CentOS6.10系统原生的openssl版本太老,1.0.1e,不能满足一些新版本应用软件的要求,但是它又被wget、mysql-libs、python-2.6.6、yum等一众系统包所依赖,不能再做升级。故需考虑在不影响系统原生openssl的情况下,安装较新版的openssl形成多版本并存,本文采用编译rpm包的方式完成了可并存的openssl-1.1.1的安装文件制作。
一、准备编译环境:
1、发布一台虚拟机,最小化安装CentOS6.10,查看系统信息如下:
[root@localhost ~]# cat /etc/redhat-release
CentOS release 6.10 (Final)2、查看系统所带openssl的版本信息:
[root@localhost ~]# rpm -qa|grep openssh
openssh-5.3p1-123.el6_9.x86_64
openssh-server-5.3p1-123.el6_9.x86_64
[root@localhost ~]# rpm -qa|grep openssl
openssl-1.0.1e-57.el6.x86_643、修改系统源为阿里源:
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# rm CentOS-* -rf
[root@localhost yum.repos.d]# vi http.repo
[root@localhost yum.repos.d]# cat http.repo
[os]
name=os
baseurl=https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/
gpgcheck=0
enabled=1
[root@localhost yum.repos.d]# cd ~
[root@localhost ~]# yum repolist
已加载插件:fastestmirror
Determining fastest mirrors
os | 3.7 kB 00:00
os/primary_db | 4.7 MB 00:04
仓库标识 仓库名称 状态
os os 6,713
repolist: 6,713
4、准备相关目录及工具
[root@localhost ~]# cd ~
[root@localhost ~]# mkdir -p rpmbuild/{SOURCES,SPECS}
[root@localhost ~]# yum install wget tree -y
已加载插件:fastestmirror
设置安装进程
Loading mirror speeds from cached hostfile
解决依赖关系
--> 执行事务检查
---> Package tree.x86_64 0:1.5.3-3.el6 will be 安装
---> Package wget.x86_64 0:1.12-10.el6 will be 安装
--> 完成依赖关系计算
依赖关系解决
=========================================================================================================================================================
软件包 架构 版本 仓库 大小
=========================================================================================================================================================
正在安装:
tree x86_64 1.5.3-3.el6 os 36 k
wget x86_64 1.12-10.el6 os 484 k
事务概要
=========================================================================================================================================================
Install 2 Package(s)
总下载量:520 k
Installed size: 1.9 M
下载软件包:
(1/2): tree-1.5.3-3.el6.x86_64.rpm | 36 kB 00:00
(2/2): wget-1.12-10.el6.x86_64.rpm | 484 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------
总计 799 kB/s | 520 kB 00:00
运行 rpm_check_debug
执行事务测试
事务测试成功
执行事务
正在安装 : tree-1.5.3-3.el6.x86_64 1/2
正在安装 : wget-1.12-10.el6.x86_64 2/2
Verifying : wget-1.12-10.el6.x86_64 1/2
Verifying : tree-1.5.3-3.el6.x86_64 2/2
已安装:
tree.x86_64 0:1.5.3-3.el6 wget.x86_64 0:1.12-10.el6
完毕!5、 准备源文件
[root@localhost ~] # cd rpmbuild/SOURCES/
[root@localhost SOURCES]# wget https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz --no-check-certificate
--2023-09-06 17:08:04-- https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
正在解析主机 www.openssl.org... 184.30.9.21, 2402:4f00:4002:19e::c1e, 2402:4f00:4002:198::c1e
正在连接 www.openssl.org|184.30.9.21|:443... 已连接。
...
2023-09-06 17:08:13 (924 KB/s) - 已保存 “openssl-1.1.1.tar.gz” [8337920/8337920])
[root@localhost SOURCES]# ll openssl-1.1.1.tar.gz
-rw-r--r--. 1 root root 8337920 9月 11 2018 openssl-1.1.1.tar.gz6、 安装编译工具
[root@localhost SPECS]# yum install -y gcc make perl rpm-build rpmlint perl-WWW-Curl
已加载插件:fastestmirror
设置安装进程
Loading mirror speeds from cached hostfile
os | 3.7 kB 00:00
包 gcc-4.4.7-23.el6.x86_64 已安装并且是最新版本
包 1:make-3.81-23.el6.x86_64 已安装并且是最新版本
包 4:perl-5.10.1-144.el6.x86_64 已安装并且是最新版本
包 rpm-build-4.8.0-59.el6.x86_64 已安装并且是最新版本
解决依赖关系
--> 执行事务检查
---> Package perl-WWW-Curl.x86_64 0:4.09-4.el6 will be 安装
---> Package rpmlint.noarch 0:0.94-3.1.el6 will be 安装
--> 处理依赖关系 python-magic,它被软件包 rpmlint-0.94-3.1.el6.noarch 需要
--> 处理依赖关系 python-enchant,它被软件包 rpmlint-0.94-3.1.el6.noarch 需要
--> 执行事务检查
---> Package python-enchant.x86_64 0:1.3.1-5.2.el6 will be 安装
--> 处理依赖关系 libenchant.so.1()(64bit),它被软件包 python-enchant-1.3.1-5.2.el6.x86_64 需要
---> Package python-magic.x86_64 0:5.04-30.el6 will be 安装
--> 执行事务检查
---> Package enchant.x86_64 1:1.5.0-5.el6 will be 安装
--> 处理依赖关系 libhunspell-1.2.so.0()(64bit),它被软件包 1:enchant-1.5.0-5.el6.x86_64 需要
--> 执行事务检查
---> Package hunspell.x86_64 0:1.2.8-16.el6 will be 安装
--> 完成依赖关系计算
依赖关系解决
=========================================================================================================================================================
软件包 架构 版本 仓库 大小
=========================================================================================================================================================
正在安装:
perl-WWW-Curl x86_64 4.09-4.el6 os 47 k
rpmlint noarch 0.94-3.1.el6 os 186 k
为依赖而安装:
enchant x86_64 1:1.5.0-5.el6 os 49 k
hunspell x86_64 1.2.8-16.el6 os 177 k
python-enchant x86_64 1.3.1-5.2.el6 os 82 k
python-magic x86_64 5.04-30.el6 os 29 k
事务概要
=========================================================================================================================================================
Install 6 Package(s)
总下载量:569 k
Installed size: 1.7 M
下载软件包:
(1/6): enchant-1.5.0-5.el6.x86_64.rpm | 49 kB 00:00
(2/6): hunspell-1.2.8-16.el6.x86_64.rpm | 177 kB 00:00
(3/6): perl-WWW-Curl-4.09-4.el6.x86_64.rpm | 47 kB 00:00
(4/6): python-enchant-1.3.1-5.2.el6.x86_64.rpm | 82 kB 00:00
(5/6): python-magic-5.04-30.el6.x86_64.rpm | 29 kB 00:00
(6/6): rpmlint-0.94-3.1.el6.noarch.rpm | 186 kB 00:00
---------------------------------------------------------------------------------------------------------------------------------------------------------
总计 303 kB/s | 569 kB 00:01
运行 rpm_check_debug
执行事务测试
事务测试成功
执行事务
正在安装 : python-magic-5.04-30.el6.x86_64 1/6
正在安装 : hunspell-1.2.8-16.el6.x86_64 2/6
正在安装 : 1:enchant-1.5.0-5.el6.x86_64 3/6
正在安装 : python-enchant-1.3.1-5.2.el6.x86_64 4/6
正在安装 : rpmlint-0.94-3.1.el6.noarch 5/6
正在安装 : perl-WWW-Curl-4.09-4.el6.x86_64 6/6
Verifying : hunspell-1.2.8-16.el6.x86_64 1/6
Verifying : perl-WWW-Curl-4.09-4.el6.x86_64 2/6
Verifying : rpmlint-0.94-3.1.el6.noarch 3/6
Verifying : python-magic-5.04-30.el6.x86_64 4/6
Verifying : python-enchant-1.3.1-5.2.el6.x86_64 5/6
Verifying : 1:enchant-1.5.0-5.el6.x86_64 6/6
已安装:
perl-WWW-Curl.x86_64 0:4.09-4.el6 rpmlint.noarch 0:0.94-3.1.el6
作为依赖被安装:
enchant.x86_64 1:1.5.0-5.el6 hunspell.x86_64 0:1.2.8-16.el6 python-enchant.x86_64 0:1.3.1-5.2.el6 python-magic.x86_64 0:5.04-30.el6
完毕!7、备份原始版本的rpm包,以备不时之需
[root@localhost ~]# cd /opt
[root@localhost opt]# mkdir openssl-devel-1.0.1e
[root@localhost opt]# cd openssl-devel-1.0.1e/
[root@localhost openssl-devel-1.0.1e]# wget https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-1.0.1e-57.el6.x86_64.rpm
--2023-09-06 19:26:42-- https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-1.0.1e-57.el6.x86_64.rpm
正在解析主机 mirrors.aliyun.com... 120.226.194.113, 120.226.194.114, 120.226.194.119, ...
正在连接 mirrors.aliyun.com|120.226.194.113|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1600772 (1.5M) [application/x-rpm]
正在保存至: “openssl-1.0.1e-57.el6.x86_64.rpm”
100%[===============================================================================================================>] 1,600,772 1.58M/s in 1.0s
2023-09-06 19:26:44 (1.58 MB/s) - 已保存 “openssl-1.0.1e-57.el6.x86_64.rpm” [1600772/1600772])
[root@localhost openssl-devel-1.0.1e]# wget https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-devel-1.0.1e-57.el6.x86_64.rpm
--2023-09-06 19:27:05-- https://mirrors.aliyun.com/centos-vault/6.10/os/x86_64/Packages/openssl-devel-1.0.1e-57.el6.x86_64.rpm
正在解析主机 mirrors.aliyun.com... 120.226.194.112, 120.226.194.116, 120.226.194.115, ...
正在连接 mirrors.aliyun.com|120.226.194.112|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1227684 (1.2M) [application/x-rpm]
正在保存至: “openssl-devel-1.0.1e-57.el6.x86_64.rpm”
100%[===============================================================================================================>] 1,227,684 2.40M/s in 0.5s
2023-09-06 19:27:06 (2.40 MB/s) - 已保存 “openssl-devel-1.0.1e-57.el6.x86_64.rpm” [1227684/1227684])
[root@localhost openssl-devel-1.0.1e]# ll
总用量 2764
-rw-r--r--. 1 root root 1600772 3月 23 2017 openssl-1.0.1e-57.el6.x86_64.rpm
-rw-r--r--. 1 root root 1227684 3月 23 2017 openssl-devel-1.0.1e-57.el6.x86_64.rpm 二、正式编译
1、编写spec文件
[root@localhost SOURCES]# cd /root/rpmbuild/SPECS/
[root@localhost SPECS]# vi openssl-1.1.1.spec
[root@localhost SPECS]# cat openssl-1.1.1.spec
Summary: OpenSSL 1.1.1 Portable for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1}
Release: 25%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+
Source: https://www.openssl.org/source/openssl-1.1.1.tar.gz
BuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/openssl-%{version}-%{release}-root
%global openssldir /usr/openssl-%{version}
%description
OpenSSL RPM for version 1.1.1 on Centos
%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description devel
OpenSSL Portable RPM for version 1.1.1 on Centos (development package)
%prep
%setup -q
%build
./config --prefix=%{openssldir} --openssldir=%{openssldir} -fPIC
make
%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl-1.1.1 %{buildroot}%{_bindir}
%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl-1.1.1
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
%files devel
%{openssldir}/include/*
%defattr(-,root,root)
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%changelog
* Wed Sep 6 2023 daijianbing - 1.1.1
- Rebuilt for https://www.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
[root@localhost SPECS]# 注:上面代码有一处需添加一行,请见面的讲解,可以避免后面rpm包安装后的软链接问题。
2、开始编译
[root@localhost SPECS]# rpmbuild -bb openssl-1.1.1.spec
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.JWwxii
+ umask 022
+ cd /root/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /root/rpmbuild/BUILD
+ rm -rf openssl-1.1.1
+ /usr/bin/gzip -dc /root/rpmbuild/SOURCES/openssl-1.1.1.tar.gz
+ /bin/tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd openssl-1.1.1
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.3NZp5J
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssl-1.1.1
+ LANG=C
+ export LANG
+ unset DISPLAY
+ ./config --prefix=/usr/openssl --openssldir=/usr/openssl -fPIC
Operating system: x86_64-whatever-linux2
Configuring OpenSSL version 1.1.1 (0x1010100fL) for linux-x86_64
Using os-specific seed configuration
Creating configdata.pm
Creating Makefile
**********************************************************************
*** ***
*** If you want to report a building issue, please include the ***
*** output from this command: ***
*** ***
*** perl configdata.pm --dump ***
*** ***
**********************************************************************
+ make
...
Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/openssl-1.1.1-25.el6.x86_64
Wrote: /root/rpmbuild/RPMS/x86_64/openssl-1.1.1-25.el6.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssl-devel-1.1.1-25.el6.x86_64.rpm
Wrote: /root/rpmbuild/RPMS/x86_64/openssl-debuginfo-1.1.1-25.el6.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.xriOpv
+ umask 022
+ cd /root/rpmbuild/BUILD
+ cd openssl-1.1.1
+ '[' /root/rpmbuild/BUILDROOT/openssl-1.1.1-25.el6.x86_64 '!=' / ']'
+ /bin/rm -rf /root/rpmbuild/BUILDROOT/openssl-1.1.1-25.el6.x86_64
+ exit 03、如上最后出现“+ exit 0”即正常编译完成,在/root/rpmbuild/RPMS/x86_64目录下可以看到编译生成的rpm文件
[root@localhost SPECS]# ll /root/rpmbuild/RPMS/x86_64/*-1.1.1-*
-rw-r--r--. 1 root root 5439452 9月 6 17:25 /root/rpmbuild/RPMS/x86_64/openssl-1.1.1-25.el6.x86_64.rpm
-rw-r--r--. 1 root root 133508 9月 6 17:25 /root/rpmbuild/RPMS/x86_64/openssl-debuginfo-1.1.1-25.el6.x86_64.rpm
-rw-r--r--. 1 root root 237604 9月 6 17:25 /root/rpmbuild/RPMS/x86_64/openssl-devel-1.1.1-25.el6.x86_64.rpm三、测试安装及验证
1、尝试直接安装新版
[root@localhost SPECS]# cd /root/rpmbuild/RPMS/x86_64/
[root@localhost x86_64]# ll
总用量 5684
-rw-r--r--. 1 root root 5440868 9月 6 20:39 openssl-1.1.1-25.el6.x86_64.rpm
-rw-r--r--. 1 root root 133428 9月 6 20:39 openssl-debuginfo-1.1.1-25.el6.x86_64.rpm
-rw-r--r--. 1 root root 237644 9月 6 20:39 openssl-devel-1.1.1-25.el6.x86_64.rpm
[root@localhost x86_64]# rpm -ivh *
Preparing... ########################################### [100%]
1:openssl ########################################### [ 33%]
2:openssl-devel ########################################### [ 67%]
3:openssl-debuginfo ########################################### [100%]
[root@localhost x86_64]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013可见安装新版以后,并没有影响系统默认安装的openssl
2、查看新版openssl安装的目录文件
[root@localhost x86_64]# rpm -qpl openssl-1.1.1-25.el6.x86_64.rpm |more
/usr/bin/openssl-1.1.1
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1
/usr/openssl-1.1.1
/usr/openssl-1.1.1/bin
/usr/openssl-1.1.1/bin/c_rehash
/usr/openssl-1.1.1/bin/openssl
/usr/openssl-1.1.1/certs
/usr/openssl-1.1.1/ct_log_list.cnf
/usr/openssl-1.1.1/ct_log_list.cnf.dist
/usr/openssl-1.1.1/include
/usr/openssl-1.1.1/include/openssl
/usr/openssl-1.1.1/include/openssl/aes.h
/usr/openssl-1.1.1/include/openssl/asn1.h
...
/usr/openssl-1.1.1/share/man/man7/passphrase-encoding.7
/usr/openssl-1.1.1/share/man/man7/scrypt.7
/usr/openssl-1.1.1/share/man/man7/ssl.7
/usr/openssl-1.1.1/share/man/man7/x509.73、执行新版本查看信息,发现问题
可见是链接文件指向错误,手工修正
[root@localhost x86_64]# rm /usr/bin/openssl-1.1.1
rm:是否删除符号链接 "/usr/bin/openssl-1.1.1"?y
[root@localhost x86_64]# ll /usr/openssl-1.1.1/bin/openssl
-rwxr-xr-x. 1 root root 646152 9月 6 21:28 /usr/openssl-1.1.1/bin/openssl
[root@localhost x86_64]# /usr/openssl-1.1.1/bin/openssl version
OpenSSL 1.1.1 11 Sep 2018
[root@localhost x86_64]# cp /usr/openssl-1.1.1/bin/openssl /usr/openssl-1.1.1/bin/openssl-1.1.1
[root@localhost x86_64]# ln -sf /usr/openssl-1.1.1/bin/openssl-1.1.1 /usr/bin/openssl-1.1.1
[root@localhost x86_64]# openssl-1.1.1 version
OpenSSL 1.1.1 11 Sep 2018
[root@localhost x86_64]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 201经排查,出现软链接错误的原因是因为编译生成的openssl命令文件不带1.1.1,将spec文件中的以下行:
ln -sf %{openssldir}/bin/openssl-1.1.1 %{buildroot}%{_bindir}
之前添加一行,如下:
cp %{openssldir}/bin/openssl %{openssldir}/bin/openssl-1.1.1
ln -sf %{openssldir}/bin/openssl-1.1.1 %{buildroot}%{_bindir}
再次编译即可。
至此,CentOS6.10系统的openssl 1.0.1e和1.1.1多版本运行环境建立完成,运行openssl即是系统原生老版,运行openssl-1.1.1则是新安装的1.1.1版本。