Linux Training : b. RPMs and Koji


As previously discussed, FOOBAR INC uses RPMS for all package management. The typical process to install an RPM is

# yum install <package>

. Sometimes yum will report that the package can not be found. When this happens, you should try to find out if someone else has already created an RPM for that particular software product. FOOBAR INC utilizes a subset of several different software repositories: EPEL, JPackage, and RHEL. All of the packages available from the upstream repositories are stored in our LIN:koji server. If you determine that a package that you need is in one of the upstream repositories but is not available within FOOBAR INC then you will need to tag the package as being approved. Follow the instructions in the LIN:koji section for more details.

If the package you require is not available within any of the upstream sources you should next check to see if it is within Fedora. You can do this by searching for the package on If you are able to locate the package on fedora you should contact the maintainer of the package in fedora to see if they are interested in supporting it for EPEL. This allows us to have it provided in EPEL for more people and reduce the burden on us maintaining the package.

If you are unable to locate the package anywhere upstream you will have to maintain the packge in our rpm repository. Your first step should be to check out the foobar-inc repository:

$ svn co svn+ssh://svn/srv/svn/it-svnroot/foobar-inc

. To add a package to RHEL5 you need to create a new directory inside the trunk directory with the name of the package:

$ mkdir foobar-inc/trunk/<package>

. You will then need a Makefile that can be copied and updated from another package within the trunk directory. Then create your spec file and follow the process below for building new packages.


FOOBAR INC uses koji to automate the building of rpms. The system is found at http://foobar-inc/koji. For information on koji generals look at

Initial Client Setup

These are the steps you need to take to be able to create RPMs within FOOBAR INC.

  1. Check out the foobar-inc repository:
    $ svn co svn+ssh://svn/srv/svn/it-svnroot/foobar-inc
  2. Install mock and koji.
    # yum install mock koji
  3. Copy the .cfg files from foobar-inc/trunk/common to /etc/mock:
    $ su -c 'cp foobar-inc/trunk/common/*.cfg /etc/mock'
  4. Have the lab create a user certificate for koji for you.
  5. Create your koji configuration file to be placed in ~/.koji/config Example provided below.
  6. Congratulations, you're ready to start making RPMs. Gee, that was easy. (smile)

;configuration for koji cli tool

;url of XMLRPC server
server = http://kojiserver.foobar-inc/kojihub

;url of web interface
weburl = http://kojiserver.foobar-inc/koji

;path to the koji top directory
;topdir = /mnt/koji

;configuration for SSL athentication

;client certificate, created by the it lab earlier
cert = ~/.foobar-inckoji.cert

;certificate of the CA that issued the client certificate
ca = /etc/foobar-inc-ca.crt

;certificate of the CA that issued the HTTP server certificate
serverca = /etc/foobar-inc-ca.crt

Building RPMS in Koji

  1. change directory to the RPM you want to create/build
  2. Make the changes to the files you want to. Please follow the guidelines on this page.
  3. make srpm to make sure the srpm can be built. If not, go back to step 2.
  4. make mockbuild to make sure the rpm can be built in mock.
  5. Once it builds in mockbuild you then make build which will build it in koji.

    If make build fails there are several cases in which it could happen:

    1. "BuildError: package mediawiki not in list for tag rhel5-foobar-candidate"
      • To correct this you'll need to add it to koji with koji add-pkg rhel5-foobar-candidate <package> --owner=koji
    2. "BuildrootError: error building package (arch x86_64), mock exited with status 10"
      • This means a package required by the package being built is not available to mock. This could mean several things. You'll need to determine what package it is by looking inside the root.log file then determining what to do about that missing package.
      • One possibility is the required package has not been tagged. If it is available in koji you will need to koji add-pkg --owner=koji <tag> <package name>; koji tag-pkg <tag> <package version>. An example is: koji add-pkg --owner=koji rhel5-epel-foobar-approved ocaml; koji tag-pkg rhel5-epel-foobar-approved ocaml-3.09.3-1.el5. This should only be done after you have verified the RPMs built with make mockbuild and the RPMs required for the packages you are building.
    3. "Error: ('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate expired'), ('SSL routines', 'SSL3_WRITE_BYTES', 'ssl handshake failure')"
      • This means that either the koji certificate is expired or your certificate has expired. Make sure your koji user certificate is up to date first
  6. Once built in koji you'll need to have the IT staff sign the RPMs. This is done by /root/ <tag> on the koji server (http://kojiserver.foobar-inc). This needs to be done before you leave for the day.
  7. Once you have signed the RPMs you'll need to write the signed RPMs out if you need them right away. This is done through koji write-signed-rpm f23ed84c <rpm build>

Koji Web Interface

The Koji web Interface can be reached by going to http://foobar-inc/koji( yes. This is a fake site ). You can browse around the koji web interface without logging in but you won't be able to perform any actions. The interface is separated by different tabs along the top. The main tabs that you will use day to day are Summary and Tasks. Additionally you will use the search bar in the top right.
The Summary tab provides an overview of recent activity in koji if you're not logged in. If you are logged in it displays your specific recent activity. Additionally it shows the packages that you are marked as owner.
The Tasks tab shows you what tasks the koji instance is currently working on. If you recently requested a package to be built you should see your package build job listed there. If your build fails you can resubmit it from the web interface.

The search bar supports globs so you could search for *foo* to find all packages with foo in the name. Additionally you can search for packages or rpms.

Pages with the label "RPM"

No content found for label(s) rpm.