Hello,
I am an everyday tester of a software that does not come with a repo.
A runnable rpm exists.
I wonder: can I crontab a dnf command to automatically download from URL and install the rpm?
Thanks!
Hello,
I am an everyday tester of a software that does not come with a repo.
A runnable rpm exists.
I wonder: can I crontab a dnf command to automatically download from URL and install the rpm?
Thanks!
I have not tried this before but it seems doable.
I would first create a local repository for the rpm. This is the folder that will recieve the periodically downloaded rpm package. To create the local repo, run:
sudo dnf install createrepo
that installs the tools for creating the repository
Browse to the folder that will hold the package(s) and run:
createrepo ./
The folder becomes a repository but your Linux (Fedora) will still be oblivious of its existence. Next, create a configuration file for the repository. Open a text editor and type the following (You can change [local_repo_name] and “/path/to/your/repo” accordingly):
[local_repo_name]
name=A dynamic repo for testing an online RPM
failovermethod=priority
baseurl=file:///path/to/your/repo
cost=300
enabled=1
#metadata_expire=7d
gpgcheck=0
Save the file as routine_testing.repo
Move the file into /etc/yum.repos.d/ (this requires root privileges)
Create the following script (I’ll call it “testing_repo.sh
”):
# assuming the package_name doesn't change. Otherwise, you might need to
# establish the naming pattern and automate the changes in this script
# accordingly
#
wget -c -directory-prefix=/path/to/your/repo/ http://url/of/the/package
createrepo --update /path/to/your/repo/
dnf makecache
dnf install package_name
Now schedule the whole thing:
dnf install cronie
then:
sudo crontab -e
add the following:
0 0 * * * root /path/to/testing_repo.sh
save all and enable cron jobs:
systemctl enable crond.service
give it a shot!
You don’t need to create a repo if there’s only the one package. Since you know the URL, you can simply run:
dnf install <path to URL> -y
in cron via a script. The bit that I’m unsure about is how you’ll run this command with the necessary rights non-interactively. Possibly by setting it up in the crontab for your root
account.
I wouldn’t suggest such a thing, though. You must always verify what the download is before installing it. I’d much rather write a script and remember to run it manually so that I can verify the rpm being downloaded.
sudo dnf install https://…/mypackage.rpm
for repo use repofrompath option.
sudo dnf --repofrompath any_repo_template_name,repo_link install mypackage
example (use unique repo template name )
sudo dnf --repofrompath mycustomrepo,https://…/fedora_32 update mypackage -y
So this way it will verify the checksums automatically (--repofrompath
)?
Bummer! I should have known that.
This makes things super easy for you, @ingli. I would take @FranciscoD’s advice about authenticating packages seriously. Does the vendor provide a system of verification (PGP … perhaps)? if this is not a major concern for you, then use the part of my previous post – beginning at:
@FranciscoD’s suggestion nullifies the preceding texts. “ testing_repo.sh
” should now contain the following:
dnf install <path to URL> -y
Extremely simple, right? Don’t forget to replace <path to URL>
with the appropriate URL.
Alternatively:
You could ditch the script completely and start from:
However, replace the crontab entry with the following instead:
0 0 * * * root dnf install <path to URL> -y
Of course, replacing the <path to URL>
with the correct URL
NOTE:
With much power comes great responsibility.
I forgot this ,for gpg check It may also need --nogpgcheck option or --setopt ,something like that.
sudo dnf --repofrompath mycustomrepo,https://download.copr.fedorainfracloud.org/results/youssefmsourani/crunch/fedora-31-x86_64 install crunch --nogpgcheck
sudo dnf --repofrompath mycustomrepo,https://download.copr.fedorainfracloud.org/results/youssefmsourani/crunch/fedora-31-x86_64 install crunch --setopt=mycustomrepo.gpgcheck=0
By checksum, you mean verify the gpg? No, it won’t. Repositories must publish the keys they sign their packages with etc. for dnf/rpm to be able to verify it.
(honestly, i was thought about sha or such) But if dnf will be sourced with the published GPG keys, will your or @youssefmsourani’s commands above perform the checking (as there is a --nogpgcheck
flag)?
If the repo publishes it, yes, dnf will check. That’s default behaviour. When installing a local package, this check may not be done—I’m not sure of the exact behaviour at the moment.
For correctness of the package, I think rpm includes information in the package header etc. That’s why sometimes when running dnf, faulty files are downloaded again from a different mirror.
Autosigning is also an option, if you have external ways of verifying the package’s integrity to a level of trust you feel comfortable with.
This is kind of off-topic for the original request here, but in case it’s useful to someone at some point: I regularly generate a local repo for the $HOME/rpmbuild/RPMS/
packages I’ve built using rpmbuild
. My update script (Makefile
, actually) goes through and signs all of the new builds before each createrepo
run is triggered. (I have a passphrase-less GPG key on my keyring that’s also imported into rpm
as a signing key, to make that possible.)
My top-level $HOME/rpmbuild/RPMS/Makefile
contains:
all:
@echo Signing new packages...
find ./ -type f -newer .signlast \( -ipath ./x86_64/\*.rpm\
-o -ipath ./i686/\*.rpm -o -ipath ./noarch/\*.rpm \) -print0\
| xargs -r -0 -n100 rpmsign --resign
touch .signlast
for i in $(SUBDIRS); do \
$(MAKE) -C $$i; \
done
@echo Expiring dnf cache
sudo dnf --disablerepo=\* --enablerepo=local-\* clean expire-cache
@echo Signaling PackageKit
dbus-send --system --dest=org.freedesktop.PackageKit \
--type=method_call --print-reply \
/org/freedesktop/PackageKit \
org.freedesktop.PackageKit.StateHasChanged string:postbuild
And the subdir Makefile
(which has a corresponding local-subdir.conf
repo config in /etc/yum.repos.d/
) contains:
SRCDIRS = x86_64 i686 noarch
all:
for srcdir in $(SRCDIRS); do \
ln -fs ../$${srcdir}/*.rpm ./ ;\
done
symlinks -d .
createrepo_c -d --update .
Oh, and my $HOME/.rpmmacros
sets %_gpg_name
to the identity of the signing key. I think that’s the final piece of the puzzle to making rpmsign
go, so that all of this works. (I set it up over a decade ago, who can remember all of the details?)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.