OracalLinux7.9升级openssh、openssl及制作rpm包 - 《运维管理备忘录》

编译环境：OL7.9
1.查询当前软件版本：

2.创建用户：

3.备份ssh：

~~配置阿里云镜像：~~

yum install wget
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache

4.安装rpm-build及编译环境：

#安装rpm-build包及其他编译需要的包
yum install rpm-build zlib-devel openssl-devel gcc perl-devel pam-devel unzip
mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}

5.下载Openssl：
地址：https://github.com/openssl/openssl/tags
版本选择：1.1.1q.tar.gz
将文件上传到/home/test文件夹下

cd /home/test
su test
#解压文件,并从新打包，因为后面的rpm打包工具目录名问题
tar -zxvf openssl-OpenSSL_1_1_1q.tar.gz 
#解压得到的文件夹名称openssl-OpenSSL_1_1_1q改为openssl-1.1.1q
mv openssl-OpenSSL_1_1_1q openssl-1.1.1q
#打包文件夹
tar cvf openssl-1.1.1q.tar.gz openssl-1.1.1q
#将openssl-1.1.1q.tar.gz复制到/root/
cp /home/test/openssl-1.1.1q.tar.gz /root/rpmbuild/SOURCES/

编写openssl.spec文件

cd /root/rpmbuild/SPECS
vi openssl.spec
#-----文件内容，请使用vi创建该文件
Summary: OpenSSL 1.1.1q for OLE
Name: openssl
Version: %{?version}%{!?version:1.1.1q}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+
Source: https://www.openssl.org/source/%{name}-%{version}.tar.gz
BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl
%description
OpenSSL RPM for version 1.1.1q on OLE
%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
OpenSSL RPM for version 1.1.1q on Centos (development package)
%prep
%setup -q
%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make
%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
%files devel
%{openssldir}/include/*
%defattr(-,root,root)
%post -p /sbin/ldconfig

执行编译打包：

rpmbuild -D "version 1.1.1q" -bb openssl.spec
#报缺少perl-WWW-curl
cd /home/test
rpm -ivh perl-WWW-Curl-4.15-13.el7.x86_64.rpm
cd /root/rpmbuild/SPECS

安装openssl-1.1.1q:

cd /root/rpmbuild/RPMS/x86_64
rpm -Uvh --nodeps --force openssl*.rpm
openssl version -a

下载OpenSSH9.0p1

cd /root/rpmbuild/SOURCES
wget https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-9.0p1.tar.gz

提取openssh.spec文件

tar -zxvf openssh-9.0p1.tar.gz openssh-9.0p1/contrib/redhat/openssh.spec
mv openssh-9.0p1/contrib/redhat/openssh.spec /root/rpmbuild/SPECS
cd /root/rpmbuild/SPECS
rpmbuild -bb openssh.spec

添加插件：

cd /root/rpmbuild/SOURCES
wget https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
cd /root/rpmbuild/SPECS
rpmbuild -bb openssh.spec

安装其他依赖：

yum install gtk2-devel
yum install imake
yum install libXt-devel

参考链接：
https://www.ngui.cc/51cto/show-530991.html
https://blog.51cto.com/onlyoulinux/2585471?ivk_sa=1024320u

#查看系统ssh版本
ssh -V
#查看系统openssl版本
openssl version -a
#切换用户root
su root
#创建用户及密码test/Test123
useradd test
userpwd test
#备份ssh文件,系统默认7.4p1版本
cp -r /etc/ssh/ /etc/ssh-old-20220709
#备份pam下的sshd文件
cp /etc/pam.d/sshd /etc/pam.d/sshd-old-20220709