-
-
Save thenoseman/dfbea01a3763cc85e7a3c85b46582deb to your computer and use it in GitHub Desktop.
Revisions
-
reagent revised this gist
Jan 13, 2017 . 1 changed file with 14 additions and 16 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,40 +7,40 @@ If your Linux distribution is so out of date that you can no longer install upda You're going to be installing stuff that requires root access, so it's easier to just be able to do it when you want without having to worry about using `sudo` and permissions. Be careful you don't delete anything you can't recover ``` $ sudo su - # mkdir -p /usr/local/src && cd /usr/local/src ``` Grab packages via cURL if possible (if the system version is too out of date, this may fail). If not, just download to your local machine and SCP up to your target host. ``` # curl https://www.openssl.org/source/openssl-1.1.0c.tar.gz -o openssl-1.1.0c.tar.gz # curl https://curl.haxx.se/download/curl-7.52.1.tar.gz -o curl-7.52.1.tar.gz # tar xzf openssl-1.1.0c.tar.gz # tar xzf curl-7.52.1.tar.gz ``` ### Install OpenSSL Configure the path so as to not interfere with the currently installed OpenSSL package: ``` # cd /usr/local/src/openssl-1.1.0c # ./config --prefix=/usr/local/openssl-1.1.0c --openssldir=/usr/local/openssl-1.1.0c # make && make install ``` Once installed, ensure that the shared library it builds is available via [`ldconfig`](https://linux.die.net/man/8/ldconfig) by adding it to the configuration search path: ``` # echo /usr/local/openssl-1.1.0c/lib >> /etc/ld.so.conf.d/ssl.conf ``` Run `ldconfig` to update the cache: ``` # ldconfig ``` You can verify what shared libraries are available by using the `-p` flag: @@ -63,9 +63,9 @@ You can verify what shared libraries are available by using the `-p` flag: Again, this should be installed so as not to interfere with the existing cURL: ``` # cd /usr/local/src/curl-7.52.1 # ./configure --prefix=/usr/local/curl/7.52.1 --with-ssl=/usr/local/openssl-1.1.0.c # make && make install ``` In addition to installing an updated binary, this will install the shared libcurl library in `/usr/local/curl/7.52.1/lib`. Additionally, it will install the `curl-config` binary that is used by curb to determine the correct build flags when installing the C extension. @@ -98,5 +98,3 @@ $ PATH=/usr/local/curl/7.52.1/bin:/usr/bin:/bin STATIC_BUILD=1 /usr/local/bin/ge -v 0.9.3 \ --install-dir=/path/to/gem/installation/directory ``` -
Jan 13, 2017 . 2 changed files with 102 additions and 40 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,102 @@ ## Installing `libcurl` with Updated OpenSSL Support If your Linux distribution is so out of date that you can no longer install updated patches, you'll typically need to either reach for an unsupported package or install the software via source. Additionally, I didn't want to interfere with installed software in fear of rendering the system unusable. ### Become Root and Grab Tarballs You're going to be installing stuff that requires root access, so it's easier to just be able to do it when you want without having to worry about using `sudo` and permissions. Be careful you don't delete anything you can't recover ``` sudo su - mkdir -p /usr/local/src && cd /usr/local/src ``` Grab packages via cURL if possible (if the system version is too out of date, this may fail). If not, just download to your local machine and SCP up to your target host. ``` curl https://www.openssl.org/source/openssl-1.1.0c.tar.gz -o openssl-1.1.0c.tar.gz curl https://curl.haxx.se/download/curl-7.52.1.tar.gz -o curl-7.52.1.tar.gz tar xzf openssl-1.1.0c.tar.gz tar xzf curl-7.52.1.tar.gz ``` ### Install OpenSSL Configure the path so as to not interfere with the currently installed OpenSSL package: ``` cd /usr/local/src/openssl-1.1.0c ./config --prefix=/usr/local/openssl-1.1.0c --openssldir=/usr/local/openssl-1.1.0c make && make install ``` Once installed, ensure that the shared library it builds is available via [`ldconfig`](https://linux.die.net/man/8/ldconfig) by adding it to the configuration search path: ``` echo /usr/local/openssl-1.1.0c/lib >> /etc/ld.so.conf.d/ssl.conf ``` Run `ldconfig` to update the cache: ``` ldconfig ``` You can verify what shared libraries are available by using the `-p` flag: ``` # ldconfig -p | grep ssl libssl.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libssl.so.1.1 libssl.so.1.0.0 (libc6,x86-64) => /lib/x86_64-linux-gnu/libssl.so.1.0.0 libssl.so.1.0.0 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 libssl.so (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libssl.so libssl.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libssl.so libgnutls-openssl.so.26 (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgnutls-openssl.so.26 libgnutls-openssl.so (libc6,x86-64) => /usr/lib/x86_64-linux-gnu/libgnutls-openssl.so libcrypto.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libcrypto.so.1.1 libcrypto.so (libc6,x86-64) => /usr/local/openssl-1.1.0c/lib/libcrypto.so ``` ### Install cURL Again, this should be installed so as not to interfere with the existing cURL: ``` cd /usr/local/src/curl-7.52.1 ./configure --prefix=/usr/local/curl/7.52.1 --with-ssl=/usr/local/openssl-1.1.0.c make && make install ``` In addition to installing an updated binary, this will install the shared libcurl library in `/usr/local/curl/7.52.1/lib`. Additionally, it will install the `curl-config` binary that is used by curb to determine the correct build flags when installing the C extension. ### Install Curb The [Curb](https://github.com/taf2/curb) gem provides cURL bindings for Ruby that we will use instead of the native standard library support for SSL. Looking at the contents of the included [`extconf.rb`](https://github.com/taf2/curb/blob/fd02907e23cf8b7ffc1414ea6f6eaf4566c8c0b9/ext/extconf.rb) file, we can see that the `curl-config` program is used to figure out the build flags: ```ruby if find_executable('curl-config') $CFLAGS << " #{`curl-config --cflags`.strip} -g" if ENV['STATIC_BUILD'] $LIBS << " #{`curl-config --static-libs`.strip}" else $LIBS << " #{`curl-config --libs`.strip}" end ... end ``` Since there are multiple versions of cURL and libcurl on our system, we need to ensure that the correct version is used. To do this, I: 1. Alter the `PATH` environment variable to ensure that our newly-installed `curl-config` program is found first 1. Provide the `STATIC_BUILD` environment variable to statically link curb against the new libcurl library If not built statically, Curb will load libcurl dynamically at runtime and will use the old libcurl version (that we're trying to replace). ``` $ PATH=/usr/local/curl/7.52.1/bin:/usr/bin:/bin STATIC_BUILD=1 /usr/local/bin/gem install curb \ -v 0.9.3 \ --install-dir=/path/to/gem/installation/directory ``` This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,40 +0,0 @@ -
Jan 13, 2017 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,40 @@ ## Installing `libcurl` with Updated OpenSSL Support If your Linux distribution is so out of date that you can no longer install updated patches, you'll typically need to either reach for an unsupported package or install the software via source. Additionally, I didn't want to interfere with installed software in fear of rendering the system unusable. ### Become Root and Grab Tarballs You're going to be installing stuff that requires root access, so it's easier to just be able to do it when you want without having to worry about using `sudo` and permissions. Be careful you don't delete anything you can't recover ``` sudo su - mkdir -p /usr/local/src && cd /usr/local/src ``` Grab packages via cURL if possible (if the system version is too out of date, this may fail). If not, just download to your local machine and SCP up to your target host. ``` curl https://www.openssl.org/source/openssl-1.1.0c.tar.gz -o openssl-1.1.0c.tar.gz curl https://curl.haxx.se/download/curl-7.52.1.tar.gz -o curl-7.52.1.tar.gz tar xzf openssl-1.1.0c.tar.gz tar xzf curl-7.52.1.tar.gz ``` cd /usr/local/src/openssl-1.1.0c ./config --prefix=/usr/local/openssl-1.1.0c --openssldir=/usr/local/openssl-1.1.0c make && make install echo /usr/local/openssl-1.1.0c/lib >> /etc/ld.so.conf.d/ssl.conf ldconfig cd /usr/local/src/curl-7.52.1 ./configure --prefix=/usr/local/curl/7.52.1 --with-ssl=/usr/local/openssl-1.1.0.c make && make install PATH=/usr/local/curl/7.52.1/bin:/usr/bin:/bin STATIC_BUILD=1 /usr/local/bin/gem install curb \ -v 0.9.3 \ --install-dir=/var/www/dwellagent/production/shared/bundle/ruby/1.9.1/ ```