-
全网独家:编译CentOS6.10系统的openssl-1.1.1多版本并存的rpm安装包
CentOS6.10系统原生的openssl版本太老,1.0.1e,不能满足一些新版本应用软件的要求,但是它又被wget、mysql-libs、python-2.6.6、yum等一众系统包所依赖,不能再做升级。故需考虑在不影响系统原生openssl的情况下,安装较新版的openssl形成多版本并存,本文采用编译rpm包的方式完成了可并存的openssl-1.1.1的安装文件制作。
一、准备编译环境:
1、发布一台虚拟机,最小化安装CentOS6.10,查看系统信息如下:
- [root@localhost ~]# cat /etc/redhat-release
- CentOS release 6.10 (Final)
2、查看系统所带openssl的版本信息:
- [root@localhost ~]# rpm -qa|grep openssh
- openssh-5.3p1-123.el6_9.x86_64
- openssh-server-5.3p1-123.el6_9.x86_64
- [root@localhost ~]# rpm -qa|grep openssl
- openssl-1.0.1e-57.el6.x86_64
3、修改系统源为阿里源:
- [root@localhost ~]# cd /etc/yum.repos.d/
- [root@localhost yum.repos.d]# rm CentOS-* -rf
- [root@localhost yum.repos.d]# vi http.repo
- [root@localhost yum.repos.d]# cat http.repo
- [os]
- name=os
- baseurl=https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/
- gpgcheck=0
- enabled=1
- [root@localhost yum.repos.d]# cd ~
- [root@localhost ~]# yum repolist
- 已加载插件:fastestmirror
- Determining fastest mirrors
- os | 3.7 kB 00:00
- os/primary_db | 4.7 MB 00:04
- 仓库标识 仓库名称 状态
- os os 6,713
- repolist: 6,713
4、准备相关目录及工具
- [root@localhost ~]# cd ~
- [root@localhost ~]# mkdir -p rpmbuild/{SOURCES,SPECS}
- [root@localhost ~]# yum install wget tree -y
- 已加载插件:fastestmirror
- 设置安装进程
- Loading mirror speeds from cached hostfile
- 解决依赖关系
- --> 执行事务检查
- ---> Package tree.x86_64 0:1.5.3-3.el6 will be 安装
- ---> Package wget.x86_64 0:1.12-10.el6 will be 安装
- --> 完成依赖关系计算
- 依赖关系解决
- =========================================================================================================================================================
- 软件包 架构 版本 仓库 大小
- =========================================================================================================================================================
- 正在安装:
- tree x86_64 1.5.3-3.el6 os 36 k
- wget x86_64 1.12-10.el6 os 484 k
- 事务概要
- =========================================================================================================================================================
- Install 2 Package(s)
- 总下载量:520 k
- Installed size: 1.9 M
- 下载软件包:
- (1/2): tree-1.5.3-3.el6.x86_64.rpm | 36 kB 00:00
- (2/2): wget-1.12-10.el6.x86_64.rpm | 484 kB 00:00
- ---------------------------------------------------------------------------------------------------------------------------------------------------------
- 总计 799 kB/s | 520 kB 00:00
- 运行 rpm_check_debug
- 执行事务测试
- 事务测试成功
- 执行事务
- 正在安装 : tree-1.5.3-3.el6.x86_64 1/2
- 正在安装 : wget-1.12-10.el6.x86_64 2/2
- Verifying : wget-1.12-10.el6.x86_64 1/2
- Verifying : tree-1.5.3-3.el6.x86_64 2/2
- 已安装:
- tree.x86_64 0:1.5.3-3.el6 wget.x86_64 0:1.12-10.el6
- 完毕!
5、 准备源文件
- [root@localhost ~] # cd rpmbuild/SOURCES/
- [root@localhost SOURCES]# wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz --no-check-certificate
- --2023-09-06 17:08:04-- https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
- 正在解析主机 www.openssl.org... 184.30.9.21, 2402:4f00:4002:19e::c1e, 2402:4f00:4002:198::c1e
- 正在连接 www.openssl.org|184.30.9.21|:443... 已连接。
- ...
- 2023-09-06 17:08:13 (924 KB/s) - 已保存 “openssl-1.1.1.tar.gz” [8337920/8337920])
- [root@localhost SOURCES]# ll openssl-1.1.1.tar.gz
- -rw-r--r--. 1 root root 8337920 9月 11 2018 openssl-1.1.1.tar.gz
6、 安装编译工具
- [root@localhost SPECS]# yum install -y gcc make perl rpm-build rpmlint perl-WWW-Curl
- 已加载插件:fastestmirror
- 设置安装进程
- Loading mirror speeds from cached hostfile
- os | 3.7 kB 00:00
- 包 gcc-4.4.7-23.el6.x86_64 已安装并且是最新版本
- 包 1:make-3.81-23.el6.x86_64 已安装并且是最新版本
- 包 4:perl-5.10.1-144.el6.x86_64 已安装并且是最新版本
- 包 rpm-build-4.8.0-59.el6.x86_64 已安装并且是最新版本
- 解决依赖关系
- --> 执行事务检查
- ---> Package perl-WWW-Curl.x86_64 0:4.09-4.el6 will be 安装
- ---> Package rpmlint.noarch 0:0.94-3.1.el6 will be 安装
- --> 处理依赖关系 python-magic,它被软件包 rpmlint-0.94-3.1.el6.noarch 需要
- --> 处理依赖关系 python-enchant,它被软件包 rpmlint-0.94-3.1.el6.noarch 需要
- --> 执行事务检查
- ---> Package python-enchant.x86_64 0:1.3.1-5.2.el6 will be 安装
- --> 处理依赖关系 libenchant.so.1()(64bit),它被软件包 python-enchant-1.3.1-5.2.el6.x86_64 需要
- ---> Package python-magic.x86_64 0:5.04-30.el6 will be 安装
- --> 执行事务检查
- ---> Package enchant.x86_64 1:1.5.0-5.el6 will be 安装
- --> 处理依赖关系 libhunspell-1.2.so.0()(64bit),它被软件包 1:enchant-1.5.0-5.el6.x86_64 需要
- --> 执行事务检查
- ---> Package hunspell.x86_64 0:1.2.8-16.el6 will be 安装
- --> 完成依赖关系计算
- 依赖关系解决
- =========================================================================================================================================================
- 软件包 架构 版本 仓库 大小
- =========================================================================================================================================================
- 正在安装:
- perl-WWW-Curl x86_64 4.09-4.el6 os 47 k
- rpmlint noarch 0.94-3.1.el6 os 186 k
- 为依赖而安装:
- enchant x86_64 1:1.5.0-5.el6 os 49 k
- hunspell x86_64 1.2.8-16.el6 os 177 k
- python-enchant x86_64 1.3.1-5.2.el6 os 82 k
- python-magic x86_64 5.04-30.el6 os 29 k
- 事务概要
- =========================================================================================================================================================
- Install 6 Package(s)
- 总下载量:569 k
- Installed size: 1.7 M
- 下载软件包:
- (1/6): enchant-1.5.0-5.el6.x86_64.rpm | 49 kB 00:00
- (2/6): hunspell-1.2.8-16.el6.x86_64.rpm | 177 kB 00:00
- (3/6): perl-WWW-Curl-4.09-4.el6.x86_64.rpm | 47 kB 00:00
- (4/6): python-enchant-1.3.1-5.2.el6.x86_64.rpm | 82 kB 00:00
- (5/6): python-magic-5.04-30.el6.x86_64.rpm | 29 kB 00:00
- (6/6): rpmlint-0.94-3.1.el6.noarch.rpm | 186 kB 00:00
- ---------------------------------------------------------------------------------------------------------------------------------------------------------
- 总计 303 kB/s | 569 kB 00:01
- 运行 rpm_check_debug
- 执行事务测试
- 事务测试成功
- 执行事务
- 正在安装 : python-magic-5.04-30.el6.x86_64 1/6
- 正在安装 : hunspell-1.2.8-16.el6.x86_64 2/6
- 正在安装 : 1:enchant-1.5.0-5.el6.x86_64 3/6
- 正在安装 : python-enchant-1.3.1-5.2.el6.x86_64 4/6
- 正在安装 : rpmlint-0.94-3.1.el6.noarch 5/6
- 正在安装 : perl-WWW-Curl-4.09-4.el6.x86_64 6/6
- Verifying : hunspell-1.2.8-16.el6.x86_64 1/6
- Verifying : perl-WWW-Curl-4.09-4.el6.x86_64 2/6
- Verifying : rpmlint-0.94-3.1.el6.noarch 3/6
- Verifying : python-magic-5.04-30.el6.x86_64 4/6
- Verifying : python-enchant-1.3.1-5.2.el6.x86_64 5/6
- Verifying : 1:enchant-1.5.0-5.el6.x86_64 6/6
- 已安装:
- perl-WWW-Curl.x86_64 0:4.09-4.el6 rpmlint.noarch 0:0.94-3.1.el6
- 作为依赖被安装:
- enchant.x86_64 1:1.5.0-5.el6 hunspell.x86_64 0:1.2.8-16.el6 python-enchant.x86_64 0:1.3.1-5.2.el6 python-magic.x86_64 0:5.04-30.el6
- 完毕!
7、备份原始版本的rpm包,以备不时之需
- [root@localhost ~]# cd /opt
- [root@localhost opt]# mkdir openssl-devel-1.0.1e
- [root@localhost opt]# cd openssl-devel-1.0.1e/
- [root@localhost openssl-devel-1.0.1e]# wget https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-1.0.1e-57.el6.x86_64.rpm
- --2023-09-06 19:26:42-- https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-1.0.1e-57.el6.x86_64.rpm
- 正在解析主机 mirrors.aliyun.com... 120.226.194.113, 120.226.194.114, 120.226.194.119, ...
- 正在连接 mirrors.aliyun.com|120.226.194.113|:443... 已连接。
- 已发出 HTTP 请求,正在等待回应... 200 OK
- 长度:1600772 (1.5M) [application/x-rpm]
- 正在保存至: “openssl-1.0.1e-57.el6.x86_64.rpm”
- 100%[===============================================================================================================>] 1,600,772 1.58M/s in 1.0s
- 2023-09-06 19:26:44 (1.58 MB/s) - 已保存 “openssl-1.0.1e-57.el6.x86_64.rpm” [1600772/1600772])
- [root@localhost openssl-devel-1.0.1e]# wget https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-devel-1.0.1e-57.el6.x86_64.rpm
- --2023-09-06 19:27:05-- https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-devel-1.0.1e-57.el6.x86_64.rpm
- 正在解析主机 mirrors.aliyun.com... 120.226.194.112, 120.226.194.116, 120.226.194.115, ...
- 正在连接 mirrors.aliyun.com|120.226.194.112|:443... 已连接。
- 已发出 HTTP 请求,正在等待回应... 200 OK
- 长度:1227684 (1.2M) [application/x-rpm]
- 正在保存至: “openssl-devel-1.0.1e-57.el6.x86_64.rpm”
- 100%[===============================================================================================================>] 1,227,684 2.40M/s in 0.5s
- 2023-09-06 19:27:06 (2.40 MB/s) - 已保存 “openssl-devel-1.0.1e-57.el6.x86_64.rpm” [1227684/1227684])
- [root@localhost openssl-devel-1.0.1e]# ll
- 总用量 2764
- -rw-r--r--. 1 root root 1600772 3月 23 2017 openssl-1.0.1e-57.el6.x86_64.rpm
- -rw-r--r--. 1 root root 1227684 3月 23 2017 openssl-devel-1.0.1e-57.el6.x86_64.rpm
二、正式编译
1、编写spec文件
- [root@localhost SOURCES]# cd /root/rpmbuild/SPECS/
- [root@localhost SPECS]# vi openssl-1.1.1.spec
- [root@localhost SPECS]# cat openssl-1.1.1.spec
- Summary: OpenSSL 1.1.1 Portable for Centos
- Name: openssl
- Version: %{?version}%{!?version:1.1.1}
- Release: 25%{?dist}
- Obsoletes: %{name} <= %{version}
- Provides: %{name} = %{version}
- URL: https://www.openssl.org/
- License: GPLv2+
- Source: https://www.openssl.org/source/openssl-1.1.1.tar.gz
- BuildRequires: make gcc perl perl-WWW-Curl
- BuildRoot: %{_tmppath}/openssl-%{version}-%{release}-root
- %global openssldir /usr/openssl-%{version}
- %description
- OpenSSL RPM for version 1.1.1 on Centos
- %package devel
- Summary: Development files for programs which will use the openssl library
- Group: Development/Libraries
- Requires: %{name} = %{version}-%{release}
- %description devel
- OpenSSL Portable RPM for version 1.1.1 on Centos (development package)
- %prep
- %setup -q
- %build
- ./config --prefix=%{openssldir} --openssldir=%{openssldir} -fPIC
- make
- %install
- [ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
- %make_install
- mkdir -p %{buildroot}%{_bindir}
- mkdir -p %{buildroot}%{_libdir}
- ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
- ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
- ln -sf %{openssldir}/bin/openssl-1.1.1 %{buildroot}%{_bindir}
- %clean
- [ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
- %files
- %{openssldir}
- %defattr(-,root,root)
- /usr/bin/openssl-1.1.1
- /usr/lib64/libcrypto.so.1.1
- /usr/lib64/libssl.so.1.1
- %files devel
- %{openssldir}/include/*
- %defattr(-,root,root)
- %post -p /sbin/ldconfig
- %postun -p /sbin/ldconfig
- %changelog
- * Wed Sep 6 2023 daijianbing - 1.1.1
- - Rebuilt for https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
- [root@localhost SPECS]#
注:上面代码有一处需添加一行,请见面的讲解,可以避免后面rpm包安装后的软链接问题。
2、开始编译
- [root@localhost SPECS]# rpmbuild -bb openssl-1.1.1.spec
- Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.JWwxii
- + umask 022
- + cd /root/rpmbuild/BUILD
- + LANG=C
- + export LANG
- + unset DISPLAY
- + cd /root/rpmbuild/BUILD
- + rm -rf openssl-1.1.1
- + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssl-1.1.1.tar.gz
- + /bin/tar -xf -
- + STATUS=0
- + '[' 0 -ne 0 ']'
- + cd openssl-1.1.1
- + /bin/chmod -Rf a+rX,u+w,g-w,o-w .
- + exit 0
- Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.3NZp5J
- + umask 022
- + cd /root/rpmbuild/BUILD
- + cd openssl-1.1.1
- + LANG=C
- + export LANG
- + unset DISPLAY
- + ./config --prefix=/usr/openssl --openssldir=/usr/openssl -fPIC
- Operating system: x86_64-whatever-linux2
- Configuring OpenSSL version 1.1.1 (0x1010100fL) for linux-x86_64
- Using os-specific seed configuration
- Creating configdata.pm
- Creating Makefile
- **********************************************************************
- *** ***
- *** If you want to report a building issue, please include the ***
- *** output from this command: ***
- *** ***
- *** perl configdata.pm --dump ***
- *** ***
- **********************************************************************
- + make
- ...
- Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssl-1.1.1-25.el6.x86_64
- Wrote: /root/rpmbuild/RPMS/x86_64/openssl-1.1.1-25.el6.x86_64.rpm
- Wrote: /root/rpmbuild/RPMS/x86_64/openssl-devel-1.1.1-25.el6.x86_64.rpm
- Wrote: /root/rpmbuild/RPMS/x86_64/openssl-debuginfo-1.1.1-25.el6.x86_64.rpm
- Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.xriOpv
- + umask 022
- + cd /root/rpmbuild/BUILD
- + cd openssl-1.1.1
- + '[' /root/rpmbuild/BUILDROOT/openssl-1.1.1-25.el6.x86_64 '!=' / ']'
- + /bin/rm -rf /root/rpmbuild/BUILDROOT/openssl-1.1.1-25.el6.x86_64
- + exit 0
3、如上最后出现“+ exit 0”即正常编译完成,在/root/rpmbuild/RPMS/x86_64目录下可以看到编译生成的rpm文件
- [root@localhost SPECS]# ll /root/rpmbuild/RPMS/x86_64/*-1.1.1-*
- -rw-r--r--. 1 root root 5439452 9月 6 17:25 /root/rpmbuild/RPMS/x86_64/openssl-1.1.1-25.el6.x86_64.rpm
- -rw-r--r--. 1 root root 133508 9月 6 17:25 /root/rpmbuild/RPMS/x86_64/openssl-debuginfo-1.1.1-25.el6.x86_64.rpm
- -rw-r--r--. 1 root root 237604 9月 6 17:25 /root/rpmbuild/RPMS/x86_64/openssl-devel-1.1.1-25.el6.x86_64.rpm
三、测试安装及验证
1、尝试直接安装新版
- [root@localhost SPECS]# cd /root/rpmbuild/RPMS/x86_64/
- [root@localhost x86_64]# ll
- 总用量 5684
- -rw-r--r--. 1 root root 5440868 9月 6 20:39 openssl-1.1.1-25.el6.x86_64.rpm
- -rw-r--r--. 1 root root 133428 9月 6 20:39 openssl-debuginfo-1.1.1-25.el6.x86_64.rpm
- -rw-r--r--. 1 root root 237644 9月 6 20:39 openssl-devel-1.1.1-25.el6.x86_64.rpm
- [root@localhost x86_64]# rpm -ivh *
- Preparing... ########################################### [100%]
- 1:openssl ########################################### [ 33%]
- 2:openssl-devel ########################################### [ 67%]
- 3:openssl-debuginfo ########################################### [100%]
- [root@localhost x86_64]# openssl version
- OpenSSL 1.0.1e-fips 11 Feb 2013
可见安装新版以后,并没有影响系统默认安装的openssl
2、查看新版openssl安装的目录文件
- [root@localhost x86_64]# rpm -qpl openssl-1.1.1-25.el6.x86_64.rpm |more
- /usr/bin/openssl-1.1.1
- /usr/lib64/libcrypto.so.1.1
- /usr/lib64/libssl.so.1.1
- /usr/openssl-1.1.1
- /usr/openssl-1.1.1/bin
- /usr/openssl-1.1.1/bin/c_rehash
- /usr/openssl-1.1.1/bin/openssl
- /usr/openssl-1.1.1/certs
- /usr/openssl-1.1.1/ct_log_list.cnf
- /usr/openssl-1.1.1/ct_log_list.cnf.dist
- /usr/openssl-1.1.1/include
- /usr/openssl-1.1.1/include/openssl
- /usr/openssl-1.1.1/include/openssl/aes.h
- /usr/openssl-1.1.1/include/openssl/asn1.h
- ...
- /usr/openssl-1.1.1/share/man/man7/passphrase-encoding.7
- /usr/openssl-1.1.1/share/man/man7/scrypt.7
- /usr/openssl-1.1.1/share/man/man7/ssl.7
- /usr/openssl-1.1.1/share/man/man7/x509.7
3、执行新版本查看信息,发现问题
可见是链接文件指向错误,手工修正
- [root@localhost x86_64]# rm /usr/bin/openssl-1.1.1
- rm:是否删除符号链接 "/usr/bin/openssl-1.1.1"?y
- [root@localhost x86_64]# ll /usr/openssl-1.1.1/bin/openssl
- -rwxr-xr-x. 1 root root 646152 9月 6 21:28 /usr/openssl-1.1.1/bin/openssl
- [root@localhost x86_64]# /usr/openssl-1.1.1/bin/openssl version
- OpenSSL 1.1.1 11 Sep 2018
- [root@localhost x86_64]# cp /usr/openssl-1.1.1/bin/openssl /usr/openssl-1.1.1/bin/openssl-1.1.1
- [root@localhost x86_64]# ln -sf /usr/openssl-1.1.1/bin/openssl-1.1.1 /usr/bin/openssl-1.1.1
- [root@localhost x86_64]# openssl-1.1.1 version
- OpenSSL 1.1.1 11 Sep 2018
- [root@localhost x86_64]# openssl version
- OpenSSL 1.0.1e-fips 11 Feb 201
经排查,出现软链接错误的原因是因为编译生成的openssl命令文件不带1.1.1,将spec文件中的以下行:
ln -sf %{openssldir}/bin/openssl-1.1.1 %{buildroot}%{_bindir}
之前添加一行,如下:
cp %{openssldir}/bin/openssl %{openssldir}/bin/openssl-1.1.1
ln -sf %{openssldir}/bin/openssl-1.1.1 %{buildroot}%{_bindir}
再次编译即可。
至此,CentOS6.10系统的openssl 1.0.1e和1.1.1多版本运行环境建立完成,运行openssl即是系统原生老版,运行openssl-1.1.1则是新安装的1.1.1版本。
-
相关阅读:
Visual Studio v1.67改进了深色主题
2022年数维杯国际大学生数学建模挑战赛开赛公告
java计算机毕业设计基于ssm的志愿者活动招募网站
物联网开发笔记(2)- 使用Wokwi仿真树莓派Pico点亮LED灯代码分析
【java刷算法】牛客—剑指offer4DFS与BFS两种思路的碰撞,一起来练习吧
谷歌浏览器占CPU非常高的解决办法
正气歌摘抄
Intel汇编-函数使用全局变量传递数据
centos编译安装opencv,生成opencv-2413.jar
Shopify独立站的营销手段,助力转化率
- 原文地址:https://blog.csdn.net/forestqq/article/details/132707282