Solved

Upgrading SSH on CentOS 5 - RPM Build Error

Posted on 2012-04-09
19
2,343 Views
Last Modified: 2012-04-10
Hi there,

I'm trying to upgrade OpenSSH from 4.3p2 to 5.8p1
I'm following instructions from: http://dancunningham.co.uk/2011/06/22/upgrade-openssh-on-centos-5/

When I started, 5.8p2  so I just changed it to 5.8p1 and downloaded it myself.

However I get right to the end at rpm build then get an error - I copied in below the error log

#!/bin/sh

  RPM_SOURCE_DIR="/usr/src/redhat/SOURCES"
  RPM_BUILD_DIR="/usr/src/redhat/BUILD"
  RPM_OPT_FLAGS="-O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables"
  RPM_ARCH="i386"
  RPM_OS="linux"
  export RPM_SOURCE_DIR RPM_BUILD_DIR RPM_OPT_FLAGS RPM_ARCH RPM_OS
  RPM_DOC_DIR="/usr/share/doc"
  export RPM_DOC_DIR
  RPM_PACKAGE_NAME="openssh"
  RPM_PACKAGE_VERSION="5.8p1"
  RPM_PACKAGE_RELEASE="1"
  export RPM_PACKAGE_NAME RPM_PACKAGE_VERSION RPM_PACKAGE_RELEASE
  RPM_BUILD_ROOT="/var/tmp/openssh-5.8p1-buildroot"
  export RPM_BUILD_ROOT
 
  PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/share/pkgconfig"
  export PKG_CONFIG_PATH
 
  set -x
  umask 022
  cd "/usr/src/redhat/BUILD"
cd 'openssh-5.8p1'

K5DIR=`rpm -ql krb5-devel | grep include/krb5.h | sed 's,\/include\/krb5.h,,'`
echo K5DIR=$K5DIR


  CFLAGS="${CFLAGS:--O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables}" ; export CFLAGS ;
  CXXFLAGS="${CXXFLAGS:--O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables}" ; export CXXFLAGS ;
  FFLAGS="${FFLAGS:--O2 -g -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables}" ; export FFLAGS ;
  ./configure --host=i686-redhat-linux-gnu --build=i686-redhat-linux-gnu \
      --target=i386-redhat-linux \
      --program-prefix= \
       --prefix=/usr \
      --exec-prefix=/usr \
      --bindir=/usr/bin \
      --sbindir=/usr/sbin \
      --sysconfdir=/etc \
      --datadir=/usr/share \
      --includedir=/usr/include \
      --libdir=/usr/lib \
      --libexecdir=/usr/libexec \
      --localstatedir=/var \
      --sharedstatedir=/usr/com \
      --mandir=/usr/share/man \
      --infodir=/usr/share/info \
      --sysconfdir=/etc/ssh \
      --libexecdir=/usr/libexec/openssh \
      --datadir=/usr/share/openssh \
      --with-tcp-wrappers \
      --with-rsh=/usr/bin/rsh \
      --with-default-path=/usr/local/bin:/bin:/usr/bin \
      --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
      --with-privsep-path=/var/empty/sshd \
      --with-md5-passwords \
      --with-pam \
       --with-kerberos5=$K5DIR \



make


# Define a variable to toggle gnome1/gtk2 building.  This is necessary
# because RPM doesn't handle nested %if statements.
%if 1
gtk2=yes
%else
      gtk2=no
%endif


exit 0

Any ideas?
0
Comment
Question by:Luke_fleming
  • 7
  • 6
  • 6
19 Comments
 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
add Fedora repo to your local yum repos and just type in terminal "yum update openssh" that`s all (probably priority should be changed too)

to add fedora/epel repo run following command "rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm"
when done you could update/install openssh via yum
0
 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
or if you won`t add epel repo, just download that package http://pkgs.org/centos-5-rhel-5/centalt-i386/openssh-5.8p2-16.el5.1.i386.rpm.html (choose i386 or x64)
and install it via RPM or YUM
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
Hi,

If you want to use a precompiled binary you can get it from a repo as the lanalQko indicated.

But if you want to see ehat is wrong with the compilation you should post the error message here. When I wanted to compile I had 2 problems:

- The first one was the error that you have got. I've fixed it by installing pam-devel since it was looking for some pam header files and they are located in pam-devel:
yum install pam-devel

Open in new window

- Then I had a problem with documentation. It was looking for some WARNING* documentation to copy but could not find them there. To fix this I've edited the spec.file and changed the line to read like the second one (Removing WARNING* ):
%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO WARNING*

Open in new window

%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* PROTOCOL* TODO

Open in new window

After this it has successfully finished the compile.
Obsoletes: ssh-server
Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/openssh-5.9p1-buildroot
Wrote: /usr/src/redhat/RPMS/x86_64/openssh-5.9p1-1.x86_64.rpm
Wrote: /usr/src/redhat/RPMS/x86_64/openssh-clients-5.9p1-1.x86_64.rpm
Wrote: /usr/src/redhat/RPMS/x86_64/openssh-server-5.9p1-1.x86_64.rpm
Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.27268

Open in new window


I hope this helps.

Cheers,
K.
0
 
LVL 1

Author Comment

by:Luke_fleming
Comment Utility
Hi,

So first of all I tried installing Fedora repo:

<code>-bash-3.2# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
error: skipping http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm - transfer failed - Unknown or unexpected error
warning: u 0x8e45768 ctrl 0x95b2910 nrefs != 0 (download.fedoraproject.org http)
-bash-3.2#</code>

And then I tried loading the OpenSSH package directly:

<code>-bash-3.2# rpm -Uvh http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
Retrieving http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
error: Failed dependencies:
        openssh = 5.8p2-16.el5.1 is needed by openssh-server-5.8p2-16.el5.1.i386
-bash-3.2#</code>


I believe I'm getting these errors becuase in CentOS 5 there are no repos for OpenSSH 4.4+
which is why I was building my own RPM from those instructions in my first post.

KeremE - I will try you solution shortly - see what we get!

Thanks,
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
Hi,

<code>-bash-3.2# rpm -Uvh http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
Retrieving http://centos.alt.ru/repository/centos/5/i386/openssh-server-5.8p2-16.el5.1.i386.rpm
error: Failed dependencies:
        openssh = 5.8p2-16.el5.1 is needed by openssh-server-5.8p2-16.el5.1.i386
-bash-3.2#</code>

You should have 3 rpms ready to install the new version As you can see from what I've posted these are:

openssh-5.9p1-1.x86_64.rpm   or the equivalent i386 version (replace x86_64 with i386)
openssh-clients-5.9p1-1.x86_64.rpm
openssh-server-5.9p1-1.x86_64.rpm

You can not install them successfully without downloading all 3 of them. They all dependent on each other.

KeremE - I will try you solution shortly - see what we get!

Just take your time.

Cheers,
K.
0
 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
If you will configure yum repos properly, then it will install dependencies automatically,
It's better to use yum than rpm installer
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
<code>-bash-3.2# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
error: skipping http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm - transfer failed - Unknown or unexpected error
warning: u 0x8e45768 ctrl 0x95b2910 nrefs != 0 (download.fedoraproject.org http)
-bash-3.2#</code>

Even if you2d succeededt it would not work you're trying to install RHRL 6 version of EPEL. AFAIK you use RHEL 5 !!!
0
 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
KeremE has right therefore you could use EPEL 5 repo

"rpm -ivh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm"
0
 
LVL 1

Author Comment

by:Luke_fleming
Comment Utility
Now I'm getting this when trying EPEL 5:

-bash-3.2# rpm -ivh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
Retrieving http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
error: skipping http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm - transfer failed - Unknown or unexpected error
warning: u 0x8a18768 ctrl 0x9185910 nrefs != 0 (download.fedoraproject.org http)
-bash-3.2#
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
download it manually via wget

cd /tmp
wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -ivh epel-release-5-4.noarch.rpm
0
 
LVL 1

Author Comment

by:Luke_fleming
Comment Utility
"package epel-release-5-4.noarch is already installed"


I've already tried yum update openssh

But there are no updates for it on my version of Centos 5. So this takes me back to im pretty sure that there is no predefined binaried to upgrade openssh on CentOS 5 ? Anyone know of any others?
0
 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
in that case you could follow up this:

http://survivalguides.wordpress.com/2011/05/20/installing-openssh-5-8-centos-5-5/

I know, you have already followed up similar guide
0
 
LVL 1

Author Comment

by:Luke_fleming
Comment Utility
I managed to build the RPM by following KeremE's instructions, now I have the three RPM's I need they wont install


-bash-3.2# rpm -Uvh *.rpm
error: Failed dependencies:
        openssh = 4.3p2-82.el5 is needed by (installed) openssh-askpass-4.3p2-82.el5.i386


I believe this is an update for OpenSSH 4.3p2
Obviously - this isnt available by doing yum update openssh....

Any ideas?

Thanks!
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
I've already tried yum update openssh

But there are no updates for it on my version of Centos 5. So this takes me back to im pretty sure that there is no predefined binaried to upgrade openssh on CentOS 5 ? Anyone know of any others?

I don2t think it is possible to replace CentOS supplied OpenSSH over the existing repos. You'll either remove openssh and reinstall using yum after disabling base and updates libraries and enabling epel library. Or you'll need to compile it as I've suggested earlier.

Another option is to get all three rpms and install them manually.

Cheers,
K.
0
 
LVL 5

Expert Comment

by:kanalQko
Comment Utility
that`s right, anyway I`d recommend you to upgrade whole OS, centos 5 is quite old
0
 
LVL 1

Author Comment

by:Luke_fleming
Comment Utility
upgrading centOS 5 is a massive job though - especially we have to do it remotely.
I know this is the ideal situation.  Is there any good online guides? Maybe I can start planning it.

Thanks
0
 
LVL 30

Expert Comment

by:Kerem ERSOY
Comment Utility
-bash-3.2# rpm -Uvh *.rpm
error: Failed dependencies:
        openssh = 4.3p2-82.el5 is needed by (installed) openssh-askpass-4.3p2-82.el5.i386


I believe this is an update for OpenSSH 4.3p2
Obviously - this isnt available by doing yum update openssh....

You'll first need to remove the existing OpenSSH askpass module.  Newly compiled rpms do not have a rpm for askpass and therefore it remains there. When it remains it would need the base openssh module. This is a clash. So first remove the SSH askpass module using this command:
rpm -ev openssh-askpass| 

Open in new window


Then do the install using rpms.

Cheers,
K.
0
 
LVL 30

Accepted Solution

by:
Kerem ERSOY earned 500 total points
Comment Utility
upgrading centOS 5 is a massive job though - especially we have to do it remotely.
I know this is the ideal situation.  Is there any good online guides? Maybe I can start planning it.

If all you need is just a new OpsnSSH upgrading the whole system to CentOS 6 is an overkill. CentOS 5 will have support for 1-2 years more so you can plan the upgrade for a later time.

for the time being removing the ask-pass module should do..

Cheers,
K.
0
 
LVL 1

Author Closing Comment

by:Luke_fleming
Comment Utility
Amazing!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Sequence is something that used to store data in it in very simple words. Let us just create a list first. To create a list first of all we need to give a name to our list which I have taken as “COURSE” followed by equals sign and finally enclosed …
Dictionaries contain key:value pairs. Which means a collection of tuples with an attribute name and an assigned value to it. The semicolon present in between each key and values and attribute with values are delimited with a comma.  In python we can…
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now