SUSE Conversations


Creating add-on products with YaST

ataschner

By: ataschner

December 8, 2010 4:18 pm

Reads:871

Comments:0

Rating:0

SUSE Linux Enterprise ships with an “Add-On Creator” YaST module, which allows you to create and maintain custom defined products to be installed on SLE.

To ensure system integrity, the product and packages must be signed with a GPG key. In case this key does not already exist a the target machine, it needs to be imported into the local keystore before the software can be installed.

To build products, the obs-productconverter package (and its dependencies) from the SLE Software Development Kit 11 SP1 is needed. The ISO images for this can be downloaded from download.novell.com and installed using the YaST Add-On Products module. To save time later, search up the obs-productconverter package during SDK installation and mark it for installation in the same workflow.

Note:

If the installation of obs-productconverter fails due to a cryptic issue with perl-Net-SSLeay, then install perl-Net-SSLeay with

# zypper in perl-Net-SSLeay

and select to not forbid installation of perl-Net-SSLeay to resolve the conflict.

When running the YaST add-on-creator module on SLES 11 SP1, make sure to patch it at least up to the patchlevel provided by Novell of 24th of January 2011 to ensure proper operation.

Before you can build a product, drop the desired RPM packages in a directory on the machine to build on.
Now you are ready to start create the product.

Launch the Add-On Creator (sorry for the name confusion) module in YaST. If no products have already been created, the wizard to create a new one will start right away. Otherwise select to add a new Add-On Product from the list.

Initial dialog. Click all screen-shots to view the full-size image

Accept the default of creating a product from scratch and hit Next.

Name, product and package input dialog

Enter a product name for the add-on.

Select SLES 11 as required product.
Select or enter the path to the directory with the packages to build the product from.

Product definition dialog

Uncheck “Show Only Required Keywords”.

Content file fields of interest:

LABEL should be set to the “friendly” version of the product name.
NAME by default gets set to the product name specified in the previous dialog. This is a known issue (bug 646060), as it is the LABEL field that should have this content. The Label field is what the users sees during installation, while Name is what gets presented as “Internal name” by zypper (e.g. with # zypper products).

The best is to give NAME a short (spaceless) name like corp-addon.
(Confused about names ? It took me quite some hair to find heads and tails in this)

PATTERNS must be given the name of the required pattern that will be created in a later dialog – e.g. custom-apps.
The VENDOR field must be populated.

Product file fields of interest:

Set the description and summary to the same as LABEL above. Summary is what shows up in as the product name in YaST add-on and zypper products.

For SLES 11 SP1 requires must be changed, so that version gets appended with “.1″ :

Required products dialog

Next …

Package descriptions dialog

Please excuse the lack of creativity with the example packages…

Next…

Add a new pattern and select the appropriate architecture, version and release.

Configure the following characteristics about the pattern:

Description is the summary text what will be shown on the right when selecting the pattern in the selection dialog in the software management (YaST) module.

Edit Packages and select all.

Summary is the “short title” of the pattern (appearing in the pattern list on the left in the software management module).<,p>

Required pattern should already be checked – otherwise you typed a different pattern name than what was entered in the product dialog.

That should lead to something like this:

Pattern dialog

Tip:

In case you want to find out more details about content file, product file and pattern configuration, simply create a new add-on product and select to base it on an existing add-on. Then point to the installation source/medium of a small product like Subscription Management Tool. This will then import that configuration and can be useful for geeks like myself.

Hit Next…

Output settings dialog

Enter output settings.

Next…

Now select a GPG key to sign the product with. If none exists, create a new one by providing at least the following information:

GPG key creation dialog

Sign the product – needs to be done to avoid problems during installation.

Product signing dialog

Check Resign all packages and hit Next.

Overview dialog

Hit Finish and now you are ready to build the product

Add-On Creator Configuration Overview dialog

Select the product and click Build

In case the obs-productconverter package is not already installed, you will be prompted to have it installed the first time a product is built.

Now publish the product and install it. The YaST Installation server is a logical choice to publish products.

To install the above example product with AutoYaST, add the following entry to the <add-on> element of the profile:

      <listentry> 
        <media_url><your-url></media_url> 
        <product>Custom_Applications_for_SLES_11_SP1</product> 
        <product_dir>/</product_dir> 
        <name>Custom Applications</name> 
      </listentry>

The <product> should match the NAME field of the content file of the product.

To minimize confusion set <name> to the value of the LABEL field of the content file.

YaST software management pattern dialog

Dialog example when running YaST Add-On

If installed during OS installation, the installation flow will look like this:

Installation workflow dialog

The way to install the add-on product from a separate DVD is to use cd:///<add-on-directory> like this:

  <add-on>
   <add_on_products config:type="list">
     <listentry>
       <media_url>cd:///custom-apps</media_url>
       <product>Custom Applications</product>
       <product_dir>/</product_dir>
       <name>Custom Applications</name>
       <ask_on_error config:type="boolean">true</ask_on_error>
     </listentry>
   </add_on_products>
  </add-on>

<ask_on_error> will create a prompt to ask for the source when it is not available on the current media.

Although <product> must match the name of the add-on product that you define in the add-on creator utility, <name> can be anything is and what will be displayed in the package installation dialog.

This will make the installation workflow initially prompt the user with “Please make cd:///sample-addon available” to check the add-on.

After checking the add-on product metadata it will prompt for the SLES DVD and install the SLES packages.

Then a prompt to “Insert cd-<some-8digit-hex> (Disk1)” will appear. By checking “Show details” it will show the URL
“cd:///sample-addon”.

The system then reboots and prompts for the SLES DVD one last time during stage 2 of the installation.

Keeping the add-on packages up to date after installation

Updates to an add-on product installed on SUSE Linux Enterprise can be integrated into the regular update concept provided by the Subscription Management Tool for SLE (SMT). With SMT it is possible to publish an repository and get the client machines automatically subscribed to it as part of the normal registration functionality provided by the Novell Customer Center Configuration module in YaST or the suse_register tool. This is described in How to Use the Subscription Management Tool for SUSE Linux Enterprise 11.

For inspiration on how to create a repository with updates check out Creating a YUM Repository and Publishing it with SMT

About product/package signing

As mentioned earlier SLE by default requires packages to be signed by a known key. While the SUSE build keys are included in the initrd on the SLE installation medium, the key used to sign custom add-ons must be imported to the client.

If the key used to sign the product is not known during a user-initiated add-on product installation, he will be prompted to import it.

In case the add-on is to be installed as part of an AutoYaST-based installation, the following default elements in the <general> section of the profile allows the keys to be imported by the installation workflow.

    <signature-handling> 
      <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum> 
      <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key> 
      <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key> 
      <accept_unsigned_file config:type="boolean">true</accept_unsigned_file> 
      <accept_verification_failed config:type="boolean">false</accept_verification_failed> 
      <import_gpg_key config:type="boolean">true</import_gpg_key> 
    </signature-handling>

All might not be needed, feel free to test and narrow down (and let me know of the results).

To import the key on already installed SLE 11 machines, an execute job invoking a command like
rpm –import http://<installation-source>/content.key
could be distributed using an SMT server.

Hopefully this article has demystified the Add-On product concept of SUSE Linux Enterprise a little.

Changelog :
25 Jan 2011 :
Removed info about file chooser bug due to release of patch.

Download add-on-creator-cool-v1_1.pdf

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , ,
Categories: SUSE Linux Enterprise Desktop, SUSE Linux Enterprise Server, Technical Solutions

Disclaimer: As with everything else at SUSE Conversations, this content is definitely not supported by SUSE (so don't even think of calling Support if you try something and it blows up).  It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.

Comment

RSS