1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
|
****** Installation ******
At present, the entire RPKI tools collection is a single source tree with a
shared autoconf configuration. This may change in the future, but for now, this
means that the build process is essentially the same regardless of which tools
one wants to use. Some of the tools have dependencies on external packages,
although we've tried to keep this to a minimum.
Most of the tools require an RFC-3779-aware version of the OpenSSL libraries.
If necessary, the build process will generate its own private copy of the
OpenSSL libraries for this purpose.
Other than OpenSSL, most of the relying party tools are fairly self-contained.
The CA tools have a few additional dependencies, described below.
Note that initial development of this code has been on FreeBSD, so installation
will probably be easiest on FreeBSD. We do, however, test on other platforms,
such as Fedora, Ubuntu, and MacOSX.
***** Prerequisites *****
Before attempting to build the tools, you need to install any missing
prerequisites.
Some of the relying party tools and most of the CA tools are written in Python.
Note that the Python code requires Python version 2.5, 2.6, or 2.7.
On some platforms (particularly MacOSX) the simplest way to install most of the
Python packages may be the easy_install tool that comes with Python.
Packages you will need:
* We do not (yet) have binary packages for any platform, so you will need a C
compiler. gcc is fine, others such as Clang may also work.
* http://www.python.org/, the Python interpreter, libraries, and sources. On
some platforms the Python sources (in particular, the header files and
libraries needed when building Python extensions) are in a separate
"development" package, on other platforms they are all part of a single
package. If you get compilation errors trying to build the POW code later in
the build process and the error message says something about the file
"Python.h" being missing, this is almost certainly your problem.
o FreeBSD:
# /usr/ports/lang/python27
o Ubuntu:
# python
# python-dev
* http://codespeak.net/lxml/, a Pythonic interface to the Gnome LibXML2
libraries. lxml in turn requires the LibXML2 C libraries.
o FreeBSD: /usr/ports/devel/py-lxml
o Fedora: python-lxml.i386
o Ubuntu: python-lxml
* http://www.mysql.com/, MySQL client and server. How these are packaged varies
by platform, on some platforms the client and server are separate packages,
on others they might be a single monolithic package, or installing the server
might automatically install the client as a dependency. On MacOSX you might
be best off installing a binary package for MySQL. The RPKI CA tools have
been tested with MySQL 5.0, 5.1, and 5.5; they will probably work with any
other reasonably recent version.
o FreeBSD:
# /usr/ports/databases/mysql55-server
# /usr/ports/databases/mysql55-client
o Ubuntu:
# mysql-client
# mysql-server
* http://sourceforge.net/projects/mysql-python/, the Python "db" interface to
MySQL.
o FreeBSD: /usr/ports/databases/py-MySQLdb
o Fedora: MySQL-python.i386
o Ubuntu: python-mysqldb
* http://www.djangoproject.com/, the Django web user interface toolkit. The GUI
interface to the CA tools requires this.
o FreeBSD: /usr/ports/www/py-django
* http://pyyaml.org/. Several of the test programs use PyYAML to parse a YAML
description of a simulated allocation hierarchy to test.
o FreeBSD: /usr/ports/devel/py-yaml
o Ubuntu: python-yaml
* http://xmlsoft.org/XSLT/. Some of the test code uses xsltproc, from the Gnome
LibXSLT package.
o FreeBSD: /usr/ports/textproc/libxslt
o Ubuntu: xsltproc
***** Configure and build *****
Once you have the prerequesite packages installed, you should be able to build
the toolkit. cd to the top-level directory in the distribution, run the
configure script, then run "make":
$ cd $top
$ ./configure
$ make
This should automatically build everything, in the right order, including
building a private copy of the OpenSSL libraries with the right options if
necessary and linking the POW module against either the system OpenSSL
libraries or the private OpenSSL libraries, as appopriate.
In theory, ./configure will complain about any required packages which might be
missing.
***** Testing the build *****
Assuming the build stage completed without obvious errors, the next step is to
run some basic regression tests.
Some of the tests for the CA tools require MySQL databases to store their data.
To set up all the databases that the tests will need, run the SQL commands in
rpkid/tests/smoketest.setup.sql. The MySQL command line client is usually the
easiest way to do this, eg:
$ cd $top/rpkid
$ mysql -u root -p <tests/smoketest.setup.sql
To run the tests, run "make test":
$ cd $top
$ make test
To run a more extensive set of tests on the CA tool, run "make all-tests" in
the rpkid/ directory:
$ cd $top/rpkid
$ make all-tests
If nothing explodes, your installation is probably ok. Any Python backtraces in
the output indicate a problem.
***** Installing *****
Assuming the build and test phases went well, you should be ready to install
the code. The ./configure script attempts to figure out the "obvious" places to
install the various programs for your platform: binaries will be installed in /
usr/local/bin or /usr/local/sbin, Python modules will be installed using the
standard Python distutils and should end up wherever your system puts locally-
installed Python libraries, and so forth.
The RPKI validator, rcynic, is a special case, because the install scripts
attempt to build a chroot jail and install rcynic in that environment. This is
straightforward in FreeBSD, somewhat more complicated on other systems,
primarily due to hidden dependencies on dynamic libraries.
To install the code, become root (su, sudo, whatever), then run "make install":
$ cd $top
$ sudo make install
***** Tools you should not need to install *****
There's a last set of tools that only developers should need, as they're only
used when modifying schemas or regenerating the documentation. These tools are
listed here for completeness.
* http://www.doxygen.org/. Doxygen in turn pulls in several other tools,
notably Graphviz, pdfLaTeX, and Ghostscript.
o FreeBSD: /usr/ports/devel/doxygen
o Ubuntu: doxygen
* http://www.mbayer.de/html2text/. The documentation build process uses
xsltproc and html2text to dump flat text versions of a few critical
documentation pages.
o FreeBSD: /usr/ports/textproc/html2text
* http://www.thaiopensource.com/relaxng/trang.html. Trang is used to convert
RelaxNG schemas from the human-readable "compact" form to the XML form that
LibXML2 understands. Trang in turn requires Java.
o FreeBSD: /usr/ports/textproc/trang
* http://search.cpan.org/dist/SQL-Translator/. SQL-Translator, also known as
"SQL Fairy", includes code to parse an SQL schema and dump a description of
it as Graphviz input. SQL Fairy in turn requires Perl.
o FreeBSD: /usr/ports/databases/p5-SQL-Translator
* http://www.easysw.com/htmldoc/. The documentation build process uses htmldoc
to generate PDF from the project's Trac wiki.
o FreeBSD: /usr/ports/textproc/htmldoc
***** Next steps *****
Once you've finished installing the code, you will need to configure it. Since
CAs are generally also relying parties (if only so that they can check the
results of their own actions), you will generally want to start by configuring
the relying party tools, then configure the CA tools if you're planning to use
them.
|
