一、
为什么需要编译rpm包
通常,我们需要安装某个软件,尤其是在centos7这样的操作系统,一般是通过yum包管理器来安装软件,yum的作用是管理rpm包的依赖关系,自动的处理rpm包的安装顺序,安装依赖等的相关问题
🆗,那么,这些rpm包都是怎么来的呢?其实很简单,这些软件都是有人自行制作然后上传到官方镜像网站的,当然,制作这些rpm的动力不尽相同,也还有可能是投毒,附加后门。
例如,前一阵子比较出名的那个zip压缩包
相关新闻见下面的链接:
百度安全验证
那么,有一些比较特殊的情况。例如OpenSSL这样的软件,该软件是Linux操作系统内一个非常重要的基础软件,很多命令都是依赖此软件的,因此,对于OpenSSL的升级就需要比较谨慎了,
该软件基本是无法卸载回退的,当然了 ,我在虚拟机上实验过了,卸载后的结果基本是让人无法接受的---重装系统,关键的一点是,epel源什么的里面并不包含Open SSL的高版本rpm包,或者某些情况下,我们需要特定版本的软件,但yum源里面根本没有
因此,OpenSSL的升级一般都是通过源码包编译安装,但此方式有一个比较大的缺点,那就是需要重复安装大量的编译环境,很多台服务器的重复操作非常累人
🆗,我们可以采用在一个服务器上编译OpenSSL,然后将编译后的成果打包成rpm文件,这样,在其它服务器上只需要安装编译产出的这个rpm包就完成了升级
二、
编译生成rpm包
需要三个前置条件,第一是编译环境,第二是源码安装包,第三是SPEC文件,这个SPEC文件是编译打包的规则文件,通常此文件是没有的,需要自己编写,但我们可能会遇到有src字样的rpm包,这样的rpm安装包是自带有SPEC文件的,我们只需要利用rpmbuild文件执行这个SPEC文件就可以了,例如pg的官方仓库:
Index of /pub/repos/yum/srpms/12/redhat/rhel-7.6-x86_64/
可以看到有非常多的src后缀的rpm包,这些rpm包是可以直接安装的,安装完毕后,会在当前目录生成一个rpmbuild目录,此目录里就包含有SPEC文件
安装好rpmbuild这个程序后,就可以执行编译生成rpm包了,根据报错不断的调整编译环境,最终编译成功后,就会得到一个整体架构通用的rpm包了
因此,编译rpm包的学习可以从这些官网内的src包内寻找,同时一些比较偏门的软件也可以找寻src,自己编译
例如,编译php7.2的rpm包,可以从https://repo.webtatic.com/yum/el7/SRPMS/RPMS/ 这个网站下载,找到SPEC文件后,就可以编译调试了:
[root@centos7 SPECS]# rpmbuild -ba php72.spec
warning: bogus date in %changelog: Mon May 09 2019 Andy Thompson <andy@webtatic.com> - 7.2.18-1
error: Failed build dependencies:
bzip2-devel is needed by php72w-7.2.27-1.el7.x86_64
curl-devel >= 7.9 is needed by php72w-7.2.27-1.el7.x86_64
gmp-devel is needed by php72w-7.2.27-1.el7.x86_64
httpd-devel >= 2.0.46-1 is needed by php72w-7.2.27-1.el7.x86_64
pam-devel is needed by php72w-7.2.27-1.el7.x86_64
sqlite-devel >= 3.6.0 is needed by php72w-7.2.27-1.el7.x86_64
libedit-devel is needed by php72w-7.2.27-1.el7.x86_64
libtool >= 1.4.3 is needed by php72w-7.2.27-1.el7.x86_64
libtool-ltdl-devel is needed by php72w-7.2.27-1.el7.x86_64
libargon2-devel is needed by php72w-7.2.27-1.el7.x86_64
systemtap-sdt-devel is needed by php72w-7.2.27-1.el7.x86_64
readline-devel is needed by php72w-7.2.27-1.el7.x86_64
systemd-devel is needed by php72w-7.2.27-1.el7.x86_64
libevent-devel >= 1.4.11 is needed by php72w-7.2.27-1.el7.x86_64
libc-client-devel is needed by php72w-7.2.27-1.el7.x86_64
cyrus-sasl-devel is needed by php72w-7.2.27-1.el7.x86_64
openldap-devel is needed by php72w-7.2.27-1.el7.x86_64
mysql-devel > 4.1.0 is needed by php72w-7.2.27-1.el7.x86_64
postgresql-devel is needed by php72w-7.2.27-1.el7.x86_64
unixODBC-devel is needed by php72w-7.2.27-1.el7.x86_64
libxml2-devel is needed by php72w-7.2.27-1.el7.x86_64
firebird-devel is needed by php72w-7.2.27-1.el7.x86_64
net-snmp-devel is needed by php72w-7.2.27-1.el7.x86_64
libxslt-devel >= 1.0.18-1 is needed by php72w-7.2.27-1.el7.x86_64
libxml2-devel >= 2.4.14-1 is needed by php72w-7.2.27-1.el7.x86_64
libjpeg-devel is needed by php72w-7.2.27-1.el7.x86_64
libpng-devel is needed by php72w-7.2.27-1.el7.x86_64
freetype-devel is needed by php72w-7.2.27-1.el7.x86_64
libXpm-devel is needed by php72w-7.2.27-1.el7.x86_64
t1lib-devel is needed by php72w-7.2.27-1.el7.x86_64
libdb-devel is needed by php72w-7.2.27-1.el7.x86_64
tokyocabinet-devel is needed by php72w-7.2.27-1.el7.x86_64
libsodium-devel >= 1.0.9 is needed by php72w-7.2.27-1.el7.x86_64
libtidy-devel is needed by php72w-7.2.27-1.el7.x86_64
freetds-devel is needed by php72w-7.2.27-1.el7.x86_64
aspell-devel >= 0.50.0 is needed by php72w-7.2.27-1.el7.x86_64
recode-devel is needed by php72w-7.2.27-1.el7.x86_64
libicu-devel >= 4.0 is needed by php72w-7.2.27-1.el7.x86_64
enchant-devel >= 1.2.4 is needed by php72w-7.2.27-1.el7.x86_64
上面这些依赖安装完毕后,基本就可以编译成功了,编译后的rpm产物在RPMS这个目录下
整理出来的编译php7.2w的环境依赖安装命令如下:
yum install bzip2-devel curl-devel httpd-devel pam-devel gmp-devel sqlite-devel libedit-devel libtool libtool-ltdl-devel libargon2-devel systemtap-sdt-devel readline-devel systemd-devel libevent-devel libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel firebird-devel net-snmp-devel libxslt-devel libjpeg-devel libpng-devel freetype-devel libXpm-devel t1lib-devel tokyocabinet-devel libsodium-devel libtidy-devel freetds-devel aspell-devel recode-devel libicu-devel enchant-devel -y
非常简单的,就可以编译出来php72w-fpm-7.2.27等等php环境的rpm安装包了,此时将这些rpm包拿到其它服务器上就不需要安装编译环境,直接就可以方便的安装php环境了
[root@centos7 SPECS]# ls ../RPMS/x86_64/
mod_php72w-7.2.27-1.el7.x86_64.rpm php72w-debuginfo-7.2.27-1.el7.x86_64.rpm php72w-gd-7.2.27-1.el7.x86_64.rpm php72w-mbstring-7.2.27-1.el7.x86_64.rpm php72w-pdo-7.2.27-1.el7.x86_64.rpm php72w-pspell-7.2.27-1.el7.x86_64.rpm php72w-tidy-7.2.27-1.el7.x86_64.rpm
php72w-bcmath-7.2.27-1.el7.x86_64.rpm php72w-devel-7.2.27-1.el7.x86_64.rpm php72w-imap-7.2.27-1.el7.x86_64.rpm php72w-mysql-7.2.27-1.el7.x86_64.rpm php72w-pdo_dblib-7.2.27-1.el7.x86_64.rpm php72w-recode-7.2.27-1.el7.x86_64.rpm php72w-xml-7.2.27-1.el7.x86_64.rpm
php72w-cli-7.2.27-1.el7.x86_64.rpm php72w-embedded-7.2.27-1.el7.x86_64.rpm php72w-interbase-7.2.27-1.el7.x86_64.rpm php72w-mysqlnd-7.2.27-1.el7.x86_64.rpm php72w-pgsql-7.2.27-1.el7.x86_64.rpm php72w-snmp-7.2.27-1.el7.x86_64.rpm php72w-xmlrpc-7.2.27-1.el7.x86_64.rpm
php72w-common-7.2.27-1.el7.x86_64.rpm php72w-enchant-7.2.27-1.el7.x86_64.rpm php72w-intl-7.2.27-1.el7.x86_64.rpm php72w-odbc-7.2.27-1.el7.x86_64.rpm php72w-phpdbg-7.2.27-1.el7.x86_64.rpm php72w-soap-7.2.27-1.el7.x86_64.rpm
php72w-dba-7.2.27-1.el7.x86_64.rpm php72w-fpm-7.2.27-1.el7.x86_64.rpm php72w-ldap-7.2.27-1.el7.x86_64.rpm php72w-opcache-7.2.27-1.el7.x86_64.rpm php72w-process-7.2.27-1.el7.x86_64.rpm php72w-sodium-7.2.27-1.el7.x86_64.rpm
🆗,言归正传,那么没有现成的SPEC文件,怎么办呢?当然是自己编写SPEC文件啦
下面就以Open SSL-3.3.0版本的编译rpm包为例,进行一个简单的说明
三、
自定义的SPEC文件编译Open SSL-3.3.0版本的x86_64架构的rpm包
[root@centos10 SPECS]# cat openssl.spec
Name: openssl
Version: 3.3.0
Release: 1%{?dist}
Summary: OpenSSL RPM
License: OpenSSL
URL: https://www.openssl.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: %{name}-%{version}.tar.gz
%description
OpenSSL RPM
Requires: openssl-libs >= 1.1.1
%prep
%setup -q
%build
./config --prefix=/usr --openssldir=/etc/pki/tls --libdir=lib64 no-shared enable-tls1_3 enable-zlib enable-ec enable-ssl-trace enable-tfo
make
%install
make install DESTDIR=$RPM_BUILD_ROOT
#%check
# 如果测试依赖于特定条件或文件,请确保它们已就绪,或者根据情况决定是否跳过测试
#make test || :
# 或者,如果确定测试环境有问题,可以选择注释掉这一段
# %check
%files
%defattr(-,root,root,-)
/usr/bin/openssl
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/ct_log_list.cnf.dist
/etc/pki/tls/misc/*
/usr/lib64/*
/usr/share/doc/openssl/*
/usr/share/*
/usr/include/*
/etc/pki/tls/openssl.cnf
/etc/pki/tls/openssl.cnf.dist
/usr/bin/c_rehash
%changelog
* Sat Sep 04 2021 zsk <zsk.com> - 3.3.0
- Initial build
将源码包放置到/root/rpmbuild/SOURCES目录下就可以了,SPEC放置到/root/rpmbuild/SPECS 然后在此目录下执行编译命令如下:
rpmbuild -ba openssl.spec
参数ba表示在生成rpm包的同时也生成src后缀的rpm包,该包在/root/rpmbuild/SRPMS目录下同时生成
源码包下载地址:链接:https://pan.baidu.com/s/1xBPsePk65MKKciXvYwhO2A?pwd=sshd
提取码:sshd
[ 3.3 ] - /source/old/3.3/index.html