Linux HOWTOs

About | Home | Search


HOWTO: gnutls
Description: Library that implements Transport Layer Security (and SSL)
Click here for ChangeLog
NOTE: I use GNU tar >= 1.13.25 so it's -j for .tar.bz2 files,
it's safe to assume that make, gcc, binutils, fileutils/coreutils, gawk, sed, and grep are prerequisites for almost everything


# GnuTLS 3.5.19
# =============
# Slackware 13.37: gnutls 2.10.5
# Slackware 14.0: gnutls 3.0.23
# Slackware 14.1: gnutls 3.1.16
# Slackware 14.2: gnutls 3.4.13

# If you want to uninstall GnuTLS, or clean up files from an older version
# before installing the new one, skip down to the bottom for instructions.

# If you have trouble viewing the web site with the link above, try here:
# http://www.gnu.org/software/gnutls/

# Some applications that I use, that have HOWTOs, that (can) use GnuTLS are:
# CUPS
# gnome-vfs
# lftp
# neon
# OpenLDAP
# Pidgin
# Samba
# wget
#
# If anything is linked to libgnutls.so.whatever, you upgrade GnuTLS, and
# that shared library file becomes libgnutls.so.something else, run 
# 'ldd /some/binary/program' to see if it links with the new shared library
# or not.  If not, rebuild and reinstall the other application.  In some
# cases, you may be able to create a symlink and run ldconfig, if the
# problem is only that it is looking for the old library file by a
# symbolic link name that no longer exists (e.g. libtnutls.so.28).

# An external OpenCDK library used to be required, but now GnuTLS uses
# the OpenCDK that is distributed with it.  If you have the external
# one installed, run 'make uninstall' from it's source directory (as root)
# and run 'ldconfig' (also as root).

# All releases > 2.10.3 use libnettle and p11-kit instead of libgcrypt
# Older releases used Libcfg+, it is no longer used
# Older releases used LZO, it is no longer used
# Older releases used readline, it is no longer used

# Prerequisites:
# pkg-config
# bison
# Libnettle 2.5 with GMP support (crypto back-end)
# libseccomp
# gmplib (arithmetic library)
# LibtASN1 (will use included one if not found; ASN.1 parsing)
# gtkdoc (optional; part of Slackware's linuxdoc-tools package)
# cmocka (optional; unit testing framework)
# p11-kit (optional; for smart card support)
# zlib (optional; for compression)
# Guile (optional; for Guile bindings)
# libunbound (optional; for DNSSEC/DANE support)
# TrouSerS (optional; for TPM support)
# libunistring

# If you have trouble with the download URL below, try one of these:
# https://www.gnupg.org/ftp/gcrypt/gnutls/
# ftp://ftp.gnutls.org/gcrypt/gnutls/

# The release announcement for this version is archived here:
# https://lists.gnutls.org/pipermail/gnutls-help/2018-July/004429.html

# Get it
cd
test -f installed/gnutls-3.5.19.tar.xz &&
 mv installed/gnutls-3.5.19.tar.xz .
test ! -f gnutls-3.5.19.tar.xz &&
 wget ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.19.tar.xz

# Verify tarball w/ SHA-1 using sha1sum:
# (this came from my gpg-verified tarball;
#  you can also use 'openssl dgst -sha1')
echo "51b29b7e37467a765378f3c8e546a5c1bb2a5054  gnutls-3.5.19.tar.xz" | \
sha1sum -c

# Verify tarball w/ SHA-256 using sha256sum:
# (sha256sum comes with recent versions of coreutils, you can also use
# 'shasum -a 256' or 'openssl dgst -sha256')
echo "1936eb64f03aaefd6eb16cef0567457777618573826b94d03376bb6a4afadc4\
4  gnutls-3.5.19.tar.xz" | sha256sum -c

# Verify tarball w/ gpg:
( gpg --list-keys F1679A65 > /dev/null 2>&1 || gpg --recv-keys F1679A65 ) &&
 wget -nc ftp://ftp.gnutls.org/gcrypt/gnutls/v3.5/gnutls-3.5.19.tar.xz.sig &&
  gpg --verify gnutls-3.5.19.tar.xz.sig && rm gnutls-3.5.19.tar.xz.sig

# Extract the source
mkdir -p -m 0700 ~/src
cd ~/src
find -maxdepth 1 -type d -name "gnutls-*" -exec rm -r {} \;
tar xJvf ~/gnutls-3.5.19.tar.xz
cd gnutls-3.5.19
test $UID = 0 && chown -R root:root .

# I pass infodir, mandir, and docdir to configure below so info files, man
# pages, and text documents go into the correct path for Slackware.  You
# can also make /usr/local/share/(doc|info|man) a symlink to
# /usr/local/(doc|info|man) (or the other way around) for the same effect.
# (or change MANPATH, use 'info -d', ...)

# I use --disable-nls below because I only read/write English (well),
# if that is not the case for you, leave that off

# Configure and build for 64-bit
test $(uname -m) = 'x86_64' &&
./configure --prefix=/usr --docdir=/usr/doc/gnutls-3.5.19 \
--infodir=/usr/info --libdir=/usr/lib64 --mandir=/usr/man \
--disable-nls --with-unbound-root-key-file=/usr/local/etc/unbound/root.key \
--with-trousers-lib=/usr/local/lib64/libtspi.so

# Configure and build for anything else
test $(uname -m) != 'x86_64' &&
./configure --prefix=/usr --docdir=/usr/doc/gnutls-3.5.19 \
--infodir=/usr/info --mandir=/usr/man --disable-nls \
--with-unbound-root-key-file=/usr/local/etc/unbound/root.key \
--with-trousers-lib=/usr/local/lib64/libtspi.so

# Build it
make

# Become root to install it
su

# Remove the Slackware package, if there is one
test -x /sbin/removepkg && /sbin/removepkg gnutls

# Install it
make install
ldconfig

# If you installed it over an older version, check here for files that
# are no longer needed.  Generally if you did not customize it yourself,
# and the date does not show today's date, then you can remove it.
#   /usr/include/gnutls
#   /usr/lib*/libgnutls*
#   /usr/man/man?/gnutls_*.?
# Looking through 'make -n install' in the source directory for a while
# will show you where everything goes (search for 'ginstall').

# Make sure your non-root user can remove the source later
chown -R $(logname) .
chmod -R u+w .

# Become yourself again
exit

# Save the source for later
cd
mkdir -p -m 0700 installed
rm -f installed/gnutls-*.tar.*
mv gnutls-3.5.19.tar.xz installed/


# If you ever want to uninstall GnuTLS, this should do it:
cd
su
test -d src/gnutls-* && ( cd src/gnutls-* ; make uninstall )
( cd /usr/bin
  rm -f certtool crywrap danetool gnutls-cli gnutls-cli-debug gnutls-serv \
   ocsptool p11tool psktool srptool tpmtool )
find /usr/doc -maxdepth 1 -type d -name "gnutls-*" -exec rm -r {} \;
test -d /usr/doc/gnutls && rm -r /usr/doc/gnutls
test -d /usr/include/gnutls && rm -r /usr/include/gnutls
( cd /usr/info
  rm -f gnutls.info gnutls-guile.info gnutls-*.png pkcs11-vision.png )
for libdir in /usr/lib /usr/lib64;
do
  test -d $libdir &&
  ( cd $libdir
    rm -f libgnutls.* libgnutlsxx.* libgnutls-*.*
    test -d ./guile/2.2 &&
     ( rm -rf ./guile/2.2/site-ccache/gnutls
       rm -rf ./guile/site/2.2/gnutls
       rm -f ./guile/2.2/guile-gnutls-v-* )
    test -d pkgconfig &&
     rm -f pkgconfig/gnutls.pc pkgconfig/gnutls-dane.pc )
done
( cd /usr/man/man1 ; rm -f certtool.1 danetool.1 gnutls-*.1 gnutls-*.1 \
  ocsptool.1  p11tool.1 psktool.1 srptool.1 tpmtool.1 )
test -d /usr/share/guile/site/gnutls && rm -r /usr/share/guile/site/gnutls
test -d /usr/share/guile/site/2.2/gnutls &&
 rm -r /usr/share/guile/site/2.2/gnutls
rm -f /usr/man/man3/dane_*.3 /usr/man/man3/gnutls_*.3 \
 /usr/share/guile/site/gnutls.scm /usr/lib/guile/2.0/guile-gnutls-v-2.*
ldconfig
exit
find ~/src -maxdepth 1 -type d -name "gnutls-*" -exec rm -r {} \;
rm -f ~/installed/gnutls-*.tar.*

Back to the list


Last updated: Wed, 29 Apr 2020 22:04:50 -0400
Jason Englander <jason at englanders dot us>