5 1 0:RPM Repository
Overview
As of SEP sesam Beefalo, SEP sesam provides signed RPM repositories for installation on SLES and Red Hat Linux. The distribution package manager (zypper, yum) can be used to ease installation and validation of the packages.
Supported Systems
The following RPM-based distributions are supported:
- SLES (12, 15)
- CentOS (7)
- Red Hat (RHEL7, RHEL8, RHEL9)
For details on supported systems, check SEP sesam OS and Database Support Matrix.
Configuring RPM-based repositories
SUSE-based distributions
SUSE Linux Enterprise Server (SLES) includes the standard tool zypper which is common for package management.
Steps
- Add the RPM repository by using a zypper command for the relevant version (SLES12 or SLES15). Replace the <ARCHITECTURE> and <VERSION> with the appropriate values. In our example, the repository for SLES12 on x86_64 will be added. For SLES12 use:
- Refresh the repository cache and accept the displayed signature details.
- Install SEP sesam Server or SEP sesam Client. For SEP sesam Server use:
zypper ar https://download.sep.de/linux/SuSE/x86_64/SLES12/ SESAM
For SLES15 use:
zypper ar https://download.sep.de/linux/SuSE/x86_64/SLES15/ SESAM
zypper refresh Retrieving repository 'SESAM' metadata ----------------------------------------------------------------------------- [\] New repository or package signing key received: Repository: SESAM Key Name: SEP AG (SEP Sesam Repository key) <support@sep.de> Key Fingerprint: '''3C686930 80A255BB C9D41B40 68111EBB D273917B''' Key Created: Tue 24 Nov 2018 04:33:32 PM CET Key Expires: (does not expire) Subkey: 8F6D1096F55D8127 2018-11-24 [does not expire] Rpm Name: gpg-pubkey-d273917b-5654834c
# zypper install sesam_srv
For SEP sesam Client use:
# zypper install sesam_cli
For details, see SEP sesam Quick Install Guide.
Red Hat-based distributions
RHEL-based distributions include the standard tool yum which is common for package management. Red Hat Linux stores information about each repository in a separate file in the /etc/yum.repos.d
directory.
Steps
- Create a configuration file in the
/etc/yum.repos.d/sesam.repo
as shown below and replace the <VERSION> and <ARCHITECTURE> with the appropriate values. - Refresh your yum repository:
- Install any of the SEP sesam components (SEP sesam Server, Client or GUI) by using the following command:
[SEPSesam] name=SEP Sesam baseurl=https://download.sep.de/linux/RedHat/x86_64/RHEL7/ enabled=1 gpgkey=https://download.sep.de/linux/RedHat/x86_64/RHEL7/repodata/repomd.xml.key gpgcheck=1
# yum updateinfo
# yum install <component>
For example, to install SEP sesam Client:
# yum install sesam_cli
For details, see SEP sesam Quick Install Guide.
RHEL 9
Currently the Sesam repository uses GPG keys which include SHA1 signatures. RHEL9 has deprecated support for SHA1 signatures. Before installation on RHEL9, you must enable SHA1 support by issuing the following command:
update-crypto-policies --set DEFAULT:SHA1
Verifying package signatures
For manual verification, make sure the GPG key you have imported matches the fingerprint of the SEP archive key.
The fingerprint of the SEP GPG key for signatures is:
3C686930 80A255BB C9D41B40 68111EBB D273917B
Verify GPG signature via package manager
Both zypper and yum will check the repositories and RPM packages signatures during installation, so no additional steps are required.
Verify GPG signature via RPM
In case no package manager is used, the RPM packages can also be verified by using RPM only.
Steps
- Download the GPG public key:
- Import the GPG key into the RPM database:
- Download the SEP sesam component and verify its signature. The following examples show how to verify the signature for SEP sesam Client depending on your Linux distribution. For Red Hat use:
# curl https://download.sep.de/linux/SuSE/x86_64/SLES12/repodata/repomd.xml.key > sep.key
# rpm --import sep.key
# rpm -K <PACKAGE>-<VERSION>.rpm sesam_cli-4.4.3-67.rhel7.x86_64.rpm: rsa sha1 (md5) pgp md5 OK
For SUSE use:
# rpm -v --checksig <PACKAGE>-<VERSION>.rpm sesam_cli-4.4.3-67.sles15.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID d273917b: OK [..]