使用官网tar包制作OpenSSL及OpenSSH rpm包进行升级安装(OpenSSH_9.9p1, without OpenSSL未解决)
一、制作openssl-1.1.1w.rpm包
1、安装基础依赖包和rpmbuild及其依赖包
yum install curl which make gcc perl perl-WWW-Curl rpm-build rpm-build rpmdevtools tree -y
yum install gcc-c++ glibc glibc-devel openssl openssl-devel \
pcre-devel zlib zlib-devel perl perl-devel make imake wget xmkmf \
initscripts krb5-devel pam-devel krb5-devel libX11-devel libXt-devel gtk2-devel autoconf libtool unzip gdb -y
此处注意若有报:没有可用软件包;自行配置本地yum源及ali源可以解决
2、创建rpmbuild目录
rpmdev-setuptree
tree /root/rpmbuild
3、创建spec文件
spec文件可自定义名称,后缀为.spec即可。此处命名为openssl.spec与后续制作openssh区分开,现实使用时可以更为详细的标注版本号
此处注意ssl安装位置,下文安装位置为/usr/openssl
vim /root/rpmbuild/SPECS/openssl.spec
--------------------------------------------------------------------------
Summary: OpenSSL 1.1.1w for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1w}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+
Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz
BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl
%description
OpenSSL RPM for version 1.1.1w on Centos
%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
OpenSSL RPM for version 1.1.1w on Centos (development package)
%prep
%setup -q
%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make
%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
%files devel
%{openssldir}/include/*
%defattr(-,root,root)
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
4、准备tar包
SSL网址:1.1.1 | Library
cd /root/rpmbuild/SOURCES
拖包
tar -zxvf openssl-1.1.1w.tar.gz
5、开始编译openssh.spec文件
rpmbuild -ba /root/rpmbuild/SPECS/openssl.spec
6、验证
cd /root/rpmbuild/RPMS/x86_64 && ls
二、rpm升级至openssl-1.1.1w
openssl version
升级高版本openssl 切记有风险! 备份旧版openssl文件
迭代直接替换原有文件 – 如有需要建议备份以下文件
mkdir ~/ssl_bak
cp /usr/bin/openssl ~/ssl_bak
cp /usr/lib64/libcrypto.so.1.0.2k ~/ssl_bak
cp /usr/lib64/libssl.so.1.0.2k ~/ssl_bak
1、卸载 openssl并检查是否卸载
#卸载所有与 OpenSSL 相关的包,但不包括以 "libs" 开头的包
rpm -e `rpm -qa |grep openssl |grep -v libs` --nodeps
rpm -qa |grep openssl
############
注意openssl-libs-1.0.2k-26.el7_9.x86_64包不卸载!!!
2、升级验证
#强制安装 忽略依赖
rpm -ivh openssl-1.1.1w-1.el7.x86_64.rpm --nodeps --force
openssl version
3、替换原动态库
如需使用新版本开发,则需替换原来的软链接指向,即替换原动态库,进行版本升级。
替换/lib(lib64)和/usr/lib(lib64)和/usr/local/lib(lib64)存在的相应动态库:
ln -sf /usr/openssl/lib/libssl.so.1.1 /usr/lib64/libssl.so
ln -sf /usr/openssl/lib/libcrypto.so.1.1 /usr/lib64/libcrypto.so
三、制作openssh-9.9p1.rpm包
制作前先升openssl至1.1.1版本,方法自选
1、安装基础依赖包和rpmbuild依赖包(安装过可跳过该步骤
yum install rpm-build gcc gcc-c++ glibc glibc-devel openssl-devel \
pcre-devel zlib zlib-devel perl perl-devel make imake wget xmkmf \
initscripts krb5-devel pam-devel krb5-devel libX11-devel libXt-devel gtk2-devel autoconf libtool unzip gdb -y
2、安装rpmbuild和依赖(安装过可跳过该步骤
yum install rpm-build rpmdevtools tree -y
3、创建rpmbuild目录(创建过可跳过该步骤
rpmdev-setuptree
tree /root/rpmbuild
4、准备tar包
SSH网址:Index of /pub/OpenBSD/OpenSSH/portable/
还有x11-ssh-askpass-1.2.4.1.tar.gz
cd /root/rpmbuild/SOURCES
(自己拉或者wget,此处wget为8.9命令示例)
wget --no-check-certificate -c https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz
wget --no-check-certificate -c https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
5、制作openssh.spec文件
tar -zxvf openssh-9.9p1.tar.gz
cp openssh-9.9p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS
cd /root/rpmbuild/SPECS
6、修改openssh.spec文件
#注释掉BuildRequires: openssl-devel
sed -i -e "s/BuildRequires: openssl-devel < 1.1/# BuildRequires: openssl-devel < 1.1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i -e "s/%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
sed -i -e "s/%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
#######以下为验证/root/rpmbuild/SPECS/openssh.spec文件
vim /root/rpmbuild/SPECS/openssh.spec
-------------------------------------------------------------
#在openssh9.9.spec文件中的%post server处添加以下内容
cp -r /etc/ssh /etc/ssh.bak
cp -r /usr/bin/ssh /usr/bin/ssh.bak
sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i "/#PermitRootLogin prohibit-password/c\PermitRootLogin yes" /etc/ssh/sshd_config
echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
sed -i -e "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config
systemctl restart sshd
#在openssh9.9.spec文件中的%configure处添加openssl的安装路径(此处疑问为ssl位置导致报错?
--with-openssl-includes=/usr/local/openssl/include \
--with-ssl-dir=/usr/local/openssl \
7、开始编译openssh.spec文件
rpmbuild -ba /root/rpmbuild/SPECS/openssh.spec
cd /root/rpmbuild/RPMS/x86_64
####此处若有以下报错:
configure: error: cannot use --with-ssl-dir when OpenSSL disabled
错误:/var/tmp/rpm-tmp.iLX0dn (%build) 退出状态不好
需要去掉–with-ssl-dir配置(怀疑为导致升级后without Openssl,慎用吧)
sed -i -e '/with-privsep-path/a\ --with-openssl-includes=/usr/local/openssl/include \\' openssh.spec
openssh.spec 配置如下图
四、rpm升级至openssh-9.9
当前版本为7.4
ssh -V
升级前先升openssl至1.1.1版本,方法自选
openssl version
1、检查并安装telnet服务
rpm -q telnet-server
rpm -q telnet
yum install telnet* -y
systemctl enable telnet.socket
systemctl start telnet.socket
mv /etc/securetty /etc/securetty.bak
systemctl status telnet.socket
2、安装依赖
yum -y install zlib*
yum -y install pam-*
yum -y install gcc
yum -y install openssl-devel
3、备份
mv /etc/ssh /etc/ssh.bak
mv /usr/bin/ssh /usr/bin/ssh.bak
mv /usr/sbin/sshd /usr/sbin/sshd.bak
4、卸载openssh
rpm -e openssh --nodeps
rpm -e openssh-clients --nodeps
rpm -e openssh-server --nodeps
5、检查openssh是否已经卸载
rpm -qa|grep openssh
ssh -V
6、安装openssh
cd /rpm包位置
rpm -ivh openssh* --nodeps
7、安装完成后,检查是否已经安装
rpm -qa|grep openssh
vim /etc/sysconfig/selinux
--------------------
SELINUX=disabled
---------------------
#重启服务并验证
systemctl restart sshd
systemctl status sshd
ssh -V
五、编译升级OpenSSL-1.1.1c
当前实验理论解释较少,无详细命令解析
#查看当前openssl版本
ssh -V
openssl version ####这个更准确
1、官网下载openssl-1.1.1c.tar.gz包(也可以自己准备传进去
#进入准备存放tar包的文件夹(没有自己mkdir,自行决定)
cd data
#获取tar包
wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz
2、解压
tar -zxvf openssl-1.1.1c.tar.gz
cd openssl-1.1.1c
3、编译安装
./config --prefix=/usr/local/openssl
make && make install
4、更新验证
mv /usr/bin/openssl /usr/bin/openssl.bak
ln -sf /usr/local/openssl/bin/openssl /usr/bin/openssl
echo "/usr/local/openssl/lib" >> /etc/ld.so.conf
ldconfig -v
openssl version
原文地址:https://blog.csdn.net/ZHUZIH6/article/details/133931034
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!