Jump to content
Sign in to follow this  
hijinks

makes your own rpms

Recommended Posts

So where I work we have around 100 or so RH9 servers. Most of these are cranking 24/7 and its the general rule of thumb around here that if something isn't broke.. lets not fix it. So as you may know RH9 isn't supported anymore. So if a new openssh problem is released.. there is no offical RH patch for 9. So what can you do?

 

Well you have two options..

1) remove the openssh rpms and install from source (yuck!)

2) grab a nice.. say core3 source rpm and rebuild it (yes!)

 

well I guess you know which one i like. For me to rebuild the source on all machines would take awhile. If i build a rpm made for RH9 it will work on the rest of my servers. So I have a dedicated apt server that hosts all the RH9 rpms and updates. Once i place an update there others will find it and install the update.. then i'm done.

 

So here are some simple instructions for building your own rpm.. the easy way.

 

So lets grab and install the core2 openssh source rpm

 

rpm -ivh http://ayo.freshrpms.net/fedora/linux/2/i386/SRPMS.core/openssh-3.6.1p2-34.src.rpm

 

now lets try to build the rpm

 

rpmbuild -ba /usr/src/redhat/SPECS/openssh.spec

 

we now see we get something like this (probably anyway)

 

[root@monitor root]# rpmbuild -ba /usr/src/redhat/SPECS/openssh.spec 
error: Failed build dependencies:
       sharutils is needed by openssh-3.6.1p2-34
       gnome-libs-devel is needed by openssh-3.6.1p2-34
[root@monitor root]#

 

so we have some depandancy issues. DAMN! the good thing is they can easily be worked out. . so both of these packages are avaliable for RH9 so we can either install them or work around it. Installing them is staight forward. My goal is to teach you how to work around these.. so lets so that.

 

so edit the file /usr/src/redhat/SPECS/openssh.spec

look for the following line. (line #123 on my file)

 

BuildPreReq: openssl-devel, perl, sharutils, tcp_wrappers, zlib-devel

 

change it to

 

BuildPreReq: openssl-devel, perl, tcp_wrappers, zlib-devel

 

now lets run it again

 

[root@monitor root]# rpmbuild -ba /usr/src/redhat/SPECS/openssh.spec 
error: Failed build dependencies:
       gnome-libs-devel is needed by openssh-3.6.1p2-34
[root@monitor root]#

 

great.. down to the gnome library devel package. so now lets ax that out

 

so look for this line

line #16 for me

 

%define no_gnome_askpass 0

 

and change it to

%define no_gnome_askpass 1

 

now lets run rpmbuild command again

 

NOTE: on my system.. i don't place the path to kerberos in my path. I need kerberos auth on my system. if you don't want it.. look for %define kerberos5 1 and make it a 0

 

rpmbuild -ba /usr/src/redhat/SPECS/openssh.spec

 

now thats all my depandancies.. you may have more that you will need to install rpms for to get it to compile.. this is just a gernal doc on how to keep a system upgraded by working with a fedora source rpm. It makes my life 10x easier :)

 

now i see it made this

 

Wrote: /usr/src/redhat/SRPMS/openssh-3.6.1p2-34.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-3.6.1p2-34.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-clients-3.6.1p2-34.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-server-3.6.1p2-34.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-debuginfo-3.6.1p2-34.i386.rpm

 

there's my new rpms i can dist out to all other RH9 servers.. so openssh will continue to be secure

 

J to the Y strikes again!

Share this post


Link to post
Share on other sites

good post as usual jy, pinned !

 

cheers

 

anyweb

Share this post


Link to post
Share on other sites

i'm hoping to make an apt sit for my upgrades for rh9 soon. Here are the rpm's i've built from a fully upgraded RH9 system based on the offical Redhat upgrades

 

[root@test SPECS]# ls /usr/src/redhat/RPMS/i386/
apr-0.9.4-23.i386.rpm                   openssl-debuginfo-0.9.7a-40.i386.rpm
apr-debuginfo-0.9.4-23.i386.rpm         openssl-devel-0.9.7a-40.i386.rpm
apr-devel-0.9.4-23.i386.rpm             openssl-perl-0.9.7a-40.i386.rpm
apr-util-0.9.4-17.i386.rpm              pcre-4.5-3.i386.rpm
apr-util-debuginfo-0.9.4-17.i386.rpm    pcre-debuginfo-4.5-3.i386.rpm
apr-util-devel-0.9.4-17.i386.rpm        pcre-devel-4.5-3.i386.rpm
aspell-0.50.5-3.fc3.i386.rpm            php-4.3.9-3.i386.rpm
aspell-debuginfo-0.50.5-3.fc3.i386.rpm  php-debuginfo-4.3.9-3.i386.rpm
aspell-devel-0.50.5-3.fc3.i386.rpm      php-devel-4.3.9-3.i386.rpm
bind-9.2.4-2.i386.rpm                   php-domxml-4.3.9-3.i386.rpm
bind-chroot-9.2.4-2.i386.rpm            php-gd-4.3.9-3.i386.rpm
bind-debuginfo-9.2.4-2.i386.rpm         php-imap-4.3.9-3.i386.rpm
bind-devel-9.2.4-2.i386.rpm             php-ldap-4.3.9-3.i386.rpm
bind-libs-9.2.4-2.i386.rpm              php-mbstring-4.3.9-3.i386.rpm
bind-utils-9.2.4-2.i386.rpm             php-mysql-4.3.9-3.i386.rpm
file-4.10-2.i386.rpm                    php-ncurses-4.3.9-3.i386.rpm
file-debuginfo-4.10-2.i386.rpm          php-odbc-4.3.9-3.i386.rpm
httpd-2.0.52-3.i386.rpm                 php-pear-4.3.9-3.i386.rpm
httpd-debuginfo-2.0.52-3.i386.rpm       php-pgsql-4.3.9-3.i386.rpm
httpd-devel-2.0.52-3.i386.rpm           php-snmp-4.3.9-3.i386.rpm
httpd-manual-2.0.52-3.i386.rpm          php-xmlrpc-4.3.9-3.i386.rpm
httpd-suexec-2.0.52-3.i386.rpm          postfix-2.1.5-2.2.i386.rpm
mod_ssl-2.0.52-3.i386.rpm               postfix-debuginfo-2.1.5-2.2.i386.rpm
net-snmp-5.1.2-11.i386.rpm              postfix-pflogsumm-2.1.5-2.2.i386.rpm
net-snmp-debuginfo-5.1.2-11.i386.rpm    proftpd-1.2.10-8.1.fc3.fr.i386.rpm
net-snmp-devel-5.1.2-11.i386.rpm        proftpd-debuginfo-1.2.10-8.1.fc3.fr.i386.rpm
net-snmp-libs-5.1.2-11.i386.rpm         sendmail-8.13.1-2.i386.rpm
net-snmp-perl-5.1.2-11.i386.rpm         sendmail-cf-8.13.1-2.i386.rpm
net-snmp-utils-5.1.2-11.i386.rpm        sendmail-debuginfo-8.13.1-2.i386.rpm
openssh-3.9p1-7.i386.rpm                sendmail-devel-8.13.1-2.i386.rpm
openssh-clients-3.9p1-7.i386.rpm        sendmail-doc-8.13.1-2.i386.rpm
openssh-debuginfo-3.9p1-7.i386.rpm      vsftpd-2.0.1-5.i386.rpm
openssh-server-3.9p1-7.i386.rpm         vsftpd-debuginfo-2.0.1-5.i386.rpm
openssl-0.9.7a-40.i386.rpm

 

thanks to dallas for offering me some bandwidth/space

Share this post


Link to post
Share on other sites
So as you may know RH9 isn't supported anymore

 

and yet Jy ignores that obvious advice and 'keeps the dream alive' :lol:

 

very nice idea Jy.. and well executed too.

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...