2004-11-15, 10:13 PM
So where I work we have around 100 or so RH9 servers. Most of these are cranking 24/7 and its the general rule of thumb around here that if something isn't broke.. lets not fix it. So as you may know RH9 isn't supported anymore. So if a new openssh problem is released.. there is no offical RH patch for 9. So what can you do?
Well you have two options..
1) remove the openssh rpms and install from source (yuck!)
2) grab a nice.. say core3 source rpm and rebuild it (yes!)
well I guess you know which one i like. For me to rebuild the source on all machines would take awhile. If i build a rpm made for RH9 it will work on the rest of my servers. So I have a dedicated apt server that hosts all the RH9 rpms and updates. Once i place an update there others will find it and install the update.. then i'm done.
So here are some simple instructions for building your own rpm.. the easy way.
So lets grab and install the core2 openssh source rpm
Code:
rpm -ivh http://ayo.freshrpms.net/fedora/linux/2/i386/SRPMS.core/openssh-3.6.1p2-34.src.rpmnow lets try to build the rpm
Code:
rpmbuild -ba /usr/src/redhat/SPECS/openssh.specwe now see we get something like this (probably anyway)
Code:
[root@monitor root]# rpmbuild -ba /usr/src/redhat/SPECS/openssh.spec
error: Failed build dependencies:
sharutils is needed by openssh-3.6.1p2-34
gnome-libs-devel is needed by openssh-3.6.1p2-34
[root@monitor root]#so we have some depandancy issues. DAMN! the good thing is they can easily be worked out. . so both of these packages are avaliable for RH9 so we can either install them or work around it. Installing them is staight forward. My goal is to teach you how to work around these.. so lets so that.
so edit the file /usr/src/redhat/SPECS/openssh.spec
look for the following line. (line #123 on my file)
Code:
BuildPreReq: openssl-devel, perl, sharutils, tcp_wrappers, zlib-develchange it to
Code:
BuildPreReq: openssl-devel, perl, tcp_wrappers, zlib-develnow lets run it again
Code:
[root@monitor root]# rpmbuild -ba /usr/src/redhat/SPECS/openssh.spec
error: Failed build dependencies:
gnome-libs-devel is needed by openssh-3.6.1p2-34
[root@monitor root]#great.. down to the gnome library devel package. so now lets ax that out
so look for this line
line #16 for me
Code:
%define no_gnome_askpass 0and change it to
Code:
%define no_gnome_askpass 1now lets run rpmbuild command again
NOTE: on my system.. i don't place the path to kerberos in my path. I need kerberos auth on my system. if you don't want it.. look for %define kerberos5 1 and make it a 0
Code:
rpmbuild -ba /usr/src/redhat/SPECS/openssh.specnow thats all my depandancies.. you may have more that you will need to install rpms for to get it to compile.. this is just a gernal doc on how to keep a system upgraded by working with a fedora source rpm. It makes my life 10x easier :)
now i see it made this
Code:
Wrote: /usr/src/redhat/SRPMS/openssh-3.6.1p2-34.src.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-3.6.1p2-34.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-clients-3.6.1p2-34.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-server-3.6.1p2-34.i386.rpm
Wrote: /usr/src/redhat/RPMS/i386/openssh-debuginfo-3.6.1p2-34.i386.rpmthere's my new rpms i can dist out to all other RH9 servers.. so openssh will continue to be secure
J to the Y strikes again!