Centos7 制作Openssh9.5 RPM包

最近都在升级Openssh版本到9.3+.在博客里也放了openssh 9.5的rpm包.
详见:https://blog.csdn.net/qq_29974229/article/details/133878576
但还是有小伙伴不停追问这个rpm包是怎么做的,怕下载别人的rpm包里被加了盐.
于是做了个关于怎么用官方的openssh-9.5p1.tar.gz生成自己rpm包的手册供大家学习使用.

1. 环境说明

实验环境操作系统版本Centos 7.9 x86_64

[root@centos7 ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@centos7 ~]# uname -r
3.10.0-1160.el7.x86_64
[root@centos7 ~]#

2. 配置Yum仓库

2.1 配置Yum仓库和epel仓库

rm -f /etc/yum.repos.d/*
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

2.2 建立yum仓库缓存

yum clean all
yum makecache

中间报错忽略即可

3. 安装rpmbuild环境

3.1 安装rpmdevtools

yum install -y rpmdevtools rpmlint

3.2 安装Openssl

yum install -y libXt-devel imake gtk2-devel gcc krb5-devel openssl-devel pam-devel

wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz --no-check-certificate
tar xf openssl-1.1.1w.tar.gz
cd openssl-1.1.1w
./config --openssldir=/usr/local/openssl && make && make install

配置openssl环境变量

ln -sf /usr/local/openssl/include/openssl /usr/include
ln -sf /root/openssl-1.1.1w/libcrypto.so /usr/local/lib/libcrypto.so
echo 'export PATH=/usr/local/openssl/bin:$PATH' >/etc/profile
echo '/usr/local/include/openssl/' >> /etc/ld.so.conf
echo '/usr/local/lib64' >> /etc/ld.so.conf
ldconfig -v
source /etc/profile
openssl version

4. 配置生成rpm包

4.1 生成配置目录环境

cd
rpmdev-setuptree
cd rpmbuild/SOURCES/

4.2 获取openssh包

wget https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.5p1.tar.gz
tar xf openssh-9.5p1.tar.gz
cp openssh-9.5p1/contrib/redhat/openssh.spec ../SPECS/
cd ../SPECS/

4.3 修改SPEC文件

sed -i 's#Source1:.*#Source1: https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz#g' openssh.spec
sed -i 's#%global no_x11_askpass 0#%global no_x11_askpass 1#g' openssh.spec
sed -i 's#%global no_gnome_askpass 0#%global no_gnome_askpass 1#g' openssh.spec
sed -i '/mandir=%/a\        --with-openssl-includes=/usr/local/include/openssl \\' openssh.spec
sed -i '/with-openssl-includes=/a\        --with-ssl-dir=/root/openssl-1.1.1w \\' openssh.spec
sed -i "342 a cp -r /etc/ssh /etc/ssh.bak" openssh.spec
sed -i "343 a cp -r /usr/bin/ssh /usr/bin/ssh.bak" openssh.spec
sed -i '344 a sed -i -e  "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config' openssh.spec
sed -i '345 a echo "PermitRootLogin yes" >> /etc/ssh/sshd_config' openssh.spec
sed -i '346 a sed -i  -e  "s/UsePAM yes/UsePAM no/g" /etc/ssh/sshd_config' openssh.spec
sed -i '347 a chmod 600 /etc/ssh/ssh_host*' openssh.spec
sed -i '348 a systemctl restart sshd' openssh.spec
sed -i '/openssl-devel < 1.1/d' ~/rpmbuild/SPECS/openssh.spec

删除104行

4.4 下载软件包

通过spec文件下载依赖软件包

rm -rf ~/rpmbuild/SOURCES/openssh-9.5p1/
spectool -g -R ~/rpmbuild/SPECS/openssh.spec

5. 生成rpm包

rpmbuild -ba ~/rpmbuild/SPECS/openssh.spec

将openssh-9.5p1-1.el7.x86_64.rpm,openssh-debuginfo-9.5p1-1.el7.x86_64.rpm,openssh-server-9.5p1-1.el7.x86_64.rpm三个包安装即可完成openssh升级.

不同版本用不同版本的os制作即可