目前OpenSSH版本已至9.3,其作为操作系统底层管理平台软件,需要保持更新以免遭受安全攻击,编译生成rpm包是生产环境中批量升级的最佳途径。
一、准备编译环境:
-
发布一台虚拟机,最小化安装CentOS6.10,查看系统信息如下:
[root@localhost ~]# cat /etc/redhat-release
CentOS release 6.10 (Final)-
准备相关目录及工具
[root@localhost ~]# cd ~
[root@localhost ~]# mkdir -p rpmbuild/{SOURCES,SPECS}
[root@localhost ~]# yum install wget tree -y
已加载插件:fastestmirror
设置安装进程
Loading mirror speeds from cached hostfile
c6-media | 4.0 kB 00:00 ...
c6-media/primary_db | 4.7 MB 00:00 ...
解决依赖关系
--> 执行事务检查
---> Package tree.x86_64 0:1.5.3-3.el6 will be 安装
---> Package wget.x86_64 0:1.12-10.el6 will be 安装
--> 完成依赖关系计算
依赖关系解决
=========================================================================================================================================================================================================================================
软件包 架构 版本 仓库 大小
=========================================================================================================================================================================================================================================
正在安装:
tree x86_64 1.5.3-3.el6 c6-media 36 k
wget x86_64 1.12-10.el6 c6-media 484 k
...
正在安装 : tree-1.5.3-3.el6.x86_64 1/2
正在安装 : wget-1.12-10.el6.x86_64 2/2
Verifying : wget-1.12-10.el6.x86_64 1/2
Verifying : tree-1.5.3-3.el6.x86_64 2/2
已安装:
tree.x86_64 0:1.5.3-3.el6 wget.x86_64 0:1.12-10.el6
完毕!
-
准备源文件
[root@localhost ~]# cd rpmbuild/SOURCES/
[root@localhost SOURCES]# wget https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.3p1.tar.gz --no-check-certificate
[root@localhost SOURCES]# wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
[root@localhost SOURCES]# tar -xzf openssh-9.3p1.tar.gz
[root@localhost SOURCES]# ll
总用量 1860
drwxr-xr-x. 7 1000 1000 12288 3月 16 05:33 openssh-9.3p1
-rw-r--r--. 1 root root 1856839 3月 16 05:50 openssh-9.3p1.tar.gz
-rw-r--r--. 1 root root 29229 6月 26 2004 x11-ssh-askpass-1.2.4.1.tar.gz
[root@localhost SOURCES]# cp openssh-9.3p1/contrib/redhat/openssh.spec ../SPECS/
[root@localhost SOURCES]# cp ../SPECS/openssh.spec{,.9.3p1init}
[root@localhost SOURCES]# ls ../SPECS
总用量 64
-rw-r--r--. 1 root root 30082 3月 30 18:51 openssh.spec
-rw-r--r--. 1 root root 30082 3月 30 18:51 openssh.spec.9.3p1init-
安装编译工具
[root@localhost SOURCES]# cd ../SPECS
[root@localhost SPECS]# yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel -y
已加载插件:fastestmirror
设置安装进程
Loading mirror speeds from cached hostfile
解决依赖关系
...
已安装:
gcc.x86_64 0:4.4.7-23.el6 openssl-devel.x86_64 0:1.0.1e-57.el6 pam-devel.x86_64 0:1.1.1-24.el6 perl-devel.x86_64 4:5.10.1-144.el6 rpm-build.x86_64 0:4.8.0-59.el6 zlib-devel.x86_64 0:1.2.3-29.el6
作为依赖被安装:
cloog-ppl.x86_64 0:0.15.7-1.2.el6 cpp.x86_64 0:4.4.7-23.el6 db4-cxx.x86_64 0:4.7.25-22.el6 db4-devel.x86_64 0:4.7.25-22.el6
elfutils.x86_64 0:0.164-2.el6 gdb.x86_64 0:7.2-92.el6 gdbm-devel.x86_64 0:1.8.0-39.el6 glibc-devel.x86_64 0:2.12-1.212.el6
glibc-headers.x86_64 0:2.12-1.212.el6 kernel-headers.x86_64 0:2.6.32-754.el6 keyutils-libs-devel.x86_64 0:1.4-5.el6 krb5-devel.x86_64 0:1.10.3-65.el6
libcom_err-devel.x86_64 0:1.41.12-24.el6 libgomp.x86_64 0:4.4.7-23.el6 libkadm5.x86_64 0:1.10.3-65.el6 libselinux-devel.x86_64 0:2.0.94-7.el6
libsepol-devel.x86_64 0:2.0.41-4.el6 mpfr.x86_64 0:2.4.1-6.el6 patch.x86_64 0:2.6-8.el6_9 perl.x86_64 4:5.10.1-144.el6
perl-ExtUtils-MakeMaker.x86_64 0:6.55-144.el6 perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-144.el6 perl-Module-Pluggable.x86_64 1:3.90-144.el6 perl-Pod-Escapes.x86_64 1:1.04-144.el6
perl-Pod-Simple.x86_64 1:3.13-144.el6 perl-Test-Harness.x86_64 0:3.17-144.el6 perl-libs.x86_64 4:5.10.1-144.el6 perl-version.x86_64 3:0.77-144.el6
ppl.x86_64 0:0.10.2-11.el6 redhat-rpm-config.noarch 0:9.0.3-51.el6.centos unzip.x86_64 0:6.0-5.el6 xz.x86_64 0:4.999.9-0.5.beta.20091007git.el6
xz-lzma-compat.x86_64 0:4.999.9-0.5.beta.20091007git.el6
完毕!-
修改源spec文件(去除askpass,取消initscripts版本检查,避免编译出错)
[root@localhost SPECS]# egrep "^%global no_x11_askpass|^%global no_gnome_askpass" /root/rpmbuild/SPECS/openssh.spec
%global no_x11_askpass 0
%global no_gnome_askpass 0
[root@localhost SPECS]# sed -ri.bak "s/^%global no_x11_askpass 0/%global no_x11_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
[root@localhost SPECS]# sed -ri.bak "s/^%global no_gnome_askpass 0/%global no_gnome_askpass 1/g" /root/rpmbuild/SPECS/openssh.spec
[root@localhost SPECS]# egrep "^%global no_x11_askpass|^%global no_gnome_askpass" /root/rpmbuild/SPECS/openssh.spec
%global no_x11_askpass 1
%global no_gnome_askpass 1
[root@localhost SPECS]# sed -i "s/PreReq: initscripts >= 5.00/#PreReq: initscripts >= 5.00/g" /root/rpmbuild/SPECS/openssh.spec && sed -i "s/PreReq: initscripts >= 5.00/#PreReq: initscripts >= 5.00/g" /root/rpmbuild/SPECS/openssh.spec && cat /root/rpmbuild/SPECS/openssh.spec |grep "PreReq: initscripts"
#PreReq: initscripts >= 5.00对比文件差异:
-
生成sshd.init.old和sshd.pam.old文件并重新打包源tar.gz文件包(避免编译报少sshd.init.old或sshd.pam.old出错)
[root@localhost SPECS]# cd ../SOURCES
[root@localhost SOURCES]# ll
总用量 1860
drwxr-xr-x. 7 1000 1000 12288 3月 16 05:33 openssh-9.3p1
-rw-r--r--. 1 root root 1856839 3月 16 05:50 openssh-9.3p1.tar.gz
-rw-r--r--. 1 root root 29229 6月 26 2004 x11-ssh-askpass-1.2.4.1.tar.gz
[root@localhost SOURCES]# mv openssh-9.3p1.tar.gz{,.bak}
[root@localhost SOURCES]# cp ../SOURCES/openssh-9.3p1/contrib/redhat/sshd.pam{,.old} && cp ../SOURCES/openssh-9.3p1/contrib/redhat/sshd.init{,.old}
[root@localhost SOURCES]# tar -czf openssh-9.3p1.tar.gz openssh-9.3p1
[root@localhost SOURCES]# ll
总用量 3752
drwxr-xr-x. 7 1000 1000 12288 3月 16 05:33 openssh-9.3p1
-rw-r--r--. 1 root root 1933976 3月 30 19:24 openssh-9.3p1.tar.gz
-rw-r--r--. 1 root root 1856839 3月 16 05:50 openssh-9.3p1.tar.gz.bak
-rw-r--r--. 1 root root 29229 6月 26 2004 x11-ssh-askpass-1.2.4.1.tar.gz二、编译
[root@localhost SOURCES]# cd ~/rpmbuild/BUILD/SPECS/
[root@localhost SPECS]# rpmbuild -bb openssh.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.BCVSw1
+ umask 022
+ cd /root/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /root/rpmbuild/BUILD
+ rm -rf openssh-9.3p1
+ /bin/tar -xf -
...
Processing files: openssh-debuginfo-9.3p1-1.el6.x86_64
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssh-9.3p1-1.el6.x86_64
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-9.3p1-1.el6.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-clients-9.3p1-1.el6.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-server-9.3p1-1.el6.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssh-debuginfo-9.3p1-1.el6.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.5sygZH
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssh-9.3p1
+ rm -rf /root/rpmbuild/BUILDROOT/openssh-9.3p1-1.el6.x86_64
+ exit 0看到生成一堆rpm,取后exit 0,大功告成。
三、测试验证
[root@localhost SPECS]# cd /root/rpmbuild/RPMS/x86_64
[root@localhost x86_64]# rpm -qa |grep ssh
openssh-5.3p1-123.el6_9.x86_64
openssh-server-5.3p1-123.el6_9.x86_64
libssh2-1.4.2-2.el6_7.1.x86_64
[root@localhost x86_64]# ll
总用量 5744
-rw-r--r--. 1 root root 770824 3月 30 19:26 openssh-9.3p1-1.el6.x86_64.rpm
-rw-r--r--. 1 root root 763804 3月 30 19:26 openssh-clients-9.3p1-1.el6.x86_64.rpm
-rw-r--r--. 1 root root 3846344 3月 30 19:26 openssh-debuginfo-9.3p1-1.el6.x86_64.rpm
-rw-r--r--. 1 root root 488896 3月 30 19:26 openssh-server-9.3p1-1.el6.x86_64.rpm
[root@localhost x86_64]# yum localinstall *
已加载插件:fastestmirror
设置本地安装进程
诊断 openssh-9.3p1-1.el6.x86_64.rpm: openssh-9.3p1-1.el6.x86_64
openssh-9.3p1-1.el6.x86_64.rpm 将作为 openssh-5.3p1-123.el6_9.x86_64 的更新
Loading mirror speeds from cached hostfile
诊断 openssh-clients-9.3p1-1.el6.x86_64.rpm: openssh-clients-9.3p1-1.el6.x86_64
openssh-clients-9.3p1-1.el6.x86_64.rpm 将被安装
诊断 openssh-debuginfo-9.3p1-1.el6.x86_64.rpm: openssh-debuginfo-9.3p1-1.el6.x86_64
openssh-debuginfo-9.3p1-1.el6.x86_64.rpm 将被安装
诊断 openssh-server-9.3p1-1.el6.x86_64.rpm: openssh-server-9.3p1-1.el6.x86_64
openssh-server-9.3p1-1.el6.x86_64.rpm 将作为 openssh-server-5.3p1-123.el6_9.x86_64 的更新
解决依赖关系
--> 执行事务检查
---> Package openssh.x86_64 0:5.3p1-123.el6_9 will be 升级
---> Package openssh.x86_64 0:9.3p1-1.el6 will be an update
---> Package openssh-clients.x86_64 0:9.3p1-1.el6 will be 安装
---> Package openssh-debuginfo.x86_64 0:9.3p1-1.el6 will be 安装
---> Package openssh-server.x86_64 0:5.3p1-123.el6_9 will be 升级
---> Package openssh-server.x86_64 0:9.3p1-1.el6 will be an update
--> 完成依赖关系计算
依赖关系解决
=========================================================================================================================================================================================================================================
软件包 架构 版本 仓库 大小
=========================================================================================================================================================================================================================================
正在安装:
openssh-clients x86_64 9.3p1-1.el6 /openssh-clients-9.3p1-1.el6.x86_64 2.4 M
openssh-debuginfo x86_64 9.3p1-1.el6 /openssh-debuginfo-9.3p1-1.el6.x86_64 15 M
正在升级:
openssh x86_64 9.3p1-1.el6 /openssh-9.3p1-1.el6.x86_64 3.0 M
openssh-server x86_64 9.3p1-1.el6 /openssh-server-9.3p1-1.el6.x86_64 1.2 M
事务概要
=========================================================================================================================================================================================================================================
Install 2 Package(s)
Upgrade 2 Package(s)
总文件大小:21 M
确定吗?[y/N]:y
下载软件包:
运行 rpm_check_debug
执行事务测试
事务测试成功
执行事务
正在升级 : openssh-9.3p1-1.el6.x86_64 1/6
正在安装 : openssh-clients-9.3p1-1.el6.x86_64 2/6
正在升级 : openssh-server-9.3p1-1.el6.x86_64 3/6
正在安装 : openssh-debuginfo-9.3p1-1.el6.x86_64 4/6
清理 : openssh-server-5.3p1-123.el6_9.x86_64 5/6
清理 : openssh-5.3p1-123.el6_9.x86_64 6/6
Verifying : openssh-debuginfo-9.3p1-1.el6.x86_64 1/6
Verifying : openssh-clients-9.3p1-1.el6.x86_64 2/6
Verifying : openssh-9.3p1-1.el6.x86_64 3/6
Verifying : openssh-server-9.3p1-1.el6.x86_64 4/6
Verifying : openssh-5.3p1-123.el6_9.x86_64 5/6
Verifying : openssh-server-5.3p1-123.el6_9.x86_64 6/6
已安装:
openssh-clients.x86_64 0:9.3p1-1.el6 openssh-debuginfo.x86_64 0:9.3p1-1.el6
更新完毕:
openssh.x86_64 0:9.3p1-1.el6 openssh-server.x86_64 0:9.3p1-1.el6
完毕!
[root@localhost x86_64]# rpm -qa |grep ssh
openssh-debuginfo-9.3p1-1.el6.x86_64
openssh-9.3p1-1.el6.x86_64
openssh-server-9.3p1-1.el6.x86_64
openssh-clients-9.3p1-1.el6.x86_64
libssh2-1.4.2-2.el6_7.1.x86_64
版本验证:
可以将/root/rpmbuild/RPMS/x86_64下的软件包进行拷贝分发或放到http服务器共享。至此,rpm包制作完成。
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
