我的书签
添加书签
移除书签使用/不使用 TLS 来构建 Windows agent 二进制文件
概述
这个章节来示范如何从源代码包中使用或不使用 TLS 来构建 Windows agent 二进制文件。
This section demonstrates how to build Windows agent binaries from sources with or without TLS.
编译 OpenSSL
以下步骤将帮助您从 MS Windows 10 (64位) 上的源代码编译 OpenSSL 。
The following steps will help you to compile OpenSSL from sources on MS Windows 10 (64-bit).
要编译 OpenSSL,您需要在 Windows 机器上准备如下环境:
C compiler (例如。 VS 2017 RC),
NASM (https://www.nasm.us/),
Perl (例如。 Strawberry Perl 从 http://strawberryperl.com/),
Perl module Text::Template (cpan Text::Template).
从 https://www.openssl.org/ 获取 OpenSSL 源。这里使用的是 OpenSSL 1.1.1。
解压 OpenSSL 源代码包,例如,解压至 E:\openssl-1.1.1。
打开命令行窗口,例如,VS 2017 RC 的 x64 Native Tools Command Prompt。
转到 OpenSSL 源代码包的解压目录,例如:E:\openssl-1.1.1。
确保 NASM 可以被找到:
e:\openssl-1.1.1> nasm --versionNASM version 2.13.01 compiled on May 1 2017
安装 OpenSSL,例如:
e:\openssl-1.1.1> perl E:\openssl-1.1.1\Configure VC-WIN64A no-shared no-capieng no-srp no-gost no-dgram no-dtls1-method no-dtls1_2-method --api=1.1.0 --prefix=C:\OpenSSL-Win64-111-static --openssldir=C:\OpenSSL-Win64-111-static
需要注意此选项 ‘no-shared’:如果使用 ‘no-shared’ ,则 OpenSSL 静态库 libcrypto.lib 和 libssl.lib 将会’自给自足’,并且其生成的 Zabbix 二进制文件将会包含 libcrypto.lib 和 libssl.lib,无需外部的 OpenSSL DLLs。其优点是:Zabbix 二进制文件可以复制到其他没有 OpenSSL 库的 Windows 机器上。其缺点是:当发布新的 OpenSSL bugfix 时,Zabbix agent 需要重新编译和重新安装。
如果不使用 ‘no-shared’,则静态库 libcrypto.lib 和 libssl.lib 将在启动时运行 OpenSSL。其优点是:当发布新的 OpenSSL bugfix 时,或许只需要升级 OpenSSL DLLs,而无需重新编译 Zabbix agent。其缺点是:当将 Zabbix agent 拷贝到其他机器上时,需要同时拷贝 OpenSSL DLLs。
编译 OpenSSL、运行测试并安装:
e:\openssl-1.1.1> nmakee:\openssl-1.1.1> nmake test...All tests successful.Files=152, Tests=1152, 501 wallclock secs ( 0.67 usr + 0.61 sys = 1.28 CPU)Result: PASSe:\openssl-1.1.1> nmake install_sw
‘install_sw’ 只安装软件组件(例如。库、头部文件,但没有文档)。如果想要全部组件,请使用 “nmake install”。
For compiling OpenSSL you will need on Windows machine:
C compiler (e.g. VS 2017 RC),
NASM (https://www.nasm.us/),
Perl (e.g. Strawberry Perl from http://strawberryperl.com/),
Perl module Text::Template (cpan Text::Template).
Get OpenSSL sources from https://www.openssl.org/. OpenSSL 1.1.1 is used here.
Unpack OpenSSL sources, for example, in E:\openssl-1.1.1.
Open a commandline window e.g. the x64 Native Tools Command Prompt for VS 2017 RC.
Go to the OpenSSL source directory, e.g. E:\openssl-1.1.1.
Verify that NASM can be found:
e:\openssl-1.1.1> nasm --versionNASM version 2.13.01 compiled on May 1 2017
Configure OpenSSL, for example:
e:\openssl-1.1.1> perl E:\openssl-1.1.1\Configure VC-WIN64A no-shared no-capieng no-srp no-gost no-dgram no-dtls1-method no-dtls1_2-method --api=1.1.0 --prefix=C:\OpenSSL-Win64-111-static --openssldir=C:\OpenSSL-Win64-111-static
Note the option ‘no-shared’: if ‘no-shared’ is used then the OpenSSL static libraries libcrypto.lib and libssl.lib will be ‘self-sufficient’ and resulting Zabbix binaries will include OpenSSL in themselves, no need for external OpenSSL DLLs. Advantage: Zabbix binaries can be copied to other Windows machines without OpenSSL libraries. Disadvantage: when a new OpenSSL bugfix version is released, Zabbix agent needs to recompiled and reinstalled.
If ‘no-shared’ is not used, then the static libraries libcrypto.lib and libssl.lib will be using OpenSSL DLLs at runtime. Advantage: when a new OpenSSL bugfix version is released, probably you can upgrade only OpenSSL DLLs, without recompiling Zabbix agent. Disadvantage: copying Zabbix agent to another machine requires copying OpenSSL DLLs, too.
Compile OpenSSL, run tests, install:
e:\openssl-1.1.1> nmakee:\openssl-1.1.1> nmake test...All tests successful.Files=152, Tests=1152, 501 wallclock secs ( 0.67 usr + 0.61 sys = 1.28 CPU)Result: PASSe:\openssl-1.1.1> nmake install_sw
‘install_sw’ installs only software components (i.e. libraries, header files, but no documentation). If you want everything, use “nmake install”.
编译 PCRE
从 pcre.org 下载 PCRE 库(Zabbix 4.0 中是强制的库)。版本是8.XX ;而不是pcre2 (ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.zip)。
将其解压至目录 E:\pcre-8.41
从 from https://cmake.org/download/ 安装 CMake,在安装过程中选择:并确保其 cmake\bin 位于您的环境路径中(测试版本为 3.9.4)。
创建一个新的、空的构建目录,最好是在源目录的子目录下。例如:E:\pcre-8.41\build。
打开一个 Windows 命令行。例如 VS 2017 的 x64 Native Tools Command Prompt 和在该 shell 环境种运行 cmake-gui。不要尝试从 Windows 开始菜单去启动 Cmake,因为这可能会导致错误。
分别为源和源目录键入 E:\pcre-8.41 和 E:\pcre-8.41\build 。
点击 “Configure” 按钮。
当为此项目指定生成器时,选择 “NMake Makefiles”。
创建一个新的、空的安装目录。例如:E:\pcre-8.41-install。
GUI将会列出几个配置选项。 确保选中以下选项:
PCRE_SUPPORT_UNICODE_PROPERTIES ON
PCRE_SUPPORT_UTF ON
CMAKE_INSTALL_PREFIX E:\pcre-8.41-install
再次点击 “Configure” 。其相邻的 “Generate” 按钮应该被激活。
点击 “Generate”。
如果确实发生了错误。建议在尝试重新构建 CMake 过程之前删除 CMake 缓存。在 CMake GUI 中,可以通过选择 “File > Delete Cache” 来删除缓存。
其构建目录现在应该包含一个可用构建系统- Makefile。
打开 Windows 命令行。例如 VS 2017 的 x64 Native Tools Command Prompt ,并切换到上面提及的 Makefile 。
运行 NMake 命令:
E:\pcre-8.41\build> nmake install
Download PCRE library (new mandatory library for Zabbix 4.0) from pcre.org, version 8.XX; not pcre2 (ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.41.zip)
Extract to directory E:\pcre-8.41
Install CMake from https://cmake.org/download/, during install select: and ensure that cmake\bin is on your path (tested version 3.9.4).
Create a new, empty build directory, preferably a subdirectory of the source dir. For example, E:\pcre-8.41\build.
Open a commandline window e.g. the x64 Native Tools Command Prompt for VS 2017 and from that shell environment run cmake-gui. Do not try to start Cmake from the Windows Start menu, as this can lead to errors.
Enter E:\pcre-8.41 and E:\pcre-8.41\build for the source and build directories, respectively.
Hit the “Configure” button.
When specifying the generator for this project select “NMake Makefiles”.
Create a new, empty install directory. For example, E:\pcre-8.41-install.
The GUI will then list several configuration options. Make sure the following options are selected:
PCRE_SUPPORT_UNICODE_PROPERTIES ON
PCRE_SUPPORT_UTF ON
CMAKE_INSTALL_PREFIX E:\pcre-8.41-install
Hit “Configure” again. The adjacent “Generate” button should now be active.
Hit “Generate”.
In the event that errors do occur, it is recommended that you delete the CMake cache before attempting to repeat the CMake build process. In the CMake GUI, the cache can be deleted by selecting “File > Delete Cache”.
The build directory should now contain a usable build system - Makefile.
Open a commandline window e.g. the x64 Native Tools Command Prompt for VS 2017 and navigate to the Makefile mentioned above.
Run NMake command:
E:\pcre-8.41\build> nmake install
编译 Zabbix
以下步骤将帮助您从 MS Windows 10 (64-bit) 上的源代码编译 Zabbix。 当使用/不使用 TLS 支持编译 Zabbix 时,唯一显着的区别在于步骤4。
The following steps will help you to compile Zabbix from sources on MS Windows 10 (64-bit). When compiling Zabbix with/without TLS support the only significant difference is in step 4.
在 Zabbix 4.0.1 中添加了对 OpenSSL 1.1.1 的支持,而在 4.0.2rc1中,还有一些额外的修复。
Support for OpenSSL 1.1.1 was added in 4.0.1, some additional fixes - in 4.0.2rc1.
在 Linux 机器上检查 SVN 的源代码::
$ svn co svn://svn.zabbix.com/tags/4.0.2$ cd 4.0.2/$ ./bootstrap.sh$ ./configure --enable-agent --enable-ipv6 --prefix=`pwd`$ make dbschema$ make dist
复制并解压文件,例如,zabbix-4.0.2.tar.gz,在 Windows 机器上。
假设源文件位于 e:\zabbix-4.0.2。则打开 Windows 命令行,例如,VS 2017 RC 的 x64 Native Tools Command Prompt ,并切换到 E:\zabbix-4.0.2\build\win32\project。
编译 zabbix_get、zabbix_sender 和 zabbix_agent。
不使用 TLS:
E:\zabbix-4.0.2\build\win32\project> nmake /K PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\lib
使用 TLS:
E:\zabbix-4.0.2\build\win32\project> nmake /K -f Makefile_get TLS=openssl TLSINCDIR=C:\OpenSSL-Win64-111-static\include TLSLIBDIR=C:\OpenSSL-Win64-111-static\lib PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\libE:\zabbix-4.0.2\build\win32\project> nmake /K -f Makefile_sender TLS=openssl TLSINCDIR="C:\OpenSSL-Win64-111-static\include TLSLIBDIR="C:\OpenSSL-Win64-111-static\lib" PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\libE:\zabbix-4.0.2\build\win32\project> nmake /K -f Makefile_agent TLS=openssl TLSINCDIR=C:\OpenSSL-Win64-111-static\include TLSLIBDIR=C:\OpenSSL-Win64-111-static\lib PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\lib
新的二进制文件位于 e:\zabbix-4.0.2\bin\win64 下。 由于 OpenSSL 是使用 ‘no-shared’ 选项编译的,因此 Zabbix 二进制文件自身包含 OpenSSL ,并且可以复制到其他没有 OpenSSL 的机器上。
On a Linux machine check out the source from SVN:
$ svn co svn://svn.zabbix.com/tags/4.0.2$ cd 4.0.2/$ ./bootstrap.sh$ ./configure --enable-agent --enable-ipv6 --prefix=`pwd`$ make dbschema$ make dist
Copy and unpack the archive, e.g. zabbix-4.0.2.tar.gz, on a Windows machine.
Let’s assume that sources are in e:\zabbix-4.0.2. Open a commandline window e.g. the x64 Native Tools Command Prompt for VS 2017 RC. Go to E:\zabbix-4.0.2\build\win32\project.
Compile zabbix_get, zabbix_sender and zabbix_agent.
without TLS:
E:\zabbix-4.0.2\build\win32\project> nmake /K PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\lib
with TLS:
E:\zabbix-4.0.2\build\win32\project> nmake /K -f Makefile_get TLS=openssl TLSINCDIR=C:\OpenSSL-Win64-111-static\include TLSLIBDIR=C:\OpenSSL-Win64-111-static\lib PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\libE:\zabbix-4.0.2\build\win32\project> nmake /K -f Makefile_sender TLS=openssl TLSINCDIR="C:\OpenSSL-Win64-111-static\include TLSLIBDIR="C:\OpenSSL-Win64-111-static\lib" PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\libE:\zabbix-4.0.2\build\win32\project> nmake /K -f Makefile_agent TLS=openssl TLSINCDIR=C:\OpenSSL-Win64-111-static\include TLSLIBDIR=C:\OpenSSL-Win64-111-static\lib PCREINCDIR=E:\pcre-8.41-install\include PCRELIBDIR=E:\pcre-8.41-install\lib
New binaries are located in e:\zabbix-4.0.2\bin\win64. Since OpenSSL was compiled with ‘no-shared’ option, Zabbix binaries contain OpenSSL within themselves and can be copied to other machines that do not have OpenSSL.
