Using the V5.4-001 Reference Implementation with Older Releases

Since the interface between GT.M and the encryption libraries is stable, encrypted databases require no special upgrade procedures beyond any that may be required for ordinary databases when upgrading GT.M versions. Beyond an occasional need to recompile the plugin and rebuild the shared library, a plugin other than the reference implementation should also continue to operate with new GT.M versions. This stable interface also means that the encryption plugins from newer GT.M versions can be retrofitted to older GT.M versions. This section describes interfacing the reference plugin bundled with V5.4-001 to an older GT.M version that supports encryption, such as V5.4-000A; adapt it to your needs should you wish to use a plugin from one version of GT.M with another version.

[Note] Note

Since the reference plugin bundled with V5.4-001 supports GPG v2 as well as v1, and since its key management is more robust from that bundled with older versions of GT.M that support encryption, FIS suggests that you consider such a retrofit if you have chosen to deploy encrypted databases on older versions of GT.M with the reference implementation.

The instructions provided in this section are expert friendly and intended for someone familiar with UNIX/Linux and GT.M. All commands are examples, rather than intended to be executed as written. Adapt them to your specific needs and DO NOT BLINDLY EXECUTE THEM VERBATIM.

Installation

To obtain the V5.4-001 reference implementation:

  1. To go the GT.M project website on Source Forge.

  2. Download the gtmcrypt_V54001.tar.gz file. from the V5.4-001 release of GT.M-x86-Linux-src.

gtmcrypt_V54001.tar.gz contains the source files for the reference plugin distributed with GT.M V5.4-001. (Depending on when you downloaded it, it may have a pre-release version.)Before you begin:

  • Ensure that you have a working C compiler (cc).

  • Ensure that you have root access.

  • The instructions provided in this section are for installing the V5.4-001 prerelease reference implementation on Ubuntu Linux on an x86_64 system. Other platform should be similar.

To install the new database encryption plug-in on an older GT.M release, perform the following steps:

  1. Unpack the distribution files in a temporary directory, for example, /tmp/tmp3 and change to the src sub-directory within.

    mkdir /tmp/tmp3tar zxvf gtmcrypt_V54001.tar.gz -C /tmp/tmp3cd /tmp/tmp3/src
  2. Run the build.sh script specifying the encryption library (gcrypt or openssl) and the build type (d for debug; p for production). The script needs the environment variable $gtm_dist to be defined, and, depending on the way ICU is compiled on your system, may well need $gtm_icu_version to be defined as well.

    export gtm_dist=/usr/lib/fis-gtm/V5.4-000A_x86_64
    export gtm_icu_version=4.2./build.sh gcrypt p
  3. As root, make a backup copy of the existing plugin directory.

    sudo cp -a $gtm_dist/plugin{,_sav_`date +%Y%m%d%H%M%S`}
  4. As root, delete the Korn shell scripts and old source tarball in the existing plugin directory.

    sudo rm -f $gtm_dist/plugin/gtmcrypt/{*.ksh,source.tar}
  5. As root, run the install script (executing via sudo will not work here, since it does not pass the $gtm_dist environment variable to the shell script).

    export gtm_dist=/usr/lib/fis-gtm/V5.4-000A_x86_64
    ./install.sh 
  6. Edit the gpgagent.tab file to specify the correct pathname to the libgtmcrypt.so shared library, and as root, copy the distributed shell scripts and gpgagent.tab file.

    cd ..
    sudo cp *.sh gpgagent.tab $gtm_dist/plugin/gtmcrypt/
  7. Set ownership and permissions appropriate to your installation.

    sudo chown -R bin.gtm $gtm_dist/plugin
    sudo chmod -R o-rwx,a-w $gtm_dist/plugin
  8. Your new database encryption plugin should now be ready for use!