5 1 0:RPM Repository

From SEPsesam


Welcome to the latest SEP sesam documentation version 5.1.0 Apollon. For previous documentation version(s), check documentation archive.


Overview


As of SEP sesam Beefalo, SEP sesam provides signed RPM repositories for installation on SLES and Red Hat Linux. The distribution package manager (zypper, yum) can be used to ease installation and validation of the packages.

Supported Systems

The following RPM-based distributions are supported:

  • SLES (12, 15)
  • CentOS (7)
  • Red Hat (RHEL7, RHEL8, RHEL9)

For details on supported systems, check SEP sesam OS and Database Support Matrix.

Configuring RPM-based repositories

SUSE-based distributions

SUSE Linux Enterprise Server (SLES) includes the standard tool zypper which is common for package management.

Steps

  1. Add the RPM repository by using a zypper command for the relevant version (SLES12 or SLES15). Replace the <ARCHITECTURE> and <VERSION> with the appropriate values. In our example, the repository for SLES12 on x86_64 will be added.
  2. For SLES12 use:
    zypper ar https://download.sep.de/linux/SuSE/x86_64/SLES12/ SESAM

    For SLES15 use:

    zypper ar https://download.sep.de/linux/SuSE/x86_64/SLES15/ SESAM
  3. Refresh the repository cache and accept the displayed signature details.
  4. zypper refresh
     Retrieving repository 'SESAM' metadata 
     ----------------------------------------------------------------------------- [\]
     New repository or package signing key received:
     Repository:       SESAM
     Key Name:         SEP AG (SEP Sesam Repository key) <support@sep.de>
     Key Fingerprint:  '''3C686930 80A255BB C9D41B40 68111EBB D273917B'''
     Key Created:      Tue 24 Nov 2018 04:33:32 PM CET
     Key Expires:      (does not expire)
     Subkey:           8F6D1096F55D8127 2018-11-24 [does not expire]
     Rpm Name:         gpg-pubkey-d273917b-5654834c 
  5. Install SEP sesam Server or SEP sesam Client.
  6. For SEP sesam Server use:
    # zypper install sesam_srv

    For SEP sesam Client use:

    # zypper install sesam_cli

    For details, see SEP sesam Quick Install Guide.

Red Hat-based distributions

RHEL-based distributions include the standard tool yum which is common for package management. Red Hat Linux stores information about each repository in a separate file in the /etc/yum.repos.d directory.

Steps

  1. Create a configuration file in the /etc/yum.repos.d/sesam.repo as shown below and replace the <VERSION> and <ARCHITECTURE> with the appropriate values.
  2. [SEPSesam]
    name=SEP Sesam
    baseurl=https://download.sep.de/linux/RedHat/x86_64/RHEL7/
    enabled=1
    gpgkey=https://download.sep.de/linux/RedHat/x86_64/RHEL7/repodata/repomd.xml.key
    gpgcheck=1
  3. Refresh your yum repository:
  4. # yum updateinfo 
  5. Install any of the SEP sesam components (SEP sesam Server, Client or GUI) by using the following command:
  6. # yum install <component>

    For example, to install SEP sesam Client:

    # yum install sesam_cli

    For details, see SEP sesam Quick Install Guide.

RHEL 9

Currently the Sesam repository uses GPG keys which include SHA1 signatures. RHEL9 has deprecated support for SHA1 signatures. Before installation on RHEL9, you must enable SHA1 support by issuing the following command:

update-crypto-policies --set DEFAULT:SHA1

Verifying package signatures

For manual verification, make sure the GPG key you have imported matches the fingerprint of the SEP archive key.

The fingerprint of the SEP GPG key for signatures is:

3C686930 80A255BB C9D41B40 68111EBB D273917B

Verify GPG signature via package manager

Both zypper and yum will check the repositories and RPM packages signatures during installation, so no additional steps are required.

Verify GPG signature via RPM

In case no package manager is used, the RPM packages can also be verified by using RPM only.

Steps

  1. Download the GPG public key:
  2. # curl https://download.sep.de/linux/SuSE/x86_64/SLES12/repodata/repomd.xml.key > sep.key
  3. Import the GPG key into the RPM database:
  4. # rpm --import sep.key
  5. Download the SEP sesam component and verify its signature. The following examples show how to verify the signature for SEP sesam Client depending on your Linux distribution.
  6. For Red Hat use:
    # rpm -K <PACKAGE>-<VERSION>.rpm 
     sesam_cli-4.4.3-67.rhel7.x86_64.rpm: rsa sha1 (md5) pgp md5 OK

    For SUSE use:

    # rpm -v --checksig <PACKAGE>-<VERSION>.rpm
    sesam_cli-4.4.3-67.sles15.x86_64.rpm:
       Header V4 RSA/SHA1 Signature, key ID d273917b: OK
       [..]


See also

SEP sesam Quick Install Guide

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.