Re: Fwd: Compiling Tomcat Native 1.2.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pierce, On 9/12/16 4:32 PM, Pierce Allen wrote: > I run a collection Tomcat web servers on Redhat 7.2 (up-to-date) > > Normally we like to compile and use the latest stable version of > Tomcat Native we can get our hands on (currently the one that ships > with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try > to compile recent versions of Tomcat Native I get an error that my > OpenSSL version is too low: > > checking OpenSSL library version >= 1.0.2... configure: error: > Your version of O penSSL is not compatible with this version of > tcnative > > I don't really want to muck up the distro by trying to update > OpenSSL by downloading and compiling OpenSSL's source code. RedHat > backports security fixes to OpenSSL 1.0.1e so there are no > "heartbleed" or other known vulnerabilities with the in-band > OpenSSL version. Is there some workaround or procedure that can be > used to get recent versions of Tomcat Native to compile on up to > date RedHat systems? You can still run with a tcnative 1.1 against this older version of OpenSSL. What version do you actually have? You can also try to use "--disable-openssl-version-check" with ./configure to ignore the version check and hope for the best. Officially, tcnative 1.2.x requires a minimum of OpenSSL 1.0.2 http://tomcat.apache.org/native-doc/miscellaneous/changelog.html - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX2ci5AAoJEBzwKT+lPKRYhO4QALNlQJt2jUCIi/nvzSBXeJfP UG7Ui7gDsuep8GhXVNftb9rY6CXqF66va4lhJUbE2CmNBsyZuLzH8PYxZNthS9IB em4rLPA9rCKlx+JpZkvSSqNIO4cn9NO8jiZJrBVQRHomvOTkFC6SWI4Dhgoz5xtE U1PSp2LYpDfgI6ugxPUFc44G4WLOXVzmXlo3i7I9CSfD/BwQQl1xUOkExRXObTDH va5/uzMqBCFSVo+aUXt6af89ja6hNYHY66wS1wLlspCGWD3Y4MPa3eXy83TUc2ph F06Y47ShCJPnRI0ssGFNHKSltPLgsYTUzepTQ39517Sn4Svk5Wnk3jD9C18NN7mW +BRuiIOwScxM2Z8V1LsvaxTtFNE+xP3443CvN08CzDE1+qt1zas6iJXU7ZcIfQFC 5VwQWTfojsxrr6l1/jSBw8qZjc6nFwqDiNsnDpJl0rki39yxTQi6WXl761C49GRZ 2b2lb9j4YPDKr4ia5mnJFY7zGA0Tk9QBZXZvk/P4/qeeZ0o01xjhqOUvz6o9GUfs Q08Rs6aJyUtvZq75TuY+377Psglrq/IiyldGs3r8f5R2xrL/VxEOPdQXKCEvm8dU yenLlAGMwfHdEhh8LLgxfhNJtYjjtLLGUjlvvSUT0b0OJl/UO6Xwc4h2tCImZXLs gKhKu89iXpLMDphJEoCB =WXCg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Compiling Tomcat Native 1.2.8
On 12/09/2016 22:32, Pierce Allen wrote:
Hello -
I run a collection Tomcat web servers on Redhat 7.2 (up-to-date)
Normally we like to compile and use the latest stable version of
Tomcat Native we can get our hands on (currently the one that ships
with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try to
compile recent versions of Tomcat Native I get an error that my
OpenSSL version is too low:
checking OpenSSL library version >= 1.0.2... configure: error: Your
version of O penSSL is not compatible with this version of tcnative
I don't really want to muck up the distro by trying to update OpenSSL
by downloading and compiling OpenSSL's source code. RedHat backports
security fixes to OpenSSL 1.0.1e so there are no "heartbleed" or other
known vulnerabilities with the in-band OpenSSL version. Is there some
workaround or procedure that can be used to get recent versions of
Tomcat Native to compile on up to date RedHat systems?
In a similar situation, I statically link openssl.
Please find enclosed my .spec for Tomcat 8.5.5.
I tried not to alter it too much when removing information specific to
my organisation.
Ludovic
|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|
%define major_version 8
%define minor_version 5
%define revision 5
%define full_version %{major_version}.%{minor_version}.%{revision}
%define native_major_version 1
%define native_minor_version 2
%define native_revision 8
%define native_full_version %{native_major_version}.%{native_minor_version}.%{native_revision}
%define commons_daemon_version 1.0.15
%define openssl_major 1
%define openssl_minor 0
%define openssl_revision 2h
%define openssl_full_version %{openssl_major}.%{openssl_minor}.%{openssl_revision}
%define apr_major 1
%define apr_minor 5
%define apr_revision 2
%define apr_full_version %{apr_major}.%{apr_minor}.%{apr_revision}
Name: my-tomcat
Version: %{full_version}
Release: 1
Summary: My Own Tomcat
License: My License
Group: my.group
autoprov: yes
autoreq: yes
Requires: my-jre
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX)
# dependance vers le jdk 7 par facilite (le 8 serait mieux)
BuildRequires: apr-devel openssl-devel java-1.7.0-openjdk, java-1.7.0-openjdk-devel, chrpath
%define source_file http://mirrors.ircam.fr/pub/apache/tomcat/tomcat-%{major_version}/v%{full_version}/bin/apache-tomcat-%{full_version}.tar.gz
%define openssl_file https://www.openssl.org/source/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}.tar.gz
%define apr_file http://wwwftp.ciril.fr/pub/apache/apr/apr-%{apr_major}.%{apr_minor}.%{apr_revision}.tar.bz2
Source: %{source_file}
Source1: mysql-connector-java-5.1.23-bin.jar
Source2: OracleDriver-7.jar
Source3: postgresql-9.4.1209.jar
Source6: %{openssl_file}
Source7: %{apr_file}
Patch: manager.patch
Patch1: server.xml.patch
Patch2: tomcat-users.xml.patch
# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
%define basedir %{_var}/lib/%{name}
%define appdir %{basedir}/webapps
%define bindir %{_datadir}/%{name}/bin
%define confdir %{_sysconfdir}/%{name}
%define homedir %{_datadir}/%{name}
%define libdir %{_javadir}/%{name}
%define logdir %{_var}/log/%{name}
%define cachedir %{_var}/cache/%{name}
%define tempdir %{cachedir}/temp
%define workdir %{cachedir}/work
%define _initrddir %{_sysconfdir}/init.d
%define tomcat_base %{homedir}
%description
My desc
Startup and shutdown are managed with commons-daemon %{commons_daemon_version}.
%prep
%{__mkdir} -p $RPM_BUILD_DIR/%{name}
cat << \EOF > %{_builddir}/%{name}/%{name}-req
#!/bin/sh
%{__find_requires} $* |\
sed -e '/libcrypto/d' -e '/libssl.so/d' -e '/pkgconfig'
EOF
%define __find_requires %{_builddir}/%{name}/%{name}-req
chmod +x %{__find_requires}
%define _use_internal_dependency_generator 0
%setup -T -D -a 6 -n .
%setup -T -D -a 7 -n .
%setup -T -D -a 0 -n .
%patch -p0
%patch1 -p0
%patch2 -p0
cd ${RPM_BUILD_DIR}
tar xvzf apache-tomcat-%{full_version}/bin/tomcat-native.tar.gz
tar xvzf apache-tomcat-%{full_version}/bin/commons-daemon-native.tar.gz
if [ ! -d ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ]; then
mv ${RPM_BUILD_DIR}/openssl-* ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}
fi
%build
%{__rm} -rf $RPM_BUILD_ROOT
pushd .
cd ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}
./config --prefix=${RPM_BUILD_DIR}/openssl-inst no-shared -fPIC
make
make install_sw
popd
pushd .
cd ${RPM_BUILD_DIR}/apr-%{apr_major}.%{apr_minor}.%{apr_revision}
CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/apr-inst
make
make install
# lthis line desactivate dynamic linking against openssl
sed -i -e "/dlname=/d" -e "/library_names=/d" ${RPM_BUILD_DIR}/apr-inst/lib/libapr-1.la
popd
pushd .
cd ${RPM_BUILD_DIR}/tomcat-native-%{native_full_version}-src/native
CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/tomcat-native-inst
