文章详情

短信预约-IT技能 免费直播动态提醒

请输入下面的图形验证码

提交验证

短信预约提醒成功

rpmbuild制作openssh和openssl安装包

2023-09-06 18:13

关注

系统版本:CentOS Linux release 7.6.1810 (AltArch)、CentOS Linux release 7.6.1810 (Core)

系统架构:4.14.0-115.el7a.0.1.aarch64、3.10.0-957.el7.x86_64

软件版本:openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz、openssl-1.1.1q.tar.gz

注意:ARM架构yum源配置暂时未能成功通过阿里云镜像、网易镜像成功创建

更新yum源:

清除缓存

yum clean all

备份

mv /etc/yum.repos.d /etc/yum.repos.d.bak

创建新的yum.repos.d目录

mkdir /etc/yum.repos.d

在/etc/yum.repos.d目录下面创建以下三个文件,如下所示

cd /etc/yum.repos.dtouch CentOS-Base.repotouch ceph.repotouch epel.repo

编辑CentOS-Base.repo、ceph.repo、epel.repo源文件

vi /etc/yum.repos.d/CentOS-Base.repo# CentOS-Base.repo## The mirror system uses the connecting IP address of the client and the# update status of each mirror to pick mirrors that are updated to and# geographically close to the client.  You should use this for CentOS updates# unless you are manually picking other mirrors.## If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead.## [base]name=CentOS-7 - Base - mirrors.aliyun.comfailovermethod=prioritybaseurl=http://mirrors.ustc.edu.cn/centos-altarch/7/os/$basearch/#baseurl=http://mirrors.aliyun.com/centos/7/os/$basearch/gpgcheck=1enabled=1#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32  #released updates [updates]#name=CentOS-7 - Updates - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/updates/$basearch/#gpgcheck=1#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7name=CentOS-$releasever - Updates# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updatesbaseurl=http://mirrors.ustc.edu.cn/centos-altarch/$releasever/updates/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32 #additional packages that may be useful[extras]#name=CentOS-7 - Extras - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/#gpgcheck=1#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packagesname=CentOS-$releasever - Extras# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extrasbaseurl=http://mirrors.ustc.edu.cn/centos-altarch/$releasever/extras/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32[centosplus]#name=CentOS-7 - Plus - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/centosplus/$basearch/#gpgcheck=1#enabled=0#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 name=CentOS-$releasever - Plus# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplusbaseurl=http://mirrors.ustc.edu.cn/centos-altarch/$releasever/centosplus/$basearch/gpgcheck=1enabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7       file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32#contrib - packages by Centos Users#[contrib]#name=CentOS-7 - Contrib - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/contrib/$basearch/#gpgcheck=1#enabled=0#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
vi /etc/yum.repos.d/ceph.repo[ceph]name=cephbaseurl=http://mirrors.163.com/ceph/rpm-jewel/el7/aarch64/gpgcheck=1[ceph-noarch]name=cephnoarchbaseurl=http://mirrors.163.com/ceph/rpm-jewel/el7/noarch/gpgcheck=1
vi /etc/yum.repos.d/epel.repo[epel]name=Extra Packages for Enterprise Linux 7 - $basearchbaseurl=http://mirrors.aliyun.com/epel/7/$basearchfailovermethod=priorityenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo]name=Extra Packages for Enterprise Linux 7 - $basearch - Debugbaseurl=http://mirrors.aliyun.com/epel/7/$basearch/debugfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=1 [epel-source]name=Extra Packages for Enterprise Linux 7 - $basearch - Sourcebaseurl=http://mirrors.aliyun.com/epel/7/SRPMSfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=1

建立缓存

yum makecache

安装基础依赖包和rpmbuild依赖包:

yum install rpm-build gcc gcc-c++ glibc glibc-devel  openssl openssl-devel \   prce pcre-devel zlib zlib-devel perl perl-devel make imake wget xmkmf \  initscripts  krb5-devel pam-devel krb5-devel libX11-devel libXt-devel gtk2-devel autoconf libtool unzip gdb
yum install rpm-build rpmdevtools tree -y  #安装rpmbuild和依赖

创建rpmbuild目录

rpmdev-setuptree     #创建rpmbuild目录tree /root/rpmbuild  #查看创建的rpmbuild目录

下载openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz的源码包,并将源码包放到/root/rpmbuild/SOURCES目录下

这里有两种方法下载openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz的源码包:

第一种是在线下载,直接通过wget  --no-check-certificate  -c命令去下载

第二种是去openssh官网下载,然后将openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz的源码包上传或拷贝到/root/rpmbuild/SOURCES目录下

openssh官网:

https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz

https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz

x11-ssh-askpass-1.2.4.1.tar.gz下载:

https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

注意这里以openssh-8.9p1.tar.gz为例: 

cd /root/rpmbuild/SOURCES   #进到该目录下#使用wget命令在线下载openssh-8.9p1.tar.gz源码包wget --no-check-certificate -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz #使用wget命令在线下载x11-ssh-askpass-1.2.4.1.tar.gz源码包wget --no-check-certificate -c https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz

制作openssh.spec文件

一般这个openssh.spec文件会在openssh源码包里面,将openssh源码包里的openssh.spec文件拷贝到/root/rpmbuild/SPECS/目录下

tar -zxvf openssh-8.9p1.tar.gz   #解压openssh-8.9p1源码包#将openssh-8.9p1源码包中的openssh.spec文件拷贝到/root/rpmbuild/SPECS/目录下cp openssh-8.9p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS 

制作openssh的rpm包

cd /root/rpmbuild/SPECS    #进入到该目录下,检查openssh.spec文件是否拷贝过来#编辑openssh.spec文件(如果制作多个版本的openssh.spec文件,可以重命名openssh.spec文件用来区分)vi /root/rpmbuild/SPECS/openssh8.9.spec#注释掉BuildRequires: openssl-develsed -i -e "s/BuildRequires: openssl-devel < 1.1/# BuildRequires: openssl-devel < 1.1/g" /root/rpmbuild/SPECS/openssh.specsed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.specsed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec#在openssh8.9.spec文件中的%post server处添加以下内容cp -r /etc/ssh /etc/ssh.bakcp -r /usr/bin/ssh /usr/bin/ssh.baksed -i -e  "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_configecho "PermitRootLogin yes" >> /etc/ssh/sshd_configsed -i  -e  "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_configsystemctl restart sshd#在openssh8.9.spec文件中添加openssl的安装路径--with-openssl-includes=/usr/local/openssl/include \--with-ssl-dir=/usr/local/openssl \

 

 

 

#开始编译openssh.spec文件rpmbuild -ba /root/rpmbuild/SPECS/openssh8.9.spec   

制作完成后,生成的rpm包在的目录/root/rpmbuild/RPMS/aarch64

cd /root/rpmbuild/RPMS/aarch64

 注意:升级openssh只需要三个包:openssh-8.9p1-1.el7.aarch64.rpm、openssh-clients-8.9p1-1.el7.aarch64.rpm、openssh-server-8.9p1-1.el7.aarch64.rpm

安装升级测试

注意!!!:一定要先安装完openssl再安装openssh,顺序不能错。否则,如果先安装的openssh,再安装openssl,ssh  -V时,openssl显示的还是原来的版本,openssl  version显示的却是正确版本

这里展现openssh的升级安装步骤,在次安装前请先装openssl

#卸载opensshrpm -e openssh --nodepsrpm -e openssh-clients --nodepsrpm -e openssh-server --nodeps#检查openssh是否已经卸载rpm -qa|grep opensshssh -V#安装opensshcd /root/rpmbuild/RPMS/aarch64rpm -ivh openssh-8.9p1-1.el7.aarch64.rpm openssh-clients-8.9p1-1.el7.aarch64.rpm openssh-server-8.9p1-1.el7.aarch64.rpm  --nodeps#安装完成后,检查是否已经安装rpm -qa|grep opensshssh -V

下载openssl-1.1.1q.tar.gz的源码包,并将源码包放到/root/rpmbuild/SOURCES目录下

这里有两种方法下载openssl-1.1.1q.tar.gz的源码包:

第一种是在线下载,直接通过wget  --no-check-certificate  -c命令去下载

第二种是去openssl官网下载,然后将openssl-1.1.1q.tar.gz的源码包上传或拷贝到/root/rpmbuild/SOURCES目录下

openssl官网下载:https://www.openssl.org/source/openssl-1.1.1q.tar.gz

cd /root/rpmbuild/SOURCES   #进到该目录下#使用wget命令在线下载openssl-1.1.1q.tar.gz源码包wget --no-check-certificate -c https://www.openssl.org/source/openssl-1.1.1q.tar.gz

制作openssl.spec文件

由于openssl官方给的源码包中,没有openssl.spec文件,所以需要手动编写

cd /root/rpmbuild/SPECS  #进入到该目录下touch openssl.spec  #新建openssl.spec文件vi /root/rpmbuild/SPECS/openssl.spec   #编辑openssl.spec文件,添加以下内容Summary: OpenSSL 1.1.1q for CentOSName: opensslVersion: %{?version}%{!?version:1.1.1q}Release: 1%{?dist}Obsoletes: %{name} <= %{version}Provides: %{name} = %{version}URL: https://www.openssl.org/License: GPLv2+Source: https://www.openssl.org/source/%{name}-%{version}.tar.gzBuildRequires: make gcc perl perl-WWW-CurlBuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%global openssldir /usr/local/openssl%descriptionhttps://github.com/philyuchkoff/openssl-RPM-BuilderOpenSSL RPM for version 1.1.1q on CentOS%package develSummary: Development files for programs which will use the openssl libraryGroup: Development/LibrariesRequires: %{name} = %{version}-%{release}%description develOpenSSL RPM for version 1.1.1q on CentOS (development package)%prep%setup -q%build./config --prefix=%{openssldir} --openssldir=%{openssldir}make%install[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}%make_installmkdir -p %{buildroot}%{_bindir}mkdir -p %{buildroot}%{_libdir}ln -sf %{openssldir}/lib64/libssl.so.1.1 %{buildroot}%{_libdir}ln -sf %{openssldir}/lib64/libcrypto.so.1.1 %{buildroot}%{_libdir}ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}%clean[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}%files%{openssldir}%defattr(-,root,root)/usr/bin/openssl/usr/lib64/libcrypto.so.1.1/usr/lib64/libssl.so.1.1%files devel%{openssldir}/include/*%defattr(-,root,root)/usr/bin/openssl/usr/lib64/libcrypto.so.1.1/usr/lib64/libssl.so.1.1%postcp -r /usr/bin/openssl /usr/bin/openssl.bakcp -r /usr/lib64/openssl/ /usr/lib64/openssl.bakcp -r /usr/lib64/openssl.so /usr/lib64/openssl.so.bakln -sf /usr/local/openssl/lib/libssl.so.1.1  /usr/lib64/ln -sf /usr/local/openssl/lib/libcrypto.so.1.1  /usr/lib64//sbin/ldconfig%postun -p /sbin/ldconfig

openssl.spec文件注意两个地方

1、安装路径

2、 路径备份和lib库文件软链接到/usr/lib64路径下

vi /root/rpmbuild/SPECS/openssl.spec%postcp -r /usr/bin/openssl /usr/bin/openssl.bakcp -r /usr/lib64/openssl/ /usr/lib64/openssl.bakcp -r /usr/lib64/openssl.so /usr/lib64/openssl.so.bakln -s /usr/local/openssl/lib/libssl.so.1.1  /usr/lib64/ln -s /usr/local/openssl/lib/libcrypto.so.1.1   /usr/lib64//sbin/ldconfig

 制作openssl的rpm包

cd /root/rpmbuild/SPECS  #进入到该目录下rpmbuild -ba openssl.spec  #开始编译openssl.spec文件 

制作完成后,生成的rpm包在目录/root/rpmbuild/RPMS/aarch64

cd /root/rpmbuild/RPMS/aarch64   #进入到该目录下,检查openssl的rpm包是否生成

安装升级测试

注意!!!:一定要先升级openssl,再升级openssh。升级完成后,ssh  -V检查版本,此时openssl的版本显示为现在升级后的版本

#查看已经安装的openssl版本rpm -qa | grep opensslopenssl version#卸载openssl,注意切记不要删除openssl-libsrpm -e openssl --nodeps#检查openssl是否已经卸载openssl version#安装opensslcd /root/rpmbuild/RPMS/aarch64   rpm -ivh openssl-1.1.1q-1.el7.aarch64.rpm --nodeps#升级完成后,检查openssl的版本openssl versionssh -V  #使用该命令检查openssl版本是否显示为已安装的版本rpm -qa|grep openssl

openssh.spec文件跟openssl.spec文件同ARM架构一样,不需要改动

openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz、openssl-1.1.1q.tar.gz同ARM架构一样,在线下载或者使用wget在线下载,上传或拷贝到/root/rpmbuild/SOURCES目录下(此步骤同ARM架构一样)

制作X86_64架构的openssh和openssl的rpm包

cd /root/rpmbuild/SPECSrpmbuild -ba openssl.spec#如有多个版本openssh,可将openssh.spec文件重命名为该版本的openssh.spec如openssh8.7.specrpmbuild -ba openssh8.7.spec   rpmbuild -ba openssh8.9.specrpmbuild -ba openssl.spec

制作完成后,生成的rpm包在的目录/root/rpmbuild/RPMS/x86_64

安装步骤同ARM架构一样,先安装openssl再安装openssh

安装openssl

#查看已经安装的openssl版本rpm -qa | grep opensslopenssl version#卸载openssl,注意切记不要删除openssl-libsrpm -e openssl --nodeps#检查openssl是否已经卸载openssl version#安装opensslcd /root/rpmbuild/RPMS/x86_64   rpm -ivh openssl-1.1.1q-1.el7.x86_64.rpm --nodeps#升级完成后,检查openssl的版本openssl versionssh -V  #使用该命令检查openssl版本是否显示为已安装的版本rpm -qa|grep openssl

安装openssh

#卸载opensshrpm -e openssh --nodepsrpm -e openssh-clients --nodepsrpm -e openssh-server --nodeps#检查openssh是否已经卸载rpm -qa|grep opensshssh -V#安装opensshcd /root/rpmbuild/RPMS/x86_64rpm -ivh openssh-8.9p1-1.el7.x86_64.rpm openssh-clients-8.9p1-1.el7.x86_64.rpm openssh-server-8.9p1-1.el7.x86_64.rpm   --nodeps#安装完成后,检查是否已经安装rpm -qa|grep opensshssh -V
setenforce 0   #临时关闭selinux#找到SELINUX=enforcing,按i进入编辑模式,将参数修改为SELINUX=disabled即可(永久关闭)vi /etc/selinux/config  SELINUX=disabled或sed -i -e "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config  #查看selinux是否关闭,显示Disabled为关闭getenforce

来源地址:https://blog.csdn.net/weixin_45190065/article/details/127977915

阅读原文内容投诉

免责声明:

① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。

② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341

软考中级精品资料免费领

  • 历年真题答案解析
  • 备考技巧名师总结
  • 高频考点精准押题
  • 2024年上半年信息系统项目管理师第二批次真题及答案解析(完整版)

    难度     813人已做
    查看
  • 【考后总结】2024年5月26日信息系统项目管理师第2批次考情分析

    难度     354人已做
    查看
  • 【考后总结】2024年5月25日信息系统项目管理师第1批次考情分析

    难度     318人已做
    查看
  • 2024年上半年软考高项第一、二批次真题考点汇总(完整版)

    难度     435人已做
    查看
  • 2024年上半年系统架构设计师考试综合知识真题

    难度     224人已做
    查看

相关文章

发现更多好内容

猜你喜欢

AI推送时光机
位置:首页-资讯-服务器
咦!没有更多了?去看看其它编程学习网 内容吧
首页课程
资料下载
问答资讯