Created
October 4, 2017 09:20
-
-
Save fumiyas/b4aaee83e113e061d1ee8ab95b35608b to your computer and use it in GitHub Desktop.
Build OpenSSH with static linked zlib and OpenSSL libraries
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
set -u | |
set -e | |
umask 0077 | |
prefix="/opt/openssh" | |
top="$(pwd)" | |
root="$top/root" | |
build="$top/build" | |
export CPPFLAGS="-I$root/include -L." | |
rm -rf "$root" "$build" | |
mkdir -p "$root" "$build" | |
gzip -dc dist/zlib-*.tar.gz |(cd "$build" && tar xf -) | |
cd "$build"/zlib-* | |
./configure --prefix="$root" --static | |
make | |
make install | |
cd "$top" | |
gzip -dc dist/openssl-*.tar.gz |(cd "$build" && tar xf -) | |
cd "$build"/openssl-* | |
./config --prefix="$root" no-shared | |
make | |
make install | |
cd "$top" | |
gzip -dc dist/openssh-*.tar.gz |(cd "$build" && tar xf -) | |
cd "$build"/openssh-* | |
cp -p "$root"/lib/*.a . | |
[ -f sshd_config.orig ] || cp -p sshd_config sshd_config.orig | |
sed \ | |
-e 's/^#\(PubkeyAuthentication\) .*/\1 yes/' \ | |
-e '/^# *Kerberos/d' \ | |
-e '/^# *GSSAPI/d' \ | |
-e 's/^#\([A-Za-z]*Authentication\) .*/\1 no/' \ | |
sshd_config.orig \ | |
>sshd_config \ | |
; | |
./configure --prefix="$prefix" --with-privsep-user=nobody --with-privsep-path="$prefix/var/empty" | |
make | |
#make install | |
cd "$top" |
And my sloppy patch for CentOS 6.
It'd be nice to know what's wrong there (old autoconf?).
#!/usr/bin/env bash
set -uex
umask 0077
ZLIB_VERSION=1.3
OPENSSL_VERSION=1.1.1w
OPENSSH_VERSION=V_9_6_P1
prefix="/opt/openssh"
top="$(pwd)"
root="$top/root"
build="$top/build"
dist="$top/dist"
export "CPPFLAGS=-I$root/include -L. -fPIC"
export "CFLAGS=-I$root/include -L. -fPIC"
export "LDFLAGS=-L$root/lib -L$root/lib64"
#COMMENT THIS for debugging the script. Each stage will cache download and build
#rm -rf "$root" "$build" "$dist"
mkdir -p "$root" "$build" "$dist"
if [ ! -f "build/zlib-$ZLIB_VERSION/minigzip" ]; then
echo "---- Building ZLIB -----"
if [ ! -f "$dist/zlib-$ZLIB_VERSION.tar.gz" ]; then
curl --output $dist/zlib-$ZLIB_VERSION.tar.gz --location https://zlib.net/zlib-$ZLIB_VERSION.tar.gz
gzip -dc $dist/zlib-*.tar.gz |(cd "$build" && tar xf -)
fi
cd "$build"/zlib-*
./configure --prefix="$root" --static
make
make install
cd "$top"
fi
if [ ! -f "build/openssl-$OPENSSL_VERSION/wow" ]; then
echo "---- Building OpenSSL -----"
if [ ! -f "$dist/openssl-$OPENSSL_VERSION.tar.gz" ]; then
curl --output $dist/openssl-$OPENSSL_VERSION.tar.gz --location https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz
gzip -dc $dist/openssl-*.tar.gz |(cd "$build" && tar xf -)
fi
cd "$build"/openssl-*
./config --prefix="$root" no-shared no-tests
make
make install
cd "$top"
fi
if [ ! -f "$dist/openssh-$OPENSSH_VERSION.tar.gz" ]; then
curl --output $dist/openssh-$OPENSSH_VERSION.tar.gz --location https://github.com/openssh/openssh-portable/archive/refs/tags/$OPENSSH_VERSION.tar.gz
fi
gzip -dc $dist/openssh-*.tar.gz |(cd "$build" && tar xf -)
cd "$build"/openssh-*
cp -p "$root"/lib/*.a .
DISTRO_REL=`cat /etc/*release | tail -n1`
case "$DISTRO_REL" in
CentOS\ release\ 6*) sed -i '/.*OSSH_CHECK_CFLAG_COMPILE[(].*/d' ./configure.ac;
sed -i '/.*OSSH_CHECK_LDFLAG_LINK[(].*/d' ./configure.ac;
sed -i '/.*OSSH_CHECK_CFLAG_LINK[(].*/d' ./configure.ac;
sed -i '/.*OSSH_CHECK_HEADER_FOR_FIELD[(].*/d' ./configure.ac;
sed -i 's/[[] []]/\[\"\"\]/g' ./configure.ac;
;;
*) ;;
esac
[ -f sshd_config.orig ] || cp -p sshd_config sshd_config.orig
sed \
-e 's/^#\(PubkeyAuthentication\) .*/\1 yes/' \
-e '/^# *Kerberos/d' \
-e '/^# *GSSAPI/d' \
-e 's/^#\([A-Za-z]*Authentication\) .*/\1 no/' \
sshd_config.orig \
>sshd_config \
;
export PATH=$root/bin:$PATH
autoreconf
./configure LIBS="-pthread" "--prefix=$root" "--exec-prefix=$root" --with-privsep-user=nobody --with-privsep-path="$prefix/var/empty" "--with-ssl-dir=$root"
make
cd "$top"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Updated to latest libraries (up to OpenSSH 9.6p1), modified for building openssh, added some if for debugging