I am adding some sources to an existing rpm .spec file by URL and don't have them downloaded yet. Is there a way to get rpmbuild to download the sources rather than doing it manually?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
The spectool utility from the rpmdevtools package can do this. Just install rpmdevtools and point spectools at the .spec like so:
spectool -g -R SPECS/nginx.spec
It will download any missing sources into rpm's %{_sourcedir} (usually SOURCES) directory.
回答2:
For posterity, there is another way to do it, which does not need any additional tools or downloads:
rpmbuild --undefine=_disable_source_fetch -ba /path/to/your.spec
Downloading sources automatically is forbidden by default because RPM lacks built-in integrity checks for the source archives. The network has to be trusted, and any checksums and signatures checked. This restriction makes sense for package maintainers, as they are responsible for shipping trusted code.
However, when you know what you are doing and understand the risks, you may just forcibly lift the restriction.
回答3:
In the spec file, you can place %undefine _disable_source_fetch anywhere before the source URL.
For security purposes, you should also specify the sha256sum, and check it in the %prep section prior to setup.
Here is a working example:
Name: monit
Version: 5.25.1
Release: 1%{?dist}
Summary: Monitoring utility for unix systems
Group: Applications/System
License: GNU AFFERO GENERAL PUBLIC LICENSE version 3
URL: https://mmonit.com/monit/
%undefine _disable_source_fetch
Source0: https://mmonit.com/monit/dist/%name-%version.tar.gz
%define SHA256SUM0 4b5c25ceb10825f1e5404f1d8a7b21507716b82bc20c3586f86603691c3b81bc
%define debug_package %nil
BuildRequires: coreutils
%description
Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance
and repair and can execute meaningful causal actions in error situations.
%prep
echo "%SHA256SUM0 %SOURCE0" | sha256sum -c -
%setup -q
...
Credits
@YaroslavFedevych for undefine _disable_source_fetch.
回答4:
If you are getting sources from a (git) hosting service (github, etc..) there is support for automatically checking it out already built-in, when combined with _disable_source_fetch...
https://fedoraproject.org/wiki/Packaging:SourceURL
For example, for a specific githash from github:
%global commit 40-CHARACTER-HASH-VALUE
%global shortcommit %(c=%{commit}; echo ${c:0:7})
Source0: https://github.com/OWNER/PROJECT/archive/%{commit}/%{name}-%{shortcommit}.tar.gz
...
%prep
%autosetup -n PROJECT-%{commit}
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 仙女界的扛把子 的文章《How do I get rpmbuild to download all of the sourc》','https://www.manongdao.com/article-565729.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}