed you
can use the option:
- --ignore_dirs 'egrep|pattern|of|paths|to|ignore
+ --ignore_dirs 'grep-E|pattern|of|paths|to|ignore
By default the generated rpm will include a %verifyscript to verify
checksum of all files traversed has not changed. This additional
-check can be surpressed with:
+check can be suppressed with:
--no_verify
this filename by other programs a bit more difficult.
-GPG/PGP/PGP5
-------------
+GPG
+---
To use the signing features of rpm, you will need to configure certain
rpm macros in ~/.rpmmacros:
- %_signature gpg
%_gpg_name <GPG UID>
%_gpg_path %(echo $HOME)/.gnupg