Dnf download rpm install

Hello,

I am an everyday tester of a software that does not come with a repo.
A runnable rpm exists.

I wonder: can I crontab a dnf command to automatically download from URL and install the rpm?

Thanks!

1 Like

I have not tried this before but it seems doable.
I would first create a local repository for the rpm. This is the folder that will recieve the periodically downloaded rpm package. To create the local repo, run:

sudo dnf install createrepo

that installs the tools for creating the repository
Browse to the folder that will hold the package(s) and run:

createrepo ./

The folder becomes a repository but your Linux (Fedora) will still be oblivious of its existence. Next, create a configuration file for the repository. Open a text editor and type the following (You can change [local_repo_name] and “/path/to/your/repo” accordingly):

[local_repo_name]
name=A dynamic repo for testing an online RPM 
failovermethod=priority
baseurl=file:///path/to/your/repo
cost=300
enabled=1
#metadata_expire=7d
gpgcheck=0

Save the file as routine_testing.repo
Move the file into /etc/yum.repos.d/ (this requires root privileges)

Create the following script (I’ll call it “testing_repo.sh”):

# assuming the package_name doesn't change.  Otherwise, you might need to 
# establish the naming pattern and automate the changes in this script 
# accordingly
#    
wget -c -directory-prefix=/path/to/your/repo/ http://url/of/the/package
createrepo --update /path/to/your/repo/
dnf makecache
dnf install package_name

Now schedule the whole thing:
dnf install cronie

then:
sudo crontab -e

add the following:
0 0 * * * root /path/to/testing_repo.sh

save all and enable cron jobs:
systemctl enable crond.service

give it a shot!

7 Likes

You don’t need to create a repo if there’s only the one package. Since you know the URL, you can simply run:

dnf install <path to URL> -y

in cron via a script. The bit that I’m unsure about is how you’ll run this command with the necessary rights non-interactively. Possibly by setting it up in the crontab for your root account.

I wouldn’t suggest such a thing, though. You must always verify what the download is before installing it. I’d much rather write a script and remember to run it manually so that I can verify the rpm being downloaded.

7 Likes

You can also .

sudo dnf install https://…/mypackage.rpm

for repo use repofrompath option.

sudo dnf --repofrompath any_repo_template_name,repo_link install mypackage

example (use unique repo template name )

sudo dnf --repofrompath mycustomrepo,https://…/fedora_32 update mypackage -y

2 Likes

So this way it will verify the checksums automatically (--repofrompath)?

1 Like

Bummer! I should have known that.
This makes things super easy for you, @ingli. I would take @FranciscoD’s advice about authenticating packages seriously. Does the vendor provide a system of verification (PGP … perhaps)? if this is not a major concern for you, then use the part of my previous post – beginning at:

@FranciscoD’s suggestion nullifies the preceding texts. “ testing_repo.sh ” should now contain the following:

dnf install <path to URL> -y

Extremely simple, right? Don’t forget to replace <path to URL> with the appropriate URL.

Alternatively:
You could ditch the script completely and start from:

However, replace the crontab entry with the following instead:
0 0 * * * root dnf install <path to URL> -y
Of course, replacing the <path to URL> with the correct URL

NOTE:
With much power comes great responsibility.

2 Likes

I forgot this ,for gpg check It may also need --nogpgcheck option or --setopt ,something like that.

sudo dnf --repofrompath mycustomrepo,https://download.copr.fedorainfracloud.org/results/youssefmsourani/crunch/fedora-31-x86_64 install crunch --nogpgcheck

sudo dnf --repofrompath mycustomrepo,https://download.copr.fedorainfracloud.org/results/youssefmsourani/crunch/fedora-31-x86_64 install crunch --setopt=mycustomrepo.gpgcheck=0

By checksum, you mean verify the gpg? No, it won’t. Repositories must publish the keys they sign their packages with etc. for dnf/rpm to be able to verify it.

1 Like

(honestly, i was thought about sha or such)  But if dnf will be sourced with the published GPG keys, will your or @youssefmsourani’s commands above perform the checking (as there is a --nogpgcheck flag)?

If the repo publishes it, yes, dnf will check. That’s default behaviour. When installing a local package, this check may not be done—I’m not sure of the exact behaviour at the moment.

For correctness of the package, I think rpm includes information in the package header etc. That’s why sometimes when running dnf, faulty files are downloaded again from a different mirror.

2 Likes

Autosigning is also an option, if you have external ways of verifying the package’s integrity to a level of trust you feel comfortable with.

This is kind of off-topic for the original request here, but in case it’s useful to someone at some point: I regularly generate a local repo for the $HOME/rpmbuild/RPMS/ packages I’ve built using rpmbuild. My update script (Makefile, actually) goes through and signs all of the new builds before each createrepo run is triggered. (I have a passphrase-less GPG key on my keyring that’s also imported into rpm as a signing key, to make that possible.)

My top-level $HOME/rpmbuild/RPMS/Makefile contains:

all:

        @echo Signing new packages...
        find ./ -type f -newer .signlast \( -ipath ./x86_64/\*.rpm\
                -o -ipath ./i686/\*.rpm -o -ipath ./noarch/\*.rpm \) -print0\
                | xargs -r -0 -n100 rpmsign --resign
        touch .signlast

        for i in $(SUBDIRS); do \
                $(MAKE) -C $$i; \
        done

        @echo Expiring dnf cache
        sudo dnf --disablerepo=\* --enablerepo=local-\* clean expire-cache
        @echo Signaling PackageKit
        dbus-send --system --dest=org.freedesktop.PackageKit \
                --type=method_call --print-reply \
                /org/freedesktop/PackageKit \
                org.freedesktop.PackageKit.StateHasChanged string:postbuild

And the subdir Makefile (which has a corresponding local-subdir.conf repo config in /etc/yum.repos.d/) contains:

SRCDIRS = x86_64 i686 noarch

all:
        for srcdir in $(SRCDIRS); do \
          ln -fs ../$${srcdir}/*.rpm ./ ;\
        done
        symlinks -d .
        createrepo_c -d --update .

Oh, and my $HOME/.rpmmacros sets %_gpg_name to the identity of the signing key. I think that’s the final piece of the puzzle to making rpmsign go, so that all of this works. (I set it up over a decade ago, who can remember all of the details?)

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.