search

apatel762 / home-infra

A repository containing all of the setup for my home infra (e.g. my laptop & soon, my server)
GNU Affero General Public License v3.0
0 stars 0 forks source link

Documentation for installating OpenSSL locally #53

Closed apatel762 closed 2 years ago

apatel762 commented 2 years ago

This is for my media VPS, where I don't have root access.

I needed a newer version of OpenSSL to compile Python (part of the pyenv setup). I wasn't able to use sudo or become root at any point in the process, so I needed to compile and install a copy of OpenSSL and dump it somewhere in my home dir to use.

I used a couple of resources: the official OpenSSL install docs[^1] and the official pyenv docs[^2] (which pointed to a guide[^3] online with more information).

# download the desired version of OpenSSL
cd "$(mktemp -d)"
wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1n.tar.gz.sha256

# ...check the above sha256sum
# if it's all good, then extract the downloaded folder and enter it
ex openssl-1.1.1n.tar.gz
cd openssl-1.1.1n

# create the folder that we will install OpenSSL to
mkdir -p "$HOME/.local/share/openssl"

# install OpenSSL
# using `config` instead of `Configure` because not sure which os/compiler to pick from
./config --prefix="$HOME/.local/share/openssl" --openssldir="$HOME/.local/share/openssl" '-Wl,-rpath,$(LIBRPATH)'
make
make test # optional
make install

...and then once you've installed OpenSSL, put the below stuff into your bash init scripts to ensure that you are using the local version instead of the system version:

prepend_to_path() {
    if [ -d "$1" ] && [[ ":$PATH:" != *":$1:"* ]]; then
        PATH="$1${PATH:+":$PATH"}"
    fi
}

prepend_to_path "$HOME/.local/share/openssl/bin"

export LD_LIBRARY_PATH="$HOME/.local/share/openssl/lib"
export LC_ALL="en_US.UTF-8"
export LDFLAGS="-L$HOME/.local/share/openssl/lib -Wl,-rpath,$HOME/.local/share/openssl/lib"
export CPPFLAGS="-I$HOME/.local/share/openssl/include"

...and then use pyenv to compile the version of Python that you want:

# not sure if `$HOME` works instead of hardcoding the path
CONFIGURE_OPTS="--with-openssl=/home/user/.local/share/openssl" pyenv install 3.10.4 -v

You can use pyenv install -v for more output. If the build fails, it will tell you where the log file for the build is, and you can look through that to figure out what went wrong.

[^1]: GitHub openssl/openssl "Build and Install" [^3]: Dreamhost Help "Installing OpenSSL locally under your username" [^2]: GitHub pyenv/pyenv "ERROR: The Python ssl extension was not compiled. Missing the OpenSSL lib?"

apatel762 commented 2 years ago

Updated the above comment to mention openssl-1.1.1n instead of openssl-3.0.2 because 3.0.2 wasn't working for me when I tried to compile Python with it.

Just to make sure that there isn't some sort of issue with that (i.e. the OpenSSL version being too new) I'm trying to compile Python with OpenSSL 1.1.1n.

apatel762 commented 2 years ago

This post was helpful:

https://unix.stackexchange.com/questions/573746/installing-python-3-7-from-source-with-custom-openssl-installation-test-ssl-fai