银河麒麟V10通过制作rpm包升级httpd、php软件修复漏洞

由于银河麒麟V10自带的yum源没有最新的httpd、php软件的升级包，因此，本人下载软件的源码，在本地搭建的麒麟系统中，编译好以后，将其打成rpm包，上传生产环境中进行安装，下面是编译和打包的具体步骤：

一、httpd编译打包

1、安装编译源码的工具以及开发库

yum groupinstall "Development Tools"
yum install pcre-devel libcurl-devel oniguruma-devel

2、将源码解压并执行下面操作：

#根据自己需求选择编译参数
./configure \
--prefix=/usr/local/apache2 \
--enable-so \
--enable-ssl \
--enable-proxy \
--enable-proxy-fcgi \
--enable-rewrite \
--with-mpm=event \
--enable-deflate \
--enable-expires#编译与安装
make&&make install

3、rpm打包的准备工作

#手动创建打包的目录
mkdir -p ~/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}#在SPECS目录中创建httpd.specs
vi ~/rpmbuild/SPECS/httpd.specs
Name:           httpd
Version:        2.4.63
Release:        1%{?dist}
Summary:        Apache HTTP Server
License:        Apache License, Version 2.0
URL:            http://httpd.apache.org/
Source0:        http://apache.org/dist/httpd/httpd-2.4.63.tar.gz
%description
The Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server.%files
%defattr(-,root,root,-)
/usr/local/apache2/bin/*
/usr/local/apache2/build/*
/usr/local/apache2/cgi-bin/*
%config /usr/local/apache2/conf/*
/usr/local/apache2/error/*
/usr/local/apache2/htdocs/*
/usr/local/apache2/icons/*
/usr/local/apache2/include/*
%dir /usr/local/apache2/logs
%doc /usr/local/apache2/man/*
%doc /usr/local/apache2/manual/*
/usr/local/apache2/modules/*
%post
echo 'export PATH=/usr/local/apache2/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
echo "
[Unit]
Description=Apache HTTP Server
After=network.target[Service]
Type=forking
ExecStart=/usr/local/apache2/bin/apachectl start
ExecStop=/usr/local/apache2/bin/apachectl stop
ExecReload=/usr/local/apache2/bin/apachectl graceful
PrivateTmp=true[Install]
WantedBy=multi-user.target
" > /etc/systemd/system/httpd.service
systemctl daemon-reload

4、将安装好的httpd的目录复制到BUILDROOT目录中。

可以先执行

rpmbuild -bb --noclean httpd.spec

发现报错

然后，创建目录，将http安装所在的目录复制过去，重新执行

mkdir -p /root/rpmbuild/BUILDROOT/httpd-2.4.63-1.ky10.x86_64/usr/local/
cd /root/rpmbuild/BUILDROOT/httpd-2.4.63-1.ky10.x86_64/usr/local/
cp -ra /usr/local/apache2 .
rpmbuild -bb --noclean httpd.spec

最终在RPMS目录中找到打包的文件。

注意，将安装包在生产环境中执行时，会提醒缺少依赖，通过下面方式安装即可

yum install apr-util oniguruma

二、php编译打包

整个流程与上面的一致，下面只提供编译参数配置和php-fpm.spec文件内容

#编译参数
./configure \
--prefix=/usr/local/php \
--enable-fpm \
--with-openssl \
--with-zlib \
--with-curl \
--with-mysqli \
--with-pdo-mysql \
--with-jpeg \
--with-freetype \
--enable-mbstring \
--enable-opcache

#php-fpm.spec
Name:           php
Version:        8.2.0
Release:        1%{?dist}
Summary:        General-purpose scripting language
License:        PHP License v3.01
URL:            https://www.php.net/
Source0:        php-8.2.0.tar.gz
%description
PHP is a popular general-purpose scripting language that is especially suited to web development and can be embedded into HTML. PHP code can be simply mixed with HTML markup or it can be used in combination with various templating engines and web frameworks. PHP code is interpreted by a PHP interpreter embedded into the web server, which generates the web page document in HTML.
%files
%defattr(-,root,root,-)
/usr/local/php/bin/*
%config /usr/local/php/etc/*
/usr/local/php/include/*
/usr/local/php/lib/*
/usr/local/php/php/*
/usr/local/php/sbin/*
/usr/local/php/var/*
%post
#!/bin/sh
echo "
[Unit]
Description=PHP FastCGI Process Manager (PHP-FPM) 8.2
After=network.target[Service]
PIDFile=/usr/local/php/var/run/php-fpm.pid
ExecStart=/usr/local/php/sbin/php-fpm --nodaemonize --fpm-config /usr/local/php/etc/php-fpm.conf
ExecReload=/bin/kill -USR2 $MAINPID
ExecStop=/bin/kill -SIGQUIT $MAINPID[Install]
WantedBy=multi-user.target
" > /etc/systemd/system/php-fpm.service
systemctl daemon-reload