centos7 编译wget curl 带 tls_libunistring was not found

目的

编译新版本 tls 用于 wget, curl 工具

下载地址

nettle-3.6
gnutls-3.6.13 需要 nettle 依赖
gnutls-3.1.5.tar.xz
oepnssl-1.1.1g （可选）
wget2-1.99
wget-1.20
curl-7.70

编译

nettle

编译方法

./configure --prefix=/usr/local/nettle  --disable-openssl --enable-shared --enable-mini-gmp
make 
make install
1
2
3

定义库位置

echo  /usr/local/nettle/lib64/  > /etc/ld.so.conf.d/nettle.conf
ldconfig
1
2

检查方法 (默认报错)

# pkg-config --modversion nettle
Package nettle was not found in the pkg-config search path.
Perhaps you should add the directory containing `nettle.pc'
to the PKG_CONFIG_PATH environment variable
No package 'nettle' found
1
2
3
4
5

解决办法

# export PKG_CONFIG_PATH=":/usr/local/nettle/lib64/pkgconfig/"
# pkg-config --modversion nettle
3.6
1
2
3

openssl

# ./config --prefix=/usr/local/openssl -fPIC
# make
# maek install
1
2
3

gnutls

注意：

可能会遇到下面错误 (centos6, centos7 低版本)
centos6 无法编译 gnutls-3.6.13 版本
centos6 建议使用 gnutls-3.1.5

libtasnl 错误

checking for LIBTASN1... no
configure: error:
  ***
  *** Libtasn1 4.9 was not found. To use the included one, use --with-included-libtasn1
1
2
3
4

解决办法

wget https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.12.tar.gz
1

编译

./configure  --prefix=//usr/local/libtasn1
make 
make install
echo "//usr/local/libtasn1"  > /etc/ld.so.conf.d/libtasn1.conf
ldconfig
1
2
3
4
5

unistring 错误

错误

configure: error:
  ***
  *** Libunistring was not found. To use the included one, use --with-included-unistring
1
2
3

解决

yum install -y libunistring-devel.x86_64
1

nettle 错误 (centos6)

错误

checking for libnettle... no
configure: error:
  ***
  *** Libnettle 2.5 was not found. Note that you must compile nettle with gmp support.
1
2
3
4

解决

yum install -y gmp-devel.x86_64
wget https://ftp.gnu.org/gnu/nettle/nettle-2.5.tar.gz
./configure --prefix=/usr/local/nettle
make 
make install 
# export PKG_CONFIG_PATH=":/usr/local/nettle/lib64/pkgconfig/"
# pkg-config --modversion nettle
2.5
1
2
3
4
5
6
7
8

编译 gnutls

 #  ./configure --prefix=/usr/local/gnutls --with-nettle-mini   --without-p11-kit
 或 
      centos6:  
      CPPFLAGS="-I/apps/svr/download/nettle/include/nettle/ -I/apps/svr/download/libtasnl/include/" LDFLAGS="-L/apps/svr/download/nettle/lib64 -L/apps/svr/download/libtasnl/lib/"  ./configure --prefix=/apps/svr/download/gnutls --with-nettle-mini   --without-p11-kit --with-included-libtasn1=/apps/svr/download/libtasnl/include/ --with-libnettle-prefix=/apps/svr/download/nettle/ 

 
  version:              3.6.13 shared 57:0:27
  Host/Target system:   x86_64-pc-linux-gnu
  Build system:         x86_64-pc-linux-gnu
  Install prefix:       /usr/local/gnutls
  Compiler:             gcc -std=gnu99
  Valgrind:             no
  CFlags:               -g -O2
  Library types:        Shared=yes, Static=no
  Local libopts:        yes
  Local libtasn1:       no
  Local unistring:      no
  Use nettle-mini:      yes
  Documentation:        yes (manpages: yes)

configure: External hardware support:

  /dev/crypto:          no
  Hardware accel:       x86-64
  Padlock accel:        yes
  Random gen. variant:  auto-detect
  PKCS#11 support:      yes
  TPM support:          yes

configure:
  TPM library:          /usr/lib64/libtspi.so.1

configure: Optional features:
(note that included applications might not compile properly
if features are disabled)

  SSL3.0 support:       no
  SSL2.0 client hello:  yes
  Allow SHA1 sign:      no
  DTLS-SRTP support:    yes
  ALPN support:         yes
  OCSP support:         yes
  SRP support:          yes
  PSK support:          yes
  DHE support:          yes
  ECDHE support:        yes
  GOST support:         yes
  Anon auth support:    yes
  Heartbeat support:    yes
  IDNA support:         IDNA 2008 (libidn2)
  Non-SuiteB curves:    yes
  FIPS140 mode:         no
  Strict DER time:      yes

configure: Optional libraries:

  Guile wrappers:       yes
  C++ library:          yes
  DANE library:         yes
  OpenSSL compat:       no

configure: System files:

  Trust store pkcs11:
  Trust store dir:
  Trust store file:     /etc/pki/tls/cert.pem
  Blacklist file:
  CRL file:
  Configuration file:   /etc/gnutls/config
  DNSSEC root key file: /var/lib/unbound/root.key
  
# make
# make install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

常见错误1

configure: error:
  ***
  *** Libnettle 3.4.1 was not found.
1
2
3

解决

# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/nettle/lib64/pkgconfig/
# pkg-config --modversion nettle
3.6
1
2
3

常见错误2

configure: error:
  ***
  *** Libtasn1 4.9 was not found. To use the included one, use --with-included-libtasn1
1
2
3

解决方法

 #   yum install -y libtasn1-devel.x86_64
1

常见错误3

configure: error:
  ***
  *** Libunistring was not found. To use the included one, use --with-included-unistring
1
2
3

解决方法

# yum install -y libunistring-devel.x86_64
1

常见错误4

configure: WARNING:
***
*** libunbound was not found. Libdane will not be built.
***
checking for P11_KIT... no
configure: error:
***
*** p11-kit >= 0.23.1 was not found. To disable PKCS #11 support
*** use --without-p11-kit, otherwise you may get p11-kit from
*** https://p11-glue.freedesktop.org/p11-kit.html
1
2
3
4
5
6
7
8
9
10

解决方法

# yum install -y unbound-devel.x86_64
# yum install -y p11-kit-devel.x86_64
1
2

常见问题5

***
*** Detecting GNU Guile...

checking for guile-snarf... no
configure: WARNING: `guile-snarf' from Guile not found.  Guile bindings not built.
checking that generated files are newer than configure... done


checking for tss library... no
configure: WARNING:
***
*** trousers was not found. TPM support will be disabled.
***
1
2
3
4
5
6
7
8
9
10
11
12
13

解决方法

# yum install -y trousers-devel.x86_64
1

常见问题6

checking for autogen... no
configure: WARNING:
***
*** autogen not found. Will not link against system libopts.
***
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
1
2
3
4
5
6
7

解决方法

# yum install -y autogen
1

常见问题7

checking for library containing idn2_lookup_u8... no
configure: WARNING: *** LIBIDN2 was not found. You will not be able to use IDN2008 support
1
2

解决方法

yum install -y libidn2-devel.x86_64
1

常见问题8

checking whether building Guile bindings... yes
***
*** Detecting GNU Guile...

checking for guile-snarf... no
1
2
3
4
5

解决方法

yum install -y guile-devel.x86_64
1

常见问题9

pkcs11_privkey.c: In function '_gnutls_pkcs11_privkey_sign':
pkcs11_privkey.c:335:32: error: storage size of 'rsa_pss_params' isn't known
  struct ck_rsa_pkcs_pss_params rsa_pss_params;
                                ^
pkcs11_privkey.c:335:32: warning: unused variable 'rsa_pss_params' [-Wunused-variable]
make[4]: *** [pkcs11_privkey.lo] Error 1
make[4]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[3]: *** [all-recursive] Error 1
make[3]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[2]: *** [all] Error 2
make[2]: Leaving directory `/usr/src/gnutls-3.6.11.1/lib'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/gnutls-3.6.11.1'
make: *** [all] Error 2
1
2
3
4
5
6
7
8
9
10
11
12
13
14

解决方法

  --without-p11-kit 编译时候忽略该功能
1

wget

#  ./configure --with-ssl=gnutls  --prefix=/usr/local/wget
# make 
# make install
1
2
3

常见问题

checking for libgnutls... no
configure: error: GnuTLS has not been found. Use --with-ssl=openssl if you explicitly want OpenSSL.
1
2

解决方法:

# export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/nettle/lib64/pkgconfig/
# pkg-config --modversion nettle
3.6
1
2
3

重新编译即通过

# ./configure --with-ssl=gnutls  --prefix=/usr/local/wget

checking for GNUTLS... yes
configure: compiling in support for SSL via GnuTLS


  Version:           1.20
  Host OS:           linux-gnu
  Install prefix:    /usr/local
  Compiler:          gcc -std=gnu11
  CFlags:              -I/usr/local/gnutls/include -I/usr/local/nettle/include   -DHAVE_LIBGNUTLS   -DNDEBUG
  LDFlags:
  Libs:              -lpcre   -lidn2 -L/usr/local/gnutls/lib -lgnutls   -lz
  SSL:               gnutls
  Zlib:              yes
  PSL:               no
  PCRE:              yes, via libpcre
  Digest:            yes
  NTLM:              auto
  OPIE:              yes
  POSIX xattr:       yes
  Debugging:         yes
  Assertions:        no
  Valgrind:          Valgrind testing not enabled
  Metalink:          no
  Resolver:          libc, --bind-dns-address and --dns-servers not available
  GPGME:             no
  IRI:               yes
  Fuzzing build:     no,
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

curl

这个编译比较特殊

#  CPPFLAGS="-I/usr/local/nettle/include" LDFLAGS="-L/usr/local/nettle/lib64"  ./configure --with-gnutls=/usr/local/gnutls --prefix=/usr/local/curl  --with-ssl=/usr/local/openssl
#  make
#  make install 
1
2
3

编译时需手动定义 nettle 库文件及头文件位置， 否则报错

configure: error: GnuTLS found, but neither gcrypt nor nettle found
1

git 编译

tar xf git-v2.27.0.tar.gz
1

默认没有 configure 文件， 需要编译出来

]# make configure
GIT_VERSION = 2.27.0
    GEN configure
1
2
3

由于 centos6 无法编译新版本 gnutls , 必须升级 gcc, 比较麻烦， 因此直接使用 openssl

编译方法

CPPFLAGS="-I/apps/svr/download/nettle/include/" LDFLAGS="-L/apps/svr/download/nettle/lib64"  ./configure  --prefix=/apps/svr/git  --with-openssl=/apps/svr/download/openssl --with-expat --with-zlib

make
make install
1
2
3
4