目的
编译新版本 tls 用于 wget, curl 工具
下载地址
nettle-3.6
gnutls-3.6.13 需要 nettle 依赖
gnutls-3.1.5.tar.xz
oepnssl-1.1.1g (可选)
wget2-1.99
wget-1.20
curl-7.70
编译
nettle
编译方法
./configure --prefix=/usr/local/nettle --disable-openssl --enable-shared --enable-mini-gmp
make
make install
定义库位置
echo /usr/local/nettle/lib64/ > /etc/ld.so.conf.d/nettle.conf
ldconfig
检查方法 (默认报错)
# pkg-config --modversion nettle
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc'
to the PKG_CONFIG_PATH environment variable
No package 'nettle' found
解决办法
# export PKG_CONFIG_PATH=":/usr/local/nettle/lib64/pkgconfig/"
# pkg-config --modversion nettle
3.6
openssl
# ./config --prefix=/usr/local/openssl -fPIC
# make
# maek install
gnutls
注意:
可能会遇到下面错误 (centos6, centos7 低版本)
centos6 无法编译 gnutls-3.6.13 版本
centos6 建议使用 gnutls-3.1.5
libtasnl 错误
checking for LIBTASN1... no
configure: error:
***
*** Libtasn1 4.9 was not found. To use the included one, use --with-included-libtasn1
解决办法
wget https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.12.tar.gz
编译
./configure --prefix=//usr/local/libtasn1
make
make install
echo "//usr/local/libtasn1" > /etc/ld.so.conf.d/libtasn1.conf
ldconfig
unistring 错误
错误
configure: error:
***
*** Libunistring was not found. To use the included one, use --with-included-unistring
解决
yum install -y libunistring-devel.x86_64
nettle 错误 (centos6)
错误
checking for libnettle... no
configure: error:
***
*** Libnettle 2.5 was not found. Note that you must compile nettle with gmp support.
解决
yum install -y gmp-devel.x86_64
wget https://ftp.gnu.org/gnu/nettle/nettle-2.5.tar.gz
./configure --prefix=/usr/local/nettle
make
make install
# export PKG_CONFIG_PATH=":/usr/local/nettle/lib64/pkgconfig/"
# pkg-config --modversion nettle
2.5
编译 gnutls
# ./configure --prefix=/usr/local/gnutls --with-nettle-mini --without-p11-kit
或
centos6:
CPPFLAGS="-I/apps/svr/download/nettle/include/nettle/ -I/apps/svr/download/libtasnl/include/" LDFLAGS="-L/apps/svr/download/nettle/lib64 -L/apps/svr/download/libtasnl/lib/" ./configure --prefix=/apps/svr/download/gnutls --with-nettle-mini --without-p11-kit --with-included-libtasn1=/apps/svr/download/libtasnl/include/ --with-libnettle-prefix=/apps/svr/download/nettle/
version: 3.6.13 shared 57:0:27
Host/Target system: x86_64-pc-linux-gnu
Build system: x86_64-pc-linux-gnu
Install prefix: /usr/local/gnutls
Compiler: gcc -std=gnu99
Valgrind: no
CFlags: -g -O2
Library types: Shared=yes, Static=no
Local libopts: yes
Local libtasn1: no
Local unistring: no
Use nettle-mini: yes
Documentation: yes (manpages: yes)
configure: External hardware support:
/dev/crypto: no
Hardware accel: x86-64
Padlock accel: yes
Random gen. variant: auto-detect
PKCS#11 support: yes
TPM support: yes
configure:
TPM library: /usr/lib64/libtspi.so.1
configure: Optional features:
(note that included applications might not compile properly
if features are disabled)
SSL3.0 support: no
SSL2.0 client hello: yes
Allow SHA1 sign: no
DTLS-SRTP support: yes
ALPN support: yes
OCSP support: yes
SRP support: yes
PSK support: yes
DHE support: yes
ECDHE support: yes
GOST support: yes
Anon auth support: yes
Heartbeat support: yes
IDNA support: IDNA 2008 (libidn2)
Non-SuiteB curves: yes
FIPS140 mode: no
Strict DER time: yes
configure: Optional libraries:
Guile wrappers: yes
C++ library: yes
DANE library: yes
OpenSSL compat: no
configure: System files:
Trust store pkcs11:
Trust store dir:
Trust store file: /etc/pki/tls/cert.pem
Blacklist file:
CRL file:
Configuration file: /etc/gnutls/config
DNSSEC root key file: /var/lib/unbound/root.key
# make
# make install
常见错误1
configure: error:
***
*** Libnettle 3.4.1 was not found.
解决
# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/nettle/lib64/pkgconfig/
# pkg-config --modversion nettle
3.6
常见错误2
configure: error:
***
*** Libtasn1 4.9 was not found. To use the included one, use --with-included-libtasn1
解决方法
# yum install -y libtasn1-devel.x86_64
常见错误3
configure: error:
***
*** Libunistring was not found. To use the included one, use --with-included-unistring
解决方法
# yum install -y libunistring-devel.x86_64
常见错误4
configure: WARNING:
***
*** libunbound was not found. Libdane will not be built.
***
checking for P11_KIT... no
configure: error:
***
*** p11-kit >= 0.23.1 was not found. To disable PKCS #11 support
*** use --without-p11-kit, otherwise you may get p11-kit from
*** https://p11-glue.freedesktop.org/p11-kit.html
解决方法
# yum install -y unbound-devel.x86_64
# yum install -y p11-kit-devel.x86_64
常见问题5
***
*** Detecting GNU Guile...
checking for guile-snarf... no
configure: WARNING: `guile-snarf' from Guile not found. Guile bindings not built.
checking that generated files are newer than configure... done
checking for tss library... no
configure: WARNING:
***
*** trousers was not found. TPM support will be disabled.
***
解决方法
# yum install -y trousers-devel.x86_64
常见问题6
checking for autogen... no
configure: WARNING:
***
*** autogen not found. Will not link against system libopts.
***
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
解决方法
# yum install -y autogen
常见问题7
checking for library containing idn2_lookup_u8... no
configure: WARNING: *** LIBIDN2 was not found. You will not be able to use IDN2008 support
解决方法
yum install -y libidn2-devel.x86_64
常见问题8
checking whether building Guile bindings... yes
***
*** Detecting GNU Guile...
checking for guile-snarf... no
解决方法
yum install -y guile-devel.x86_64
常见问题9
pkcs11_privkey.c: In function '_gnutls_pkcs11_privkey_sign':
pkcs11_privkey.c:335:32: error: storage size of 'rsa_pss_params' isn't known
struct ck_rsa_pkcs_pss_params rsa_pss_params;
^
pkcs11_privkey.c:335:32: warning: unused variable 'rsa_pss_params' [-Wunused-variable]
make[4]: *** [pkcs11_privkey.lo] Error 1
make[4]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/gnutls-3.6.11.1'
make: *** [all] Error 2
解决方法
--without-p11-kit 编译时候忽略该功能
wget
# ./configure --with-ssl=gnutls --prefix=/usr/local/wget
# make
# make install
常见问题
checking for libgnutls... no
configure: error: GnuTLS has not been found. Use --with-ssl=openssl if you explicitly want OpenSSL.
解决方法:
# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/nettle/lib64/pkgconfig/
# pkg-config --modversion nettle
3.6
重新编译即通过
# ./configure --with-ssl=gnutls --prefix=/usr/local/wget
checking for GNUTLS... yes
configure: compiling in support for SSL via GnuTLS
Version: 1.20
Host OS: linux-gnu
Install prefix: /usr/local
Compiler: gcc -std=gnu11
CFlags: -I/usr/local/gnutls/include -I/usr/local/nettle/include -DHAVE_LIBGNUTLS -DNDEBUG
LDFlags:
Libs: -lpcre -lidn2 -L/usr/local/gnutls/lib -lgnutls -lz
SSL: gnutls
Zlib: yes
PSL: no
PCRE: yes, via libpcre
Digest: yes
NTLM: auto
OPIE: yes
POSIX xattr: yes
Debugging: yes
Assertions: no
Valgrind: Valgrind testing not enabled
Metalink: no
Resolver: libc, --bind-dns-address and --dns-servers not available
GPGME: no
IRI: yes
Fuzzing build: no,
curl
这个编译比较特殊
# CPPFLAGS="-I/usr/local/nettle/include" LDFLAGS="-L/usr/local/nettle/lib64" ./configure --with-gnutls=/usr/local/gnutls --prefix=/usr/local/curl --with-ssl=/usr/local/openssl
# make
# make install
编译时需手动定义 nettle 库文件及头文件位置, 否则报错
configure: error: GnuTLS found, but neither gcrypt nor nettle found
git 编译
tar xf git-v2.27.0.tar.gz
默认没有 configure 文件, 需要编译出来
]# make configure
GIT_VERSION = 2.27.0
GEN configure
由于 centos6 无法编译新版本 gnutls , 必须升级 gcc, 比较麻烦, 因此直接使用 openssl
编译方法
CPPFLAGS="-I/apps/svr/download/nettle/include/" LDFLAGS="-L/apps/svr/download/nettle/lib64" ./configure --prefix=/apps/svr/git --with-openssl=/apps/svr/download/openssl --with-expat --with-zlib
make
make install