Linux Hack of the Week #16: Creating RPMs

If you’re a regular Linux user, you probably love how easy it is to install files now. When I started using Unix and Linux, every package involved running the following:



make install

Back in the day, this was a problem because between each of those steps it was hard to determine which package contained the missing file libX.h that threw an error. Then if you download that package, you end up repeating the above steps into a downward spiral of dependency nightmares. Using RPMs (RPM Package Manager) solve this problem by installing all dependencies, allowing for auto updates, and having a single point to manage software. The bottom line is that if you are creating software, packaging it in an RPM will make your life much easier.


The tool used to build RPMs is rpm-build. It can be installed simply by using yum. Then, create the build environment:

The RPMbuild area consists of five directories. These include:

SOURCES: Contains the original sources
SPECS: Contains the spec files
BUILD: Temp directory for building
RPMS: Where binary files are stored
SRPMS: Where source RPMs are stored


The file that contains all of the build instructions is called the spec file. Let’s walk through the fields below:

Name: Name of package
Version: Version of package
Release: Release number
Summary: Summary of the app
Source: %{name}-%{version}.tar.gz
Group: Applications/System
Requires: Packages that are required
Packager: Your Name
BuildArchitectures: noarch/x86/etc

%description: Describe the application here

%prep: echo Building %{name}-%{version}-%{release}


tar -zxvf $RPM_SOURCE_DIR/%{name}-%{version}.tar.gz

%build: Executes build macro

%install: Executes install process

mkdir -p $RPM_BUILD_ROOT/data

cp -r $RPM_BUILD_DIR/%{name}-%{version}/* $RPM_BUILD_ROOT/.

%post: #Run post install processes

chkconfig example on


The source file should be placed in the SOURCES directory:

tar -zcvf foo-1.0.tar.gz foo

cp foo-1.0.tar.gz /root/rpmbuild/SOURCES/


Change directory back to your specs directory and run rpmbuild -ba example.spec:

Review the files that were created:


Test your new RPM by performing an install:


Now that you know how to build an RPM, you can package your own custom software. I find that this a great way to distribute open source projects, and having a package will help with adoption. I would recommend starting by creating your first RPM with something easy, and building from there. As always feel free to let me know if you have any questions

About Automox

Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit

Subscribe to Our Newsletter

Stay up to date on all things patch management

Reduce your threat surface by up to 80%

Make all of your corporate infrastructure more resilient by automating the basics of cyber hygiene.