Table of Contents
- 1 Introduction
- 2 Platform Possibilities
- 3
rpki.net Software Installation - 4 Next Steps
- 5 Full Table of Contents
1 Introduction
The
The
This document describes installing
This document only discusses
This document is prepared under Contract Number HSHQDC-14-C-B0035 for DHS S&T CSD
2 Platform Possibilities
The
- Ubuntu 12.04 LTS ("Precise Pangolin")
- Ubuntu 14.04 ("Trusty Tahir")
- Debian 7 ("Wheezy")
- FreeBSD
On other platforms,
We have had the best success installing
3 rpki.net Software Installation
This section describes installing both the
Software installation requires superuser access on the target machine.
Shell commands provided below assume a
3.1 Installing on Debian and Ubuntu Using APT Packages
Precompiled binary packages for Debian and Ubuntu are available from
http://download.rpki.net using the
Advanced Package Tools (APT). To use APT, you need to configure APT on your
machine to know about the
3.1.1 Initial APT Setup
You should only need to perform these steps once for any particular machine. The second step consists of only one command. However, the particular command depends on the platform.
- Add the GPG public key for this repository. This step is optional.
$ wget -q -O - http://download.rpki.net/APT/apt-gpg-key.asc | sudo apt-key add -
- Configure APT to use this repository.
- Debian Wheezy
$ sudo wget -q -O /etc/apt/sources.list.d/rpki.list http://download.rpki.net/APT/rpki.wheezy.list
- Ubuntu Precise
$ sudo wget -q -O /etc/apt/sources.list.d/rpki.list http://download.rpki.net/APT/rpki.precise.list
- Ubuntu Trusty
$ sudo wget -q -O /etc/apt/sources.list.d/rpki.list http://download.rpki.net/APT/rpki.trusty.list
- Debian Wheezy
3.1.2 Installation Using APT Tools
These instructions assume that you're using
- Update available packages.
$ sudo apt-get update
- Install the software.
$ sudo apt-get install rpki-rp rpki-ca
- If the
rpki.net Web Portal will be used on a CA installation, then Apache must also be installed.$ sudo apt-get install apache2 libapache2-mod-wsgi
- Customize the default
rpki.conf for your environment as necessary. The full path for this configuration file is/etc/rpki.conf .In particular, you must change the
handle andrpkid_server_host configuration fields.
There are detailed instructions for customizing therpki.conf file in the Configuration File Reference. - Whenever anything in
rpki.conf is changed, you must restart the RPKI CA service for the changes to take effect.$ sudo service rpki-ca restart
3.1.3 Prerequisites for Debian and Ubuntu
The packages in the following table must be installed in order for the
A C compiler may be needed if any of the prerequisite packages must be built,
rather than installed from a binary package.
Software Package | APT Name |
Python 2.7 | python python-dev python-setuptools python-pip (for Ubuntu installations) |
LibXML2 | python-lxml libxml2-utils |
MySQL client | mysql-client |
MySQL server | mysql-server |
Python "db" interface | python-mysqldb |
Django 1.4 | Debian: py27-django Ubuntu: Install manually using sudo pip install django==1.4.5 |
VObject | python-vobject |
PyYAML | python-yaml |
xsltproc | xsltproc |
RRDTool | rrdtool |
Apache | Apache 2.2 or later |
ssl | libssl0.9.8 or libssl1.0.0 |
wsgi | libapache2-mod-wsgi 3 or later |
Django South 0.7.6 | Debian: python-django-south Ubuntu: Install manually using sudo pip install South>=0.7.6 |
On some platforms the Python sources (in particular, the header files
and libraries needed when building Python extensions) are in a separate
"development" package; on other platforms they are all part of a single
package. If you get compilation errors trying to build a the package and
the error message says something about the file
After completing the installation steps in this section, you have finished installation and may proceed to the Next Steps section. However, developers should consider installing the development tools, as described in the Developers Tools section.
3.2 Upgrading rpki.net Software on Debian and Ubuntu
After
$ sudo apt-get update $ sudo apt-get upgradeAlternatively, the following commands will only upgrade the
$ sudo apt-get update $ sudo apt-get upgrade rpki-ca rpki-rpIf the
$ sudo apt-get upgrade apache2 libapache2-mod-wsgi
After completing the installation steps in this section, you have finished installation and may proceed to the Next Steps section. However, developers should consider installing the development tools, as described in the Developers Tools section.
3.3 Installing on FreeBSD Using Ports
The FreeBSD Ports system may be used to install the
3.3.1 Manual Installation
FreeBSD port skeletons must be downloaded in order to install the
- Download the port skeletons manually and install from them. The
following shell commands will install the
rpki.net ports:for port in rpki-rp rpki-ca do fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz tar xf ${port}-port.tgz cd ${port} make install cd .. rm -rf ${port} done
- If the
rpki.net Web Portal will be used on a CA installation, the port skeletons can be downloaded and installed manually. The following shell commands will install therpki.net ports:for port in apache22 mod_wsgi3 do fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz tar xf ${port}-port.tgz cd ${port} make install cd .. rm -rf ${port} done
- Customize the default
rpki.conf for your environment as necessary. The full path for this configuration file is/etc/rpki.conf .In particular, you must change the
handle andrpkid_server_host configuration fields.
There are detailed instructions for customizing therpki.conf file in the Configuration File Reference. - Whenever anything in
rpki.conf is changed, you must restart the RPKI CA service for the changes to take effect.$ sudo service rpki-ca restart
3.3.2 Automated Download and Install with rpki-portmaster.sh
The
- Download
rpki-portmaster.sh .$ fetch http://download.rpki.net/FreeBSD_Packages/rpki-portmaster.sh
- Install (or upgrade) the
rpki.net software.$ sh rpki-portmaster.sh
- Customize the default
rpki.conf for your environment as necessary. The full path for this configuration file is/etc/rpki.conf .In particular, you must change the
handle andrpkid_server_host configuration fields.
There are detailed instructions for customizing therpki.conf file in the Configuration File Reference. - Whenever anything in
rpki.conf is changed, you must restart the RPKI CA service for the changes to take effect.$ sudo service rpki-ca restart
3.3.3 Prerequisite Software Packages for FreeBSD
The packages in the following table must be installed in order for the
A C compiler is needed in order to build the prerequisite packages.
Software Package | Ports Path | Ports Name |
Python 2.7 | python | |
LibXML2 | py27-lxml | |
MySQL client | mysql55-client | |
MySQL server | mysql55-server | |
Python "db" interface | py27-MySQLdb | |
Django 1.4 | py27-django | |
VObject | py27-vobject | |
PyYAML | py27-yaml | |
xsltproc | libxslt | |
RRDTool | rrdtool | |
Apache | apache22 | |
wsgi | app22-mod_wsgi | |
Django South 0.7.6 | py27-south |
On some platforms the Python sources (in particular, the header files
and libraries needed when building Python extensions) are in a separate
"development" package; on other platforms they are all part of a single
package. If you get compilation errors trying to build a the package and
the error message says something about the file
After completing the installation steps in this section, you have finished
installation and may proceed to the Next Steps
section.
However, developers should consider installing the development tools, as
described in the Developers Tools section.
3.4 Upgrading on FreeBSD
The FreeBSD Ports system may be used to install the
3.4.1 Manual Upgrade
The FreeBSD ports system doesn't really understand upgrades. Consequently,
manual upgrade of the
- Re-install the
rpki.net ports.for port in rpki-rp rpki-ca do fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz tar xf ${port}-port.tgz cd ${port} make deinstall make reinstall cd .. rm -rf ${port} done
- If the
rpki.net Web Portal is used on a CA installation, the Apache-related ports may be re-installed using these shell commands:for port in apache22 mod_wsgi3 do fetch http://download.rpki.net/FreeBSD_Packages/${port}-port.tgz tar xf ${port}-port.tgz cd ${port} make deinstall make reinstall cd .. rm -rf ${port} done
After an upgrade, you should check the newly-installed
3.4.2 Automated Upgrade with rpki-portupgrade.sh
The
- Download
rpki-portupgrade.sh .fetch http://download.rpki.net/FreeBSD_Packages/rpki-portupgrade.sh
- Add information about the RPKI ports must be added to two variables
in
/usr/local/etc/pkgtools.conf beforerpki-portupgrade.sh will know how to deal with these ports:EXTRA_CATEGORIES = [ 'rpki', ] ALT_INDEX = [ ENV['PORTSDIR'] + '/INDEX.rpki', ]
Once these steps have been completed,rpki-portupgrade.sh can be executed to install or upgrade the RPKI code.sh rpki-portupgrade.sh
- Customize the default
rpki.conf for your environment as necessary. The full path for this configuration file is/etc/rpki.conf .In particular, you must change the
handle andrpkid_server_host configuration fields.
There are detailed instructions for customizing therpki.conf file in the Configuration File Reference. - Whenever anything in
rpki.conf is changed, you must restart the RPKI CA service for the changes to take effect.$ sudo service rpki-ca restart
After completing the installation steps in this section, you have finished installation and may proceed to the Next Steps section. However, developers should consider installing the development tools, as described in the Developers Tools section.
3.5 Installing From Source Code
At present, the entire RPKI tools collection is a single source tree with a
shared
Before attempting to build the
Most of the tools require an RFC-3779-aware version of the OpenSSL libraries. If necessary, the build process will generate its own private copy of the OpenSSL libraries for this purpose.
Other than OpenSSL, most of the Relying-Party tools are fairly self-contained. The CA tools have a few additional dependencies, described below.
Initial development of this code has been on FreeBSD, so installation will probably be easiest on FreeBSD. The software is tested on other platforms, such as Fedora, Ubuntu, Debian, and MacOSX.
3.5.1 Downloading the Source Code
It is recommended that
$ svn checkout http://subvert-rpki.hactrn.net/trunk/Code snapshots are also available from http://download.rpki.net/ as
3.5.2 Prerequisites Packages when Installing from Source Code
This section discusses installing the prerequisite software packages. If your platform is Debian, Ubuntu, or FreeBSD, then you should consult the appropriate sections that describe installing prerequisites on those systems. If you are using a different platform, you should continue reading this section.
The packages in the following table must be installed in order for the
A C compiler may be needed if any of the prerequisite packages must be
built, rather than installed from a binary package.
Software Package | Package Location |
Python 2.7 | http://www.python.org |
LibXML2 | http://codespeak.net/lxml |
MySQL client | http://www.mysql.com |
MySQL server | http://www.mysql.com |
Python "db" interface | http://sourceforge.net/projects/mysql-python |
Django 1.4 | http:/www.djangoproject.com |
VObject | http://vobject.skyhouseconsulting.com |
PyYAML | http://pyyaml.org |
xsltproc | http://xmlsoft.org/XSLT |
RRDTool | http://www.rrdtool.org |
Apache | http://httpd.apache.org |
wsgi | http://www.freshports.org/www/mod_wsgi3 |
Django South 0.7.6 | http://south.aeracode.org |
On some platforms the Python sources (in particular, the header files
and libraries needed when building Python extensions) are in a separate
"development" package; on other platforms they are all part of a single
package. If you get compilation errors trying to build a the package and
the error message says something about the file
3.5.3 Building the Source Code
Once you have the prerequisite packages installed, you should be able to
build the toolkit. Go to the top-level directory (signified below as
$ cd $top $ ./configure $ makeThis should automatically build everything, in the right order. A private copy of the OpenSSL libraries will be built with the proper options, if necessary, and linking the POW module against either the system OpenSSL libraries or the private OpenSSL libraries, as appropriate.
In theory,
If you don't intend to run any of the CA tools, you can simplify the build
and installation process by telling
$ cd $top $ ./configure --disable-ca-tools $ make
3.5.4 Testing the Build
Assuming the build stage completed without obvious errors, the next step is to run some basic regression tests.
Some of the tests for the CA tools require MySQL databases to store their
data. To set up all the databases that the tests will need, run the SQL
commands in
$ cd $top/ca $ mysql -u root -p < tests/smoketest.setup.sqlTo run the tests, run
$ cd $top $ make testTo run a more extensive set of tests on the CA tool, run
$ cd $top/ca $ make all-testsErrors and problems should be apparent. For example, any Python backtraces in the output indicate a problem. If no errors are obvious, then your installation is should be okay.
3.5.5 Installing the Build
Assuming the build and test phases went well, you should be ready to install
the code. The
The RPKI validator,
To install the code, become root (e.g.,
$ cd $top $ sudo make install
After completing the installation steps in this section, you have finished installation and may proceed to the Next Steps section. However, developers should consider installing the development tools, as described in the Developers Tools section.
3.5.6 Developers Tools
There's a set of tools that only developers should need. These tools are only used when modifying schemas or regenerating the documentation. These tools are listed here for completeness, but most installations are likely to not need them.
- http://www.doxygen.org/. Doxygen in turn pulls in several other packages,
notably Graphviz, pdfLaTeX, and Ghostscript.
- FreeBSD: /usr/ports/devel/doxygen
- Debian: doxygen
- Ubuntu: doxygen (apt)
- http://www.mbayer.de/html2text/. The documentation build process uses
xsltproc andhtml2text to dump flat text versions of a few critical documentation pages.- FreeBSD: /usr/ports/textproc/html2text
- Ubuntu: html2text (apt)
- http://www.thaiopensource.com/relaxng/trang.html. Trang is used to
convert RelaxNG schemas from the human-readable "compact" form to the XML
form that LibXML2 understands. Trang in turn requires Java.
- FreeBSD: /usr/ports/textproc/trang
- Ubuntu: trang (apt)
- http://search.cpan.org/dist/SQL-Translator/. SQL-Translator, also known
as "SQL Fairy", includes code to parse an SQL schema and dump a description
of it as Graphviz input. SQL Fairy in turn requires Perl.
- FreeBSD: /usr/ports/databases/p5-SQL-Translator
- Ubuntu: sqlfairy (apt)
- http://www.easysw.com/htmldoc/. The documentation build process uses
htmldoc to generate PDF from the project's Trac wiki.- FreeBSD: /usr/ports/textproc/htmldoc
- Ubuntu: htmldoc (apt)
4 Next Steps
Once you've finished installing the code, you will need to configure it. System configuration is discussed in the RSI-EARS Step-By-Step Configuration Guide.
Since CAs are generally also Relying Parties (if only so that they can check the results of their own actions), you will generally want to start by configuring the Relying-Party tools, then configure the CA tools if you're planning to use them.
5 Full Table of Contents
- Table of Contents
- 1 Introduction
- 2 Platform Possibilities
- 3
rpki.net Software Installation- 3.1 Installing on Debian and Ubuntu Using APT Packages
- 3.1.1 Initial APT Setup
- 3.1.2 Installation Using APT Tools
- 3.1.3 Prerequisites for Debian and Ubuntu
- 3.2 Upgrading rpki.net Software on Debian and Ubuntu
- 3.3 Installing on FreeBSD Using Ports
- 3.3.1 Manual Installation
- 3.3.2 Automated Download and Install with rpki-portmaster.sh
- 3.3.3 Prerequisite Software Packages for FreeBSD
- 3.4 Upgrading on FreeBSD
- 3.5 Installing From Source Code
- 3.5.1 Downloading the Source Code
- 3.5.2 Prerequisites Packages when Installing from Source Code
- 3.5.3 Building the Source Code
- 3.5.4 Testing the Build
- 3.5.5 Installing the Build
- 3.5.6 Developers Tools
- 3.1 Installing on Debian and Ubuntu Using APT Packages
- 4 Next Steps
- 5 Full Table of Contents
Sections of this document are derived or taken verbatim from Dragon Research Lab's RPKI Tools Manual.
Copyright (c) 2015, Parsons, Inc
All rights reserved