openssl安装部署脚本

#!/bin/bash

# 如果出现换行符错误需要转换一下：set ff=unix

if [ ! $UID == 0 ]; then
    echo "请切换到root用户下执行！"
	exit 1
fi
# 停止selinux并修改selinux配置问题，使其重启后不启动
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config

# 停止Apache服务
systemctl stop httpd

# 检测包管理器并安装依赖项
install_dependencies() {
  if command -v yum > /dev/null; then
    sudo yum groupinstall -y "Development Tools"
    sudo yum install -y zlib-devel openssl-devel
  else
    echo "不支持的包管理器，请手动安装 build-essential、zlib 和 openssl 开发包。"
    exit 1
  fi
}

# 检查依赖项是否已安装
check_dependencies() {
  if ! (command -v gcc > /dev/null && command -v make > /dev/null); then
    return 1
  fi

  echo "#include " | gcc -E - > /dev/null 2>&1 || return 1
  echo "#include " | gcc -E - > /dev/null 2>&1 || return 1

  return 0
}

if ! check_dependencies; then
  install_dependencies
fi

# 设置当前日期
current_date=$(date +"%Y-%m-%d-%s")

# 备份现有的 OpenSSL 配置和二进制文件
backup_dir="openssl_backup_$current_date"
mkdir -p "$backup_dir"

# 备份并删除 OpenSSL 配置文件及二进制文件
backup_and_remove() {
  files_to_backup=(
    "/usr/bin/openssl"
    "/usr/lib64/libssl.so.1.0.2k"
    "/usr/lib64/libcrypto.so.1.0.2k"
  )

  for file in "${files_to_backup[@]}"; do
    cp "$file" "$backup_dir"
    if [ -f "$backup_dir/$(basename "$file")" ]; then
      echo "备份$file成功"
    else
      echo "备份 $file 失败，请检查文件权限。"
      exit 1
    fi
#    rm "$file"
    echo "11" 
  done
}





# 在当前目录中查找最新的 OpenSSL tarball
openssl_tarball=$(ls -t openssl-[0-9.]*.tar.gz | head -n 1)

if [ -z "$openssl_tarball" ]; then
  echo "未找到 OpenSSL tarball，请确保它位于当前目录中。"
  exit 1
fi

# 检查 OpenSSL 版本并显示结果
check_openssl_version() {
  installed_version=$(openssl version | awk '{print $2}' | sed 's/-[^0-9.]*//' | sed 's/,//g'|sed 's/.$//')
  source_version=$(echo "$openssl_tarball" | sed 's/.*-\([0-9]\.[0-9]\.[0-9a-zA-Z]*[a-z]*\).*/\1/'|sed 's/.$//')

  if [ "$installed_version" == "$source_version" ]; then
    echo "当前 OpenSSL 版本为 $installed_version，无需升级。"
	exit 1
  else
    echo "开始执行OpenSSL升级："
  fi
}

check_openssl_version
# 备份并删除 OpenSSL 配置文件及二进制文件
backup_and_remove


# 解压缩 tarball 并进入源代码目录
tar -zxf "$openssl_tarball"
cd openssl-[0-9.]*/

# 编译和安装同时记录错误
if ! ./config --prefix=/usr/local/openssl shared zlib; then
  echo "配置失败，请检查 configure_errors.log。"
  exit 1
fi

if ! make depend; then
  echo "编译失败，请检查 make_errors.log。"
  exit 1
fi
sum_cpu=$(cat /proc/cpuinfo | grep "processor"|wc -l)
if ! make -j $sum_cpu; then
  echo "编译失败，请检查 make_errors.log。"
  exit 1
fi

# 安装新版本的 OpenSSL
if ! make install; then
  echo "安装失败，请检查 make_errors.log。"
  exit 1
fi

#添加变量
if ! grep -q '/usr/local/openssl/bin' /etc/profile; then
  cat >> /etc/profile < >(tee -a script_execution.log) 2>&1 

    复制