KylinOS- V10-SP3-aarch64信创软件安装-openssl-openssh

客户项目需要部署在KylinOS-aarch64信创环境下，结合网上的部署资料及ai，总结了一下arm架构下的软件安装操作方法。
客户的服务器采用KylinOS V10 SP3 2403，cpu是华为 HiSilicon Kunpeng-920，一款基于ARM架构的高性能服务器处理器。‌
服务器是全内网，不能连接外网。
系统自带的 openssl 和 openssh 版本过低，需要升级版本。

想的是后面还有多个服务器需要用到，索性生成通用的 rpm 包，其他的机器直接安装使用。
查询网上生成 rpm 包步骤后，开始操作，以 openssl 生成通用 rpm 包为例： 

• 下载最新源码：https://github.com/openssl/openssl/releases/download/openssl-3.5.4/openssl-3.5.4.tar.gz
  
• 安装必要的构建工具
  1. sudo dnf install -y rpm-build rpmdevtools gcc make perl autoconf automake

  复制代码
• 设置 RPM 构建环境
  1. 1 rpmdev-setuptree
  2. 2 cd ~/rpmbuild/SOURCES<br>3 将下载的源码拷贝到 目录 ~/rpmbuild/SOURCES 下面

  复制代码
• 创建 SPEC 文件
  
  
  
  1. 1 cd ~/rpmbuild/SPECS
  2. 2 vi openssl.spec
  3. 3
  4. 4 Name: openssl
  5. 5 Version: 3.5.4
  6. 6 Release: 1%{?dist}
  7. 7 Summary: OpenSSL cryptography and SSL/TLS toolkit for aarch64
  8. 8 License: Apache-2.0
  9. 9 URL: https://www.openssl.org/
  10. 10 Source0: https://github.com/openssl/openssl/releases/download/openssl-%{version}/openssl-%{version}.tar.gz
  11. 11
  12. 12 # 禁用自动依赖检测
  13. 13 AutoReq: no
  14. 14 AutoProv: no
  15. 15 %global debug_package %{nil}
  16. 16
  17. 17 BuildRequires: gcc
  18. 18 BuildRequires: make
  19. 19 BuildRequires: perl
  20. 20 BuildRequires: perl-IPC-Cmd
  21. 21 BuildRequires: zlib-devel
  22. 22
  23. 23 %description
  24. 24 The OpenSSL toolkit provides support for secure communications between machines.
  25. 25 Optimized for aarch64 architecture with ARMv8 crypto extensions.
  26. 26
  27. 27 %package devel
  28. 28 Summary: Development files for OpenSSL
  29. 29 Requires: %{name} = %{version}-%{release}
  30. 30
  31. 31 %description devel
  32. 32 Development files for OpenSSL with aarch64 optimizations.
  33. 33
  34. 34 %prep
  35. 35 %setup -q -n openssl-%{version}
  36. 36
  37. 37 %build
  38. 38 # aarch64 优化配置（使用通用参数）
  39. 39 ./config --prefix=/usr \
  40. 40          --openssldir=/etc/ssl \
  41. 41          --libdir=/usr/lib64 \
  42. 42          shared zlib-dynamic \
  43. 43          -march=armv8-a+crypto+simd
  44. 44
  45. 45 make %{?_smp_mflags}
  46. 46
  47. 47 %install
  48. 48 rm -rf %{buildroot}
  49. 49 make install DESTDIR=%{buildroot}
  50. 50
  51. 51 %clean
  52. 52 rm -rf %{buildroot}
  53. 53
  54. 54 %files
  55. 55 %defattr(-,root,root,-)
  56. 56 %doc LICENSE.txt README.md CHANGES.md NEWS.md
  57. 57 /usr/bin/openssl
  58. 58 /usr/bin/c_rehash
  59. 59 /usr/lib64/libcrypto.so.*
  60. 60 /usr/lib64/libssl.so.*
  61. 61 /usr/lib64/engines-3/
  62. 62 /usr/lib64/ossl-modules/
  63. 63 /etc/ssl/
  64. 64 /usr/share/doc/openssl/
  65. 65 /usr/share/man/man1/
  66. 66 /usr/share/man/man3/
  67. 67 /usr/share/man/man5/
  68. 68 /usr/share/man/man7/
  69. 69
  70. 70 %files devel
  71. 71 %defattr(-,root,root,-)
  72. 72 /usr/include/openssl/
  73. 73 /usr/lib64/libcrypto.so
  74. 74 /usr/lib64/libssl.so
  75. 75 /usr/lib64/*.a
  76. 76 /usr/lib64/pkgconfig/
  77. 77 /usr/lib64/cmake/
  78. 78
  79. 79 %changelog
  80. 80 * Thu Dec 05 2024 Your Name <your.email@example.com> - 3.5.4-1
  81. 81 - Initial build for Kylin aarch64
  82. 82 - ARMv8 crypto extensions enabled

  复制代码
  SPEC文件
  
• 构建 RPM 包
  1. cd ~/rpmbuild/SPECS
  2. rpmbuild -ba openssl.spec

  复制代码
• 检查生成的 RPM 包
  1. cd ~/rpmbuild/RPMS/
  2. ll

  复制代码

这个 RPM 包现在可以在其他麒麟 V10 amd64 系统上使用相同的安装命令进行部署：

1. sudo rpm -Uvh --nodeps --force openssl-3.5.4-1.ky10.aarch64.rpm openssl-devel-3.5.4-1.ky10.aarch64.rpm
3. # 验证版本信息
4. openssl version

复制代码

1. openssl-3.5.4-1.ky10.aarch64.rpm

复制代码

1. openssl-devel-3.5.4-1.ky10.aarch64.rpm

复制代码

在 openssl3.5.4 基础上，生成最新版本的 openssh

1. cd ~/rpmbuild/SPECS
2. vi openssh.spec

复制代码

主要的是 openssh.spec文件

1.   1 %global ver 10.2p1
2.   2 %global rel 3%{?dist}.aarch64
3.   3
4.   4 # Do we want kerberos5 support (1=yes 0=no)
5.   5 %global kerberos5 0
6.   6
7.   7 %define debug_package %{nil}
8.   8
9.   9 BuildRequires: perl
10. 10 BuildRequires: /bin/login
11. 11 BuildRequires: glibc-devel
12. 12 BuildRequires: pam-devel
13. 13 BuildRequires: zlib-devel
14. 14 %if %{kerberos5}
15. 15 BuildRequires: krb5-devel
16. 16 BuildRequires: krb5-libs
17. 17 %endif
18. 18
19. 19 Summary: The OpenSSH implementation of SSH protocol version 2
20. 20 Name: openssh
21. 21 Version: %{ver}
22. 22 Release: %{rel}
23. 23 URL: https://www.openssh.com/portable.html
24. 24 Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
25. 25 License: BSD
26. 26
27. 27 Obsoletes: ssh <= 10.2p1
28. 28
29. 29 %package clients
30. 30 Summary: OpenSSH clients
31. 31 Requires: openssh = %{version}-%{release}
32. 32 Obsoletes: ssh-clients <= 10.2p1
33. 33
34. 34 %package server
35. 35 Summary: The OpenSSH server daemon
36. 36 Requires: openssh = %{version}-%{release}
37. 37 Requires: chkconfig
38. 38
39. 39 %description
40. 40 SSH (Secure SHell) is a program for logging into and executing commands on a remote machine.
41. 41
42. 42 %description clients
43. 43 OpenSSH clients package.
44. 44
45. 45 %description server
46. 46 OpenSSH server package.
47. 47
48. 48 %prep
49. 49 %autosetup -n openssh-%{version}
50. 50
51. 51 %build
52. 52 # 使用严格的链接选项，强制只链接 OpenSSL 3
53. 53 export LDFLAGS="-L/usr/lib64 -Wl,--as-needed -Wl,--no-copy-dt-needed-entries -Wl,--no-allow-shlib-undefined"
54. 54 export CPPFLAGS="-I/usr/include"
55. 55 export PKG_CONFIG_PATH=/usr/lib64/pkgconfig
56. 56 export PKG_CONFIG_ALLOW_SYSTEM_LIBS=1
57. 57 export PKG_CONFIG_ALLOW_SYSTEM_CFLAGS=1
58. 58
59. 59 # 明确指定只链接 OpenSSL 3 的库
60. 60 export LIBS="-lssl -lcrypto"
61. 61
62. 62 # 验证 pkg-config 设置
63. 63 echo "=== PKG_CONFIG 验证 ==="
64. 64 pkg-config --libs libssl
65. 65 pkg-config --libs libcrypto
66. 66 echo "=== 验证结束 ==="
67. 67
68. 68 # 构建配置选项
69. 69 CONFIGURE_OPTS="--sysconfdir=%{_sysconfdir}/ssh \
70. 70     --libexecdir=%{_libexecdir}/openssh \
71. 71     --datadir=%{_datadir}/openssh \
72. 72     --with-default-path=/usr/local/bin:/bin:/usr/bin \
73. 73     --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
74. 74     --with-privsep-path=%{_var}/empty/sshd \
75. 75     --mandir=%{_mandir} \
76. 76     --with-pam \
77. 77     --with-ssl-dir=/usr \
78. 78     --with-ssl-engine \
79. 79     --without-zlib-version-check \
80. 80     --disable-strip"
81. 81
82. 82 %if %{kerberos5}
83. 83 CONFIGURE_OPTS="$CONFIGURE_OPTS --with-kerberos5"
84. 84 %endif
85. 85
86. 86 # 执行配置
87. 87 %configure $CONFIGURE_OPTS
88. 88
89. 89 make %{?_smp_mflags}
90. 90
91. 91 # 构建后验证链接
92. 92 echo "=== 构建后链接验证 ==="
93. 93 ldd sshd 2>/dev/null | grep -E "(ssl|crypto)" || echo "无法检查 sshd 链接"
94. 94 ldd ssh 2>/dev/null | grep -E "(ssl|crypto)" || echo "无法检查 ssh 链接"
95. 95 echo "=== 链接验证结束 ==="
96. 96
97. 97 %install
98. 98 rm -rf %{buildroot}
99. 99 mkdir -p -m755 %{buildroot}%{_sysconfdir}/ssh
100. 100 mkdir -p -m755 %{buildroot}%{_libexecdir}/openssh
101. 101 mkdir -p -m755 %{buildroot}%{_var}/empty/sshd
102. 102
103. 103 make install DESTDIR=%{buildroot}
104. 104
105. 105 install -d %{buildroot}/etc/pam.d/
106. 106 install -d %{buildroot}/etc/rc.d/init.d
107. 107 install -d %{buildroot}%{_libexecdir}/openssh
108. 108 install -m644 contrib/redhat/sshd.pam  %{buildroot}/etc/pam.d/sshd
109. 109 install -m755 contrib/redhat/sshd.init %{buildroot}/etc/rc.d/init.d/sshd
110. 110
111. 111 # 修复 man page 路径
112. 112 find %{buildroot}%{_mandir} -type f -exec sed -i "s|%{buildroot}||g" {} +
113. 113
114. 114 %clean
115. 115 rm -rf %{buildroot}
116. 116
117. 117 %post server
118. 118 /sbin/chkconfig --add sshd
119. 119
120. 120 %postun server
121. 121 /sbin/service sshd condrestart >/dev/null 2>&1 || :
122. 122
123. 123 %pre server
124. 124 getent group sshd >/dev/null || groupadd -r -g 74 sshd
125. 125 getent passwd sshd >/dev/null || useradd -r -d /var/empty/sshd -s /bin/false -u 74 -g sshd -c "Privilege-separated SSH" sshd
126. 126
127. 127 %preun server
128. 128 if [ $1 -eq 0 ]; then
129. 129     /sbin/service sshd stop >/dev/null 2>&1 || :
130. 130     /sbin/chkconfig --del sshd
131. 131 fi
132. 132
133. 133 %files
134. 134 %defattr(-,root,root)
135. 135 %doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO
136. 136 %attr(0755,root,root) %{_bindir}/scp
137. 137 %attr(0644,root,root) %{_mandir}/man1/scp.1*
138. 138 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
139. 139 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
140. 140 %attr(0755,root,root) %{_bindir}/ssh-keygen
141. 141 %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
142. 142 %attr(0755,root,root) %dir %{_libexecdir}/openssh
143. 143 %attr(4711,root,root) %{_libexecdir}/openssh/ssh-keysign
144. 144 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
145. 145 %attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
146. 146 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-auth
147. 147 %attr(0755,root,root) %{_libexecdir}/openssh/sshd-session
148. 148 %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
149. 149 %attr(0644,root,root) %{_mandir}/man8/ssh-pkcs11-helper.8*
150. 150 %attr(0644,root,root) %{_mandir}/man8/ssh-sk-helper.8*
151. 151
152. 152 %files clients
153. 153 %defattr(-,root,root)
154. 154 %attr(0755,root,root) %{_bindir}/ssh
155. 155 %attr(0644,root,root) %{_mandir}/man1/ssh.1*
156. 156 %attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
157. 157 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
158. 158 %attr(2755,root,nobody) %{_bindir}/ssh-agent
159. 159 %attr(0755,root,root) %{_bindir}/ssh-add
160. 160 %attr(0755,root,root) %{_bindir}/ssh-keyscan
161. 161 %attr(0755,root,root) %{_bindir}/sftp
162. 162 %attr(0644,root,root) %{_mandir}/man1/sftp.1*
163. 163 %attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
164. 164 %attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
165. 165 %attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
166. 166
167. 167 %files server
168. 168 %defattr(-,root,root)
169. 169 %dir %attr(0755,root,root) %{_var}/empty/sshd
170. 170 %attr(0755,root,root) %{_sbindir}/sshd
171. 171 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
172. 172 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
173. 173 %attr(0644,root,root) %{_mandir}/man5/moduli.5*
174. 174 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
175. 175 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
176. 176 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
177. 177 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
178. 178 %attr(0600,root,root) %config(noreplace) /etc/pam.d/sshd
179. 179 %attr(0755,root,root) %config /etc/rc.d/init.d/sshd
180. 180
181. 181 %changelog
182. 182 * Wed Dec 11 2024 Build User <build@example.com>
183. 183 - OpenSSH 10.2p1 for Kylin ARM64 with strict OpenSSL 3.5.4 linking
184. 184 - Added strict linker flags to prevent mixed OpenSSL version linking
185. 185 - Enhanced build-time verification

复制代码

openssh.spec按上面的方法生成 rpm 包。
安装时，需要先卸载旧的版本

1. # 如果系统中有旧版本 OpenSSH，先卸载
2. sudo rpm -e openssh-server openssh-clients openssh --nodeps 2>/dev/null || true
4. # 直接强制安装 OpenSSH，忽略所有依赖
5. sudo rpm -ivh openssh-10.2p1-3.ky10.aarch64.aarch64.rpm \
6.               openssh-clients-10.2p1-3.ky10.aarch64.aarch64.rpm \
7.               openssh-server-10.2p1-3.ky10.aarch64.aarch64.rpm --nodeps --force
9. # 启动 SSH 服务
10. sudo systemctl daemon-reload
11. sudo systemctl start sshd
12. sudo systemctl enable sshd
14. # 检查服务状态
15. sudo systemctl status sshd --no-pager -l

复制代码

openssh-10.2p1-3.ky10.aarch64.zip

 

来源：程序园用户自行投稿发布，如果侵权，请联系站长删除
免责声明：如果侵犯了您的权益，请联系站长，我们会及时删除侵权内容，谢谢合作！