系统版本:CentOS Linux release 7.6.1810 (AltArch)、CentOS Linux release 7.6.1810 (Core)
系统架构:4.14.0-115.el7a.0.1.aarch64、3.10.0-957.el7.x86_64
软件版本:openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz、openssl-1.1.1q.tar.gz
注意:ARM架构yum源配置暂时未能成功通过阿里云镜像、网易镜像成功创建
更新yum源:
清除缓存
yum clean all
备份
mv /etc/yum.repos.d /etc/yum.repos.d.bak
创建新的yum.repos.d目录
mkdir /etc/yum.repos.d
在/etc/yum.repos.d目录下面创建以下三个文件,如下所示
cd /etc/yum.repos.dtouch CentOS-Base.repotouch ceph.repotouch epel.repo
编辑CentOS-Base.repo、ceph.repo、epel.repo源文件
vi /etc/yum.repos.d/CentOS-Base.repo# CentOS-Base.repo## The mirror system uses the connecting IP address of the client and the# update status of each mirror to pick mirrors that are updated to and# geographically close to the client. You should use this for CentOS updates# unless you are manually picking other mirrors.## If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead.## [base]name=CentOS-7 - Base - mirrors.aliyun.comfailovermethod=prioritybaseurl=http://mirrors.ustc.edu.cn/centos-altarch/7/os/$basearch/#baseurl=http://mirrors.aliyun.com/centos/7/os/$basearch/gpgcheck=1enabled=1#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32 #released updates [updates]#name=CentOS-7 - Updates - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/updates/$basearch/#gpgcheck=1#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7name=CentOS-$releasever - Updates# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updatesbaseurl=http://mirrors.ustc.edu.cn/centos-altarch/$releasever/updates/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32 #additional packages that may be useful[extras]#name=CentOS-7 - Extras - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/extras/$basearch/#gpgcheck=1#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packagesname=CentOS-$releasever - Extras# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extrasbaseurl=http://mirrors.ustc.edu.cn/centos-altarch/$releasever/extras/$basearch/gpgcheck=1enabled=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32[centosplus]#name=CentOS-7 - Plus - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/centosplus/$basearch/#gpgcheck=1#enabled=0#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 name=CentOS-$releasever - Plus# mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplusbaseurl=http://mirrors.ustc.edu.cn/centos-altarch/$releasever/centosplus/$basearch/gpgcheck=1enabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-AltArch-Arm32#contrib - packages by Centos Users#[contrib]#name=CentOS-7 - Contrib - mirrors.aliyun.com#failovermethod=priority#baseurl=http://mirrors.aliyun.com/centos/7/contrib/$basearch/#gpgcheck=1#enabled=0#gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
vi /etc/yum.repos.d/ceph.repo[ceph]name=cephbaseurl=http://mirrors.163.com/ceph/rpm-jewel/el7/aarch64/gpgcheck=1[ceph-noarch]name=cephnoarchbaseurl=http://mirrors.163.com/ceph/rpm-jewel/el7/noarch/gpgcheck=1
vi /etc/yum.repos.d/epel.repo[epel]name=Extra Packages for Enterprise Linux 7 - $basearchbaseurl=http://mirrors.aliyun.com/epel/7/$basearchfailovermethod=priorityenabled=1gpgcheck=1gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo]name=Extra Packages for Enterprise Linux 7 - $basearch - Debugbaseurl=http://mirrors.aliyun.com/epel/7/$basearch/debugfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=1 [epel-source]name=Extra Packages for Enterprise Linux 7 - $basearch - Sourcebaseurl=http://mirrors.aliyun.com/epel/7/SRPMSfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=1
建立缓存
yum makecache
安装基础依赖包和rpmbuild依赖包:
yum install rpm-build gcc gcc-c++ glibc glibc-devel openssl openssl-devel \ prce pcre-devel zlib zlib-devel perl perl-devel make imake wget xmkmf \ initscripts krb5-devel pam-devel krb5-devel libX11-devel libXt-devel gtk2-devel autoconf libtool unzip gdb
yum install rpm-build rpmdevtools tree -y #安装rpmbuild和依赖
创建rpmbuild目录
rpmdev-setuptree #创建rpmbuild目录tree /root/rpmbuild #查看创建的rpmbuild目录
下载openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz的源码包,并将源码包放到/root/rpmbuild/SOURCES目录下
这里有两种方法下载openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz的源码包:
第一种是在线下载,直接通过wget --no-check-certificate -c命令去下载
第二种是去openssh官网下载,然后将openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz的源码包上传或拷贝到/root/rpmbuild/SOURCES目录下
openssh官网:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.7p1.tar.gz
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
x11-ssh-askpass-1.2.4.1.tar.gz下载:
注意这里以openssh-8.9p1.tar.gz为例:
cd /root/rpmbuild/SOURCES #进到该目录下#使用wget命令在线下载openssh-8.9p1.tar.gz源码包wget --no-check-certificate -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz #使用wget命令在线下载x11-ssh-askpass-1.2.4.1.tar.gz源码包wget --no-check-certificate -c https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
制作openssh.spec文件
一般这个openssh.spec文件会在openssh源码包里面,将openssh源码包里的openssh.spec文件拷贝到/root/rpmbuild/SPECS/目录下
tar -zxvf openssh-8.9p1.tar.gz #解压openssh-8.9p1源码包#将openssh-8.9p1源码包中的openssh.spec文件拷贝到/root/rpmbuild/SPECS/目录下cp openssh-8.9p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS
制作openssh的rpm包
cd /root/rpmbuild/SPECS #进入到该目录下,检查openssh.spec文件是否拷贝过来#编辑openssh.spec文件(如果制作多个版本的openssh.spec文件,可以重命名openssh.spec文件用来区分)vi /root/rpmbuild/SPECS/openssh8.9.spec#注释掉BuildRequires: openssl-develsed -i -e "s/BuildRequires: openssl-devel < 1.1/# BuildRequires: openssl-devel < 1.1/g" /root/rpmbuild/SPECS/openssh.specsed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.specsed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec#在openssh8.9.spec文件中的%post server处添加以下内容cp -r /etc/ssh /etc/ssh.bakcp -r /usr/bin/ssh /usr/bin/ssh.baksed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_configecho "PermitRootLogin yes" >> /etc/ssh/sshd_configsed -i -e "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_configsystemctl restart sshd#在openssh8.9.spec文件中添加openssl的安装路径--with-openssl-includes=/usr/local/openssl/include \--with-ssl-dir=/usr/local/openssl \
#开始编译openssh.spec文件rpmbuild -ba /root/rpmbuild/SPECS/openssh8.9.spec
制作完成后,生成的rpm包在的目录/root/rpmbuild/RPMS/aarch64
cd /root/rpmbuild/RPMS/aarch64
注意:升级openssh只需要三个包:openssh-8.9p1-1.el7.aarch64.rpm、openssh-clients-8.9p1-1.el7.aarch64.rpm、openssh-server-8.9p1-1.el7.aarch64.rpm
安装升级测试
注意!!!:一定要先安装完openssl再安装openssh,顺序不能错。否则,如果先安装的openssh,再安装openssl,ssh -V时,openssl显示的还是原来的版本,openssl version显示的却是正确版本
这里展现openssh的升级安装步骤,在次安装前请先装openssl
#卸载opensshrpm -e openssh --nodepsrpm -e openssh-clients --nodepsrpm -e openssh-server --nodeps#检查openssh是否已经卸载rpm -qa|grep opensshssh -V#安装opensshcd /root/rpmbuild/RPMS/aarch64rpm -ivh openssh-8.9p1-1.el7.aarch64.rpm openssh-clients-8.9p1-1.el7.aarch64.rpm openssh-server-8.9p1-1.el7.aarch64.rpm --nodeps#安装完成后,检查是否已经安装rpm -qa|grep opensshssh -V
下载openssl-1.1.1q.tar.gz的源码包,并将源码包放到/root/rpmbuild/SOURCES目录下
这里有两种方法下载openssl-1.1.1q.tar.gz的源码包:
第一种是在线下载,直接通过wget --no-check-certificate -c命令去下载
第二种是去openssl官网下载,然后将openssl-1.1.1q.tar.gz的源码包上传或拷贝到/root/rpmbuild/SOURCES目录下
openssl官网下载:https://www.openssl.org/source/openssl-1.1.1q.tar.gz
cd /root/rpmbuild/SOURCES #进到该目录下#使用wget命令在线下载openssl-1.1.1q.tar.gz源码包wget --no-check-certificate -c https://www.openssl.org/source/openssl-1.1.1q.tar.gz
制作openssl.spec文件
由于openssl官方给的源码包中,没有openssl.spec文件,所以需要手动编写
cd /root/rpmbuild/SPECS #进入到该目录下touch openssl.spec #新建openssl.spec文件vi /root/rpmbuild/SPECS/openssl.spec #编辑openssl.spec文件,添加以下内容Summary: OpenSSL 1.1.1q for CentOSName: opensslVersion: %{?version}%{!?version:1.1.1q}Release: 1%{?dist}Obsoletes: %{name} <= %{version}Provides: %{name} = %{version}URL: https://www.openssl.org/License: GPLv2+Source: https://www.openssl.org/source/%{name}-%{version}.tar.gzBuildRequires: make gcc perl perl-WWW-CurlBuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%global openssldir /usr/local/openssl%descriptionhttps://github.com/philyuchkoff/openssl-RPM-BuilderOpenSSL RPM for version 1.1.1q on CentOS%package develSummary: Development files for programs which will use the openssl libraryGroup: Development/LibrariesRequires: %{name} = %{version}-%{release}%description develOpenSSL RPM for version 1.1.1q on CentOS (development package)%prep%setup -q%build./config --prefix=%{openssldir} --openssldir=%{openssldir}make%install[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}%make_installmkdir -p %{buildroot}%{_bindir}mkdir -p %{buildroot}%{_libdir}ln -sf %{openssldir}/lib64/libssl.so.1.1 %{buildroot}%{_libdir}ln -sf %{openssldir}/lib64/libcrypto.so.1.1 %{buildroot}%{_libdir}ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}%clean[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}%files%{openssldir}%defattr(-,root,root)/usr/bin/openssl/usr/lib64/libcrypto.so.1.1/usr/lib64/libssl.so.1.1%files devel%{openssldir}/include/*%defattr(-,root,root)/usr/bin/openssl/usr/lib64/libcrypto.so.1.1/usr/lib64/libssl.so.1.1%postcp -r /usr/bin/openssl /usr/bin/openssl.bakcp -r /usr/lib64/openssl/ /usr/lib64/openssl.bakcp -r /usr/lib64/openssl.so /usr/lib64/openssl.so.bakln -sf /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/ln -sf /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64//sbin/ldconfig%postun -p /sbin/ldconfig
openssl.spec文件注意两个地方
1、安装路径
2、 路径备份和lib库文件软链接到/usr/lib64路径下
vi /root/rpmbuild/SPECS/openssl.spec%postcp -r /usr/bin/openssl /usr/bin/openssl.bakcp -r /usr/lib64/openssl/ /usr/lib64/openssl.bakcp -r /usr/lib64/openssl.so /usr/lib64/openssl.so.bakln -s /usr/local/openssl/lib/libssl.so.1.1 /usr/lib64/ln -s /usr/local/openssl/lib/libcrypto.so.1.1 /usr/lib64//sbin/ldconfig
制作openssl的rpm包
cd /root/rpmbuild/SPECS #进入到该目录下rpmbuild -ba openssl.spec #开始编译openssl.spec文件
制作完成后,生成的rpm包在目录/root/rpmbuild/RPMS/aarch64
cd /root/rpmbuild/RPMS/aarch64 #进入到该目录下,检查openssl的rpm包是否生成
安装升级测试
注意!!!:一定要先升级openssl,再升级openssh。升级完成后,ssh -V检查版本,此时openssl的版本显示为现在升级后的版本
#查看已经安装的openssl版本rpm -qa | grep opensslopenssl version#卸载openssl,注意切记不要删除openssl-libsrpm -e openssl --nodeps#检查openssl是否已经卸载openssl version#安装opensslcd /root/rpmbuild/RPMS/aarch64 rpm -ivh openssl-1.1.1q-1.el7.aarch64.rpm --nodeps#升级完成后,检查openssl的版本openssl versionssh -V #使用该命令检查openssl版本是否显示为已安装的版本rpm -qa|grep openssl
openssh.spec文件跟openssl.spec文件同ARM架构一样,不需要改动
openssh-8.7p1.tar.gz、openssh-8.9p1.tar.gz、x11-ssh-askpass-1.2.4.1.tar.gz、openssl-1.1.1q.tar.gz同ARM架构一样,在线下载或者使用wget在线下载,上传或拷贝到/root/rpmbuild/SOURCES目录下(此步骤同ARM架构一样)
制作X86_64架构的openssh和openssl的rpm包
cd /root/rpmbuild/SPECSrpmbuild -ba openssl.spec#如有多个版本openssh,可将openssh.spec文件重命名为该版本的openssh.spec如openssh8.7.specrpmbuild -ba openssh8.7.spec rpmbuild -ba openssh8.9.specrpmbuild -ba openssl.spec
制作完成后,生成的rpm包在的目录/root/rpmbuild/RPMS/x86_64
安装步骤同ARM架构一样,先安装openssl再安装openssh
安装openssl
#查看已经安装的openssl版本rpm -qa | grep opensslopenssl version#卸载openssl,注意切记不要删除openssl-libsrpm -e openssl --nodeps#检查openssl是否已经卸载openssl version#安装opensslcd /root/rpmbuild/RPMS/x86_64 rpm -ivh openssl-1.1.1q-1.el7.x86_64.rpm --nodeps#升级完成后,检查openssl的版本openssl versionssh -V #使用该命令检查openssl版本是否显示为已安装的版本rpm -qa|grep openssl
安装openssh
#卸载opensshrpm -e openssh --nodepsrpm -e openssh-clients --nodepsrpm -e openssh-server --nodeps#检查openssh是否已经卸载rpm -qa|grep opensshssh -V#安装opensshcd /root/rpmbuild/RPMS/x86_64rpm -ivh openssh-8.9p1-1.el7.x86_64.rpm openssh-clients-8.9p1-1.el7.x86_64.rpm openssh-server-8.9p1-1.el7.x86_64.rpm --nodeps#安装完成后,检查是否已经安装rpm -qa|grep opensshssh -V
setenforce 0 #临时关闭selinux#找到SELINUX=enforcing,按i进入编辑模式,将参数修改为SELINUX=disabled即可(永久关闭)vi /etc/selinux/config SELINUX=disabled或sed -i -e "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config #查看selinux是否关闭,显示Disabled为关闭getenforce
来源地址:https://blog.csdn.net/weixin_45190065/article/details/127977915