source: chapter08/openssl.xml@ 5a0eccd

multilib
Last change on this file since 5a0eccd was 866916e, checked in by Thomas Trepl <thomas@…>, 16 months ago

Automatic merge of trunk into multilib
  • Property mode set to 100644
File size: 9.7 KB
Line 
1<?xml version="1.0" encoding="ISO-8859-1"?>
2<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3 "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4 <!ENTITY % general-entities SYSTEM "../general.ent">
5 %general-entities;
6]>
7
8<sect1 id="ch-system-openssl" role="wrap">
9 <?dbhtml filename="openssl.html"?>
10
11 <sect1info condition="script">
12 <productname>openssl</productname>
13 <productnumber>&openssl-version;</productnumber>
14 <address>&openssl-url;</address>
15 </sect1info>
16
17 <title>OpenSSL-&openssl-version;</title>
18
19 <indexterm zone="ch-system-openssl">
20 <primary sortas="a-OpenSSL">OpenSSL</primary>
21 </indexterm>
22
23 <sect2 role="package">
24 <title/>
25
26 <para>The OpenSSL package contains management tools and libraries relating
27 to cryptography. These are useful for providing cryptographic functions
28 to other packages, such as OpenSSH, email applications, and web browsers
29 (for accessing HTTPS sites). </para>
30
31 <segmentedlist>
32 <segtitle>&buildtime;</segtitle>
33 <segtitle>&diskspace;</segtitle>
34
35 <seglistitem>
36 <seg>&openssl-fin-sbu;</seg>
37 <seg>&openssl-fin-du;</seg>
38 </seglistitem>
39 </segmentedlist>
40
41 </sect2>
42
43 <sect2 role="installation">
44 <title>Installation of OpenSSL</title>
45<!--
46 <para>First fix a problem with some advanced architectures with avx512
47 capability:</para>
48
49 <screen><userinput remap="pre">sed -e '/bn_reduce.*m1/i\ factor_size /= sizeof(BN_ULONG) * 8;' \
50 -i crypto/bn/rsaz_exp_x2.c</userinput></screen>
51-->
52 <para>Prepare OpenSSL for compilation:</para>
53
54<screen><userinput remap="configure">./config --prefix=/usr \
55 --openssldir=/etc/ssl \
56 --libdir=lib \
57 shared \
58 zlib-dynamic</userinput></screen>
59
60 <para>Compile the package:</para>
61
62<screen><userinput remap="make">make</userinput></screen>
63
64 <para>To test the results, issue:</para>
65
66<screen><userinput remap="test">make test</userinput></screen>
67
68 <para>One test, 30-test_afalg.t, is known to fail on some kernel
69 configurations (depending on inconsistent values of
70 CONFIG_CRYPTO_USER_API* settings.) If it fails, it can safely be
71 ignored.</para>
72
73 <para>Install the package:</para>
74
75<screen><userinput remap="install">sed -i '/INSTALL_LIBS/s/libcrypto.a libssl.a//' Makefile
76make MANSUFFIX=ssl install</userinput></screen>
77
78 <para>Add the version to the documentation directory name, to be
79 consistent with other packages:</para>
80
81<screen><userinput remap="install">mv -v /usr/share/doc/openssl /usr/share/doc/openssl-&openssl-version;</userinput></screen>
82
83 <para>If desired, install some additional documentation:</para>
84
85<screen><userinput remap="install">cp -vfr doc/* /usr/share/doc/openssl-&openssl-version;</userinput></screen>
86
87 <note>
88 <para>
89 You should update OpenSSL when a new version which fixes vulnerabilities
90 is announced. Since OpenSSL 3.0.0, the OpenSSL versioning scheme
91 follows the MAJOR.MINOR.PATCH format. API/ABI compatibility
92 is guaranteed for the same MAJOR version number. Because LFS
93 installs only the shared libraries, there is no need to recompile
94 packages which link to
95 <filename class="libraryfile">libcrypto.so</filename> or
96 <filename class="libraryfile">libssl.so</filename>
97 <emphasis>when upgrading to a version with the same MAJOR version
98 number</emphasis>.
99 </para>
100
101 <!-- https://bugzilla.mindrot.org/show_bug.cgi?id=3548 -->
102 <para>
103 If <application>OpenSSH</application> is installed, it will be an
104 exception of the general rule above. It contains an
105 over-restrictive OpenSSL version check, so both SSH client and SSH
106 server will refuse to start if OpenSSL
107 is updated with MAJOR version number unchanged but MINOR version
108 number changed. You need to rebuild
109 <application>OpenSSH</application> after such an upgrade.
110 <emphasis role='bold'>If <application>OpenSSH</application> is being
111 used to access the system, you must rebuild and reinstall it
112 after upgrading OpenSSL to a new MINOR version number before logout
113 or you won't be able to login via SSH anymore.</emphasis>
114 </para>
115
116 <para>
117 However, any running programs linked to those libraries need to be stopped
118 and restarted. Read the related entries in
119 <xref linkend='pkgmgmt-upgrade-issues'/> for details.
120 </para>
121
122 </note>
123
124 </sect2>
125
126 <!-- - - - - - - - - - -->
127 <!-- Multilib - 32bit -->
128 <!-- - - - - - - - - - -->
129
130 <sect2 arch="ml_32,ml_all" role="installation">
131 <title>Installation of OpenSSL - 32bit</title>
132
133 <para>Clean previous build:</para>
134
135<screen><userinput remap="pre">make distclean</userinput></screen>
136
137 <para>Prepare OpenSSL for compilation:</para>
138
139<screen><userinput remap="configure">CFLAGS="-m32 -march=i686 -Wall -O3" CXXFLAGS="$CFLAGS" \
140./config --prefix=/usr \
141 --openssldir=/etc/ssl \
142 --libdir=lib32 \
143 shared \
144 zlib-dynamic \
145 linux-generic32</userinput></screen>
146
147 <para>Compile the package:</para>
148
149<screen><userinput remap="make">make</userinput></screen>
150
151 <para>Install the package:</para>
152
153<screen><userinput remap="install">make DESTDIR=$PWD/DESTDIR install
154cp -Rv DESTDIR/usr/lib32/* /usr/lib32
155rm -rf DESTDIR</userinput></screen>
156
157 </sect2><!-- m32 -->
158
159 <!-- - - - - - - - - - -->
160 <!-- Multilib - x32bit -->
161 <!-- - - - - - - - - - -->
162
163 <sect2 arch="ml_x32,ml_all" role="installation">
164 <title>Installation of OpenSSL - x32bit</title>
165
166 <para>Clean previous build:</para>
167
168<screen><userinput remap="pre">make distclean</userinput></screen>
169
170 <para>Prepare OpenSSL for compilation:</para>
171
172<screen><userinput remap="configure">CFLAGS="-mx32 -march=x86-64 -Wall -O3" CXXFLAGS="$CFLAGS" \
173./config --prefix=/usr \
174 --openssldir=/etc/ssl \
175 --libdir=libx32 \
176 shared \
177 zlib-dynamic \
178 linux-x32</userinput></screen>
179
180 <para>Compile the package:</para>
181
182<screen><userinput remap="make">make</userinput></screen>
183
184 <para>Install the package:</para>
185
186<screen><userinput remap="install">make DESTDIR=$PWD/DESTDIR install
187cp -Rv DESTDIR/usr/libx32/* /usr/libx32
188rm -rf DESTDIR</userinput></screen>
189
190 </sect2><!-- mx32 -->
191
192 <sect2 id="contents-openssl" role="content">
193 <title>Contents of OpenSSL</title>
194
195 <segmentedlist>
196 <segtitle>Installed programs</segtitle>
197 <segtitle>Installed libraries</segtitle>
198 <segtitle>Installed directories</segtitle>
199
200 <seglistitem>
201 <seg>
202 c_rehash and openssl
203 </seg>
204 <seg>
205 libcrypto.so and libssl.so
206 </seg>
207 <seg>
208 /etc/ssl,
209 /usr/include/openssl,
210 /usr/lib/engines and
211 /usr/share/doc/openssl-&openssl-version;
212 </seg>
213 </seglistitem>
214 </segmentedlist>
215
216 <variablelist>
217 <bridgehead renderas="sect3">Short Descriptions</bridgehead>
218 <?dbfo list-presentation="list"?>
219 <?dbhtml list-presentation="table"?>
220
221 <varlistentry id="c_rehash">
222 <term><command>c_rehash</command></term>
223 <listitem>
224 <para>
225 is a <application>Perl</application> script that
226 scans all files in a directory and adds symbolic links to their
227 hash values. Use of <command>c_rehash</command> is considered
228 obsolete and should be replaced by
229 <command>openssl rehash</command> command
230 </para>
231 <indexterm zone="ch-system-openssl c_rehash">
232 <primary sortas="b-c_rehash">c_rehash</primary>
233 </indexterm>
234 </listitem>
235 </varlistentry>
236
237 <varlistentry id="openssl-prog">
238 <term><command>openssl</command></term>
239 <listitem>
240 <para>
241 is a command-line tool for using the various cryptography functions
242 of <application>OpenSSL</application>'s crypto library from the
243 shell. It can be used for various functions which are documented in
244 <command>man 1 openssl</command>
245 </para>
246 <indexterm zone="ch-system-openssl openssl-prog">
247 <primary sortas="b-openssl">openssl</primary>
248 </indexterm>
249 </listitem>
250 </varlistentry>
251
252 <varlistentry id="libcrypto">
253 <term><filename class="libraryfile">libcrypto.so</filename></term>
254 <listitem>
255 <para>
256 implements a wide range of cryptographic algorithms used in various
257 Internet standards. The services provided by this library are used
258 by the <application>OpenSSL</application> implementations of SSL,
259 TLS and S/MIME, and they have also been used to implement
260 <application>OpenSSH</application>,
261 <application>OpenPGP</application>, and other cryptographic
262 standards
263 </para>
264 <indexterm zone="ch-system-openssl libcrypto">
265 <primary sortas="c-libcrypto">libcrypto.so</primary>
266 </indexterm>
267 </listitem>
268 </varlistentry>
269
270 <varlistentry id="libssl">
271 <term><filename class="libraryfile">libssl.so</filename></term>
272 <listitem>
273 <para>
274 implements the Transport Layer Security (TLS v1) protocol.
275 It provides a rich API, documentation
276 on which can be found by running <command>man 7 ssl</command>
277 </para>
278 <indexterm zone="ch-system-openssl libssl">
279 <primary sortas="c-libssl">libssl.so</primary>
280 </indexterm>
281 </listitem>
282 </varlistentry>
283
284 </variablelist>
285
286 </sect2>
287
288</sect1>
Note: See TracBrowser for help on using the repository browser.