Supplemental Linux® From Scratch (Systemd Edition) - Version #d536

Chapter 2. General Libraries

Mbed-TLS-3.6.3

Introduction to Mbed TLS

The Mbed TLS package provides TLS libraries and aims to flexible and portable.

Mbed TLS Dependencies

Required

CMake

Installation of Mbed TLS

Install Mbed TLS by running the following commands: 

mkdir build &&
cd    build &&

CFLAGS="-Wno-unterminated-string-initialization"   \
CXXFLAGS="-Wno-unterminated-string-initialization" \
cmake -D CMAKE_INSTALL_PREFIX=/usr                 \
      -D CMAKE_BUILD_TYPE=Release                  \
      -D CMAKE_SKIP_RPATH=ON                       \
      -D USE_SHARED_MBEDTLS_LIBRARY=ON             \
      -D USE_STATIC_MBEDTLS_LIBRARY=OFF            \
      -G Ninja .. &&

ninja

Now, as the root user: 

DESTDIR=$PWD/DESTDIR ninja install &&
pushd DESTDIR/usr/bin &&
  for i in *; do
    mv -v {,mbedtls_}$i
  done
popd &&
cp -vR DESTDIR/usr/* /usr

Command Explanations

C{,XX}FLAGS="-Wno-unterminated-string-initialization": These variables disable a false positive being triggered by GCC-15.x.x.

-D CMAKE_SKIP_INSTALL_RPATH=ON: This switch makes cmake remove hardcoded library search paths (rpath) when installing a binary executable file or a shared library. This package does not need rpath once it's installed into the standard location, and rpath may sometimes cause unwanted effects or even security issues.

-D USE_SHARED_MBEDTLS_LIBRARY=ON: This parameter ensures shared libraries are built.

-D USE_STATIC_MBEDTLS_LIBRARY=OFF: This parameter ensures the main libraries are not statically built.

pushd DESTDIR/usr/bin ...: These commands rename the programs as to not conflict with those that may be installed by other programs.

Contents

Installed Programs: mbedtls_aead_demo, mbedtls_benchmark, mbedtls_cert_app, mbedtls_cert_req, mbedtls_cert_write, mbedtls_cipher_aead_demo, mbedtls_crl_app, mbedtls_crypt_and_hash, mbedtls_crypto_examples, mbedtls_dh_client, mbedtls_dh_genprime, mbedtls_dh_server, mbedtls_dtls_client, mbedtls_dtls_server, mbedtls_ecdh_curve25519, mbedtls_ecdsa, mbedtls_gen_entropy, mbedtls_generic_sum, mbedtls_gen_key, mbedtls_gen_random_ctr_drbg, mbedtls_hello, mbedtls_hmac_demo, mbedtls_key_app, mbedtls_key_app_writer, mbedtls_key_ladder_demo, mbedtls_key_ladder_demo.sh, mbedtls_load_roots, mbedtls_md_hmac_demo, mbedtls_metatest, mbedtls_mini_client, mbedtls_mpi_demo, mbedtls_pem2der, mbedtls_pk_decrypt, mbedtls_pk_encrypt, mbedtls_pk_sign, mbedtls_pk_verify, mbedtls_psa_constant_names, mbedtls_psa_hash, mbedtls_query_compile_time_config, mbedtls_query_included_headers, mbedtls_req_app, mbedtls_rsa_decrypt, mbedtls_rsa_encrypt, mbedtls_rsa_genkey, mbedtls_rsa_sign, mbedtls_rsa_sign_pss, mbedtls_rsa_verify, mbedtls_rsa_verify_pss, mbedtls_selftest, mbedtls_ssl_client1, mbedtls_ssl_client2, mbedtls_ssl_context_info, mbedtls_ssl_fork_server, mbedtls_ssl_mail_client, mbedtls_ssl_pthread_server, mbedtls_ssl_server, mbedtls_ssl_server2, mbedtls_strerror, mbedtls_udp_proxy, and mbedtls_zeroize
Installed Libraries: libeverest (static), libmbedcrypto, libmbedtls, libmbedx509, and libp256m (static)
Installed Directories: /usr/include/{everest,mbedtls,psa} and /usr/lib/cmake/MbedTLS

Short Descriptions

libmbedcrypto

handles cryptography functions that are needed by other parts of this package and other packages

libmbedtls

provides TLS functions

libmbedx509

is used by libmbedtls; it handles X.509 certificates that allow TLS and SSL to be possible