RPM and Raw Binary Repositories¶
Nexus hosts RPM packages for the executor CLI and raw binaries for sandbox wrapper scripts.
RPM Repositories¶
All RPM operations use port 443 (standard HTTPS), not the Docker ports.
Repository Structure¶
| Repository | Type | Write Policy | Purpose |
|---|---|---|---|
yum-hosted-dev |
Hosted | ALLOW (mutable) | CI builds push RPMs here |
yum-hosted-uat |
Hosted | ALLOW_ONCE | UAT-promoted RPMs |
yum-hosted-prod |
Hosted | ALLOW_ONCE | Production RPMs |
yum-proxy-epel9 |
Proxy | Cache only | EPEL 9 |
yum-proxy-rocky-baseos |
Proxy | Cache only | Rocky Linux BaseOS |
yum-proxy-rocky-appstream |
Proxy | Cache only | Rocky Linux AppStream |
yum-group-dev |
Group | Read-only | Dev server install endpoint |
yum-group-uat |
Group | Read-only | UAT server install endpoint |
yum-group-prod |
Group | Read-only | Production server install endpoint |
RPM Upload (CI Push)¶
# Upload RPM to dev repository
curl --upload-file orchestrator-executor-0.3.0-1.el9.x86_64.rpm \
-u "${NEXUS_USER}:${NEXUS_PASSWORD}" \
"https://nexus.shared.cwiq.io/repository/yum-hosted-dev/orchestrator/executor/orchestrator-executor-0.3.0-1.el9.x86_64.rpm"
RPM Install (Server)¶
Servers are configured with a .repo file pointing to the group endpoint:
[cwiq-dev]
name=CWIQ DEV
baseurl=https://nexus.shared.cwiq.io/repository/yum-group-dev/
enabled=1
gpgcheck=0
Install:
CI/CD Variables (Executor)¶
# executor/.gitlab-ci.yml
variables:
NEXUS_URL: https://nexus.shared.cwiq.io
NEXUS_RPM_REPO: ${NEXUS_URL}/repository/yum-hosted-dev
RPM Artifact Path Pattern¶
Example: orchestrator-executor-0.3.0-1.el9.x86_64.rpm
RPM Build Notes¶
RPM dist macro — do not add .${DIST} in rpmbuild --define
Use %{?dist} macro only. Adding .${DIST} in rpmbuild --define dist causes a double suffix (e.g., .el9.el9).
Nuitka --onefile RPM build
Add %define __strip /bin/true in the RPM spec when building Nuitka --onefile binaries to prevent strip from corrupting the binary.
Raw Binary Repositories¶
Raw repositories store arbitrary files — executor binaries, sandbox wrapper scripts, and similar artifacts.
Repository Structure¶
| Repository | Type | Write Policy | Purpose |
|---|---|---|---|
raw-hosted-dev |
Hosted | ALLOW | CI builds push here |
raw-hosted-uat |
Hosted | ALLOW_ONCE | UAT-promoted binaries |
raw-hosted-prod |
Hosted | ALLOW_ONCE | Production binaries |
Raw Artifact Path Pattern¶
Examples:
- orchestrator-executor-0.3.0 — release build
- orchestrator-executor-main-a1b2c3d — main branch build
- orchestrator-sandbox-0.3.0.sh — sandbox wrapper script
Upload Raw Binary¶
curl --upload-file orchestrator-executor-0.3.0 \
-u "${NEXUS_USER}:${NEXUS_PASSWORD}" \
"https://nexus.shared.cwiq.io/repository/raw-hosted-dev/orchestrator/executor/orchestrator-executor-0.3.0"
Download Raw Binary¶
curl -fsSL \
-u "${NEXUS_USER}:${NEXUS_PASSWORD}" \
"https://nexus.shared.cwiq.io/repository/raw-hosted-dev/orchestrator/executor/orchestrator-executor-0.3.0" \
-o /usr/local/bin/orchestrator-executor
chmod +x /usr/local/bin/orchestrator-executor
CI/CD Variables (Executor Raw)¶
# executor/.gitlab-ci.yml
variables:
NEXUS_RAW_REPO: ${NEXUS_URL}/repository/raw-hosted-dev/orchestrator/executor
Related Documentation¶
- Overview — Port architecture and repository types
- Service Accounts — Vault JWT authentication
- Artifact Naming — Binary naming conventions