Yadda ake Sanya OpenSSL daga Source a CentOS da Ubuntu


OpenSSL cikakken ɗakin karatu ne na software wanda ya ƙunshi buɗe tushen aiwatar da ka'idojin Tsaro Layer Tsaro (TLS) da Secure Sockets Layer (SSL), waɗanda ake amfani da su don adana bayanan da aka watsa ta hanyar sadarwar kwamfuta.

Yana da babban maƙasudin cryptography ɗakin karatu kuma yana goyan bayan adadin algorithms daban-daban da suka haɗa da AES, Blowfish; MD5, MD4, SHA-1, SHA-2 ayyukan hash na sirri; RSA, DSA, Diffie-Hellman key musayar, Elliptic curve da sauran su.

A cikin wannan labarin, za mu yi bayanin yadda ake shigar da sabuwar sigar kwanciyar hankali ta OpenSSL daga tushe akan rarrabawar tushen CentOS da Ubuntu.

Mataki 1: Shigar da Kayan aikin haɓakawa

1. Don haɗa OpenSSL da hannu daga tushe, kuna buƙatar fara shigar da ƴan abubuwan dogaro kamar Kayan Ci gaba ƙarƙashin RHEL/CentOS/Fedora ko build-essential a Debian/Ubuntu kamar yadda aka nuna.

------------------- On CentOS, RHEL & Fedora ------------------- 
# yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel 

------------------- On Ubuntu & Debian -------------------
$ sudo apt update && apt install build-essential checkinstall zlib1g-dev libtemplate-perl

Mataki 2: Haɗa OpenSSL daga Tushen

2. Na gaba, zazzage sabuwar sigar kwanciyar hankali ta OpenSSL (v1.0.2 a lokacin rubutawa, wanda shine sakin Dogon Taimakon Tsawon Lokaci (LTS), wanda aka tallafawa har zuwa 31st Disamba 2019), daga shafin zazzagewa ta amfani da umarnin tar.

$ wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz
$ tar -xzvf openssl-1.0.2p.tar.gz

3. Yanzu, matsa zuwa cikin directory ɗin da aka cire, daidaitawa, ginawa, bayan ginawa mai nasara, gwada ɗakunan karatu kuma shigar da OpenSSL a cikin tsoho wurin, wanda shine /usr/local/ssl, ta hanyar aiwatar da waɗannan umarni.

$ cd openssl-1.0.2p/
$ ./config
$ make
$ make test
$ sudo make install 

4. Da zarar kun sami nasarar shigar da OpenSSL, za ku iya matsawa cikin kundin shigarwa kuma ku duba ƙananan kundin adireshi da fayiloli ta amfani da umarnin ls.

$ cd /usr/local/ssl/
$ ls -l

drwxr-xr-x. 2 root root  4096 Aug 22 06:37 bin
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 certs
drwxr-xr-x. 3 root root  4096 Aug 22 06:37 include
drwxr-xr-x. 4 root root  4096 Aug 22 06:37 lib
drwxr-xr-x. 6 root root  4096 Aug 22 06:36 man
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 misc
-rw-r--r--. 1 root root 10835 Aug 22 06:37 openssl.cnf
drwxr-xr-x. 2 root root  4096 Aug 22 06:37 private

Wadannan su ne mahimman kundayen adireshi da kuke buƙatar lura da su:

  • bin - ya ƙunshi openssl binary da wasu rubutun amfani.
  • haɗa/buɗewa – ya ƙunshi fayilolin rubutun da ake buƙata don gina shirye-shiryenku waɗanda ke amfani da libcrypto ko libssl.
  • lib – ya ƙunshi fayilolin laburare na OpenSSL.
  • lib/injuna - ya ƙunshi injunan buɗewa ta OpenSSL masu iya ɗaukar nauyi.
  • man - ya ƙunshi shafukan mutum na OpenSSL.
  • share/doc/openssl/html - ya ƙunshi fassarar HTML na shafukan mutum.
  • certs – tsohuwar wurin fayilolin takaddun shaida.
  • masu zaman kansu – wurin da aka saba don fayilolin maɓalli masu zaman kansu.

5. Don duba nau'in OpenSSL da kuka shigar yanzu, gudanar da umarni mai zuwa.

$ /usr/local/ssl/bin/openssl version

OpenSSL 1.0.2p  14 Aug 2018

6. Don amfani da sabuwar sigar OpenSSL da aka shigar akan tsarin ku, kuna buƙatar ƙara directory /usr/local/ssl/bin/ zuwa PATH ɗin ku, a cikin fayil ~/.bashrc (ko kuma daidai da harsashin ku).

$ vim ~/.bashrc

Ƙara wannan layi a kasan fayil ɗin.

export PATH="/usr/local/ssl/bin:${PATH}"

Ajiye ku rufe fayil ɗin kuma sake loda tsarin ta amfani da umarnin da ke ƙasa.

$ source .bashrc

7. Yanzu bude sabon tagar tashoshi kuma gudanar da waɗannan umarni don tabbatar da cewa sabon OpenSSL binary yana cikin PATH ɗin ku kuma kuna iya sarrafa shi ba tare da buga cikakken hanyarsa ba.

$ whereis openssl

openssl: /usr/bin/openssl /usr/lib64/openssl /usr/include/openssl /usr/local/ssl/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
$ openssl version 	

OpenSSL 1.0.2p  14 Aug 2018

Shi ke nan! A cikin wannan labarin, mun bayyana yadda ake shigar da sabuwar sigar OpenSSL daga tushe akan tsarin Linux. Idan kuna da wasu tambayoyi, yi amfani da fom ɗin umarni da ke ƙasa don isa gare mu.