通过rpmbuild构建openssh9.7的rpm包

于 2024-09-18 11:48:47 发布
阅读量548 收藏 7
点赞数 3
文章标签: 运维 linux ssh
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/STU001_1/article/details/142327330
版权

环境说明

操作系统版本号
BCLinuxBigCloud Enterprise Linux release 8.2.2107 (Core)
升级前ssh版本号升级后ssh版本号
OpenSSH_8.0p1, OpenSSL 1.1.1c FIPS 28 May 2019OpenSSH_9.7p1, OpenSSL 1.1.1c FIPS 28 May 2019
升级前openssl版本号升级后openssl版本号
OpenSSL 1.1.1c FIPS 28 May 2019OpenSSL 1.1.1c FIPS 28 May 2019

tips:

  1. 本文升级使用的是动态openssl链接库,也可以使用静态openssl链接库,自行探索;
  2. (不建议升级openssl)卸载旧版本的openssl包会导致之前编译的依赖旧版本openssl的包失效,需要重新编译,所以慎重操作;
  3. 主机打包环境要与实际应用主机环境配置一致;
  4. 大家需要对打包后的openssh进行充分的验证后再进行应用;
  5. 各位有什么更好的想法可以在评论区留言,谢谢!

步骤 1:准备环境

# 首先,你需要安装构建RPM包所需的工具。然后查看README或INSTALL查看依赖项,在BCLinux 8.2上,使用以下命令:
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel  libXt-devel gtk2-devel make perl -y

# 其次,下载依赖包x11-ssh-askpass-1.2.4.1.tar.gz
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
wget https://dl.rockylinux.org/pub/rocky/8/PowerTools/x86_64/os/Packages/i/imake-1.0.7-11.el8.x86_64.rpm

# 最后,下载OpenSSH源码包,从官方网站或其他可靠来源下载OpenSSH 9.7p1的源码包:
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz

步骤 2:安装imake并准备RPM构建目录

# 安装imake
rpm -ivh imake-1.0.7-11.el8.x86_64.rpm

# 使用`rpmdev-setuptree`命令来设置RPM构建目录结构:
rpmdev-setuptree

# 这将在你的主目录下创建以下目录结构:
tree rpmbuild/
rpmbuild/
├── BUILD
├── RPMS
├── SOURCES
├── SPECS
└── SRPMS

步骤 3:复制源码包、依赖包到SOURCES目录

# 将下载的OpenSSH源码、依赖包复制到`SOURCES`目录:
cp openssh-9.7p1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz ~/rpmbuild/SOURCES/

步骤 4:创建/复制SPEC文件到SPECS目录下

tar -xf ~/rpmbuild/SOURCES/openssh-9.7p1.tar.gz -C ~/rpmbuild/SPECS openssh-9.7p1/contrib/redhat/openssh.spec --strip-components=3
	--strip-components=3:去掉路径的前三级目录结构。提取后将只保留openssh.spec

修改SPEC文件全局参数

# 修改前
%global without_openssl 0
	# build without openssl where 1.1.1 is not available
	%if 0%{?fedora} <= 28
	%global without_openssl 0
	%endif
	%if 0%{?rhel} <= 7
	%global without_openssl 0

# 修改后
%global without_openssl 0
	# build without openssl where 1.1.1 is not available
	%if 0%{?fedora} <= 28
	%global without_openssl 1
	%endif
	%if 0%{?rhel} <= 7
	%global without_openssl 1
	%endif
# tips:这个和下面这个openssl的应该修改一个就可以,我没有验证就都改了。大家可以验证下。

修改%configure 选项,添加openssl-1.1.1w的路径

# 根据 rpm 安装 openssl 的路径决定的 --with-ssl-dir=/usr/bin \  
%configure \
		--sysconfdir=%{_sysconfdir}/ssh \
		--libexecdir=%{_libexecdir}/openssh \
		--datadir=%{_datadir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=%{_var}/empty/sshd \
		--mandir=%{_mandir} \
		--with-mantype=man \
		--disable-strip \
		--with-ssl-dir=/usr/bin \
# 将下方的without_openssl选项删掉
# %if ! %{without_openssl}
#       --without-openssl \
# %endif

修改 .SPEC 文件 %install 保留原pam配置

# 注释这行
install -m644 contrib/redhat/sshd.pam  $RPM_BUILD_ROOT/etc/pam.d/sshd
# 增加此行
install -m644 /etc/pam.d/sshd     $RPM_BUILD_ROOT/etc/pam.d/sshd

修改openssh.spec 文件 %post server 区域下面新增如下配置, 配置sshd

sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
sed -i -e "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
sed -i -e "s/#X11Forwarding no/X11Forwarding yes/g" /etc/ssh/sshd_config
chmod +x /etc/init.d/sshd
chmod 600 /etc/ssh/ssh_host_rsa_key
chmod 600 /etc/ssh/ssh_host_ecdsa_key
chmod 600 /etc/ssh/ssh_host_ed25519_key

检查 .SPEC 文件

# 需要单独安装yum install rpmlint
rpmlint ./openssh.spec

openssh.spec修改后的内容如下

	%global ver 9.7p1
	%global rel 1%{?dist}

	# OpenSSH privilege separation requires a user & group ID
	%global sshd_uid    74
	%global sshd_gid    74

	# Version of ssh-askpass
	%global aversion 1.2.4.1

	# Do we want to disable building of x11-askpass? (1=yes 0=no)
	%global no_x11_askpass 0

	# Do we want to disable building of gnome-askpass? (1=yes 0=no)
	%global no_gnome_askpass 0

	# Do we want to link against a static libcrypto? (1=yes 0=no)
	%global static_libcrypto 0

	# Do we want smartcard support (1=yes 0=no)
	%global scard 0

	# Use GTK2 instead of GNOME in gnome-ssh-askpass
	%global gtk2 1

	# Use build6x options for older RHEL builds
	# RHEL 7 not yet supported
	%if 0%{?rhel} > 6
	%global build6x 0
	%else
	%global build6x 1
	%endif

	%global without_openssl 0
	# build without openssl where 1.1.1 is not available
	%if 0%{?fedora} <= 28
	%global without_openssl 1
	%endif
	%if 0%{?rhel} <= 7
	%global without_openssl 1
	%endif

	# Do we want kerberos5 support (1=yes 0=no)
	%global kerberos5 1

	# Reserve options to override askpass settings with:
	# rpm -ba|--rebuild --define 'skip_xxx 1'
	%{?skip_x11_askpass:%global no_x11_askpass 1}
	%{?skip_gnome_askpass:%global no_gnome_askpass 1}

	# Add option to build without GTK2 for older platforms with only GTK+.
	# RedHat <= 7.2 and Red Hat Advanced Server 2.1 are examples.
	# rpm -ba|--rebuild --define 'no_gtk2 1'
	%{?no_gtk2:%global gtk2 0}

	# Is this a build for RHL 6.x or earlier?
	%{?build_6x:%global build6x 1}

	# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
	%if %{build6x}
	%global _sysconfdir /etc
	%endif

	# Options for static OpenSSL link:
	# rpm -ba|--rebuild --define "static_openssl 1"
	%{?static_openssl:%global static_libcrypto 1}

	# Options for Smartcard support: (needs libsectok and openssl-engine)
	# rpm -ba|--rebuild --define "smartcard 1"
	%{?smartcard:%global scard 1}

	# Is this a build for the rescue CD (without PAM)? (1=yes 0=no)
	%global rescue 0
	%{?build_rescue:%global rescue 1}

	# Turn off some stuff for resuce builds
	%if %{rescue}
	%global kerberos5 0
	%endif

	Summary: The OpenSSH implementation of SSH protocol version 2.
	Name: openssh
	Version: %{ver}
	%if %{rescue}
	Release: %{rel}rescue
	%else
	Release: %{rel}
	%endif
	URL: https://www.openssh.com/portable.html
	Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
	Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
	License: BSD
	Group: Applications/Internet
	BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
	Obsoletes: ssh
	%if %{build6x}
	PreReq: initscripts >= 5.00
	%else
	Requires: initscripts >= 5.20
	%endif
	BuildRequires: perl
	%if ! %{without_openssl}
	BuildRequires: openssl-devel >= 1.1.1
	%endif
	BuildRequires: /bin/login
	%if ! %{build6x}
	BuildRequires: glibc-devel, pam
	%else
	BuildRequires: /usr/include/security/pam_appl.h
	%endif
	%if ! %{no_x11_askpass}
	BuildRequires: /usr/include/X11/Xlib.h
	# Xt development tools
	BuildRequires: libXt-devel
	# Provides xmkmf
	BuildRequires: imake
	# Rely on relatively recent gtk
	BuildRequires: gtk2-devel
	%endif
	%if ! %{no_gnome_askpass}
	BuildRequires: pkgconfig
	%endif
	%if %{kerberos5}
	BuildRequires: krb5-devel
	BuildRequires: krb5-libs
	%endif

	%package clients
	Summary: OpenSSH clients.
	Requires: openssh = %{version}-%{release}
	Group: Applications/Internet
	Obsoletes: ssh-clients

	%package server
	Summary: The OpenSSH server daemon.
	Group: System Environment/Daemons
	Obsoletes: ssh-server
	Requires: openssh = %{version}-%{release}, chkconfig >= 0.9
	%if ! %{build6x}
	Requires: /etc/pam.d/system-auth
	%endif

	%package askpass
	Summary: A passphrase dialog for OpenSSH and X.
	Group: Applications/Internet
	Requires: openssh = %{version}-%{release}
	Obsoletes: ssh-extras

	%package askpass-gnome
	Summary: A passphrase dialog for OpenSSH, X, and GNOME.
	Group: Applications/Internet
	Requires: openssh = %{version}-%{release}
	Obsoletes: ssh-extras

	%description
	SSH (Secure SHell) is a program for logging into and executing
	commands on a remote machine. SSH is intended to replace rlogin and
	rsh, and to provide secure encrypted communications between two
	untrusted hosts over an insecure network. X11 connections and
	arbitrary TCP/IP ports can also be forwarded over the secure channel.

	OpenSSH is OpenBSD's version of the last free version of SSH, bringing
	it up to date in terms of security and features, as well as removing
	all patented algorithms to separate libraries.

	This package includes the core files necessary for both the OpenSSH
	client and server. To make this package useful, you should also
	install openssh-clients, openssh-server, or both.

	%description clients
	OpenSSH is a free version of SSH (Secure SHell), a program for logging
	into and executing commands on a remote machine. This package includes
	the clients necessary to make encrypted connections to SSH servers.
	You'll also need to install the openssh package on OpenSSH clients.

	%description server
	OpenSSH is a free version of SSH (Secure SHell), a program for logging
	into and executing commands on a remote machine. This package contains
	the secure shell daemon (sshd). The sshd daemon allows SSH clients to
	securely connect to your SSH server. You also need to have the openssh
	package installed.

	%description askpass
	OpenSSH is a free version of SSH (Secure SHell), a program for logging
	into and executing commands on a remote machine. This package contains
	an X11 passphrase dialog for OpenSSH.

	%description askpass-gnome
	OpenSSH is a free version of SSH (Secure SHell), a program for logging
	into and executing commands on a remote machine. This package contains
	an X11 passphrase dialog for OpenSSH and the GNOME GUI desktop
	environment.

	%prep

	%if ! %{no_x11_askpass}
	%setup -q -a 1
	%else
	%setup -q
	%endif

	%build
	%if %{rescue}
	CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
	%endif

	%configure \
		--sysconfdir=%{_sysconfdir}/ssh \
		--libexecdir=%{_libexecdir}/openssh \
		--datadir=%{_datadir}/openssh \
		--with-default-path=/usr/local/bin:/bin:/usr/bin \
		--with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
		--with-privsep-path=%{_var}/empty/sshd \
		--mandir=%{_mandir} \
		--with-mantype=man \
		--disable-strip \
		--with-ssl-dir=/usr/bin \
	%if %{scard}
		--with-smartcard \
	%endif
	%if %{rescue}
		--without-pam \
	%else
		--with-pam \
	%endif
	%if %{kerberos5}
		 --with-kerberos5=$K5DIR \
	%endif


	%if %{static_libcrypto}
	perl -pi -e "s|-lcrypto|%{_libdir}/libcrypto.a|g" Makefile
	%endif

	make

	%if ! %{no_x11_askpass}
	pushd x11-ssh-askpass-%{aversion}
	%configure --libexecdir=%{_libexecdir}/openssh
	xmkmf -a
	make
	popd
	%endif

	# Define a variable to toggle gnome1/gtk2 building.  This is necessary
	# because RPM doesn't handle nested %if statements.
	%if %{gtk2}
		gtk2=yes
	%else
		gtk2=no
	%endif

	%if ! %{no_gnome_askpass}
	pushd contrib
	if [ $gtk2 = yes ] ; then
		make gnome-ssh-askpass2
		mv gnome-ssh-askpass2 gnome-ssh-askpass
	else
		make gnome-ssh-askpass1
		mv gnome-ssh-askpass1 gnome-ssh-askpass
	fi
	popd
	%endif

	%install
	rm -rf $RPM_BUILD_ROOT
	mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
	mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
	mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd

	make install DESTDIR=$RPM_BUILD_ROOT

	install -d $RPM_BUILD_ROOT/etc/pam.d/
	install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
	install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
	#install -m644 contrib/redhat/sshd.pam  $RPM_BUILD_ROOT/etc/pam.d/sshd
	install -m644 /etc/pam.d/sshd  $RPM_BUILD_ROOT/etc/pam.d/sshd
	install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd

	%if ! %{no_x11_askpass}
	install x11-ssh-askpass-%{aversion}/x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/x11-ssh-askpass
	ln -s x11-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
	%endif

	%if ! %{no_gnome_askpass}
	install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
	%endif

	%if ! %{scard}
		 rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
	%endif

	%if ! %{no_gnome_askpass}
	install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
	install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
	install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
	%endif

	perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*

	%clean
	rm -rf $RPM_BUILD_ROOT

	%triggerun server -- ssh-server
	if [ "$1" != 0 -a -r /var/run/sshd.pid ] ; then
		touch /var/run/sshd.restart
	fi

	%triggerun server -- openssh-server < 2.5.0p1
	# Count the number of HostKey and HostDsaKey statements we have.
	gawk	'BEGIN {IGNORECASE=1}
		 /^hostkey/ || /^hostdsakey/ {sawhostkey = sawhostkey + 1}
		 END {exit sawhostkey}' /etc/ssh/sshd_config
	# And if we only found one, we know the client was relying on the old default
	# behavior, which loaded the the SSH2 DSA host key when HostDsaKey wasn't
	# specified.  Now that HostKey is used for both SSH1 and SSH2 keys, specifying
	# one nullifies the default, which would have loaded both.
	if [ $? -eq 1 ] ; then
		echo HostKey /etc/ssh/ssh_host_rsa_key >> /etc/ssh/sshd_config
		echo HostKey /etc/ssh/ssh_host_dsa_key >> /etc/ssh/sshd_config
	fi

	%triggerpostun server -- ssh-server
	if [ "$1" != 0 ] ; then
		/sbin/chkconfig --add sshd
		if test -f /var/run/sshd.restart ; then
			rm -f /var/run/sshd.restart
			/sbin/service sshd start > /dev/null 2>&1 || :
		fi
	fi

	%pre server
	%{_sbindir}/groupadd -r -g %{sshd_gid} sshd 2>/dev/null || :
	%{_sbindir}/useradd -d /var/empty/sshd -s /bin/false -u %{sshd_uid} \
		-g sshd -M -r sshd 2>/dev/null || :

	%post server
	/sbin/chkconfig --add sshd
	sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
	sed -i -e "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
	sed -i -e "s/#X11Forwarding no/X11Forwarding yes/g" /etc/ssh/sshd_config
	chmod +x /etc/init.d/sshd
	chmod 600 /etc/ssh/ssh_host_rsa_key
	chmod 600 /etc/ssh/ssh_host_ecdsa_key
	chmod 600 /etc/ssh/ssh_host_ed25519_key

	%postun server
	/sbin/service sshd condrestart > /dev/null 2>&1 || :

	%preun server
	if [ "$1" = 0 ]
	then
		/sbin/service sshd stop > /dev/null 2>&1 || :
		/sbin/chkconfig --del sshd
	fi

	%files
	%defattr(-,root,root)
	%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
	%attr(0755,root,root) %{_bindir}/scp
	%attr(0644,root,root) %{_mandir}/man1/scp.1*
	%attr(0755,root,root) %dir %{_sysconfdir}/ssh
	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
	%if ! %{rescue}
	%attr(0755,root,root) %{_bindir}/ssh-keygen
	%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
	%attr(0755,root,root) %dir %{_libexecdir}/openssh
	%attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
	%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
	%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
	%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
	%attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
	%attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
	%endif
	%if %{scard}
	%attr(0755,root,root) %dir %{_datadir}/openssh
	%attr(0644,root,root) %{_datadir}/openssh/Ssh.bin
	%endif

	%files clients
	%defattr(-,root,root)
	%attr(0755,root,root) %{_bindir}/ssh
	%attr(0644,root,root) %{_mandir}/man1/ssh.1*
	%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
	%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
	%if ! %{rescue}
	%attr(2755,root,nobody) %{_bindir}/ssh-agent
	%attr(0755,root,root) %{_bindir}/ssh-add
	%attr(0755,root,root) %{_bindir}/ssh-keyscan
	%attr(0755,root,root) %{_bindir}/sftp
	%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
	%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
	%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
	%attr(0644,root,root) %{_mandir}/man1/sftp.1*
	%endif

	%if ! %{rescue}
	%files server
	%defattr(-,root,root)
	%dir %attr(0111,root,root) %{_var}/empty/sshd
	%attr(0755,root,root) %{_sbindir}/sshd
	%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
	%attr(0644,root,root) %{_mandir}/man8/sshd.8*
	%attr(0644,root,root) %{_mandir}/man5/moduli.5*
	%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
	%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
	%attr(0755,root,root) %dir %{_sysconfdir}/ssh
	%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
	%attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
	%attr(0755,root,root) %config /etc/rc.d/init.d/sshd
	%endif

	%if ! %{no_x11_askpass}
	%files askpass
	%defattr(-,root,root)
	%doc x11-ssh-askpass-%{aversion}/README
	%doc x11-ssh-askpass-%{aversion}/ChangeLog
	%doc x11-ssh-askpass-%{aversion}/SshAskpass*.ad
	%{_libexecdir}/openssh/ssh-askpass
	%attr(0755,root,root) %{_libexecdir}/openssh/x11-ssh-askpass
	%endif

	%if ! %{no_gnome_askpass}
	%files askpass-gnome
	%defattr(-,root,root)
	%attr(0755,root,root) %config %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
	%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
	%endif

步骤 5:构建RPM包

# 使用`rpmbuild`命令来构建RPM包:
rpmbuild -ba ~/rpmbuild/SPECS/openssh.spec

# (如果需要的话)清理构建目录,你可以使用 rpmbuild 的清理选项来清理之前的构建。
# 使用 --clean 选项,rpmbuild会删除构建目录中的临时文件。
rpmbuild -ba ~/rpmbuild/SPECS/openssh.spec --clean

# 构建成功后,将在`~/rpmbuild/RPMS/x86_64/`目录看到如下RPM包。
openssh-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-askpass-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-askpass-debuginfo-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-askpass-gnome-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-askpass-gnome-debuginfo-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-clients-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-clients-debuginfo-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-debuginfo-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-debugsource-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-server-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-server-debuginfo-9.7p1-1.el8.bclinux.x86_64.rpm

# 这里我们只需要安装如下3个包即可。
openssh-server-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-clients-9.7p1-1.el8.bclinux.x86_64.rpm
openssh-9.7p1-1.el8.bclinux.x86_64.rpm

# 将这3个包拷贝到'~/openssh-offline-packages/'目录下备用
cp ~/rpmbuild/RPMS/x86_64/openssh{,-clients,-server}-9.7p1-1.el8.bclinux.x86_64.rpm ~/openssh-offline-packages/

步骤6:备份要升级openssh主机的相关文件

cp -Rf /etc/ssh{,.back} <==> cp -Rf /etc/ssh /etc/ssh.back
cp /etc/pam.d/sshd /etc/pam.d/sshd.bak

步骤7:测试安装构建好的openssh rpm包

# 以升级的方式安装,要不然使用'rpm -ivh OpenSSH*.rpm'需要卸载现有ssh包才能安装(不建议)
rpm -Uvh OpenSSH*.rpm

# 重启openssh
# ***切记不要退出远程登录***,如果升级失败你就和你的主机完美失联了。
systemctl daemon-reload
systemctl restart sshd

# 重启后,再开一个窗口验证无误后再退出远程登录。
MarkTo_Boy
关注
创建 RPM :CentOS 7 制作 OpenSSH 8.4 RPM
wzfgd的博客
03-04 821
简易的 RPM 制作教程和 CentOS 7 制作 OpenSSH 8.4 RPM 安装详细过程。
通过源码编译出全量 openssh-7.9p1 rpm
04-19
6. **创建RPM**:要生成RPM,你需要有RPM构建环境,rpm-build、rpmbuild等工具。在`SPEC`目录下,编辑`openssh.spec`文件,配置版本、依赖关系等信息。使用`rpmbuild -bb openssh.spec`命令生成RPM。 在...
centos/redhat openssh7.5 rpm
09-30
openssh7.5版本rpm,主要括:opensshopenssh-clients、openssh-debuginfo、openssh-server,下载前请仔细确认版本以及rpm是否满足需求
CentOS7 使用RPMBUILD 编译 Openssh rpm并安装
Task深水炸弹
07-31 5557
生产场景下会有很多离线环境的机器需要升级openssh组件,此篇教程通过离线编译rpm的方式生成rpm,直接到生产环境部署,是目前最稳妥的升级方式,持续更新中
Ubuntu使用rpm安装mysql,并远程连接
小石潭记丶
07-14 264
sudo vim /etc/mysql/debian.cnf 这里修改密码。systemctl start mysql 启动mysql。mysql -u root -p 连接mysql。如果需要远程链接 还需要修改bind-address。安装MySQL软件
centos7快速制作openssh 9.7 rpm
andycnm的专栏
06-03 406
openssh 9.7 linux
Openssh rpm 制作
chengfangang的专栏
03-31 5774
0X01 下载openssh 源文件 rpm制作的前期各种文件略过,我选择在http://mirror.aarnet.edu.au/pub/OpenBSD/OpenSSH/portable/ 下载合适的openssh 版本文件,我选择的是 openssh-6.5p1.tar.gz 30-Jan-2014 06:29 1.2M 。 0x02制作步骤 tar zxvf openssh-6
centos 7.x openssh7.8p RPM
09-13
基于2018年8月24日官网最新7.8p1版本编译打,直接运行yum update -openssh-*.rpm,即可升级。切记:升级以后可能会无法登陆。需要修改/etc/ssh/sshd_config的允许root登陆方式和PAM no等配置,确认可以登陆后再断开。
ARM架构和X86_64架构rpmbuild制作openssh和openssl的rpm
09-27
构建完成后,RPM可以分发到对应架构的Linux系统中,通过`yum`或`dnf`等管理器进行安装,确保了软件在不同环境下的统一管理和部署。 在实际应用中,理解并熟练掌握`rpmbuild`以及跨架构编译技术对于IT专业人员来...
openssh9.8源码,制作rpm
最新发布
08-23
要使用OpenSSH 9.8的源码制作RPM,你需要遵循一系列步骤,括安装必要的工具、准备源码、编写RPM规范文件(spec file),然后构建RPM。以下是一个基本的指南: 1. 安装必要的工具 首先,确保你的系统上安装...
rpm制作
01-09
1、指定rpm制作位置,默认/root/rpmbuild文件夹里面含BUILD、BUILDROOT、RPMS、SOURCES、SPECS、SRPMS文件夹 2、将要打放入rpmbuild/SOURCES文件夹下 3、制作spec文件 rpmbuild文件夹 %_topdir BUILD 编译...
CentOS 7 openssh8.1p1 rpm
12-24
使用前记得备份 cp -p /etc/pam.d/sshd /etc/pam.d/sshd.old cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.old rpm -Uvh ./*.rpm 升级完记得恢复配置与删除原来openssh生成的key rm -rf /etc/ssh/ssh_host_*key cat /etc/pam.d/sshd.old > /etc/pam.d/sshd cat /etc/ssh/sshd_config.old > /etc/ssh/sshd_config 最后重启 systemctl restart sshd
openssh7.7p centos6.x 64位 rpm
04-27
好的2018年4月最新版openssh7.7p,centos6.x可直接替换自带的openssh5.6,再次yum安装不会被替代。无需升级openssl
openssh-8.0p1-1.el7.x86_64.rpm含所有的rpm
08-14
centos7&Redhat7;可以用的,升级opensshopenssh-8.0p1版本的所有RPM。精心制作的RPM,直接yum install 同时4个rpm,即可升级完毕。 openssh-8.0p1-1.el7.x86_64.rpm systemctl start sshd cd /etc/ssh/ chmod 400 ssh_host_ecdsa_key ssh_host_ed25519_key ssh_host_rsa_key echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
openssh7.8p1RPM
09-28
自制的openssh7.8p1的RPM,基于CentOS7制作,用于openssh升级,亲测可正常安装使用。
OpenSSH_8.8p1_OpenSSL 1.1.1n rpm
03-30
使用openssh8.8p1源码基于openssl-1.1.1n编译,解决最新出现的openssl漏洞(拒绝服务漏洞的信息,漏洞编号:CVE-2022-0778,漏洞威胁等级:高危。)
openssh9.8p1的rpm
tanglx(汤龙祥)的博客
07-03 1814
openssh9.8p1的rpm
openssh 7.9p1 rpm
04-12
openssh 7.9p1 rpm "OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。sshd是其中的一个独立守护进程。 OpenSSH 7.2p2及之前版本的sshd中的session.c文件中的‘do_setup_env’函数存在安全漏洞。当程序启用UseLogin功能并且PAM被配置成读取用户主目录中的.pam_environment文件时,本地攻击者可借助/bin/login程序的特制的环境变量利用该漏洞获取权限。 "
openssh 8.0 rpm 制作
alston2014的博客
09-23 690
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip -y mkdir -p /root/rpmbuild/{SOURCES,SPECS} cd /root/rpmbuild/SOURCES wget https://cdn.openbsd.org/pub/O...
使用rpmbuild制作Nginx的RPM
05-25
要使用 rpmbuild 制作 Nginx 的 RPM ,需要按照以下步骤进行操作: 1. 安装必要的软件: ``` sudo yum install rpm-build rpmdevtools ``` 2. 创建 RPM 的工作目录: ``` rpmdev-setuptree ``` 这将在当前用户的主目录下创建一个 rpm 目录,其中含了常用的 RPM目录结构。 3. 下载 Nginx 的源码并将其放置到 rpmbuild 的 SOURCES 目录下: ``` wget http://nginx.org/download/nginx-1.14.0.tar.gz mv nginx-1.14.0.tar.gz ~/rpmbuild/SOURCES/ ``` 4. 下载 Nginx 的 spec 文件并将其放置到 rpmbuild 的 SPECS 目录下: ``` wget https://raw.githubusercontent.com/nginx/nginx/master/redhat/nginx.spec mv nginx.spec ~/rpmbuild/SPECS/ ``` 5. 安装 Nginx 的依赖库: ``` sudo yum install openssl-devel pcre-devel zlib-devel ``` 6. 执行 rpmbuild 命令来生成 RPM : ``` rpmbuild -ba ~/rpmbuild/SPECS/nginx.spec ``` 这将在 rpmbuildRPMS 目录下生成 Nginx 的 RPM 。 注意:如果您需要自定义 Nginx 的编译选项,可以修改 SPECS 目录下的 nginx.spec 文件,然后重新执行 rpmbuild 命令来生成 RPM
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值