centos 6.x ssl证书问题解决及systemtap环境准备

环境准备

选了一个低版本的内核，至于原因就不说了哈。

先用了centos6.5 安装，结果发现装完之后，再安装其他包的过程中发现其ssl证书有问题，解决起来比较麻烦，放弃。

换用centos6.8，也是一样的问题。那就只好解决了哈…

网上找到两个差不多的回答，其中一个可以用，一个不可以用…

可以用的链接是：https://community.letsencrypt.org/t/rhel-centos-6-openssl-client-compatibility-after-dst-root-ca-x3-expiration/161032

it’s working like a charm with the manually compiled RPMs!………

注意点开 post#73后面那个向下的小箭头，不然很容易错过看不到答案…

不可以用的链接是： https://forums.centos.org/viewtopic.php?f=13&t=78238

I don’t want to encourage anyone to stay on Centos 6, on the contrary … upgrade your servers to the latest version … but … this problem can be solved if really needed …

不可以用的原因是缺了个别步骤。

我亲测可以解决问题的步骤是:

# 放入6.8安装的光盘/ 虚拟机的话 直接选iso就可以了
mount /dev/sr0 /mnt

# 修改yum的repo文件，先把系统自带的删除掉 都不要
# 将如下的内容放入 /etc/yum.repos.d/CentOS-Base.repo
[base]
name=CentOS-6
failovermethod=priority
#baseurl=https://vault.centos.org/6.8/os/x86_64/
baseurl=file:///mnt/
gpgcheck=0

# 然后接着操作
sudo su - root
wget ftp://ftp.ntua.gr/pub/linux/centos/6.10/os/x86_64/Packages/lksctp-tools-devel-1.0.10-7.el6.x86_64.rpm
rpm -ivh lksctp-tools-devel-1.0.10-7.el6.x86_64.rpm
yum install docbook-style-xsl

wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/home%3A/rexut%3A/RHEL6-EPEL-deps/CentOS_CentOS-6/noarch/asciidoc-8.4.5-4.1.el6.noarch.rpm
rpm -ivh asciidoc-8.4.5-4.1.el6.noarch.rpm


yum install krb5-devel zlib-devel lksctp-tools-devel util-linux make gcc rpm-build

wget  https://vault.centos.org/7.9.2009/updates/Source/SPackages/openssl-1.0.2k-21.el7_9.src.rpm --no-check-certificate
rpm -i openssl-1.0.2k-21.el7_9.src.rpm
cd ~/rpmbuild/SOURCES/
sed -i 's/secure_getenv(/getenv(/g' *patch
cd ../SPECS/
sed -i 's/%patch68 -p1 -b .secure-getenv/#%patch68 -p1 -b .secure-getenv/g' openssl.spec
rpmbuild -bb openssl.spec
cd ../RPMS/x86_64
rpm -U openssl-libs-1.0.2k-21.el6.x86_64.rpm openssl-1.0.2k-21.el6.x86_64.rpm


yum install asciidoc java-1.6.0-openjdk
mkdir -p /dl/ca-cert; cd /dl/ca-cert;
curl -o ca-certificates-2020.2.41-65.1.el6_10.src.rpm https://vault.centos.org/6.10/updates/Source/SPackages/ca-certificates-2020.2.41-65.1.el6_10.src.rpm
rpm -i ca-certificates-2020.2.41-65.1.el6_10.src.rpm
curl -o ca-certificates-2021.2.50-72.el7_9.src.rpm https://vault.centos.org/7.9.2009/updates/Source/SPackages/ca-certificates-2021.2.50-72.el7_9.src.rpm
rpm2cpio ca-certificates-2021.2.50-72.el7_9.src.rpm | cpio -idmv
cp certdata.txt ~/rpmbuild/SOURCES/
sed -i 's/Version: 2020.2.41/Version: 2021.2.50/g' ~/rpmbuild/SPECS/ca-certificates.spec
cd ~/rpmbuild/SPECS
rpmbuild -bb ca-certificates.spec
cd /root/rpmbuild/RPMS/noarch/
rpm -U ca-certificates-2021.2.50-65.1.el6.noarch.rpm

这样就可以解决了，用下面这个验证 ：

wget https://vault.centos.org/6.8/os/x86_64/repodata/repomd.xml

修改 /etc/yum.repos.d/CentOS-Base.repo ：

[base]
name=CentOS-6
failovermethod=priority
baseurl=https://vault.centos.org/6.8/os/x86_64/
#baseurl=file:///mnt/
gpgcheck=0

然后：

yum clean all
yum makecache

centos6.8 对应内核版本2.6.32-642.el6.x86_64,安装对应的内核调试信息与src包。

https://vault.centos.org/6.8/isos/x86_64/CentOS-6.8-x86_64-bin-DVD1.iso

wget http://debuginfo.centos.org/6/x86_64/kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm
wget http://debuginfo.centos.org/6/x86_64/kernel-debuginfo-2.6.32-642.el6.x86_64.rpm
wget http://www.central.org/dl/linuxdev/centos6/x86_64/kernel-devel-2.6.32-642.el6.x86_64.rpm
wget https://vault.centos.org/6.8/os/Source/SPackages/kernel-2.6.32-642.el6.src.rpm


sudo rpm -ivh kernel-devel-2.6.32-642.el6.x86_64.rpm
sudo rpm -ivh kernel-debuginfo-common-x86_64-2.6.32-642.el6.x86_64.rpm
sudo rpm -ivh kernel-debuginfo-2.6.32-642.el6.x86_64.rpm

安装并验证:

# 这步骤如果安装网络下载太慢 可以从本地iso安装，跟上面一样改repo文件
sudo yum install systemtap

stap -e 'probe begin{printf("Hello, World"); exit();}'

sudo stap -l 'kernel.function("*")'

sudo stap -l 'kernel.function("read")'
# 成功执行的话能看到  kernel.function("read@fs/sysfs/bin.c:70")
# /usr/src/debug/kernel-2.6.32-642.el6/linux-2.6.32-642.el6.x86_64/fs/sysfs/bin.c