Open hongkongkiwi opened 4 months ago
Here's how I got it compiling for MacOS:
brew install json-c p11-kit openssl@3 libp11 zlib
git clone --recurse-submodules "https://github.com/aws/aws-sdk-cpp" "aws-sdk-cpp" cd "aws-sdk-cpp" ./prefetch_crt_dependency.sh mkdir -p ./build cd ./build cmake \ -DCMAKE_PREFIX_PATH="/opt/homebrew/opt/curl/" \ -DBUILD_ONLY="kms;acm-pca" \ -DCMAKE_BUILD_TYPE=Release \ -DENABLE_TESTING=OFF \ -DAUTORUN_UNIT_TESTS=OFF \ -DBUILD_SHARED_LIBS=OFF \ -DCMAKE_INSTALL_PREFIX="$HOME/aws-sdk-cpp" .. cmake --build build -j $(nproc) make install
We need to fix up the SDK so it builds s2n which is doesn't seem to do by default in latest versoins.
cd ../crt/aws-crt-cpp/crt/s2n mkdir -p build cd build cmake .. -Bbuild \ -DCMAKE_BUILD_TYPE=Release \ -DCMAKE_INSTALL_PREFIX="$HOME/aws-sdk-cpp" cmake --build build -j $(nproc) cmake --install build
AWS_SDK_PATH="$HOME/aws-sdk-cpp" make
mkdir -p ~/.config/aws-kms-pkcs11 touch ~/.config/aws-kms-pkcs11/config
cat >openssl_config.conf <<EOF openssl_conf = openssl_init [openssl_init] engines = engine_section [engine_section] pkcs11 = pkcs11_section [pkcs11_section] engine_id = pkcs11 dynamic_path = /opt/homebrew/opt/libp11/lib/engines-3/libpkcs11.dylib MODULE_PATH = /Users/andy/.config/aws-kms-pkcs11/aws_kms_pkcs11.dylib init = 0 [req] distinguished_name=dn [ dn ] EOF
OPENSSL_CONF=openssl_config.conf openssl req -config <(echo "$CONFIG") -x509 -key pkcs11:token=my-signing-key -keyform engine -engine pkcs11 -out mycert.pem -subj '/CN=mycert' -days 366 -addext basicConstraints=critical,CA:FALSE
Here's how I got it compiling for MacOS:
Install depeencies
Install AWS SDK
We need to fix up the SDK so it builds s2n which is doesn't seem to do by default in latest versoins.
Compile AWS PKCS11
Using on MacOS
Setup OpenSSL Config