这是一篇过时的文章,原因是因为我维护了一套屎山环境,openresty跑在centos7上面,环境不允许动任何东西,但是openresty有漏洞需要我升级,高版本openresty在低版本GCC和openssl环境编译,确实有点折磨人:
搞个同版本机器编译,准备编译环境:
1
|
yum install -y perl gcc kernel-devel readline-devel pcre-devel openssl-devel gcc
|
准备包:
1
|
wget https://openresty.org/download/openresty-1.27.1.1.tar.gz
|
由于我的程序还依赖naxsi:
1
|
wget https://github.com/wargio/naxsi/releases/download/1.6/naxsi-1.6-src-with-deps.tar.gz
|
这里一定要下载这个withdeps,把依赖带上不然编译就过不去。
解压开始编译:
1
2
3
4
5
6
7
8
9
10
11
|
./configure --prefix=/usr/local/openresty \
--http-client-body-temp-path=/usr/local/openresty/nginx/temp/client_temp \
--http-proxy-temp-path=/usr/local/openresty/nginx/temp/proxy_temp \
--http-fastcgi-temp-path=/usr/local/openresty/nginx/temp/fastcgi_temp \
--http-uwsgi-temp-path=/usr/local/openresty/nginx/temp/uwsgi_temp \
--http-scgi-temp-path=/usr/local/openresty/nginx/temp/scgi_temp \
--with-http_sub_module \
--add-module=/usr/local/naxsi-1.6/naxsi_src \
--with-stream \
--without-stream_ssl_module \
--without-http_ssl_module
|
make发现不通过:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c: 在函数‘naxsi_is_illegal_host_name’中:
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c:1170:3: 错误:只允许在 C99 模式下使用‘for’循环初始化声明
for (size_t i = 1; i < plen; ++i) {
^
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c:1170:3: 附注:使用 -std=c99 或 -std=gnu99 来编译您的代码
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c:1196:15: 错误:‘i’重定义
for (size_t i = 0; i < n_cidrs; ++i) {
^
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c:1170:15: 附注:‘i’的上一个定义在此
for (size_t i = 1; i < plen; ++i) {
^
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c:1196:3: 错误:只允许在 C99 模式下使用‘for’循环初始化声明
for (size_t i = 0; i < n_cidrs; ++i) {
^
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c: 在函数‘naxsi_generate_request_id’中:
/usr/local/naxsi-1.6/naxsi_src/naxsi_utils.c:1219:3: 错误:只允许在 C99 模式下使用‘for’循环初始化声明
for (size_t i = 0; i < len; i++) {
^
gmake[2]: *** [objs/addon/naxsi_src/naxsi_utils.o] 错误 1
gmake[2]: *** 正在等待未完成的任务....
gmake[2]: 离开目录“/src/openresty-1.27.1.1/build/nginx-1.27.1”
gmake[1]: *** [build] 错误 2
gmake[1]: 离开目录“/src/openresty-1.27.1.1/build/nginx-1.27.1”
gmake: *** [all] 错误 2
|
这倒是小事,有两个办法指定以C99编译(不行)或者修改源码,我还是改一下for循环的源码吧。通过√
接着往下跑,make不通过:
1
2
3
4
5
6
7
8
9
10
11
12
|
-L/src/openresty-1.27.1.1/build/luajit-root/usr/local/openresty/luajit/lib -L/src/openresty-1.27.1.1/build/luajit-root/usr/local/openresty/luajit/lib -Wl,-rpath,/usr/local/openresty/luajit/lib -Wl,-E -Wl,-E -ldl -lpthread -lcrypt -L/src/openresty-1.27.1.1/build/luajit-root/usr/local/openresty/luajit/lib -lluajit-5.1 -lm -ldl -L/src/openresty-1.27.1.1/build/luajit-root/usr/local/openresty/luajit/lib -lluajit-5.1 -lm -ldl -lpcre -lssl -lcrypto -ldl -lpthread -lz \
-Wl,-E
objs/addon/src/ngx_http_lua_ssl_certby.o:在函数‘ngx_http_lua_ffi_ssl_client_random’中:
ngx_http_lua_ssl_certby.c:(.text+0x1cd7):对‘SSL_get_client_random’未定义的引用
objs/addon/src/ngx_stream_lua_ssl_certby.o:在函数‘ngx_stream_lua_ffi_ssl_client_random’中:
ngx_stream_lua_ssl_certby.c:(.text+0x1d06):对‘SSL_get_client_random’未定义的引用
collect2: 错误:ld 返回 1
gmake[2]: [objs/nginx] 错误 1
gmake[2]: 离开目录“/src/openresty-1.27.1.1/build/nginx-1.27.1”
gmake[1]: [build] 错误 2
gmake[1]: 离开目录“/src/openresty-1.27.1.1/build/nginx-1.27.1”
gmake: *** [all] 错误 2
|
发现openssl版本低了,不能动环境,那就只能静态编进去了。。。
说干就干:
1
|
wget https://github.com/openssl/openssl/releases/download/openssl-3.4.0/openssl-3.4.0.tar.gz
|
解压再编译,报错:
1
2
3
4
5
6
7
8
9
10
11
12
|
./configure --prefix=/usr/local/openresty \
--http-client-body-temp-path=/usr/local/openresty/nginx/temp/client_temp \
--http-proxy-temp-path=/usr/local/openresty/nginx/temp/proxy_temp \
--http-fastcgi-temp-path=/usr/local/openresty/nginx/temp/fastcgi_temp \
--http-uwsgi-temp-path=/usr/local/openresty/nginx/temp/uwsgi_temp \
--http-scgi-temp-path=/usr/local/openresty/nginx/temp/scgi_temp \
--with-http_sub_module \
--add-module=/usr/local/naxsi-1.6/naxsi_src \
--with-stream --with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_ssl_module \
--with-openssl=/src/openssl-3.4.0
|
1
2
3
4
5
6
7
8
9
|
Can't locate IPC/Cmd.pm in @INC (@INC contains: /src/openssl-3.4.0/util/perl /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 . /src/openssl-3.4.0/external/perl/Text-Template-1.56/lib) at /src/openssl-3.4.0/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /src/openssl-3.4.0/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at /src/openssl-3.4.0/Configure line 23.
BEGIN failed--compilation aborted at /src/openssl-3.4.0/Configure line 23.
gmake[2]: [/src/openssl-3.4.0/.openssl/include/openssl/ssl.h] 错误 2
gmake[2]: 离开目录“/src/openresty-1.27.1.1/build/nginx-1.27.1”
gmake[1]: [build] 错误 2
gmake[1]: 离开目录“/src/openresty-1.27.1.1/build/nginx-1.27.1”
gmake: *** [all] 错误 2
|
缺东西啊
1
|
yum install perl-IPC-Cmd
|
再编译,还是缺:
1
2
|
Can't locate Data/Dumper.pm in @INC (@INC contains: Configurations . /src/openssl-3.4.0/util/../Configurations /src/openssl-3.4.0/util/perl /src/openssl-3.4.0/Configurations /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 /src/openssl-3.4.0/external/perl/Text-Template-1.56/lib /src/openssl-3.4.0/util/../external/perl/Text-Template-1.56/lib) at exporters/cmake/OpenSSLConfig.cmake.in line 5.
BEGIN failed--compilation aborted at exporters/cmake/OpenSSLConfig.cmake.in line 5.
|
再装:
1
|
yum install perl-Data-Dumper
|
终于可以了。
