rpm-packager
v1.0.0Build installable RPM packages from source code on CentOS/RHEL by creating SPEC files and compiling for versions 7, 8, or 9 RPM-based systems.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description match the included files: a build script and SPEC template that create RPMs. However, the registry metadata declares no required binaries or OS restriction while SKILL.md and the script clearly rely on rpm-build, mock, gcc/make and expect CentOS/RHEL tooling. This is a documentation inconsistency (not necessarily malicious) that could confuse users about what must be installed.
Instruction Scope
The SKILL.md instructions and build script stay within the stated scope: preparing source, creating a tarball, generating a SPEC file, and running rpmbuild/mock. They require sudo only for installing prerequisites (not for the build itself). There are no instructions to read unrelated system files, exfiltrate data, or call external endpoints.
Install Mechanism
This is an instruction-only skill with no install spec — lowest-risk install model. All code is included in the bundle (scripts and templates); there are no downloads from external URLs or archive extraction from untrusted hosts.
Credentials
The skill does not request credentials or secrets. It does use optional environment variables (RPM_BUILDER_NAME, RPM_BUILD_DIR) documented in SKILL.md and consumed by the script, but none are declared in the skill's metadata. This is a minor mismatch in metadata vs. behavior but not a secret-exfiltration risk.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always:false). It writes build outputs under the user's home (~/rpmbuild) and runs build tools locally. The only privileged action mentioned is using sudo to install prerequisite packages, which is standard for preparing a build environment.
Assessment
This skill appears to do what it says: build RPMs using local build tools. Before using it: (1) review the included script and spec-template yourself (they are provided); (2) run builds on a non-sensitive machine or VM if you have any doubt; (3) ensure you have the required tooling installed (rpm-build, mock, gcc, make) — SKILL.md mentions them but the metadata does not; (4) the script writes to ~/rpmbuild and will include whatever is in your source directory in the package, so verify source contents to avoid packaging secrets; and (5) do not run the sudo install commands unless you trust the environment. Overall the skill is coherent and low-risk, but the metadata omissions are a documentation gap to be aware of.Like a lobster shell, security has layers — review code before you run it.
latest
RPM Packager Skill
Transform source code into installable RPM packages for CentOS/RHEL systems.
Quick Start
# Basic usage
./scripts/build-rpm.sh <source-dir> <package-name> <version> <release>
# Example
./scripts/build-rpm.sh ./myapp myapp 1.0.0 1
Workflow
1. Prepare Source Code
Ensure source code is ready:
- Has a build system (Makefile, CMakeLists.txt, setup.py, etc.)
- Clean directory structure
- No build artifacts
2. Check Prerequisites
Required tools on CentOS/RHEL (requires sudo privileges):
sudo yum install rpm-build mock gcc make
Note: Installing system packages requires
sudoprivileges. The build process itself runs as your user account.
3. Run Build Script
cd ~/.openclaw/workspace/skills/rpm-packager
chmod +x scripts/build-rpm.sh
./scripts/build-rpm.sh /path/to/source package-name 1.0.0 1
4. Verify Output
Build produces:
- Binary RPM:
~/rpmbuild/RPMS/x86_64/package-name-1.0.0-1.el8.x86_64.rpm - Source RPM:
~/rpmbuild/SRPMS/package-name-1.0.0-1.el8.src.rpm
5. Install & Test
# Install the RPM
sudo rpm -ivh ~/rpmbuild/RPMS/x86_64/package-name-1.0.0-1.el8.x86_64.rpm
# Or use yum/dnf for dependency resolution
sudo yum localinstall ~/rpmbuild/RPMS/x86_64/package-name-1.0.0-1.el8.x86_64.rpm
# Verify installation
rpm -q package-name
SPEC File Customization
For complex packages, customize the SPEC file:
- Review template: See references/spec-template.md
- Edit generated SPEC: Modify
~/rpmbuild/SPECS/package-name.spec - Rebuild:
rpmbuild -ba ~/rpmbuild/SPECS/package-name.spec
Common Customizations
Add dependencies:
BuildRequires: python3-devel openssl-devel
Requires: python3 openssl-libs
Custom install paths:
%install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_sysconfdir}/package-name
install -m 755 myapp %{buildroot}%{_bindir}/
install -m 644 config.conf %{buildroot}%{_sysconfdir}/package-name/
Include documentation:
%files
%doc README.md LICENSE CHANGELOG.md
%{_bindir}/myapp
Build for Different CentOS Versions
Use mock for clean builds targeting specific versions:
# CentOS 7
mock -r centos-7-x86_64 package-name.spec
# CentOS 8
mock -r centos-8-x86_64 package-name.spec
# CentOS 9
mock -r centos-9-x86_64 package-name.spec
Environment Variables
| Variable | Default | Description |
|---|---|---|
RPM_BUILDER_NAME | OpenClaw Builder | Builder name in changelog |
RPM_BUILD_DIR | ~/rpmbuild | Custom build directory |
Troubleshooting
Build fails with "No such file or directory"
- Check
BuildRequiresfor missing tools - Verify source tarball extracts correctly
RPM installs but command not found
- Ensure
%filessection includes correct paths - Check executable permissions in
%install
Dependency errors during install
- Add missing
Requiresentries to SPEC file - Use
yum localinstallinstead ofrpm -ifor auto-dependency resolution
Output Locations
After successful build:
- Binary RPMs:
~/rpmbuild/RPMS/<arch>/ - Source RPM:
~/rpmbuild/SRPMS/ - Build logs:
~/rpmbuild/BUILDLOGS/ - SPEC files:
~/rpmbuild/SPECS/
Security Notes
- Build directory defaults to
~/rpmbuildto avoid conflicts with system-wide builds - Builder identity is anonymized by default (uses
OpenClaw Builder) - No personal information is embedded in generated RPMs unless explicitly configured
Comments
Loading comments...
