一、

为什么需要编译rpm包

通常，我们需要安装某个软件，尤其是在centos7这样的操作系统，一般是通过yum包管理器来安装软件，yum的作用是管理rpm包的依赖关系，自动的处理rpm包的安装顺序，安装依赖等的相关问题

🆗，那么，这些rpm包都是怎么来的呢？其实很简单，这些软件都是有人自行制作然后上传到官方镜像网站的，当然，制作这些rpm的动力不尽相同，也还有可能是投毒，附加后门。

例如，前一阵子比较出名的那个zip压缩包

相关新闻见下面的链接：

百度安全验证

那么，有一些比较特殊的情况。例如OpenSSL这样的软件，该软件是Linux操作系统内一个非常重要的基础软件，很多命令都是依赖此软件的，因此，对于OpenSSL的升级就需要比较谨慎了，

该软件基本是无法卸载回退的，当然了 ，我在虚拟机上实验过了，卸载后的结果基本是让人无法接受的---重装系统，关键的一点是，epel源什么的里面并不包含Open SSL的高版本rpm包，或者某些情况下，我们需要特定版本的软件，但yum源里面根本没有

因此，OpenSSL的升级一般都是通过源码包编译安装，但此方式有一个比较大的缺点，那就是需要重复安装大量的编译环境，很多台服务器的重复操作非常累人

🆗，我们可以采用在一个服务器上编译OpenSSL，然后将编译后的成果打包成rpm文件，这样，在其它服务器上只需要安装编译产出的这个rpm包就完成了升级

二、

编译生成rpm包

需要三个前置条件，第一是编译环境，第二是源码安装包，第三是SPEC文件，这个SPEC文件是编译打包的规则文件，通常此文件是没有的，需要自己编写，但我们可能会遇到有src字样的rpm包，这样的rpm安装包是自带有SPEC文件的，我们只需要利用rpmbuild文件执行这个SPEC文件就可以了，例如pg的官方仓库：

Index of /pub/repos/yum/srpms/12/redhat/rhel-7.6-x86_64/

可以看到有非常多的src后缀的rpm包，这些rpm包是可以直接安装的，安装完毕后，会在当前目录生成一个rpmbuild目录，此目录里就包含有SPEC文件

安装好rpmbuild这个程序后，就可以执行编译生成rpm包了，根据报错不断的调整编译环境，最终编译成功后，就会得到一个整体架构通用的rpm包了

因此，编译rpm包的学习可以从这些官网内的src包内寻找，同时一些比较偏门的软件也可以找寻src，自己编译

例如，编译php7.2的rpm包，可以从https://repo.webtatic.com/yum/el7/SRPMS/RPMS/ 这个网站下载，找到SPEC文件后，就可以编译调试了：

[root@centos7 SPECS]# rpmbuild -ba php72.spec 
warning: bogus date in %changelog: Mon May 09 2019 Andy Thompson <andy@webtatic.com> - 7.2.18-1
error: Failed build dependencies:
	bzip2-devel is needed by php72w-7.2.27-1.el7.x86_64
	curl-devel >= 7.9 is needed by php72w-7.2.27-1.el7.x86_64
	gmp-devel is needed by php72w-7.2.27-1.el7.x86_64
	httpd-devel >= 2.0.46-1 is needed by php72w-7.2.27-1.el7.x86_64
	pam-devel is needed by php72w-7.2.27-1.el7.x86_64
	sqlite-devel >= 3.6.0 is needed by php72w-7.2.27-1.el7.x86_64
	libedit-devel is needed by php72w-7.2.27-1.el7.x86_64
	libtool >= 1.4.3 is needed by php72w-7.2.27-1.el7.x86_64
	libtool-ltdl-devel is needed by php72w-7.2.27-1.el7.x86_64
	libargon2-devel is needed by php72w-7.2.27-1.el7.x86_64
	systemtap-sdt-devel is needed by php72w-7.2.27-1.el7.x86_64
	readline-devel is needed by php72w-7.2.27-1.el7.x86_64
	systemd-devel is needed by php72w-7.2.27-1.el7.x86_64
	libevent-devel >= 1.4.11 is needed by php72w-7.2.27-1.el7.x86_64
	libc-client-devel is needed by php72w-7.2.27-1.el7.x86_64
	cyrus-sasl-devel is needed by php72w-7.2.27-1.el7.x86_64
	openldap-devel is needed by php72w-7.2.27-1.el7.x86_64
	mysql-devel > 4.1.0 is needed by php72w-7.2.27-1.el7.x86_64
	postgresql-devel is needed by php72w-7.2.27-1.el7.x86_64
	unixODBC-devel is needed by php72w-7.2.27-1.el7.x86_64
	libxml2-devel is needed by php72w-7.2.27-1.el7.x86_64
	firebird-devel is needed by php72w-7.2.27-1.el7.x86_64
	net-snmp-devel is needed by php72w-7.2.27-1.el7.x86_64
	libxslt-devel >= 1.0.18-1 is needed by php72w-7.2.27-1.el7.x86_64
	libxml2-devel >= 2.4.14-1 is needed by php72w-7.2.27-1.el7.x86_64
	libjpeg-devel is needed by php72w-7.2.27-1.el7.x86_64
	libpng-devel is needed by php72w-7.2.27-1.el7.x86_64
	freetype-devel is needed by php72w-7.2.27-1.el7.x86_64
	libXpm-devel is needed by php72w-7.2.27-1.el7.x86_64
	t1lib-devel is needed by php72w-7.2.27-1.el7.x86_64
	libdb-devel is needed by php72w-7.2.27-1.el7.x86_64
	tokyocabinet-devel is needed by php72w-7.2.27-1.el7.x86_64
	libsodium-devel >= 1.0.9 is needed by php72w-7.2.27-1.el7.x86_64
	libtidy-devel is needed by php72w-7.2.27-1.el7.x86_64
	freetds-devel is needed by php72w-7.2.27-1.el7.x86_64
	aspell-devel >= 0.50.0 is needed by php72w-7.2.27-1.el7.x86_64
	recode-devel is needed by php72w-7.2.27-1.el7.x86_64
	libicu-devel >= 4.0 is needed by php72w-7.2.27-1.el7.x86_64
	enchant-devel >= 1.2.4 is needed by php72w-7.2.27-1.el7.x86_64

上面这些依赖安装完毕后，基本就可以编译成功了，编译后的rpm产物在RPMS这个目录下

整理出来的编译php7.2w的环境依赖安装命令如下：

yum install bzip2-devel curl-devel httpd-devel pam-devel gmp-devel sqlite-devel libedit-devel libtool libtool-ltdl-devel libargon2-devel systemtap-sdt-devel readline-devel systemd-devel libevent-devel libc-client-devel  mysql-devel postgresql-devel unixODBC-devel libxml2-devel  firebird-devel net-snmp-devel libxslt-devel libjpeg-devel libpng-devel freetype-devel libXpm-devel t1lib-devel tokyocabinet-devel libsodium-devel libtidy-devel freetds-devel aspell-devel recode-devel libicu-devel enchant-devel -y

非常简单的，就可以编译出来php72w-fpm-7.2.27等等php环境的rpm安装包了，此时将这些rpm包拿到其它服务器上就不需要安装编译环境，直接就可以方便的安装php环境了

[root@centos7 SPECS]# ls ../RPMS/x86_64/
mod_php72w-7.2.27-1.el7.x86_64.rpm        php72w-debuginfo-7.2.27-1.el7.x86_64.rpm  php72w-gd-7.2.27-1.el7.x86_64.rpm         php72w-mbstring-7.2.27-1.el7.x86_64.rpm   php72w-pdo-7.2.27-1.el7.x86_64.rpm        php72w-pspell-7.2.27-1.el7.x86_64.rpm     php72w-tidy-7.2.27-1.el7.x86_64.rpm
php72w-bcmath-7.2.27-1.el7.x86_64.rpm     php72w-devel-7.2.27-1.el7.x86_64.rpm      php72w-imap-7.2.27-1.el7.x86_64.rpm       php72w-mysql-7.2.27-1.el7.x86_64.rpm      php72w-pdo_dblib-7.2.27-1.el7.x86_64.rpm  php72w-recode-7.2.27-1.el7.x86_64.rpm     php72w-xml-7.2.27-1.el7.x86_64.rpm
php72w-cli-7.2.27-1.el7.x86_64.rpm        php72w-embedded-7.2.27-1.el7.x86_64.rpm   php72w-interbase-7.2.27-1.el7.x86_64.rpm  php72w-mysqlnd-7.2.27-1.el7.x86_64.rpm    php72w-pgsql-7.2.27-1.el7.x86_64.rpm      php72w-snmp-7.2.27-1.el7.x86_64.rpm       php72w-xmlrpc-7.2.27-1.el7.x86_64.rpm
php72w-common-7.2.27-1.el7.x86_64.rpm     php72w-enchant-7.2.27-1.el7.x86_64.rpm    php72w-intl-7.2.27-1.el7.x86_64.rpm       php72w-odbc-7.2.27-1.el7.x86_64.rpm       php72w-phpdbg-7.2.27-1.el7.x86_64.rpm     php72w-soap-7.2.27-1.el7.x86_64.rpm       
php72w-dba-7.2.27-1.el7.x86_64.rpm        php72w-fpm-7.2.27-1.el7.x86_64.rpm        php72w-ldap-7.2.27-1.el7.x86_64.rpm       php72w-opcache-7.2.27-1.el7.x86_64.rpm    php72w-process-7.2.27-1.el7.x86_64.rpm    php72w-sodium-7.2.27-1.el7.x86_64.rpm     

🆗，言归正传，那么没有现成的SPEC文件，怎么办呢？当然是自己编写SPEC文件啦

下面就以Open SSL-3.3.0版本的编译rpm包为例，进行一个简单的说明

三、

自定义的SPEC文件编译Open SSL-3.3.0版本的x86_64架构的rpm包

[root@centos10 SPECS]# cat openssl.spec
Name:           openssl
Version:        3.3.0
Release:        1%{?dist}
Summary:        OpenSSL RPM
 
License:        OpenSSL
URL:            https://www.openssl.org/
BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0:        %{name}-%{version}.tar.gz
 
%description
OpenSSL RPM
Requires: openssl-libs >= 1.1.1
 
%prep
%setup -q
 
%build
./config --prefix=/usr --openssldir=/etc/pki/tls --libdir=lib64 no-shared enable-tls1_3  enable-zlib enable-ec enable-ssl-trace enable-tfo
make
 
%install
make install DESTDIR=$RPM_BUILD_ROOT
#%check
# 如果测试依赖于特定条件或文件，请确保它们已就绪，或者根据情况决定是否跳过测试
#make test || :
# 或者，如果确定测试环境有问题，可以选择注释掉这一段
# %check

 
%files
%defattr(-,root,root,-)
/usr/bin/openssl
/etc/pki/tls/ct_log_list.cnf
/etc/pki/tls/ct_log_list.cnf.dist
/etc/pki/tls/misc/*
/usr/lib64/*
/usr/share/doc/openssl/*
/usr/share/*
/usr/include/*
/etc/pki/tls/openssl.cnf
/etc/pki/tls/openssl.cnf.dist
/usr/bin/c_rehash

 
%changelog
* Sat Sep 04 2021 zsk <zsk.com> - 3.3.0
- Initial build

将源码包放置到/root/rpmbuild/SOURCES目录下就可以了，SPEC放置到/root/rpmbuild/SPECS  然后在此目录下执行编译命令如下：

rpmbuild -ba openssl.spec

参数ba表示在生成rpm包的同时也生成src后缀的rpm包，该包在/root/rpmbuild/SRPMS目录下同时生成

源码包下载地址：链接：https://pan.baidu.com/s/1xBPsePk65MKKciXvYwhO2A?pwd=sshd 
提取码：sshd 
[ 3.3 ] - /source/old/3.3/index.html