centos系统编译openssl和openssl-lib的rpm安装包

centos系统编译openssl和openssl-lib的rpm安装包

由于漏洞原因需要升级系统的openssl版本到新的版本,但是openssl最新版本需要自己编译生成rpm安装文件,以下是编译步骤:

1、下载对应版本的源码包

可以去openssl github下载,https://github.com/openssl/openssl/releases,找到对应版本的tar.gz文件

2、安装相关依赖包

yum -y install curl  which  make gcc perl  perl-WWW-Curl  rpm-build zlib-devel

3、创建相应目录

mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}

4、创建spec的文件,以下spec的文件包含打包openssl-libs的rpm

cat << 'EOF' > /root/rpmbuild/SPECS/openssl.spec
Summary: OpenSSL 1.1.1w for Centos
Name: openssl
Version: 1.1.1w
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+

Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz

BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl

%description
OpenSSL RPM for version 1.1.1w on Centos

%package libs
Summary: OpenSSL shared libraries
Group: System Environment/Libraries

%description libs
The OpenSSL shared libraries provide a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols.

%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}

%description devel
OpenSSL RPM for version 1.1.1w on Centos (development package)

%prep
%setup -q

%build
./config --prefix=%{openssldir} --openssldir=%{openssldir} shared zlib
make

%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
make DESTDIR=%{buildroot} install

# Move shared libraries to libs package specific directory
mkdir -p %{buildroot}/usr/openssl-libs
mv %{buildroot}%{openssldir}/lib/*.so.* %{buildroot}/usr/openssl-libs/

# Create symbolic links
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
ln -sf /usr/openssl-libs/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf /usr/openssl-libs/libcrypto.so.1.1 %{buildroot}%{_libdir}

%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}

%files
%defattr(-,root,root,-)
/usr/openssl/bin/*
/usr/openssl/include/*
/usr/openssl/lib/*
/usr/openssl/share/*
# 添加库文件
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1

# 添加可执行文件
/usr/bin/openssl

# 添加配置文件和其它需要的 extras
/usr/openssl/ct_log_list.cnf
/usr/openssl/ct_log_list.cnf.dist
/usr/openssl/misc/CA.pl
/usr/openssl/misc/tsget
/usr/openssl/misc/tsget.pl
/usr/openssl/openssl.cnf
/usr/openssl/openssl.cnf.dist

%files libs
%defattr(-,root,root,-)
/usr/openssl-libs/*.so.*

%files devel
%defattr(-,root,root,-)
/usr/openssl/include/*

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig
EOF

如果不需要openssl-libs的rpm,仅仅只需要openssl的rpm,使用一下spec文件

cat << 'EOF' > /root/rpmbuild/SPECS/openssl.spec
Summary: OpenSSL 1.1.1w for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1w}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+

Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz

BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl

%description
OpenSSL RPM for version 1.1.1w on Centos

%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}

%description devel
OpenSSL RPM for version 1.1.1w on Centos (development package)

%prep
%setup -q

%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make

%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install

mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}

%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}

%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1

%files devel
%{openssldir}/include/*
%defattr(-,root,root)

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig
EOF

以上的spec文件里面有对应版本信息1.1.1w,需要根据自己的版本情况进行替换。

5、准备源码包,并编译rpm包

cp openssl-1.1.1w.tar.gz /root/rpmbuild/SOURCES
cd /root/rpmbuild/SPECS && \
    rpmbuild \
    -D "version 1.1.1w" \
    -ba openssl.spec

6、等待编译完成,完成之后,在/root/rpmbuild/RPMS/下面会有对应系统的编译包,我这里是x86_64的,进去之后可以看到rpm包

[root@hadoop-master x86_64]# ll
total 5804
-rw-r--r--. 1 root root 4134132 May 29 14:55 openssl-1.1.1w-1.el7.x86_64.rpm
-rw-r--r--. 1 root root  133000 May 29 14:55 openssl-debuginfo-1.1.1w-1.el7.x86_64.rpm
-rw-r--r--. 1 root root  234860 May 29 14:55 openssl-devel-1.1.1w-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 1429624 May 29 14:55 openssl-libs-1.1.1w-1.el7.x86_64.rpm

7、升级安装openssl

rpm -ivh openssl-1.1.1w-1.el7.x86_64.rpm --nodeps --force
rpm -ivh openssl-libs-1.1.1w-1.el7.x86_64.rpm --nodeps --force
  • 6
    点赞
  • 3
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值