openssl、openssh制作rpm包
准备工作
下载源码包:
openssh-9.3p2: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p2.tar.gz
openssl-1.1.1t: https://www.openssl.org/source/old/1.1.1/openssl-1.1.1t.tar.gz
x11-ssh-askpass-1.2.4.1: https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
一、制作openssl rpm包
1、检查当前环境:
cat /etc/redhat-release
rpm -qa openssl
rpm -qa | grep openssl
openssl version
上传文件至服务器
rz -E
创建编译目录:
mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
2、安装依赖:
yum -y install curl which make gcc perl perl-WWW-Curl rpm-build
3、制作openssl.spec文件:
注意:由于openssl官方给的源码包中,没有openssl.spec文件,所以需要手动编写
cd /data/ssh && vim openssl.spec
Summary: OpenSSL 1.1.1t for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1t}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+
Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz
BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl
%description
OpenSSL RPM for version 1.1.1t on Centos
%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
OpenSSL RPM for version 1.1.1t on Centos (development package)
%prep
%setup -q
%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make
%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
%files devel
%{openssldir}/include/*
%defattr(-,root,root)
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
移动openssl源码包文件至/root/rpmbuild/SOURCES/ :
openssl.spec文件至/root/rpmbuild/SPECS/ :
4、制作openssl的rpm包:
cd /root/rpmbuild/SPECS/
rpmbuild -D "version 1.1.1t" -ba openssl.spec
看到如下显示,说明已制作完成
安装包路径
cd /root/rpmbuild/RPMS/x86_64/
5、升级openssl测试
查询当前openssl版本
rpm -aq | grep openssl
openssl version
移除当前openssl版本
rpm -e openssl-devel openssl11-libs openssl
开始安装:
rpm -ivh /root/rpmbuild/RPMS/x86_64/openssl-1.1.1t-1.el7.x86_64.rpm --nodeps
rpm -ivh /root/rpmbuild/RPMS/x86_64/openssl-devel-1.1.1t-1.el7.x86_64.rpm --nodeps
确认是否升级成功:
openssl version
二、制作openssh rpm包
注意:若openssl同时升级,在openssh制作rpm包时需要在openssl升级后的基础上进行制作,否则会造成** ssh -V 和 openssl version 命令显示的openssl版本号不同**。
1、检查当前环境:
cat /etc/redhat-release
rpm -qa openssh
rpm -qa | grep openssh
ssh -V
创建编译目录:
mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
上传文件至服务器
cp x11-ssh-askpass-1.2.4.1.tar.gz openssh-9.3p2.tar.gz /root/rpmbuild/SOURCES/
2、安装依赖
yum -y install rpm-build gcc zlib-devel perl-devel pam-devel openssl-devel
3、修改openssh.spec文件
tar -xvzf openssh-9.3p2.tar.gz
cp openssh-9.3p2/contrib/redhat/openssh.spec /root/rpmbuild/SPECS/
chown sshd:sshd /root/rpmbuild/SPECS/openssh.spec
vim openssh.spec
将原先openssh.spec中的
%global no_x11_askpass 0
%global no_gnome_askpass 0
修改为
%global no_x11_askpass 1
%global no_gnome_askpass 1
注释掉 #BuildRequires: openssl-devel < 1.1
让openssh不在依赖openssl1.1.1
#若ssh -V 提示without OpenSSL,需要添加openssl路径
which openssl #查找openssl的源路径
# %configure 最后一行添加如下:
--with-openssl=/usr/openssl \
删除以下三行:
%if %{without_openssl}
--without-openssl \
%endif
4、制作openssh rpm包
cd /root/rpmbuild/SPECS/
rpmbuild -ba openssh.spec
看到如下显示,说明已制作完成
安装包路径
cd /root/rpmbuild/RPMS/x86_64/
5、升级openssh测试
查询当前openssh版本
rpm -aq | grep openssh
ssh -V
备份ssh文件
mkdir -p /etc/{ssh_bak,pam_bak}
cp -arf /etc/ssh/* /etc/ssh_bak/
cp -arf /etc/pam.d/* /etc/pam_bak/
安装依赖
yum -y install pam-devel
开始安装:
rpm -Uvh openssh-9.3p2-1.el7.x86_64.rpm openssh-clients-9.3p2-1.el7.x86_64.rpm openssh-server-9.3p2-1.el7.x86_64.rpm --nodeps
确认是否升级成功:
ssh -V
恢复原ssh备份
cp -arf /etc/ssh_bak/* /etc/ssh/
cp -arf /etc/pam_bak/* /etc/pam.d/
chmod 600 /etc/ssh/ssh*key
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
重启sshd服务
systemctl daemon-reload
systemctl restart sshd
验证sshd服务
systemctl status sshd
作者:wiki 创建时间:2024-07-14 18:20
最后编辑:wiki 更新时间:2024-08-13 10:12
最后编辑:wiki 更新时间:2024-08-13 10:12