CentOS7编译生成openssl和openssh RPM包教程

2025-8-13

准备工作

首先安装必要的依赖包和工具:
# 安装开发工具组
yum groupinstall -y "Development Tools"

# 安装其他必要依赖
yum install -y rpm-build rpmdevtools wget zlib-devel openssl-devel \
    pam-devel libselinux-devel krb5-devel gcc make perl-ExtUtils-MakeMaker \
    libX11-devel libXt-devel gtk2-devel libedit-devel
创建 RPM 构建目录结构:
# 创建 rpmbuild 目录结构
rpmdev-setuptree

编译生成 OpenSSL RPM 包

1. 获取 OpenSSL 源码

# 进入源码目录
cd ~/rpmbuild/SOURCES/

# 下载 OpenSSL 源码(可根据需要替换为最新版本)
wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz

# 验证源码包(可选)
wget https://www.openssl.org/source/openssl-1.1.1w.tar.gz.sha256
sha256sum -c openssl-1.1.1w.tar.gz.sha256

2. 创建 OpenSSL 的 SPEC 文件

cd ~/rpmbuild/SPECS/
vi openssl.spec
将以下内容粘贴到 openssl.spec 文件中:
Name:           openssl
Version:        1.1.1w
Release:        1.el7
Summary:        A general purpose cryptography library with TLS implementation

Group:          System Environment/Libraries
License:        OpenSSL
URL:            https://www.openssl.org/
Source0:        https://www.openssl.org/source/%{name}-%{version}.tar.gz

BuildRequires:  gcc make perl-ExtUtils-MakeMaker zlib-devel
Requires:       zlib

%description
The OpenSSL toolkit provides support for secure communications between
machines. OpenSSL includes a certificate management tool and shared
libraries which provide various cryptographic algorithms and protocols.

%prep
%setup -q

%build
./config --prefix=/usr --libdir=/usr/lib64 --shared zlib-dynamic
make

%install
make DESTDIR=%{buildroot} install
install -d %{buildroot}/etc/pki/tls/certs
install -d %{buildroot}/etc/pki/tls/private

%files
%defattr(-,root,root)
/usr/bin/openssl
/usr/include/openssl/
/usr/lib64/libcrypto.so.*
/usr/lib64/libssl.so.*
/usr/lib64/engines/
/usr/share/man/man1/openssl.1*
/etc/pki/tls/certs
/etc/pki/tls/private

%post -p /sbin/ldconfig

%postun -p /sbin/ldconfig

%changelog
* Wed Aug 27 2025 Your Name <your@email.com> 1.1.1w-1.el7
- Initial build of OpenSSL 1.1.1w

3. 构建 OpenSSL RPM 包

# 构建 RPM 包
rpmbuild -ba openssl.spec

# 查看生成的 RPM 包
ls -l ~/rpmbuild/RPMS/x86_64/
ls -l ~/rpmbuild/SRPMS/
生成的 RPM 包将位于 ~/rpmbuild/RPMS/x86_64/ 目录下。

编译生成 OpenSSH RPM 包

1. 获取 OpenSSH 源码

# 进入源码目录
cd ~/rpmbuild/SOURCES/

# 下载 OpenSSH 源码(可根据需要替换为最新版本)
wget https://openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.9p1.tar.gz

# 下载相关补丁(针对 CentOS 7)
wget https://src.fedoraproject.org/rpms/openssh/raw/rawhide/f/openssh-8.8p1-openssl-1.1.1.patch

2. 创建 OpenSSH 的 SPEC 文件

cd ~/rpmbuild/SPECS/
vi openssh.spec
将以下内容粘贴到 openssh.spec 文件中:
Name:           openssh
Version:        8.9p1
Release:        1.el7
Summary:        An open source implementation of SSH protocol versions 1 and 2

Group:          Applications/Internet
License:        BSD
URL:            http://www.openssh.com/portable.html
Source0:        http://openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
Patch0:         openssh-8.8p1-openssl-1.1.1.patch

BuildRequires:  openssl-devel pam-devel zlib-devel libselinux-devel
BuildRequires:  krb5-devel libX11-devel libXt-devel gtk2-devel libedit-devel
Requires:       openssh-clients = %{version}-%{release}
Requires:       openssh-server = %{version}-%{release}

%description
SSH (Secure SHell) is a program for logging into and executing commands on
a remote machine. SSH is intended to replace rlogin and rsh, and to provide
secure encrypted communications between two untrusted hosts over an insecure
network. X11 connections and arbitrary TCP/IP ports can also be forwarded
over the secure channel.

%package clients
Summary:        An open source implementation of SSH protocol clients
Group:          Applications/Internet
Requires:       openssh = %{version}-%{release}

%description clients
OpenSSH clients are applications that allow you to log into another
machine and execute commands on that machine.

%package server
Summary:        An open source implementation of SSH protocol server
Group:          System Environment/Daemons
Requires:       openssh = %{version}-%{release}
Requires:       initscripts >= 7.73
Requires(post): chkconfig
Requires(preun): chkconfig, initscripts

%description server
OpenSSH server is a program for logging into and executing commands on
a remote machine. It is intended to replace rlogind and rshd.

%prep
%setup -q
%patch0 -p1

%build
%configure \
    --sysconfdir=/etc/ssh \
    --libexecdir=/usr/libexec/openssh \
    --with-md5-passwords \
    --with-pam \
    --with-zlib \
    --with-ssl-engine \
    --with-selinux \
    --with-kerberos5 \
    --with-xauth=/usr/bin/xauth \
    --with-gssapi

make

%install
make DESTDIR=%{buildroot} install

# 安装服务脚本
install -D -m 0755 contrib/redhat/sshd.init %{buildroot}/etc/init.d/sshd
install -D -m 0644 contrib/redhat/sshd.pam %{buildroot}/etc/pam.d/sshd

# 创建必要的目录
mkdir -p %{buildroot}/var/empty/sshd
chmod 700 %{buildroot}/var/empty/sshd

# 清理不需要的文件
rm -f %{buildroot}/etc/ssh/ssh_host_*_key*

%files
%defattr(-,root,root)
%doc README LICENSE
%config(noreplace) /etc/ssh/ssh_config
%{_bindir}/ssh-keygen
%{_mandir}/man1/ssh-keygen.1*
%{_mandir}/man5/ssh_config.5*

%files clients
%defattr(-,root,root)
%{_bindir}/scp
%{_bindir}/sftp
%{_bindir}/ssh
%{_bindir}/slogin
%{_libexecdir}/openssh/sftp-server
%{_mandir}/man1/scp.1*
%{_mandir}/man1/sftp.1*
%{_mandir}/man1/ssh.1*
%{_mandir}/man8/sftp-server.8*

%files server
%defattr(-,root,root)
%config(noreplace) /etc/ssh/sshd_config
%config(noreplace) /etc/pam.d/sshd
/etc/init.d/sshd
%{_sbindir}/sshd
%{_libexecdir}/openssh/ssh-keysign
%{_mandir}/man5/sshd_config.5*
%{_mandir}/man8/sshd.8*
%{_mandir}/man8/ssh-keysign.8*
/var/empty/sshd

%post server
/sbin/chkconfig --add sshd
if [ -x /usr/bin/systemctl ]; then
    /usr/bin/systemctl try-restart sshd.service >/dev/null 2>&1 || :
else
    /sbin/service sshd condrestart >/dev/null 2>&1 || :
fi

%preun server
if [ "$1" = 0 ]; then
    if [ -x /usr/bin/systemctl ]; then
        /usr/bin/systemctl stop sshd.service >/dev/null 2>&1 || :
        /usr/bin/systemctl disable sshd.service >/dev/null 2>&1 || :
    else
        /sbin/service sshd stop >/dev/null 2>&1 || :
        /sbin/chkconfig --del sshd
    fi
fi

%changelog
* Wed Aug 27 2025 Your Name <your@email.com> 8.9p1-1.el7
- Initial build of OpenSSH 8.9p1

3. 构建 OpenSSH RPM 包

# 构建 RPM 包
rpmbuild -ba openssh.spec

# 查看生成的 RPM 包
ls -l ~/rpmbuild/RPMS/x86_64/
ls -l ~/rpmbuild/SRPMS/
生成的 OpenSSH RPM 包将位于 ~/rpmbuild/RPMS/x86_64/ 目录下。

安装和验证生成的 RPM 包

安装 OpenSSL

# 安装编译好的 OpenSSL
cd ~/rpmbuild/RPMS/x86_64/
yum localinstall -y openssl-1.1.1w-1.el7.x86_64.rpm

安装 OpenSSH

# 先卸载系统自带的 OpenSSH
yum remove -y openssh openssh-server openssh-clients

# 安装编译好的 OpenSSH
yum localinstall -y openssh-8.9p1-1.el7.x86_64.rpm \
    openssh-clients-8.9p1-1.el7.x86_64.rpm \
    openssh-server-8.9p1-1.el7.x86_64.rpm

验证安装

# 验证 OpenSSL 版本
openssl version

# 验证 OpenSSH 版本
ssh -V

# 启动 sshd 服务
systemctl start sshd
systemctl enable sshd

# 检查服务状态
systemctl status sshd

注意事项

  1. 版本兼容性:确保选择的 OpenSSL 和 OpenSSH 版本相互兼容
  2. 系统备份:在升级系统关键组件前,建议备份重要数据
  3. 测试环境:建议先在测试环境验证生成的 RPM 包,再部署到生产环境
  4. 防火墙设置:确保防火墙允许 SSH 服务的端口(默认 22)
  5. SELinux:如果启用了 SELinux,可能需要调整相关策略
阅读剩余
版权声明:
作者:SE-YangYao
链接:https://www.cnesa.cn/7461.html
文章版权归作者所有,未经允许请勿转载。
THE END
【Linux篇章】穿越数据迷雾:HTTPS构筑网络安全的量子级护盾,重塑数字信任帝国!
<<上一篇
被低估的开源远程连接神器!Electerm 比 XShell 更香?
下一篇>>
相关推荐
【Linux | 网络】高级IO
手搓Tomcat
50条常用的MySQL命令汇总
一文理清云桌面有几种
【MySQL】基本查询
Linux 信号
【Linux我做主】细说环境变量
Linux自动化构建工具-make/Makefile
[linux仓库]解剖Linux内核:文件描述符(fd)的‘前世今生’与内核数据结构探秘
【Linux篇章】再续传输层协议UDP :从低可靠到极速传输的协议重生之路,揭秘无连接通信的二次进化密码!
Copyright © 2025 CNESA CoreNext Powered by WordPress