SUSE Linux Enterprise ships with an “Add-On Creator” YaST module, which allows you to create and maintain custom defined products to be installed on SLE.
To ensure system integrity, the product and packages must be signed with a GPG key. In case this key does not already exist a the target machine, it needs to be imported into the local keystore before the software can be installed.
To build products, the obs-productconverter package (and its dependencies) from the SLE Software Development Kit 11 SP1 is needed. The ISO images for this can be downloaded from download.novell.com and installed using the YaST Add-On Products module. To save time later, search up the obs-productconverter package during SDK installation and mark it for installation in the same workflow.
If the installation of obs-productconverter fails due to a cryptic issue with perl-Net-SSLeay, then install perl-Net-SSLeay with
# zypper in perl-Net-SSLeay
and select to not forbid installation of perl-Net-SSLeay to resolve the conflict.
When running the YaST add-on-creator module on SLES 11 SP1, make sure to patch it at least up to the patchlevel provided by Novell of 24th of January 2011 to ensure proper operation.
Before you can build a product, drop the desired RPM packages in a directory on the machine to build on.
Now you are ready to start create the product.
Launch the Add-On Creator (sorry for the name confusion) module in YaST. If no products have already been created, the wizard to create a new one will start right away. Otherwise select to add a new Add-On Product from the list.
Accept the default of creating a product from scratch and hit Next.
Enter a product name for the add-on.
Select SLES 11 as required product.
Select or enter the path to the directory with the packages to build the product from.
Uncheck “Show Only Required Keywords”.
Content file fields of interest:
LABEL should be set to the “friendly” version of the product name.
NAME by default gets set to the product name specified in the previous dialog. This is a known issue (bug 646060), as it is the LABEL field that should have this content. The Label field is what the users sees during installation, while Name is what gets presented as “Internal name” by zypper (e.g. with # zypper products).
The best is to give NAME a short (spaceless) name like corp-addon.
(Confused about names ? It took me quite some hair to find heads and tails in this)
PATTERNS must be given the name of the required pattern that will be created in a later dialog – e.g. custom-apps.
The VENDOR field must be populated.
Product file fields of interest:
Set the description and summary to the same as LABEL above. Summary is what shows up in as the product name in YaST add-on and zypper products.
For SLES 11 SP1 requires must be changed, so that version gets appended with “.1″ :
Please excuse the lack of creativity with the example packages…
Add a new pattern and select the appropriate architecture, version and release.
Configure the following characteristics about the pattern:
Description is the summary text what will be shown on the right when selecting the pattern in the selection dialog in the software management (YaST) module.
Edit Packages and select all.
Summary is the “short title” of the pattern (appearing in the pattern list on the left in the software management module).<,p>
Required pattern should already be checked – otherwise you typed a different pattern name than what was entered in the product dialog.
That should lead to something like this:
In case you want to find out more details about content file, product file and pattern configuration, simply create a new add-on product and select to base it on an existing add-on. Then point to the installation source/medium of a small product like Subscription Management Tool. This will then import that configuration and can be useful for geeks like myself.
Enter output settings.
Now select a GPG key to sign the product with. If none exists, create a new one by providing at least the following information:
Sign the product – needs to be done to avoid problems during installation.
Check Resign all packages and hit Next.
Hit Finish and now you are ready to build the product
Select the product and click Build
In case the obs-productconverter package is not already installed, you will be prompted to have it installed the first time a product is built.
Now publish the product and install it. The YaST Installation server is a logical choice to publish products.
To install the above example product with AutoYaST, add the following entry to the <add-on> element of the profile:
<listentry> <media_url><your-url></media_url> <product>Custom_Applications_for_SLES_11_SP1</product> <product_dir>/</product_dir> <name>Custom Applications</name> </listentry>
The <product> should match the NAME field of the content file of the product.
To minimize confusion set <name> to the value of the LABEL field of the content file.
Dialog example when running YaST Add-On
If installed during OS installation, the installation flow will look like this:
The way to install the add-on product from a separate DVD is to use cd:///<add-on-directory> like this:
<add-on> <add_on_products config:type="list"> <listentry> <media_url>cd:///custom-apps</media_url> <product>Custom Applications</product> <product_dir>/</product_dir> <name>Custom Applications</name> <ask_on_error config:type="boolean">true</ask_on_error> </listentry> </add_on_products> </add-on>
<ask_on_error> will create a prompt to ask for the source when it is not available on the current media.
Although <product> must match the name of the add-on product that you define in the add-on creator utility, <name> can be anything is and what will be displayed in the package installation dialog.
This will make the installation workflow initially prompt the user with “Please make cd:///sample-addon available” to check the add-on.
After checking the add-on product metadata it will prompt for the SLES DVD and install the SLES packages.
Then a prompt to “Insert cd-<some-8digit-hex> (Disk1)” will appear. By checking “Show details” it will show the URL
The system then reboots and prompts for the SLES DVD one last time during stage 2 of the installation.
Keeping the add-on packages up to date after installation
Updates to an add-on product installed on SUSE Linux Enterprise can be integrated into the regular update concept provided by the Subscription Management Tool for SLE (SMT). With SMT it is possible to publish an repository and get the client machines automatically subscribed to it as part of the normal registration functionality provided by the Novell Customer Center Configuration module in YaST or the suse_register tool. This is described in How to Use the Subscription Management Tool for SUSE Linux Enterprise 11.
For inspiration on how to create a repository with updates check out Creating a YUM Repository and Publishing it with SMT
About product/package signing
As mentioned earlier SLE by default requires packages to be signed by a known key. While the SUSE build keys are included in the initrd on the SLE installation medium, the key used to sign custom add-ons must be imported to the client.
If the key used to sign the product is not known during a user-initiated add-on product installation, he will be prompted to import it.
In case the add-on is to be installed as part of an AutoYaST-based installation, the following default elements in the <general> section of the profile allows the keys to be imported by the installation workflow.
<signature-handling> <accept_file_without_checksum config:type="boolean">true</accept_file_without_checksum> <accept_non_trusted_gpg_key config:type="boolean">true</accept_non_trusted_gpg_key> <accept_unknown_gpg_key config:type="boolean">true</accept_unknown_gpg_key> <accept_unsigned_file config:type="boolean">true</accept_unsigned_file> <accept_verification_failed config:type="boolean">false</accept_verification_failed> <import_gpg_key config:type="boolean">true</import_gpg_key> </signature-handling>
All might not be needed, feel free to test and narrow down (and let me know of the results).
To import the key on already installed SLE 11 machines, an execute job invoking a command like
rpm –import http://<installation-source>/content.key
could be distributed using an SMT server.
Hopefully this article has demystified the Add-On product concept of SUSE Linux Enterprise a little.
25 Jan 2011 :
Removed info about file chooser bug due to release of patch.