-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 8/21/14, 12:01 PM, Mark Eggers wrote: > On 8/21/2014 8:10 AM, Caldarale, Charles R wrote: >>> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >>> Subject: Re: Tomcat 8.0.9 native library not found > >>> I'm not ld master, but I think you might need to reboot in >>> order for changes to ld.conf and friends to change anything. > >> Just run the ldconfig utility (as root) to rebuild the cache. >> Normally without options, but -v might provide some pertinent >> information. > >> - Chuck > > > Chuck, > > I probably should have run it with the -v option, but catalina.out > didn't list all of the paths specified in the files in > /etc/ld.so.conf.d. > > Neil, > > I didn't notice --with-ssl=/usr in your configuration. Here's the > gory details of what I just did: > > My quick and dirty CentOS 7 system: > > 3.10.0-123.6.3.el7.x86_64#1 SMP Wed Aug 6 21:12:36 UTC 2014 x86_64 > x86_64 x86_64 GNU/Linux > > apr-devel-1.4.8-3.el7.x86_64 apr-1.4.8-3.el7.x86_64 > apr-util-1.5.2-6.el7.x86_64 apr-util-devel-1.5.2-6.el7.x86_64 > openssl-1.0.1e-34.el7_0.4.x86_64 > openssl-devel-1.0.1e-34.el7_0.4.x86_64 > openssl-libs-1.0.1e-34.el7_0.4.x86_64 > openssl098e-0.9.8e-29.el7.centos.2.x86_64 > > Java / JRE Oracle 1.7.0_67 64 bit Ant 1.8.1 > > Tomcat 8 from SVN Revision: 1619129 > > Steps to install Tomcat native: > > 1. ant (to build Tomcat) 2. cd output/build/bin 3. tar xvfz > tomcat-native.tar.gz 4. cd tomcat-native-1.1.31-src/jni/native/ 5. > ./configure --with-apr=/usr --with-ssl=/usr 6. make 7. make install > (as root) 8. Create apr.conf in /etc/ld.so.conf.d with the > following content /usr/local/apr/lib I really wouldn't recommend messing-around with ld.so.conf. There's no reason not to use -Djava.library.path. > 9. ldconfig -v (partial output below) > > libtcnative-1.so.0 -> libtcnative-1.so.0.1.31 libssl.so.6 -> > libssl.so.0.9.8e libevent_openssl-2.0.so.5 -> > libevent_openssl-2.0.so.5.1.9 libssl3.so -> libssl3.so libssl.so.10 > -> libssl.so.1.0.1e libgstdataprotocol-0.10.so.0 -> > libgstdataprotocol-0.10.so.0.30.0 libaprutil-1.so.0 -> > libaprutil-1.so.0.5.2 libapr-1.so.0 -> libapr-1.so.0.4.8 > libgnutls-xssl.so.0 -> libgnutls-xssl.so.0.0.0 > > This is catalina.out without setenv.sh: > > 21-Aug-2014 08:36:50.460 INFO [main] > org.apache.catalina.core.AprLifecycleListener.init The APR based > Apache Tomcat Native library which allows optimal performance in > production environments was not found on the java.library.path: > /usr/java /packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib > > The following setenv.sh was created: > > CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib" > > This is catalina.out with the above setenv.sh: > > 21-Aug-2014 08:44:23.168 INFO [main] > org.apache.catalina.core.AprLifecycleListener.init Loaded APR based > Apache Tomcat Native library 1.1.31 using APR version 1.4.8. > 21-Aug-2014 08:44:23.180 INFO [main] > org.apache.catalina.core.AprLifecycleListener.init APR > capabilities: IPv6 [true], sendfile [true], accept filters [false], > random [true]. > > I noticed that you did not include --with-ssl=/usr in your last > mail message. Do you have the openssl development libraries > installed? I wonder if the JVM requires that you have java.library.path set to where your initial libraries are loaded to protect processes against a class of security problems. If all of ld.so.conf were available, evil Java classes could try to load arbitrary libraries from /usr/lib that are known to have certain vulnerabilities and exploit them. Reducing the attack surface can make the JVM a safer place to live... - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJT9ki4AAoJEBzwKT+lPKRYwyIP/2dU+FH8khya6Px98YLVP/o3 1rVL+/yc0c+kv4Z4lOpFpW1uzzJfV+fvoUrTeBgVRTXFPDdi+MmD5u7H8jaQdbBR U1PhhbFUq7vbdCIMvUZ0YhzQY5kTs8GOUQ6uGJAoHGhTMc59dhsXY41fG4SEjgC1 zf9sZB5fGgvSnmm3tTU9L54WXC5YbMiiZRRd2HqamLZMVnyVvv43zaUO5243QUfo h7+U1QeEn5+SBxu5kaOzx86Lpq8soRgEVVrvRgIW7MziWfZ4HKmef3v9oPZ+ZUiP hrz326EOnehkz3ZcWZTPG6+MRs2F72jOKo9LAiK+ByxZc77FQ9hVar3gfKhARcO6 OsjgsNIF6w4g0zNOApFJ0SyK0DuK/MU00fgGUEXfgD5W3pw3qunuZX2kbf0uUI71 xNiBS8qknOzD3g4liBsYufo9HarrAajhK4Mp666b4AxSZ0LWf4ZxTqRLZGq9Z26w f/k84wXrKHgLD7iAUTeGC8KpX0+XHnp/oRVzZjJeYyMnUNuGhZ1rei5fM3xsVPX0 mfdzig7Nn6ymU6ndtcvynOMgwZ97uyv9+ZsucoVs7hgSGcRzI54Yy8YIHbYXQu70 NEUUhCryskjko5Me67tUbUHJcZbo7YfdfWzmOWPlOTEG9Gp8pQiahLJCEkMOkBq9 r6Nhe+K25sJOsi9RlJZo =YUTy -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
