Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Beginners & Help
Re: Bitcoind CentOS Clean Compile On AWS EC2
by
neonzeon
on 01/07/2013, 08:37:00 UTC
Success! OpenSSL with EC Builds on CentOS 6.4

Finally, openssl with EC builds on Centos! This is basically due to the help from in #centos on freenode IRC.

The method was actually VERY close to Kano's instructions (see previous posts)

We start with the CentOS openssl source RPM, and "install" it (which means splitting it into Sources (consisting of patches and a .tar.bz2) and Specs (containing openssl.spec)

Then we download a different, but version-synchronized  .tar.gz version of the source from openssl.org. The new source will replace the existing .tar.bz2 file.

A patch file (to patch a test error) is also needed from openssl.org. The patch fixes this error http://openssl.6102.n7.nabble.com/OpenSSL-1-0-0b-testssl-fails-td11009.html

With the .tar.gz and the patch from openssl.org dowloaded, the openssl.spec file is edited to

1) Point to the newly downloaded .tar.gz as source
2) Change no-EC to enable-EC (enable ellptic curves)
3) Disable the "hobble" script (which erases elliptic curve source files)
4) Change the release number
5) Add a patch entry for the newly downloaded patch file

After that, we create a new source rpm using the modified spec file and replacement source (.tar.gz).

Finally, use mock, a Fedora tool used by Centos package builders, to build a new openssl package from the newly created source rpm.

Below are all the steps, condensed, that you need to take on a fresh CentOS 6.4 box, to compile openssl with enable-ec.

Code:
yum -y update  # Update all packages on new machine
yum -y groupinstall 'Development tools'
yum -y localinstall --nogpgcheck http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm # Install EPEL (EL6 extra packages) repository
yum -y install fedora-packager  # Install mock from EPEL repository
userdel -rf abcd ; useradd -G mock abcd ; su abcd
cd ~ ; curl -O http://vault.centos.org/6.4/os/Source/SPackages/openssl-1.0.0-27.el6.src.rpm
/usr/bin/mock ~/openssl-1.0.0-27.el6.src.rpm
rm -rf /home/abcd/build ; mv /var/lib/mock/epel-6-x86_64/root/builddir/build/ /home/abcd ; # Move to a safe place
cd /home/abcd/build/SOURCES
curl -O http://www.openssl.org/source/openssl-1.0.0.tar.gz # Download corresponding source tarball from openssl
curl -o patch300.patch http://cvs.openssl.org/patchset?cn=19998 # Download this patch to fix a test error
cd ../SPECS
sed -i -e "s/no-ec/enable-ec/; s/no-ecdh/enable-ecdh/; s/no-ecdsa/enable-ecdsa/" openssl.spec # Enable EC
sed -i -e "s/^Source1: hobble-openssl/#&/; s/^%.SOURCE1. /#&/" openssl.spec # Disable the "hobble" script
sed -i -e "s/^Release.*dist\}/&.EC.1/" openssl.spec # Also change release number by adding .EC.1
sed -i -e "s/-usa.tar.bz2/.tar.gz/" openssl.spec # Change the source tarball
sed -i -e "s/^Patch78.*/&\nPatch300: patch300.patch\n/" openssl.spec # Add the new patch
sed -i -e "s/^%patch78.*/&\n%patch300 -p1 \n/" openssl.spec # Add the new patch again
/usr/bin/mock --buildsrpm --spec  ~/build/SPECS/openssl.spec --sources  ~/build/SOURCES # Do a source rebuild
cp /var/lib/mock/epel-6-x86_64/root/builddir/build/SRPMS/openssl-1.0.0-27.el6.EC.1.src.rpm /home/abcd
cd ~ ; /usr/bin/mock --rebuild openssl-1.0.0-27.el6.EC.1.src.rpm


Tip Jar: 1KaJZTmvvk2CPYmRPWALU63o2AZkMEMvJk