So where I work we have around 100 or so RH9 servers. Most of these are cranking 24/7 and its the general rule of thumb around here that if something isn't broke.. lets not fix it. So as you may know RH9 isn't supported anymore. So if a new openssh problem is released.. there is no offical RH patch for 9. So what can you do?

 

Well you have two options..

1) remove the openssh rpms and install from source (yuck!)

2) grab a nice.. say core3 source rpm and rebuild it (yes!)

 

well I guess you know which one i like. For me to rebuild the source on all machines would take awhile. If i build a rpm made for RH9 it will work on the rest of my servers. So I have a dedicated apt server that hosts all the RH9 rpms and updates. Once i place an update there others will find it and install the update.. then i'm done.

 

So here are some simple instructions for building your own rpm.. the easy way.

 

So lets grab and install the core2 openssh source rpm

 







 

now lets try to build the rpm

 







 

we now see we get something like this (probably anyway)

 







 

so we have some depandancy issues. DAMN! the good thing is they can easily be worked out. . so both of these packages are avaliable for RH9 so we can either install them or work around it. Installing them is staight forward. My goal is to teach you how to work around these.. so lets so that.

 

so edit the file /usr/src/redhat/SPECS/openssh.spec

look for the following line. (line #123 on my file)

 







 

change it to

 







 

now lets run it again

 







 

great.. down to the gnome library devel package. so now lets ax that out

 

so look for this line

line #16 for me

 







 

and change it to







 

now lets run rpmbuild command again

 

NOTE: on my system.. i don't place the path to kerberos in my path. I need kerberos auth on my system. if you don't want it.. look for %define kerberos5 1 and make it a 0

 







 

now thats all my depandancies.. you may have more that you will need to install rpms for to get it to compile.. this is just a gernal doc on how to keep a system upgraded by working with a fedora source rpm. It makes my life 10x easier :)

 

now i see it made this

 







 

there's my new rpms i can dist out to all other RH9 servers.. so openssh will continue to be secure

 

J to the Y strikes again!

good post as usual jy, pinned !

 

cheers

 

anyweb

I'm doing a page that i will provide my custom spec files and such

 

[/url][url=http://www.zcentric.com/linux/]http://www.zcentric.com/linux/

 

I will try to keep that updated if there is even just a little interest in it

 

Here is what i have completed so far

 

openssh

vsftpd

proftpd

openssl

php

httpd

bind

postfix

sendmail

i'm hoping to make an apt sit for my upgrades for rh9 soon. Here are the rpm's i've built from a fully upgraded RH9 system based on the offical Redhat upgrades

 







 

thanks to dallas for offering me some bandwidth/space

I just did a rpm for gnome 2.8 for redhat 9

Quote:So as you may know RH9 isn't supported anymore

 

and yet Jy ignores that obvious advice and 'keeps the dream alive' [img]<___base_url___>/uploads/emoticons/default_laugh.png[/img]

 

very nice idea Jy.. and well executed too.