Re: Fwd: Compiling Tomcat Native 1.2.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pierce, On 9/12/16 4:32 PM, Pierce Allen wrote: > I run a collection Tomcat web servers on Redhat 7.2 (up-to-date) > > Normally we like to compile and use the latest stable version of > Tomcat Native we can get our hands on (currently the one that ships > with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try > to compile recent versions of Tomcat Native I get an error that my > OpenSSL version is too low: > > checking OpenSSL library version >= 1.0.2... configure: error: > Your version of O penSSL is not compatible with this version of > tcnative > > I don't really want to muck up the distro by trying to update > OpenSSL by downloading and compiling OpenSSL's source code. RedHat > backports security fixes to OpenSSL 1.0.1e so there are no > "heartbleed" or other known vulnerabilities with the in-band > OpenSSL version. Is there some workaround or procedure that can be > used to get recent versions of Tomcat Native to compile on up to > date RedHat systems? You can still run with a tcnative 1.1 against this older version of OpenSSL. What version do you actually have? You can also try to use "--disable-openssl-version-check" with ./configure to ignore the version check and hope for the best. Officially, tcnative 1.2.x requires a minimum of OpenSSL 1.0.2 http://tomcat.apache.org/native-doc/miscellaneous/changelog.html - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJX2ci5AAoJEBzwKT+lPKRYhO4QALNlQJt2jUCIi/nvzSBXeJfP UG7Ui7gDsuep8GhXVNftb9rY6CXqF66va4lhJUbE2CmNBsyZuLzH8PYxZNthS9IB em4rLPA9rCKlx+JpZkvSSqNIO4cn9NO8jiZJrBVQRHomvOTkFC6SWI4Dhgoz5xtE U1PSp2LYpDfgI6ugxPUFc44G4WLOXVzmXlo3i7I9CSfD/BwQQl1xUOkExRXObTDH va5/uzMqBCFSVo+aUXt6af89ja6hNYHY66wS1wLlspCGWD3Y4MPa3eXy83TUc2ph F06Y47ShCJPnRI0ssGFNHKSltPLgsYTUzepTQ39517Sn4Svk5Wnk3jD9C18NN7mW +BRuiIOwScxM2Z8V1LsvaxTtFNE+xP3443CvN08CzDE1+qt1zas6iJXU7ZcIfQFC 5VwQWTfojsxrr6l1/jSBw8qZjc6nFwqDiNsnDpJl0rki39yxTQi6WXl761C49GRZ 2b2lb9j4YPDKr4ia5mnJFY7zGA0Tk9QBZXZvk/P4/qeeZ0o01xjhqOUvz6o9GUfs Q08Rs6aJyUtvZq75TuY+377Psglrq/IiyldGs3r8f5R2xrL/VxEOPdQXKCEvm8dU yenLlAGMwfHdEhh8LLgxfhNJtYjjtLLGUjlvvSUT0b0OJl/UO6Xwc4h2tCImZXLs gKhKu89iXpLMDphJEoCB =WXCg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Compiling Tomcat Native 1.2.8
On 12/09/2016 22:32, Pierce Allen wrote: Hello - I run a collection Tomcat web servers on Redhat 7.2 (up-to-date) Normally we like to compile and use the latest stable version of Tomcat Native we can get our hands on (currently the one that ships with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try to compile recent versions of Tomcat Native I get an error that my OpenSSL version is too low: checking OpenSSL library version >= 1.0.2... configure: error: Your version of O penSSL is not compatible with this version of tcnative I don't really want to muck up the distro by trying to update OpenSSL by downloading and compiling OpenSSL's source code. RedHat backports security fixes to OpenSSL 1.0.1e so there are no "heartbleed" or other known vulnerabilities with the in-band OpenSSL version. Is there some workaround or procedure that can be used to get recent versions of Tomcat Native to compile on up to date RedHat systems? In a similar situation, I statically link openssl. Please find enclosed my .spec for Tomcat 8.5.5. I tried not to alter it too much when removing information specific to my organisation. Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | %define major_version 8 %define minor_version 5 %define revision 5 %define full_version %{major_version}.%{minor_version}.%{revision} %define native_major_version 1 %define native_minor_version 2 %define native_revision 8 %define native_full_version %{native_major_version}.%{native_minor_version}.%{native_revision} %define commons_daemon_version 1.0.15 %define openssl_major 1 %define openssl_minor 0 %define openssl_revision 2h %define openssl_full_version %{openssl_major}.%{openssl_minor}.%{openssl_revision} %define apr_major 1 %define apr_minor 5 %define apr_revision 2 %define apr_full_version %{apr_major}.%{apr_minor}.%{apr_revision} Name: my-tomcat Version: %{full_version} Release: 1 Summary: My Own Tomcat License: My License Group: my.group autoprov: yes autoreq: yes Requires: my-jre BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX) # dependance vers le jdk 7 par facilite (le 8 serait mieux) BuildRequires: apr-devel openssl-devel java-1.7.0-openjdk, java-1.7.0-openjdk-devel, chrpath %define source_file http://mirrors.ircam.fr/pub/apache/tomcat/tomcat-%{major_version}/v%{full_version}/bin/apache-tomcat-%{full_version}.tar.gz %define openssl_file https://www.openssl.org/source/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}.tar.gz %define apr_file http://wwwftp.ciril.fr/pub/apache/apr/apr-%{apr_major}.%{apr_minor}.%{apr_revision}.tar.bz2 Source: %{source_file} Source1: mysql-connector-java-5.1.23-bin.jar Source2: OracleDriver-7.jar Source3: postgresql-9.4.1209.jar Source6: %{openssl_file} Source7: %{apr_file} Patch: manager.patch Patch1: server.xml.patch Patch2: tomcat-users.xml.patch # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %define basedir %{_var}/lib/%{name} %define appdir %{basedir}/webapps %define bindir %{_datadir}/%{name}/bin %define confdir %{_sysconfdir}/%{name} %define homedir %{_datadir}/%{name} %define libdir %{_javadir}/%{name} %define logdir %{_var}/log/%{name} %define cachedir %{_var}/cache/%{name} %define tempdir %{cachedir}/temp %define workdir %{cachedir}/work %define _initrddir %{_sysconfdir}/init.d %define tomcat_base %{homedir} %description My desc Startup and shutdown are managed with commons-daemon %{commons_daemon_version}. %prep %{__mkdir} -p $RPM_BUILD_DIR/%{name} cat << \EOF > %{_builddir}/%{name}/%{name}-req #!/bin/sh %{__find_requires} $* |\ sed -e '/libcrypto/d' -e '/libssl.so/d' -e '/pkgconfig' EOF %define __find_requires %{_builddir}/%{name}/%{name}-req chmod +x %{__find_requires} %define _use_internal_dependency_generator 0 %setup -T -D -a 6 -n . %setup -T -D -a 7 -n . %setup -T -D -a 0 -n . %patch -p0 %patch1 -p0 %patch2 -p0 cd ${RPM_BUILD_DIR} tar xvzf apache-tomcat-%{full_version}/bin/tomcat-native.tar.gz tar xvzf apache-tomcat-%{full_version}/bin/commons-daemon-native.tar.gz if [ ! -d ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ]; then mv ${RPM_BUILD_DIR}/openssl-* ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} fi %build %{__rm} -rf $RPM_BUILD_ROOT pushd . cd ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ./config --prefix=${RPM_BUILD_DIR}/openssl-inst no-shared -fPIC make make install_sw popd pushd . cd ${RPM_BUILD_DIR}/apr-%{apr_major}.%{apr_minor}.%{apr_revision} CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/apr-inst make make install # lthis line desactivate dynamic linking against openssl sed -i -e "/dlname=/d" -e "/library_names=/d" ${RPM_BUILD_DIR}/apr-inst/lib/libapr-1.la popd pushd . cd ${RPM_BUILD_DIR}/tomcat-native-%{native_full_version}-src/native CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/tomcat-native-inst