KylinOS- V10-SP3-aarch64信创软件安装-openssl-openssh
客户项目需要部署在KylinOS-aarch64信创环境下,结合网上的部署资料及ai,总结了一下arm架构下的软件安装操作方法。客户的服务器采用KylinOS V10 SP3 2403,cpu是华为 HiSilicon Kunpeng-920,一款基于ARM架构的高性能服务器处理器。
服务器是全内网,不能连接外网。
系统自带的 openssl 和 openssh 版本过低,需要升级版本。
想的是后面还有多个服务器需要用到,索性生成通用的 rpm 包,其他的机器直接安装使用。
查询网上生成 rpm 包步骤后,开始操作,以 openssl 生成通用 rpm 包为例:
[*]下载最新源码:https://github.com/openssl/openssl/releases/download/openssl-3.5.4/openssl-3.5.4.tar.gz
[*]安装必要的构建工具
sudo dnf install -y rpm-build rpmdevtools gcc make perl autoconf automake
[*]设置 RPM 构建环境
1 rpmdev-setuptree
2 cd ~/rpmbuild/SOURCES<br>3 将下载的源码拷贝到 目录 ~/rpmbuild/SOURCES 下面
[*]创建 SPEC 文件
1 cd ~/rpmbuild/SPECS
2 vi openssl.spec
3
4 Name: openssl
5 Version: 3.5.4
6 Release: 1%{?dist}
7 Summary: OpenSSL cryptography and SSL/TLS toolkit for aarch64
8 License: Apache-2.0
9 URL: https://www.openssl.org/
10 Source0: https://github.com/openssl/openssl/releases/download/openssl-%{version}/openssl-%{version}.tar.gz
11
12 # 禁用自动依赖检测
13 AutoReq: no
14 AutoProv: no
15 %global debug_package %{nil}
16
17 BuildRequires: gcc
18 BuildRequires: make
19 BuildRequires: perl
20 BuildRequires: perl-IPC-Cmd
21 BuildRequires: zlib-devel
22
23 %description
24 The OpenSSL toolkit provides support for secure communications between machines.
25 Optimized for aarch64 architecture with ARMv8 crypto extensions.
26
27 %package devel
28 Summary: Development files for OpenSSL
29 Requires: %{name} = %{version}-%{release}
30
31 %description devel
32 Development files for OpenSSL with aarch64 optimizations.
33
34 %prep
35 %setup -q -n openssl-%{version}
36
37 %build
38 # aarch64 优化配置(使用通用参数)
39 ./config --prefix=/usr \
40 --openssldir=/etc/ssl \
41 --libdir=/usr/lib64 \
42 shared zlib-dynamic \
43 -march=armv8-a+crypto+simd
44
45 make %{?_smp_mflags}
46
47 %install
48 rm -rf %{buildroot}
49 make install DESTDIR=%{buildroot}
50
51 %clean
52 rm -rf %{buildroot}
53
54 %files
55 %defattr(-,root,root,-)
56 %doc LICENSE.txt README.md CHANGES.md NEWS.md
57 /usr/bin/openssl
58 /usr/bin/c_rehash
59 /usr/lib64/libcrypto.so.*
60 /usr/lib64/libssl.so.*
61 /usr/lib64/engines-3/
62 /usr/lib64/ossl-modules/
63 /etc/ssl/
64 /usr/share/doc/openssl/
65 /usr/share/man/man1/
66 /usr/share/man/man3/
67 /usr/share/man/man5/
68 /usr/share/man/man7/
69
70 %files devel
71 %defattr(-,root,root,-)
72 /usr/include/openssl/
73 /usr/lib64/libcrypto.so
74 /usr/lib64/libssl.so
75 /usr/lib64/*.a
76 /usr/lib64/pkgconfig/
77 /usr/lib64/cmake/
78
79 %changelog
80 * Thu Dec 05 2024 Your Name <your.email@example.com> - 3.5.4-1
81 - Initial build for Kylin aarch64
82 - ARMv8 crypto extensions enabledSPEC文件
[*]构建 RPM 包
cd ~/rpmbuild/SPECS
rpmbuild -ba openssl.spec
[*]检查生成的 RPM 包
cd ~/rpmbuild/RPMS/
ll
这个 RPM 包现在可以在其他麒麟 V10 amd64 系统上使用相同的安装命令进行部署:
sudo rpm -Uvh --nodeps --force openssl-3.5.4-1.ky10.aarch64.rpm openssl-devel-3.5.4-1.ky10.aarch64.rpm
# 验证版本信息
openssl versionopenssl-3.5.4-1.ky10.aarch64.rpmopenssl-devel-3.5.4-1.ky10.aarch64.rpm在 openssl3.5.4 基础上,生成最新版本的 openssh
cd ~/rpmbuild/SPECS
vi openssh.spec主要的是 openssh.spec文件
1 %global ver 10.2p1
2 %global rel 3%{?dist}.aarch64
3
4 # Do we want kerberos5 support (1=yes 0=no)
5 %global kerberos5 0
6
7 %define debug_package %{nil}
8
9 BuildRequires: perl
10 BuildRequires: /bin/login
11 BuildRequires: glibc-devel
12 BuildRequires: pam-devel
13 BuildRequires: zlib-devel
14 %if %{kerberos5}
15 BuildRequires: krb5-devel
16 BuildRequires: krb5-libs
17 %endif
18
19 Summary: The OpenSSH implementation of SSH protocol version 2
20 Name: openssh
21 Version: %{ver}
22 Release: %{rel}
23 URL: https://www.openssh.com/portable.html
24 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
25 License: BSD
26
27 Obsoletes: ssh <= 10.2p1
28
29 %package clients
30 Summary: OpenSSH clients
31 Requires: openssh = %{version}-%{release}
32 Obsoletes: ssh-clients <= 10.2p1
33
34 %package server
35 Summary: The OpenSSH server daemon
36 Requires: openssh = %{version}-%{release}
37 Requires: chkconfig
38
39 %description
40 SSH (Secure SHell) is a program for logging into and executing commands on a remote machine.
41
42 %description clients
43 OpenSSH clients package.
44
45 %description server
46 OpenSSH server package.
47
48 %prep
49 %autosetup -n openssh-%{version}
50
51 %build
52 # 使用严格的链接选项,强制只链接 OpenSSL 3
53 export LDFLAGS="-L/usr/lib64 -Wl,--as-needed -Wl,--no-copy-dt-needed-entries -Wl,--no-allow-shlib-undefined"
54 export CPPFLAGS="-I/usr/include"
55 export PKG_CONFIG_PATH=/usr/lib64/pkgconfig
56 export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
57 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
58
59 # 明确指定只链接 OpenSSL 3 的库
60 export LIBS="-lssl -lcrypto"
61
62 # 验证 pkg-config 设置
63 echo "=== PKG_CONFIG 验证 ==="
64 pkg-config --libs libssl
65 pkg-config --libs libcrypto
66 echo "=== 验证结束 ==="
67
68 # 构建配置选项
69 CONFIGURE_OPTS="--sysconfdir=%{_sysconfdir}/ssh \
70 --libexecdir=%{_libexecdir}/openssh \
71 --datadir=%{_datadir}/openssh \
72 --with-default-path=/usr/local/bin:/bin:/usr/bin \
73 --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
74 --with-privsep-path=%{_var}/empty/sshd \
75 --mandir=%{_mandir} \
76 --with-pam \
77 --with-ssl-dir=/usr \
78 --with-ssl-engine \
79 --without-zlib-version-check \
80 --disable-strip"
81
82 %if %{kerberos5}
83 CONFIGURE_OPTS="$CONFIGURE_OPTS --with-kerberos5"
84 %endif
85
86 # 执行配置
87 %configure $CONFIGURE_OPTS
88
89 make %{?_smp_mflags}
90
91 # 构建后验证链接
92 echo "=== 构建后链接验证 ==="
93 ldd sshd 2>/dev/null | grep -E "(ssl|crypto)" || echo "无法检查 sshd 链接"
94 ldd ssh 2>/dev/null | grep -E "(ssl|crypto)" || echo "无法检查 ssh 链接"
95 echo "=== 链接验证结束 ==="
96
97 %install
98 rm -rf %{buildroot}
99 mkdir -p -m755 %{buildroot}%{_sysconfdir}/ssh
100 mkdir -p -m755 %{buildroot}%{_libexecdir}/openssh
101 mkdir -p -m755 %{buildroot}%{_var}/empty/sshd
102
103 make install DESTDIR=%{buildroot}
104
105 install -d %{buildroot}/etc/pam.d/
106 install -d %{buildroot}/etc/rc.d/init.d
107 install -d %{buildroot}%{_libexecdir}/openssh
108 install -m644 contrib/redhat/sshd.pam%{buildroot}/etc/pam.d/sshd
109 install -m755 contrib/redhat/sshd.init %{buildroot}/etc/rc.d/init.d/sshd
110
111 # 修复 man page 路径
112 find %{buildroot}%{_mandir} -type f -exec sed -i "s|%{buildroot}||g" {} +
113
114 %clean
115 rm -rf %{buildroot}
116
117 %post server
118 /sbin/chkconfig --add sshd
119
120 %postun server
121 /sbin/service sshd condrestart >/dev/null 2>&1 || :
122
123 %pre server
124 getent group sshd >/dev/null || groupadd -r -g 74 sshd
125 getent passwd sshd >/dev/null || useradd -r -d /var/empty/sshd -s /bin/false -u 74 -g sshd -c "Privilege-separated SSH" sshd
126
127 %preun server
128 if [ $1 -eq 0 ]; then
129 /sbin/service sshd stop >/dev/null 2>&1 || :
130 /sbin/chkconfig --del sshd
131 fi
132
133 %files
134 %defattr(-,root,root)
135 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
136 %attr(0755,root,root) %{_bindir}/scp
137 %attr(0644,root,root) %{_mandir}/man1/scp.1*
138 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
139 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
140 %attr(0755,root,root) %{_bindir}/ssh-keygen
141 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
142 %attr(0755,root,root) %dir %{_libexecdir}/openssh
143 %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
144 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
145 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
146 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-auth
147 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-session
148 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
149 %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
150 %attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
151
152 %files clients
153 %defattr(-,root,root)
154 %attr(0755,root,root) %{_bindir}/ssh
155 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
156 %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
157 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
158 %attr(2755,root,nobody) %{_bindir}/ssh-agent
159 %attr(0755,root,root) %{_bindir}/ssh-add
160 %attr(0755,root,root) %{_bindir}/ssh-keyscan
161 %attr(0755,root,root) %{_bindir}/sftp
162 %attr(0644,root,root) %{_mandir}/man1/sftp.1*
163 %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
164 %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
165 %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
166
167 %files server
168 %defattr(-,root,root)
169 %dir %attr(0755,root,root) %{_var}/empty/sshd
170 %attr(0755,root,root) %{_sbindir}/sshd
171 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
172 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
173 %attr(0644,root,root) %{_mandir}/man5/moduli.5*
174 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
175 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
176 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
177 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
178 %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
179 %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
180
181 %changelog
182 * Wed Dec 11 2024 Build User <build@example.com>
183 - OpenSSH 10.2p1 for Kylin ARM64 with strict OpenSSL 3.5.4 linking
184 - Added strict linker flags to prevent mixed OpenSSL version linking
185 - Enhanced build-time verificationopenssh.spec按上面的方法生成 rpm 包。
安装时,需要先卸载旧的版本
# 如果系统中有旧版本 OpenSSH,先卸载
sudo rpm -e openssh-server openssh-clients openssh --nodeps 2>/dev/null || true
# 直接强制安装 OpenSSH,忽略所有依赖
sudo rpm -ivh openssh-10.2p1-3.ky10.aarch64.aarch64.rpm \
openssh-clients-10.2p1-3.ky10.aarch64.aarch64.rpm \
openssh-server-10.2p1-3.ky10.aarch64.aarch64.rpm --nodeps --force
# 启动 SSH 服务
sudo systemctl daemon-reload
sudo systemctl start sshd
sudo systemctl enable sshd
# 检查服务状态
sudo systemctl status sshd --no-pager -lopenssh-10.2p1-3.ky10.aarch64.zip
来源:程序园用户自行投稿发布,如果侵权,请联系站长删除
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! 感谢分享,下载保存了,貌似很强大 这个好,看起来很实用 感谢分享 谢谢分享,试用一下 喜欢鼓捣这些软件,现在用得少,谢谢分享! 谢谢分享,试用一下 谢谢分享,试用一下 yyds。多谢分享 热心回复! 喜欢鼓捣这些软件,现在用得少,谢谢分享! 收藏一下 不知道什么时候能用到 懂技术并乐意极积无私分享的人越来越少。珍惜 懂技术并乐意极积无私分享的人越来越少。珍惜 感谢分享 感谢分享,学习下。 这个好,看起来很实用 yyds。多谢分享 热心回复! 用心讨论,共获提升!
页:
[1]
2