安装gnutls库
gnutls全称 GNU Transport Layer Security Library,即基于GNU版权协议的传输层安全协议,是wget支持https中的ssl协议的基础库。
我们可以在官方提供的镜像库里快速下载并安装:
// 下载gnutls二进制文件
wget http://www.ring.gr.jp/pub/net/gnupg/gnutls/v3.6/gnutls-3.6.4.tar.xz
// 解压xz文件
xz -d gnutls-3.6.4.tar.xz
tar -xvf gnutls-3.6.4.tar
cd gnutls-3.6.4
./configure
// 报错:
…
checking for NETTLE… no
configure: error:
*** Libnettle 3.4 was not found.
// 如果觉得可能不安全,可以下载md5签名文件验证文件,但是这个文件验证后发现签名过期了,所以没办法验证了
wget http://www.ring.gr.jp/pub/net…
gpg --verify gnutls-3.6.4.tar.xz.sig gnutls-3.6.4.tar
gpg --recv-key F1679A65
gpg --verify --verbose gnutls-3.6.4.tar.xz.sig gnutls-3.6.4.tar
查看详细报错信息:
$ vim config.log
…
configure:10032: checking for NETTLE
configure:10039: $PKG_CONFIG --exists --print-errors “nettle >= 3.4”
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing nettle.pc' to the PKG_CONFIG_PATH environment variable No package 'nettle' found configure:10042: $? = 1 configure:10056: $PKG_CONFIG --exists --print-errors "nettle >= 3.4" Package nettle was not found in the pkg-config search path. Perhaps you should add the directory containing
nettle.pc’
to the PKG_CONFIG_PATH environment variable
No package ‘nettle’ found
configure:10059: $? = 1
configure:10073: result: no
No package ‘nettle’ found
configure:10090: error:
*** Libnettle 3.4 was not found.
结果显示我们需要3.4版本以上的Libnettle库,继续安装。
安装Libnettle库
Nettle库是用于跨平台的底层密码库,包含加密和解密的不同算法。我们下载并安装nettle库:
wget ftp://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz
tar -xzvf nettle-3.4.1.tar.gz
cd nettle-3.4.1
./configure
// 安装成功
…
configure: summary of build options:
Version: nettle 3.4.1
Host type: x86_64-unknown-linux-gnu
ABI: 64
Assembly files: x86_64
Install prefix: /usr/local
Library directory: ${exec_prefix}/lib64
Compiler: gcc
Static libraries: yes
Shared libraries: yes
Public key crypto: no
Using mini-gmp: no
Documentation: yes
make
make install
根据官方文档,我们安装完成后应该会有两个文件lib{hogweed,nettle}.so,然而我们只能发现其中一个:
make install &&
chmod -v 755 /usr/lib/lib{hogweed,nettle}.so &&
install -v -m755 -d /usr/share/doc/nettle-3.4.1 &&
install -v -m644 nettle.html /usr/share/doc/nettle-3.4.1
$ ll | grep ‘.so’
-rwxr-xr-x 1 root root 3675341 Dec 12 19:15 libnettle.so
$ ll | grep weed
-rw-rw-r-- 1 work work 529 Dec 10 15:30 hogweed.pc
-rw-r–r-- 1 work work 590 Nov 19 2017 hogweed.pc.in
-rw-rw-r-- 1 work work 298 Dec 10 15:30 libhogweed.map
-rw-r–r-- 1 work work 338 Nov 19 2017 libhogweed.map.in
少了一个libhogweed.so文件,稍后我们编译gnutls时会发现这个导致的问题。
继续编译gnutls
既然nettle安装完成了,我们可以继续安装gnutls:
./configure
…
configure: error:
*** Libnettle 3.4 was not found.
依然报错缺失库,但我们明明已经安装了,为什么找不到呢?我们用包管理工具查找一下:
$ pkg-config --modversion nettle
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc’
to the PKG_CONFIG_PATH environment variable
No package ‘nettle’ found
我们找下这个nettle.pc刚才安装到哪里去了:
$ locate nettle.pc
/home/work/lib/nettle-3.4.1/nettle.pc
/home/work/lib/nettle-3.4.1/nettle.pc.in
/usr/lib64/pkgconfig/nettle.pc
/usr/local/lib64/pkgconfig/nettle.pc
而我们pkg-config默认的管理包检索路径为/usr/lib/pkgconfig,所以无法正常找到,参考pkgconfig文档,有两种方案:
// 方案一:链接该文件到默认目录中
ln -s /usr/local/lib64/pkgconfig/nettle.pc /usr/lib/pkgconfig/nettle.pc
// 方案二:全局变量中更改包的检索路径(只在本次终端窗口生效,退出后恢复,所以只能临时使用一下)
$ echo $PKG_CONFIG_PATH
$ export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib64/pkgconfig/
$ echo $PKG_CONFIG_PATH
:/usr/local/lib64/pkgconfig/
// 任一方案执行后结果
$ pkg-config --modversion nettle
3.4.1
此时,我们继续安装:
$ ./configure
…
checking for NETTLE… yes
checking for HOGWEED… no
configure: error:
*** Libhogweed (nettle’s companion library) was not found. Note that you must compile nettle with gmp support.
可以看到,我们的nettle库已经安装成功,但是hogweed却检查没有找到,提示中也写明了libhogweed需要字gmp库已经安装完成的情况下重新编译nettle才可以被安装。
有人提出过相关的问题,我们也可以从官网文档上更详细的知道这个Nettle对于libhogweed的依赖:
5 Linking
Nettle actually consists of two libraries, libnettle and libhogweed. The libhogweed library contains those functions of Nettle that uses bignum operations, and depends on the GMP library. With this division, linking works the same for both static and dynamic libraries.
If an application uses only the symmetric crypto algorithms of Nettle (i.e., block ciphers, hash functions, and the like), it’s sufficient to link with -lnettle. If an application also uses public-key algorithms, the recommended linker flags are -lhogweed -lnettle -lgmp. If the involved libraries are installed as dynamic libraries, it may be sufficient to link with just -lhogweed, and the loader will resolve the dependencies automatically.
总而言之,就是没有libhogweed.so这个文件不行,而它只能由nettle进行安装。根据nettle库官方资料显示,libhogweed.so应该在nettle安装时被自动生成,然而我们在上面的安装过程中并没有生成。那是不是因为我没有安装gmp导致的呢?
安装gmp库
我们下载gmp库并安装,可以在编译Nettle的config.log中查看有一条warning,指明了版本需求:
$ vim config.log
…
configure:6583: result: no
configure:6594: WARNING: GNU MP not found, or too old. GMP-6.0 or later is needed, see https://gmplib.org/.
Support for public key algorithms will be unavailable.
所以我们需要下载6.0版本后的:
// 这里我只找到了官网的https版本,没办法,只好本地下载,然后rz到服务器,因为是二进制文件,要带上-be参数
rz -be
// 然后正常编译
$ ./configure & make & make install
…
Libraries have been installed in:
/usr/local/lib
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the ‘-LLIBDIR’
flag during linking and do at least one of the following:
$ vim /etc/ld.so.conf
// 添上安装的.so文件路径
/usr/local/lib
:wq
$ ldconfig
$ ldconfig -v | grep gmp
libgmp.so.10 -> libgmp.so.10.3.2
libgmpxx.so.4 -> libgmpxx.so.4.1.0
libgmp.so.3 -> libgmp.so.3.5.0
看到libgmp.so.10就是我们安装的最新版本,现在OK了。
然后重新编译安装nettle,会生成libhogweed.so文件:
$ ll | grep weed
-rw-r–r-- 1 root root 541 Dec 12 22:12 hogweed.pc
-rw-r–r-- 1 work work 590 Nov 19 2017 hogweed.pc.in
-rw-r–r-- 1 root root 6154192 Dec 12 22:13 libhogweed.a
-rw-r–r-- 1 root root 298 Dec 12 22:12 libhogweed.map
-rw-r–r-- 1 work work 338 Nov 19 2017 libhogweed.map.in
-rwxr-xr-x 1 root root 5519996 Dec 12 22:13 libhogweed.so
-rw-r–r-- 1 root root 8 Dec 12 22:13 libhogweed.stamp
请注意如果安装完成后,如果出现多个版本的gmp库,请删除老版本的。具体删除哪一项请自行斟酌,我删除了所有的,然后在编译的过程中,会报错:can’t find libgmp.so.3,说明libgmp.so.3这个是基础库,请不要动!
等我删除了老版本的,重新编译nettle就OK。如果你安装成功了新版本,依然编译不成功,请参考这个。
依赖地狱
用二进制来安装的时候,总是会出现各种各样的问题,缺少各种依赖的包,解决方法就是缺什么就去安什么,但是会非常恐怖。为了解决nettle安装的问题,除了上面的gmp,我还安装了最新版本的各种库:
libunistring: https://www.gnu.org/software/…
p11-kit:https://github.com/p11-glue/p…
libffi:https://sourceware.org/libffi/
pkg-config: https://pkg-config.freedeskto…
libtasn1: https://ftp.gnu.org/gnu/libta…
同时,由于gnutls编译不通过的问题,又升级了pkg-config,它依赖于Libtasn1。