source: chapter08/openssl.xml@ 59fef4c

11.0 11.0-rc1 11.0-rc2 11.0-rc3 11.1 11.1-rc1 11.2 11.2-rc1 11.3 11.3-rc1 12.0 12.0-rc1 12.1 12.1-rc1 arm bdubbs/gcc13 ml-11.0 multilib renodr/libudev-from-systemd s6-init trunk xry111/arm64 xry111/arm64-12.0 xry111/clfs-ng xry111/lfs-next xry111/loongarch xry111/loongarch-12.0 xry111/loongarch-12.1 xry111/mips64el xry111/pip3 xry111/rust-wip-20221008 xry111/update-glibc
Last change on this file since 59fef4c was 59fef4c, checked in by Xi Ruoyao <xry111@…>, 3 years ago

generalize ken's note for shared library update, ...

and move it into package management section
  • Property mode set to 100644
File size: 6.4 KB
RevLine 
[e5474751]1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-openssl" role="wrap">
9 <?dbhtml filename="openssl.html"?>
10
11 <sect1info condition="script">
12 <productname>openssl</productname>
13 <productnumber>&openssl-version;</productnumber>
14 <address>&openssl-url;</address>
15 </sect1info>
16
17 <title>OpenSSL-&openssl-version;</title>
18
19 <indexterm zone="ch-system-openssl">
20 <primary sortas="a-OpenSSL">OpenSSL</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The OpenSSL package contains management tools and libraries relating
27 to cryptography. These are useful for providing cryptographic functions
[6a156bab]28 to other packages, such as OpenSSH, email applications, and web browsers
[e5474751]29 (for accessing HTTPS sites). </para>
30
31 <segmentedlist>
32 <segtitle>&buildtime;</segtitle>
33 <segtitle>&diskspace;</segtitle>
34
35 <seglistitem>
[fb386e0]36 <seg>&openssl-fin-sbu;</seg>
37 <seg>&openssl-fin-du;</seg>
[e5474751]38 </seglistitem>
39 </segmentedlist>
40
41 </sect2>
42
43 <sect2 role="installation">
44 <title>Installation of OpenSSL</title>
[918e500]45
[e5474751]46 <para>Prepare OpenSSL for compilation:</para>
47
48<screen><userinput remap="configure">./config --prefix=/usr \
49 --openssldir=/etc/ssl \
50 --libdir=lib \
51 shared \
52 zlib-dynamic</userinput></screen>
53
54 <para>Compile the package:</para>
55
56<screen><userinput remap="make">make</userinput></screen>
57
58 <para>To test the results, issue:</para>
59
60<screen><userinput remap="test">make test</userinput></screen>
[a751c8d]61
[52544aa]62 <para>One test 30-test_afalg.t is known to fail on some kernel
63 configurations (it apparently assumes certain unspecified crypto
64 options have been selected).</para>
[a751c8d]65
[e5474751]66 <para>Install the package:</para>
67
68<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
69make MANSUFFIX=ssl install</userinput></screen>
70
[f82ef49]71 <para>Add the version to the documentation directory name, to be
72 consistent with other packages:</para>
[e5474751]73
[f82ef49]74<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
75
76 <para>If desired, install some additional documentation:</para>
77
78<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
[e5474751]79
[6df63e4]80 <note>
81 <para>
82 You should update OpenSSL when a new version which fixes vulnerabilities
83 is announced. The releases run in series, with a letter for each release
84 after the initial release (e.g. 1.1.1, 1.1.1a, 1.1.1b, etc). Because LFS
85 installs only the shared libraries, there is no need to recompile packages
86 which link to <filename class="libraryfile">libcrypto.so</filename> or
87 <filename class="libraryfile">libssl.so</filename>
88 <emphasis>when upgrading in the same series.</emphasis>
89 </para>
90
91 <para>
92 However, any running programs linked to those libraries need to be stopped
[59fef4c]93 and restarted. Read the related entries in
94 <xref linkend='pkgmgmt-upgrade-issues'/> for details.
[6df63e4]95 </para>
96
97 </note>
98
[e5474751]99 </sect2>
100
101 <sect2 id="contents-openssl" role="content">
102 <title>Contents of OpenSSL</title>
103
104 <segmentedlist>
105 <segtitle>Installed programs</segtitle>
106 <segtitle>Installed libraries</segtitle>
107 <segtitle>Installed directories</segtitle>
108
109 <seglistitem>
110 <seg>
111 c_rehash and openssl
112 </seg>
113 <seg>
[68a5dcb9]114 libcrypto.so and libssl.so
[e5474751]115 </seg>
116 <seg>
117 /etc/ssl,
118 /usr/include/openssl,
119 /usr/lib/engines and
120 /usr/share/doc/openssl-&openssl-version;
121 </seg>
122 </seglistitem>
123 </segmentedlist>
124
125 <variablelist>
126 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
127 <?dbfo list-presentation="list"?>
128 <?dbhtml list-presentation="table"?>
129
130 <varlistentry id="c_rehash">
131 <term><command>c_rehash</command></term>
132 <listitem>
133 <para>
134 is a <application>Perl</application> script that scans all files in
[8d35535]135 a directory and adds symbolic links to their hash values
[e5474751]136 </para>
137 <indexterm zone="ch-system-openssl c_rehash">
138 <primary sortas="b-c_rehash">c_rehash</primary>
139 </indexterm>
140 </listitem>
141 </varlistentry>
142
143 <varlistentry id="openssl-prog">
144 <term><command>openssl</command></term>
145 <listitem>
146 <para>
147 is a command-line tool for using the various cryptography functions
148 of <application>OpenSSL</application>'s crypto library from the
149 shell. It can be used for various functions which are documented in
[8d35535]150 <command>man 1 openssl</command>
[e5474751]151 </para>
152 <indexterm zone="ch-system-openssl openssl-prog">
153 <primary sortas="b-openssl">openssl</primary>
154 </indexterm>
155 </listitem>
156 </varlistentry>
157
158 <varlistentry id="libcrypto">
159 <term><filename class="libraryfile">libcrypto.so</filename></term>
160 <listitem>
161 <para>
162 implements a wide range of cryptographic algorithms used in various
163 Internet standards. The services provided by this library are used
164 by the <application>OpenSSL</application> implementations of SSL,
165 TLS and S/MIME, and they have also been used to implement
166 <application>OpenSSH</application>,
167 <application>OpenPGP</application>, and other cryptographic
[8d35535]168 standards
[e5474751]169 </para>
170 <indexterm zone="ch-system-openssl libcrypto">
171 <primary sortas="c-libcrypto">libcrypto.so</primary>
172 </indexterm>
173 </listitem>
174 </varlistentry>
175
176 <varlistentry id="libssl">
177 <term><filename class="libraryfile">libssl.so</filename></term>
178 <listitem>
179 <para>
180 implements the Transport Layer Security (TLS v1) protocol.
181 It provides a rich API, documentation
[8d35535]182 on which can be found by running <command>man 3 ssl</command>
[e5474751]183 </para>
184 <indexterm zone="ch-system-openssl libssl">
185 <primary sortas="c-libssl">libssl.so</primary>
186 </indexterm>
187 </listitem>
188 </varlistentry>
189
190 </variablelist>
191
192 </sect2>
193
194</sect1>
Note: See TracBrowser for help on using the repository browser.