apt install make cmake gcc
dnf install -y make cmake gcc glibc gcc-c++ libgcc
apt install openssl libssl-dev libffi-dev
dnf install -y openssl openssl-devel libffi-devel
apt install libcunit1 libcunit1-dev libcunit1-doc
dnf install -y CUnit
cJSON is required to build pelz. See their build instructions.
dnf install -y cjson-devel
uriparser 0.9.0 or newer is required
to build pelz. See their build instructions.
You may find it convenient to use the -DURIPARSER_BUILD_TESTS=OFF
and
-DURIPARSER_BUILD_DOCS=OFF
flags.
apt install liburiparser-dev
dnf install -y uriparser-devel
libkmip is required to build pelz. See their installation instructions.
Pelz maintains its key table inside an SGX enclave. To support this functionality it requires the Intel Linux SGX SDK and Intel SGX SSL library. Instructions for installing these can be found here:
- Install the Intel Linux SGX SDK
- Install the Intel SGX SSL library
You must also create an enclave signing key, for example by running openssl genrsa -out sgx/pelz_enclave_private.pem -3 3072
before building pelz.
The SGX SDK environment must be sourced before pelz can be run.
By default, Red Hat does not include either /usr/local/lib or /lib64 as a pre-configured 'ld' search path. In order to use libraries installed to these locations, therefore, the user will need to manually add these paths to /etc/ld.so.conf. Some of the pelz dependencies are installed, by default, to one of these locations.
Pelz uses portions of the kmyth SGX enclave which it acquires by including kmyth as a git submodule and including the right files as part of its build process as described in the kmyth SGX documentation. Before attempting to build pelz you must initialize and update the kmyth submodule by:
git submodule init
git submodule update
Pelz needs the kmyth logger and utils libraries for the build and runtime. After initializing and updating the kmyth submodule, follow the below instructions to build and install the kmyth library dependencies.
cd kmyth
make logger-lib utils-lib
make install
For more information, please see their build instructions.
Once the dependencies are in place, building pelz is done by:
make
which places the executable in the bin/
directory.
The unit test suite can be run via:
make test
All build artifacts and binaries can be removed by running:
make clean
Pelz comes with a plugin for Apache Accumulo. This allows the key encryption key(s) to be stored outside of Accumulo. Accumulo must be built after the plugin is installed. The script can be found in the accumulo_plugin directory. The script is used as follows:
./accumulo_plugin/setup_plugin.sh -i/-u -d /path/to/source/for/accumulo
For example, to install to a home directory containing the Accumulo source, you would execute:
./accumulo_plugin/setup_plugin.sh -i -d ~/accumulo
To uninstall:
./accumulo_plugin/setup_plugin.sh -u -d ~/accumulo
The choice to install/uninstall must always be specified, and a path to Accumulo must always be provided.
Uno provides an easy way to build a local instance of Accumulo for testing. Instructions for installing can be found here. Once downloaded and configured, but prior to running "./bin/uno fetch accumulo" the following must occur:
- Download the Accumulo source code.
- The Accumulo plugin must be installed. See [above](Pelz plugin for Accumulo) for instructions.
- From the fluo-uno directory:
a. cp conf/uno.conf conf/uno-local.conf
b. Open uno-local.conf in your favorite text editor
c. Uncomment and change the ACCUMULO_REPO configuration (line 46). This is the same location the plugin was installed.
d. Add "accumulo-encryption" to the POST_INSTALL_PLUGINS (line 151)
e. Save your changes and open plugins/accumulo-encryption.sh in a text editor
f. Change:
instance.crypto.service=org.apache.accumulo.core.cryptoImpl.AESCryptoService to
instance.crypto.service=org.apache.accumulo.core.cryptoImpl.PelzCryptoService
g. Save your changes - Continue following uno instructions (fetch, setup, etc)
For testing, see the Apache Accumulo Testing Suite.