add post082

hilyso · Mar 12, 2024 · 16e09ce · 16e09ce
1 parent 95be3a9
commit 16e09ce
Show file tree

Hide file tree

Showing 4 changed files with 133 additions and 14 deletions.
diff --git a/source/_posts/009.openssh.md b/source/_posts/009.openssh.md
@@ -1,5 +1,5 @@
 ---
-title: openssl 和 openssl 升级
+title: openssh 和 openssl 升级
 date: 2022-05-16 10:33:08
 categories: 
 - [Linux]

diff --git a/source/_posts/081.openssl_rpm_build.md b/source/_posts/081.openssl_rpm_build.md
@@ -70,10 +70,7 @@ BuildRoot:  %_topdir/BUILDROOT
 
 %description
 The OpenSSL toolkit provides support for secure communications between
-machines. OpenSSL includes a certificate management tool and shared
-libraries which provide various cryptographic algorithms and
-protocols.
-
+machines. 
 
 %package devel
 Summary: Secure Sockets Layer and cryptography static libraries and headers
@@ -82,14 +79,6 @@ Requires: %{name} = %{version}-%{release}
 %description devel
 The OpenSSL devel tool
 
-%package doc
-Summary: OpenSSL miscellaneous files
-Group: Documentation
-Requires: openssl
-%description doc
-The OpenSSL doc
-
-
 %prep
 %setup -q
 
@@ -122,7 +111,6 @@ ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
 %defattr(-,root,root)
 
 
-
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 

diff --git a/source/_posts/082.openssh_rpm_build.md b/source/_posts/082.openssh_rpm_build.md
@@ -0,0 +1,131 @@
+---
+title: OpenSSH rpm包制作
+date: 2024-3-11 14:58:31
+categories: 
+- [Linux]
+tags: 
+- rpm打包
+- openssh
+---
+
+
+## 环境
+
+  - 硬件平台: PVE-KVM x86_64
+  - 系统版本: CentOS 7.9 64bit
+  - 软件版本: OpenSSH-9.7p1
+    - OpenSSH-9.7p1
+    - OpenSSL-3.0.12
+    - x11-ssh-askpass-1.2.4.1.tar.gz
+
+## 说明
+
+  - ```OpenSSH-9.7p1```依赖```OpenSSL-1.1.1```及以上版本, 请先升级OpenSSL, [参照这里](https://hilyso.github.io/2024/03/07/081.openssl_rpm_build/)
+  - ```OpenSSH-8.6```后默认为不允许root登录
+  - 默认允许使用PAM登录认证；
+  - 默认允许使用X11Forwarding图形模块；
+  - 需要给/etc/init.d/sshd 执行权限
+  - 需要给```ssh_host_rsa_key```、```ssh_host_ecdsa_key```、```ssh_host_ed25519_key```这三个文件的权限, ```OpenSSH-8.6```之后缩小了这三个文件的权限为0600, 大于该权限将会导致opensshd启动失败
+## 一、
+
+### 1.1 安装依赖
+
+  ``` ~]# yum install libXt libXt-devel imake gtk2-devel ```
+  ``` ~]# rpm-build rpmlint rpmdevtools curl```
+
+### 1.2 rpmbuild 目录相关
+
+{% note warning %}
+**注意:**
+下面两个操作请不要使用 ```root``` 用户操作
+{% endnote %}
+
+#### 创建目录
+  ```~]$ mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS} ```
+
+#### 目录配置
+  ``` ~]$ echo "%_topdir %{getenv:HOME}/rpmbuild" > ~/.rpmmacros ```
+  - ``` %_topdir ```：RPM 构建的顶层目录宏
+  - ``` %{getenv:HOME} ```：获取用户主目录的环境变量
+  - ``` ~/.rpmmacros ```：用户 RPM 配置文件
+
+
+### 1.3 下载源码
+
+  - 下载 OpenSSH-9.7p1和x11-ssh-askpass-1.2.4.1源码
+
+  ``` shell
+  curl -o https://mirrors.aliyun.com/pub/OpenBSD/OpenSSH/portable/openssh-9.7p1.tar.gz
+  curl https://src.fedoraproject.org/repo/pkgs/openssh/x11-ssh-askpass-1.2.4.1.tar.gz/8f2e41f3f7eaa8543a2440454637f3c3/x11-ssh-askpass-1.2.4.1.tar.gz
+  ```
+
+  - 将源码上传至```/home/dev/rpmbuild/SOURCES```目录
+
+  ``` shell
+  [root@pve-centos7 SOURCES]$ 
+  [root@pve-centos7 SOURCES]$ pwd
+  /home/dev/rpmbuild/SOURCES
+  [root@pve-centos7 SOURCES]$ ll
+  -rw-r--r-- 1 dev  dev 1848766 Mar 12 10:42 openssh-9.7p1.tar.gz
+  -rw-r--r-- 1 dev  dev    29229 Mar 11 15:15 x11-ssh-askpass-1.2.4.1.tar.gz
+  [root@pve-centos7 SOURCES]$ 
+  ```
+
+
+### 1.4 配置 ```.SPEC```文件
+
+  - **从源码提取.SPEC 文件到SPEC目录**
+    ``` SOURCES]$ tar -xf openssh-9.7p1.tar.gz -C ../SPECS openssh-9.7p1/contrib/redhat/openssh.spec --strip-components=3 ```
+
+  - **修改 ```.SPEC``` 文件** ```%pre server``` 区域下面新增如下配置, 备份ssh配置
+    ``` shell
+        cp -Rf /etc/ssh{,.back}
+    ```
+
+  - **修改 ```.SPEC``` 文件** ```%post server``` 区域下面新增如下配置
+    ``` shell
+        sed -i -e "s/#PermitRootLogin prohibit-password/PermitRootLogin yes/g" /etc/ssh/sshd_config
+        sed -i -e "s/#UsePAM no/UsePAM yes/g" /etc/ssh/sshd_config
+        sed -i -e "s/#X11Forwarding no/X11Forwarding yes/g" /etc/ssh/sshd_config
+        chmod +x /etc/init.d/sshd
+        chmod 600 /etc/ssh/ssh_host_rsa_key
+        chmod 600 /etc/ssh/ssh_host_ecdsa_key
+        chmod 600 /etc/ssh/ssh_host_ed25519_key
+        echo "KexAlgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp	521,diffie-hellman-group14-sha1" >> /etc/ssh/sshd_config
+    ```
+
+  - **修改 ```.SPEC``` 文件** ```%install``` 区域注释改行, 并增添新2行, 保留原```pam```和```ssh-copy-id```配置
+    ``` shell
+        #install -m644 contrib/redhat/sshd.pam  $RPM_BUILD_ROOT/etc/pam.d/sshd
+        install -m644RPM_SOURCE_DIR/sshd     $RPM_BUILD_ROOT/etc/pam.d/sshd
+        install -m755RPM_SOURCE_DIR/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/ssh-copy-id
+    ```
+
+
+### 1.5 检查 ```.SPEC``` 文件
+
+  如果没有 error就可以下一步构建了
+
+  ``` shell
+  [dev@pve-centos7 SPECS]$ rpmlint ./openssh.spec 
+  ./openssh.spec:95: W: unversioned-explicit-obsoletes ssh
+  ./openssh.spec:132: W: unversioned-explicit-obsoletes ssh-clients
+  ./openssh.spec:137: W: unversioned-explicit-obsoletes ssh-server
+  ./openssh.spec:147: W: unversioned-explicit-obsoletes ssh-extras
+  ./openssh.spec:153: W: unversioned-explicit-obsoletes ssh-extras
+  ./openssh.spec:280: W: macro-in-comment %{_bindir}
+  ./openssh.spec:349: W: mixed-use-of-spaces-and-tabs (spaces: line 349, tab: line 208)
+  ./openssh.spec: W: invalid-url Source1: http://www.jmknoble.net/software/x11-ssh-askpass/  x11-ssh-askpass-1.2.4.1.tar.gz <urlopen error unknown url type: socks5>
+  ./openssh.spec: W: invalid-url Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/  openssh-9.7p1.tar.gz ''
+  0 packages and 1 specfiles checked; 0 errors, 9 warnings.
+  [dev@pve-centos7 SPECS]$ 
+  ```
+
+
+### 1.6 构建 OpenSSH rpm包
+
+  ``` ~] $ rpmbuild -ba ~/rpmbuild/SPECS/openssh.spec ```
+
+   如下结果一般就没什么问题了
+
+ ![图](/images/082.openssh_rpm_build.md.01.png)
diff --git a/source/images/082.openssh_rpm_build.md.01.png b/source/images/082.openssh_rpm_build.md.01.png