-
Notifications
You must be signed in to change notification settings - Fork 17
/
INSTALL
113 lines (81 loc) · 3.57 KB
/
INSTALL
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
1. Prerequisites
----------------
You will need the following libraries:
- libcrypto: LibreSSL (3.6.0 or newer) or OpenSSL (1.1.0a or newer).
- libtls: LibreSSL or libretls
- libexpat
- zlib
2. Building / Installation
--------------------------
If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:
1. ensure you have the following packages installed:
automake, autoconf, git, libtool
2. The following dependencies are required to build rpki-client:
OpenSSL or LibreSSL, LibreSSL libtls or libretls, Expat, zlib
3. run './autogen.sh' to prepare the source tree for building.
'./autogen.sh', will checkout a version of rpki-client-openbsd into the
directory "openbsd". This is a stripped down version of the OpenBSD
source tree with files needed to build rpki-client.
To install rpki-cient with default options:
./configure
make
make install
This will install the rpki-client binary in /usr/local/sbin, configuration
files in /usr/local/etc. To specify a different installation prefix,
use the --prefix option to configure:
./configure --prefix=/opt
make
make install
Will install rpki-cient in /opt/{etc,sbin}. You can also override
specific paths, for example:
./configure --prefix=/opt --with-tal-dir=/etc/rpki
make
make install
This will install the binaries in /opt/sbin, but will place the
trust anchor files in /etc/rpki
When run as root rpki-client will drop privileges to a special rpki user
and do all processing with this user.
This requires that a user and group be created for it.
The user should not be permitted to log in, and its home directory
does not need to exist or be writeable.
You need to perform all of these tasks yourself like the following
(although the exact commands required for creating the user and group are
system dependant):
On most Linux and BSD systems, something like should work:
groupadd _rpki-client
useradd -g _rpki-client -s /sbin/nologin -d /nonexistent -c 'rpki-client user' _rpki-client
There are a few options to the configure script in addition to the ones
provided by autoconf itself:
--with-user=user
Specify user used when run as root. The default is "_rpki-client".
--with-rsync=command
Specify which rsync command to use. The default is either openrsync or rsync.
--with-tal-dir=path
Specify the path to the default TAL directory. The default is "${sysconfdir}/rpki".
--with-base-dir=path
Location to store the RPKI cache repository. The default is "${localstatedir}/cache/rpki-client}".
--with-output-dir=path
Specify the path to the default output directory. The default is "${localstatedir}/db/rpki-client}".
If you need to pass special options to the compiler or linker, you
can specify these as environment variables before running ./configure.
For example:
CFLAGS="-O2 " LDFLAGS="-s" ./configure
3. Pre-built packages
---------------------
Rpki-client is available as pre-built package for many distributions: https://repology.org/project/rpki-client
Alpine: apk add rpki-client
CentOS/RHEL/Rocky: yum install epel-release; yum install rpki-client
Debian/Ubuntu: apt install rpki-client
Fedora: dnf install rpki-client
FreeBSD: pkg install rpki-client
macOSX: port install rpki-client || brew install rpki-client
4. Trust anchors
----------------
The trust anchor files are installed in ${prefix}/etc/rpki or
whatever you specified as your --with-tal-dir or --sysconfdir
(/usr/local/etc/rpki by default).
5. Problems?
------------
If you experience problems compiling, installing or running rpki-client,
please report the problem to the address in the README file.