Mercurial > trustbridge
view INSTALL @ 1004:7dff5c0c569c
Be less verbose in the ssl connection.
author | Andre Heinecke <andre.heinecke@intevation.de> |
---|---|
date | Tue, 02 Sep 2014 10:54:51 +0200 |
parents | 0570b1e562c2 |
children | 4f999c7821ce |
line wrap: on
line source
Installation Instructions ************************* For Debian based GNU / Linux ============================ Tested development platform: Ubuntu 14.4 amd64. The following commands build qt5 and polarssl which are dependencies of the Software. To only build for the amd64 platform omit the i386 instructions. For build dependencies please refer to the Qt documentation ( qtbase/src/plugins/platforms/xcb/README ). Polarssl needs cmake and build-essentials. export YOURPREFIX=<Prefix of your choice (default /usr)> export PATH=$YOURPREFIX/bin:$PATH curl https://download.qt-project.org/official_releases/qt/5.3/5.3.1/single/qt-everywhere-opensource-src-5.3.1.tar.xz.mirrorlist | grep SHA-256 29d2ab3b1aef87e2dd806b278802e357274016475a513341348040468bf233ac http://qt-mirror.dannhauer.de/official_releases/qt/5.3/5.3.1/single/qt-everywhere-opensource-src-5.3.1.tar.xz sha256sum qt-everywhere-opensource-src-5.3.1.tar.xz tar -xf qt-everywhere-opensource-src-5.3.1.tar.xz cd qt-everywhere-opensource-src-5.3.1/qtbase build dependencies have to to be installed at this point, see ../qtbase/src/plugins/platforms/xcb/README ./configure --prefix=$YOURPREFIX \ -opensource \ -release -nomake tests -nomake examples -confirm-license \ -static -no-cups -no-nis -no-icu -no-fontconfig -qt-freetype \ -no-directfb -no-opengl -no-kms -no-eglfs -no-egl -no-openssl -no-glib \ -qpa xcb -qt-xkbcommon -qt-xcb -no-nis -no-libjpeg -qt-libpng \ -qt-zlib -no-gif && \ nice make -j`nproc` && \ make install cd .. && \ cd qttools/src/designer/src/uitools && \ qmake && \ nice make -j`nproc` && \ make install cd ../../../linguist && \ qmake && \ nice make -j`nproc` &&\ make install curl -O https://polarssl.org/download/polarssl-1.3.8-gpl.tgz 318171db41335cacbb5b0047c94f1faf91442ab70a223b5223436703c9406ff1 polarssl-1.3.8-gpl.tgz tar -xf polarssl-1.3.8-gpl.tgz cd polarssl-1.3.8 mkdir build cd build cmake .. -DCMAKE_C_FLAGS=-fpic -DCMAKE_INSTALL_PREFIX=$YOURPREFIX make && make test && make install Trustbridge checkout: At this point you need a trustbridge checkout as curl needs to be patched to enable the certificate pinning and the force of SSL Ciphersuites when using polarssl. hg clone https://wald.intevation.org/hg/trustbridge/ Libcurl: wget http://curl.haxx.se/download/curl-7.37.1.tar.gz a32492a38c10a097344892f5fd2041e54698cb909696852311b1161e4aa979f3 curl-7.37.1.tar.gz tar -xf curl-7.37.1.tar.gz cd curl-7.37.1/ patch -p1 < ../trustbridge/patches/*.patch mkdir build cd build ../configure --prefix=$YOURPREFIX \ --without-nghttp2 --without-libidn --without-winidn --without-libssh2 \ --without-librtmp --without-libmetalink --without-axtls --without-nss \ --without-cyassl --without-ssl --without-gnutls --disable-gopher --disable-smtp \ --disable-imap --disable-pop3 --disable-tftp --disable-telnet --disable-dict \ --disable-rtsp --disable-ldaps --disable-ldap --disable-file \ --disable-ftp --enable-http --enable-shared=no -enable-static=yes \ --with-polarssl=$YOURPREFIX --without-ca-bundle --without-ca-path \ --without-zlib make && make install To compile the software you can use plain cmake. An out of source build is highly suggested. For build options see CMakeList.txt cd trustbridge hg clone https://wald.intevation.org/hg/trustbridge/nss-cmake-static mkdir build-linux cd build-linux cmake .. -DCMAKE_PREFIX_PATH=$YOURPREFIX I386 ==== Install dependencies (list might be incomplete) apt-get install libx32stdc++-4.8-dev libc6:i386 g++-4.8-multilib \ libxcb1:i386 libxcb1-dev:i386 libx11-xcb1:i386 libx11-xcb-dev:i386 libxcb-keysyms1:i386 \ libxcb-keysyms1-dev:i386 libxcb-image0:i386 libxcb-image0-dev:i386 \ libxcb-shm0:i386 libxcb-shm0-dev:i386 libxcb-icccm4:i386 \ libxcb-icccm4-dev:i386 libxcb-sync-dev:i386 \ libxcb-render-util0:i386 libxcb-render-util0-dev:i386 \ libxcb-xfixes0-dev:i386 libxrender-dev:i386 libxcb-shape0-dev:i386 \ libxcb-randr0-dev:i386 libxcb-glx0-dev:i386 libdbus-1-dev:i386 \ libsm-dev:i386 libnss3-dev:i386 Create a new directory for qt. As qt has to build in source you need a different directory. mkdir i386 cd i386 tar -xf ../qt-everywhere-opensource-src-5.3.1.tar.xz cd qt-everywhere-opensource-src-5.3.1/qtbase/ ./configure --prefix=$YOURPREFIX/i386 \ -opensource -platform linux-g++-32 \ -release -nomake tests -nomake examples -confirm-license \ -static -no-cups -no-nis -no-icu \ -no-directfb -no-opengl -no-kms -no-eglfs -no-egl -no-openssl -no-glib \ -system-libpng -qpa xcb -qt-xcb -no-nis -no-libjpeg -no-gif -qt-zlib \ -no-fontconfig -qt-freetype -qt-libpng -qt-xkbcommon \ && \ nice make -j`nproc` && \ make install Switch back to the polarssl directory cd ../../../polarssl-1.3.8/ mkdir build-i386 cd build-i386 cmake .. -DCMAKE_C_FLAGS="-fpic -m32" -DCMAKE_INSTALL_PREFIX=$YOURPREFIX/i386 \ -DCMAKE_VERBOSE_MAKEFILE=True \ -DENABLE_TESTING=FALSE -DENABLE_PROGRAMS=FALSE && \ nice make -j`nproc` && \ make install Change to the curl directory cd ../../curl-7.37.1/ mkdir build-i386 cd build-i386 CFLAGS="-fpic -m32" CPPFLAGS="-fpic -m32" ../configure --prefix=$YOURPREFIX/i386 \ --without-nghttp2 --without-libidn --without-winidn --without-libssh2 \ --without-librtmp --without-libmetalink --without-axtls --without-nss \ --without-cyassl --without-ssl --without-gnutls --disable-gopher --disable-smtp \ --disable-imap --disable-pop3 --disable-tftp --disable-telnet --disable-dict \ --disable-rtsp --disable-ldaps --disable-ldap --disable-file \ --disable-ftp --enable-http --enable-shared=no -enable-static=yes \ --with-polarssl=$YOURPREFIX/i386 --without-ca-bundle --without-ca-path \ --without-zlib make && make install Now for Trustbridge itself cd ../../trustbridge mkdir build-i386 cd build-i386 cmake .. -DCMAKE_PREFIX_PATH="$YOURPREFIX/i386" \ -DCMAKE_VERBOSE_MAKEFILE=True \ -DCMAKE_C_FLAGS=-m32 \ -DCMAKE_CXX_FLAGS="-m32" Hiawatha (for Downloader unit test) =================================== Hiawatha is used in the downloader unit tests to provide a testbench for the ssl connection. To build it you may need libxslt-dev as additional dependency. wget https://www.hiawatha-webserver.org/files/hiawatha-9.5.tar.gz sha256sum hiawatha-9.5.tar.gz c181011db1af187006190fc186689a0707a6f1e7b524c2a4347840e8fdf68b4f hiawatha-9.5.tar.gz tar -xf hiawatha-9.5.tar.gz cp polarssl-1.3.7-gpl.tgz hiawatha-9.5/polarssl/polarssl.tgz cd hiawatha-9.5/polarssl sed -i 's/wget.*//' upgrade ./upgrade 1.3.8 cd .. mkdir build cd build cmake .. -DCMAKE_INSTALL_PREFIX=$YOURPREFIX make && make install Osslsigncode (for binverify unit test) ====================================== Osslsigncode is used to create PKCS#7 embedded signatures for Windows Authenticode it is needed for the Windows part of the binverify unit test on the build system. wget http://downloads.sourceforge.net/project/osslsigncode/osslsigncode/osslsigncode-1.7.1.tar.gz sha256sum osslsigncode-1.7.1.tar.gz # f9a8cdb38b9c309326764ebc937cba1523a3a751a7ab05df3ecc99d18ae466c9 tar -xf osslsigncode-1.7.1.tar.gz cd osslsigncode-1.7.1 ./configure --without-curl --prefix=$YOURPREFIX make && make install # for a windows binary (optional) OPENSSL_CFLAGS=-I$MXETARGET/include OPENSSL_LIBS="-L$MXETARGET/lib -lcrypto -lz -lgdi32" ./configure --without-curl --host=i686-w64-mingw32 --prefix=$MXETARGET For Microsoft Windows ===================== The Windows variant can be cross compiled on Debian based GNU / Linux systems. The minimum requirement is Debian stable. Tested development platform: Ubuntu 13.10. Dependencies on the Host system: git autoconf automake bash bison bzip2 \ cmake flex gettext git g++ intltool \ libffi-dev libtool libltdl-dev libssl-dev \ libxml-parser-perl make openssl patch perl \ pkg-config scons sed unzip wget xz-utils autopoint \ gperf Build the windows binaries: MXEPATH=$YOURPREFIX/win git clone https://github.com/Intevation/mxe.git $MXEPATH cd $MXEPATH git checkout trustbridge echo "MXE_TARGETS := i686-w64-mingw32.static" > settings.mk make polarssl make qtbase (optional) make curl Workaround Qt CMake Bugs: find $MXEPATH/usr/i686-w64-mingw32.static/qt5/lib/cmake -name \*.cmake | \ xargs sed -i 's/\/\([a-z]*\)\.lib/\/lib\1\.a/g' sed -i 's/^_qt5gui_find_extra_libs.*//' \ $MXEPATH/usr/i686-w64-mingw32.static/qt5/lib/cmake/Qt5Gui/Qt5GuiConfigExtras.cmake Compile the software: cd trustbridge mkdir build-windows cd build-windows MXETARGET=$MXEPATH/usr/i686-w64-mingw32.static/ cmake .. \ -DCMAKE_PREFIX_PATH="$MXETARGET/qt5;$MXETARGET;" \ -DCMAKE_TOOLCHAIN_FILE="$MXETARGET/share/cmake/mxe-conf.cmake" \ -DCMAKE_VERBOSE_MAKEFILE=True -DUSE_CURL=OFF Runtime Depdendencies ===================== The Admin tool needs some additional software to be able to create installtion packages: apt-get install nsis wine sharutils