centos系统编译openssl和openssl-lib的rpm安装包

由于漏洞原因需要升级系统的openssl版本到新的版本，但是openssl最新版本需要自己编译生成rpm安装文件，以下是编译步骤：

1、下载对应版本的源码包

可以去openssl github下载，https://github.com/openssl/openssl/releases，找到对应版本的tar.gz文件

2、安装相关依赖包

yum -y install curl  which  make gcc perl  perl-WWW-Curl  rpm-build zlib-devel

3、创建相应目录

mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}

4、创建spec的文件，以下spec的文件包含打包openssl-libs的rpm

cat << 'EOF' > /root/rpmbuild/SPECS/openssl.spec
Summary: OpenSSL 1.1.1w for Centos
Name: openssl
Version: 1.1.1w
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+Source: https://www.openssl.org/source/%{name}-%{version}.tar.gzBuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl%description
OpenSSL RPM for version 1.1.1w on Centos%package libs
Summary: OpenSSL shared libraries
Group: System Environment/Libraries%description libs
The OpenSSL shared libraries provide a robust, commercial-grade, and full-featured toolkit for the TLS and SSL protocols.%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: %{name}-libs = %{version}-%{release}%description devel
OpenSSL RPM for version 1.1.1w on Centos (development package)%prep
%setup -q%build
./config --prefix=%{openssldir} --openssldir=%{openssldir} shared zlib
make%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
make DESTDIR=%{buildroot} install# Move shared libraries to libs package specific directory
mkdir -p %{buildroot}/usr/openssl-libs
mv %{buildroot}%{openssldir}/lib/*.so.* %{buildroot}/usr/openssl-libs/# Create symbolic links
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}
ln -sf /usr/openssl-libs/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf /usr/openssl-libs/libcrypto.so.1.1 %{buildroot}%{_libdir}%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}%files
%defattr(-,root,root,-)
/usr/openssl/bin/*
/usr/openssl/include/*
/usr/openssl/lib/*
/usr/openssl/share/*
# 添加库文件
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1# 添加可执行文件
/usr/bin/openssl# 添加配置文件和其它需要的 extras
/usr/openssl/ct_log_list.cnf
/usr/openssl/ct_log_list.cnf.dist
/usr/openssl/misc/CA.pl
/usr/openssl/misc/tsget
/usr/openssl/misc/tsget.pl
/usr/openssl/openssl.cnf
/usr/openssl/openssl.cnf.dist%files libs
%defattr(-,root,root,-)
/usr/openssl-libs/*.so.*%files devel
%defattr(-,root,root,-)
/usr/openssl/include/*%post -p /sbin/ldconfig%postun -p /sbin/ldconfig
EOF

如果不需要openssl-libs的rpm，仅仅只需要openssl的rpm，使用一下spec文件

cat << 'EOF' > /root/rpmbuild/SPECS/openssl.spec
Summary: OpenSSL 1.1.1w for Centos
Name: openssl
Version: %{?version}%{!?version:1.1.1w}
Release: 1%{?dist}
Obsoletes: %{name} <= %{version}
Provides: %{name} = %{version}
URL: https://www.openssl.org/
License: GPLv2+Source: https://www.openssl.org/source/%{name}-%{version}.tar.gzBuildRequires: make gcc perl perl-WWW-Curl
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
%global openssldir /usr/openssl%description
OpenSSL RPM for version 1.1.1w on Centos%package devel
Summary: Development files for programs which will use the openssl library
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}%description devel
OpenSSL RPM for version 1.1.1w on Centos (development package)%prep
%setup -q%build
./config --prefix=%{openssldir} --openssldir=%{openssldir}
make%install
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}
%make_installmkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libssl.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/lib/libcrypto.so.1.1 %{buildroot}%{_libdir}
ln -sf %{openssldir}/bin/openssl %{buildroot}%{_bindir}%clean
[ "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot}%files
%{openssldir}
%defattr(-,root,root)
/usr/bin/openssl
/usr/lib64/libcrypto.so.1.1
/usr/lib64/libssl.so.1.1%files devel
%{openssldir}/include/*
%defattr(-,root,root)%post -p /sbin/ldconfig%postun -p /sbin/ldconfig
EOF

以上的spec文件里面有对应版本信息1.1.1w，需要根据自己的版本情况进行替换。

5、准备源码包，并编译rpm包

cp openssl-1.1.1w.tar.gz /root/rpmbuild/SOURCES
cd /root/rpmbuild/SPECS && \rpmbuild \-D "version 1.1.1w" \-ba openssl.spec

6、等待编译完成，完成之后，在/root/rpmbuild/RPMS/下面会有对应系统的编译包，我这里是x86_64的，进去之后可以看到rpm包

[root@hadoop-master x86_64]# ll
total 5804
-rw-r--r--. 1 root root 4134132 May 29 14:55 openssl-1.1.1w-1.el7.x86_64.rpm
-rw-r--r--. 1 root root  133000 May 29 14:55 openssl-debuginfo-1.1.1w-1.el7.x86_64.rpm
-rw-r--r--. 1 root root  234860 May 29 14:55 openssl-devel-1.1.1w-1.el7.x86_64.rpm
-rw-r--r--. 1 root root 1429624 May 29 14:55 openssl-libs-1.1.1w-1.el7.x86_64.rpm

7、升级安装openssl

rpm -ivh openssl-1.1.1w-1.el7.x86_64.rpm --nodeps --force
rpm -ivh openssl-libs-1.1.1w-1.el7.x86_64.rpm --nodeps --force