This Dockerfile works. I started with nng but it required a newer version of cmake. So I went back to nanomsg. I was unable to find nng or nanomsg in Centos8 or EPEL8 or pretty much anywhere... The Fedora 33 rpm wanted asciidoctor which I couldn't find for CentOS 8 either. Dockerfile ------- FROM centos:8
RUN yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm RUN yum install -y dnf-plugins-core RUN yum config-manager --set-enabled PowerTools RUN yum install -y wget cmake make gcc nano pcre-devel libnsl2-devel mbedtls-devel gcc-c++ uthash-devel libyaml-devel gperftools-devel WORKDIR /usr/src RUN wget https://github.com/nanomsg/nanomsg/archive/1.1.5.tar.gz RUN tar -zxvf 1.1.5.tar.gz RUN cd nanomsg-1.1.5/ && mkdir build && cd build && cmake -DCMAKE_INSTALL_PREFIX:PATH=/usr .. && make && make install RUN ldconfig RUN wget https://www.apsis.ch/pound/Pound-3.0c.tgz RUN tar -zxvf Pound-3.0c.tgz RUN cd Pound-3.0c/build && cmake .. && make RUN Pound-3.0c/build/pound -v RUN ldd Pound-3.0c/build/pound ------ LDD output: linux-vdso.so.1 (0x00007ffdd0d8e000) libyaml-0.so.2 => /lib64/libyaml-0.so.2 (0x00007fbc88417000) libnanomsg.so.5 => /lib64/libnanomsg.so.5 (0x00007fbc881c3000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fbc87fa3000) libpcreposix.so.0 => /lib64/libpcreposix.so.0 (0x00007fbc87da0000) libtcmalloc.so.4 => /lib64/libtcmalloc.so.4 (0x00007fbc879a4000) libmbedcrypto.so.3 => /lib64/libmbedcrypto.so.3 (0x00007fbc87740000) libmbedx509.so.0 => /lib64/libmbedx509.so.0 (0x00007fbc87520000) libmbedtls.so.12 => /lib64/libmbedtls.so.12 (0x00007fbc872f1000) libc.so.6 => /lib64/libc.so.6 (0x00007fbc86f2e000) libanl.so.1 => /lib64/libanl.so.1 (0x00007fbc86d2a000) librt.so.1 => /lib64/librt.so.1 (0x00007fbc86b21000) libnsl.so.2 => /lib64/libnsl.so.2 (0x00007fbc86907000) /lib64/ld-linux-x86-64.so.2 (0x00007fbc88637000) libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fbc86696000) libunwind.so.8 => /lib64/libunwind.so.8 (0x00007fbc8647e000) libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007fbc860e9000) libm.so.6 => /lib64/libm.so.6 (0x00007fbc85d67000) libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fbc85b4f000) libpkcs11-helper.so.1 => /lib64/libpkcs11-helper.so.1 (0x00007fbc85932000) libz.so.1 => /lib64/libz.so.1 (0x00007fbc8571b000) libtirpc.so.3 => /lib64/libtirpc.so.3 (0x00007fbc854e8000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fbc852e4000) libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007fbc84e05000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fbc84bb5000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fbc848c5000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fbc846a9000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fbc844a5000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fbc84294000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fbc84090000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fbc83e79000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fbc83c4e000) libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fbc839ca000) ------ Joe From: pound <pound-boun...@apsis.ch> on behalf of Christian COMMARMOND <christian.commarm...@gmail.com> Reply-To: reverse proxy and load balancer <pound@apsis.ch> Date: Thursday, June 4, 2020 at 10:02 AM To: reverse proxy and load balancer <pound@apsis.ch> Subject: Re: [pound] ANNOUNCE: Pound - reverse proxy and load balancer - v3.0c Hi, First, I want to thank you for pound. I use it for several years now, but since I had recently compatibility problems, I try to install pound 3 on Centos 8.1. But without success so far. I am confused by website that states that : nanomsg This project has largely been superceded by the https://github.com/nanomsg/nng project. Users are encouraged to use nng if they are able. 1.1.5, released on October 15, 2018. So I downloaded nanomsg 1.1.5 mbedSSL is in fact mbedTLS. At least, the provided link goes on this one... tcmalloc is still in gperftools-libs and I did not find it anywhere else. pcreposix looks like part of pcre, but impossible to find pcreposix.h in a repository (and I found a 2010 book stating it is replaced by ap_regex.h ???) But after installation of all the listed packages (but what I listed before), I get this: [root@Cent8Pound build]# cmake .. -- The C compiler identification is GNU 8.3.1 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Detecting C compile features -- Detecting C compile features - done -- Looking for pthread.h -- Looking for pthread.h - found -- Looking for pthread_create -- Looking for pthread_create - not found -- Check if compiler accepts -pthread -- Check if compiler accepts -pthread - yes -- Found Threads: TRUE -- Looking for 33 include files stdio.h, ..., mbedtls/error.h -- Looking for 33 include files stdio.h, ..., mbedtls/error.h - found -- Looking for include file pcreposix.h -- Looking for include file pcreposix.h - not found -- Looking for include file pcre/pcreposix.h -- Looking for include file pcre/pcreposix.h - not found -- Looking for include file regex.h -- Looking for include file regex.h - found -- Looking for include file stdarg.h -- Looking for include file stdarg.h - found -- Configuring done -- Generating done -- Build files have been written to: /root/Pound-3.0c/build [root@Cent8Pound build]# make Scanning dependencies of target pound [ 16%] Building C object CMakeFiles/pound.dir/src/backend.c.o [ 33%] Building C object CMakeFiles/pound.dir/src/config.c.o [ 50%] Building C object CMakeFiles/pound.dir/src/http.c.o [ 66%] Building C object CMakeFiles/pound.dir/src/pound.c.o [ 83%] Building C object CMakeFiles/pound.dir/src/util.c.o [100%] Linking C executable pound CMakeFiles/pound.dir/src/config.c.o: In function `get_ciphers': config.c:(.text+0x1dcd): undefined reference to `mbedtls_ssl_get_ciphersuite_id' config.c:(.text+0x1f8c): undefined reference to `mbedtls_ssl_get_ciphersuite_id' CMakeFiles/pound.dir/src/config.c.o: In function `get_one': config.c:(.text+0x22d0): undefined reference to `mbedtls_x509_crt_init' config.c:(.text+0x22e6): undefined reference to `mbedtls_x509_crt_parse_file' config.c:(.text+0x2315): undefined reference to `mbedtls_pk_init' config.c:(.text+0x2337): undefined reference to `mbedtls_pk_parse_keyfile' config.c:(.text+0x23e6): undefined reference to `mbedtls_pk_check_pair' CMakeFiles/pound.dir/src/config.c.o: In function `get_https': config.c:(.text+0x30f1): undefined reference to `mbedtls_ssl_config_init' config.c:(.text+0x30ff): undefined reference to `mbedtls_ctr_drbg_random' config.c:(.text+0x3107): undefined reference to `mbedtls_ssl_conf_rng' config.c:(.text+0x3122): undefined reference to `mbedtls_ssl_config_defaults' config.c:(.text+0x3133): undefined reference to `mbedtls_ssl_conf_alpn_protocols' config.c:(.text+0x3144): undefined reference to `mbedtls_ssl_conf_authmode' config.c:(.text+0x369e): undefined reference to `mbedtls_ssl_conf_ciphersuites' config.c:(.text+0x36dd): undefined reference to `mbedtls_ssl_conf_sni' config.c:(.text+0x3704): undefined reference to `mbedtls_ssl_conf_own_cert' config.c:(.text+0x3739): undefined reference to `mbedtls_ssl_conf_ca_chain' config.c:(.text+0x374f): undefined reference to `mbedtls_ssl_conf_read_timeout' CMakeFiles/pound.dir/src/http.c.o: In function `c_read': http.c:(.text+0x1d35): undefined reference to `mbedtls_ssl_read' CMakeFiles/pound.dir/src/http.c.o: In function `c_write': http.c:(.text+0x1f52): undefined reference to `mbedtls_ssl_write' CMakeFiles/pound.dir/src/http.c.o: In function `c_close': http.c:(.text+0x1fd5): undefined reference to `mbedtls_ssl_write' http.c:(.text+0x1fe4): undefined reference to `mbedtls_ssl_close_notify' http.c:(.text+0x2005): undefined reference to `mbedtls_ssl_free' http.c:(.text+0x2011): undefined reference to `mbedtls_net_free' CMakeFiles/pound.dir/src/http.c.o: In function `thr_http': http.c:(.text+0x21da): undefined reference to `mbedtls_net_init' http.c:(.text+0x21f5): undefined reference to `mbedtls_ssl_init' http.c:(.text+0x220f): undefined reference to `mbedtls_ssl_setup' http.c:(.text+0x2223): undefined reference to `mbedtls_net_recv_timeout' http.c:(.text+0x222d): undefined reference to `mbedtls_net_send' http.c:(.text+0x2235): undefined reference to `mbedtls_ssl_set_bio' http.c:(.text+0x2244): undefined reference to `mbedtls_ssl_handshake' http.c:(.text+0x2270): undefined reference to `mbedtls_strerror' http.c:(.text+0x22a9): undefined reference to `mbedtls_ssl_free' http.c:(.text+0x22ca): undefined reference to `mbedtls_ssl_get_peer_cert' http.c:(.text+0x22de): undefined reference to `mbedtls_ssl_get_peer_cert' http.c:(.text+0x22fd): undefined reference to `mbedtls_x509_crt_info' http.c:(.text+0x23bb): undefined reference to `mbedtls_ssl_free' http.c:(.text+0x23ca): undefined reference to `mbedtls_net_free' CMakeFiles/pound.dir/src/pound.c.o: In function `main': pound.c:(.text+0xda): undefined reference to `mbedtls_entropy_init' pound.c:(.text+0xe4): undefined reference to `mbedtls_ctr_drbg_init' pound.c:(.text+0x117): undefined reference to `mbedtls_entropy_func' pound.c:(.text+0x121): undefined reference to `mbedtls_ctr_drbg_seed' CMakeFiles/pound.dir/src/util.c.o: In function `do_sni': util.c:(.text+0x78a): undefined reference to `mbedtls_ssl_set_hs_own_cert' collect2: error: ld returned 1 exit status make[2]: *** [CMakeFiles/pound.dir/build.make:144: pound] Error 1 make[1]: *** [CMakeFiles/Makefile2:68: CMakeFiles/pound.dir/all] Error 2 make: *** [Makefile:84: all] Error 2 NOTA: With centos 7, I got to this level: [root@feux2-pound3 build]# make [ 16%] Linking C executable pound CMakeFiles/pound.dir/src/pound.c.o: In function `main': pound.c:(.text+0xf8): undefined reference to `getentropy' collect2: error: ld returned 1 exit status make[2]: *** [pound] Error 1 make[1]: *** [CMakeFiles/pound.dir/all] Error 2 make: *** [all] Error 2 getentropy looks to be added in a later version of glibc than we have in Centos 7.8 repository. So, what can I do? Could you clarify how to build this version? Probably, it is a basic problem. But I am not expert enough. thank you for your help, Christian COMMARMOND Le mar. 5 mai 2020 à 22:04, Carsten Leonhardt <mailto:l...@debian.org> a écrit : Hi Robert, I found more things to report: The setuid call needs to come after the setgid call, otherwise the right to change gid is lost when the uid is changed away from root. So the lines 117-121 and 122-126 need to be switched in src/pound.c. With the configuration below, pound doesn't answer requests but uses 100% CPU. http://localhost:80 works, but http://localhost:8080 doesn't. Regards, Carsten ------8<-----8<------8<------ Global: User: "_pound" Group: "_pound" Backends: - &be Address: 127.0.0.1 Port: 80 HTTPListeners: - Address: 127.0.0.1 Port: 8080 Services: - Backends: - *be HTTPSListeners: ------8<-----8<------8<------ -- pound mailing list mailto:pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch -- pound mailing list pound@apsis.ch https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
