On 12/09/2016 22:32, Pierce Allen wrote:
Hello -
I run a collection Tomcat web servers on Redhat 7.2 (up-to-date)
Normally we like to compile and use the latest stable version of
Tomcat Native we can get our hands on (currently the one that ships
with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try to
compile recent versions of Tomcat Native I get an error that my
OpenSSL version is too low:
checking OpenSSL library version >= 1.0.2... configure: error: Your
version of O penSSL is not compatible with this version of tcnative
I don't really want to muck up the distro by trying to update OpenSSL
by downloading and compiling OpenSSL's source code. RedHat backports
security fixes to OpenSSL 1.0.1e so there are no "heartbleed" or other
known vulnerabilities with the in-band OpenSSL version. Is there some
workaround or procedure that can be used to get recent versions of
Tomcat Native to compile on up to date RedHat systems?
In a similar situation, I statically link openssl.
Please find enclosed my .spec for Tomcat 8.5.5.
I tried not to alter it too much when removing information specific to
my organisation.
Ludovic
|
| AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT.
|
%define major_version 8
%define minor_version 5
%define revision 5
%define full_version %{major_version}.%{minor_version}.%{revision}
%define native_major_version 1
%define native_minor_version 2
%define native_revision 8
%define native_full_version %{native_major_version}.%{native_minor_version}.%{native_revision}
%define commons_daemon_version 1.0.15
%define openssl_major 1
%define openssl_minor 0
%define openssl_revision 2h
%define openssl_full_version %{openssl_major}.%{openssl_minor}.%{openssl_revision}
%define apr_major 1
%define apr_minor 5
%define apr_revision 2
%define apr_full_version %{apr_major}.%{apr_minor}.%{apr_revision}
Name: my-tomcat
Version: %{full_version}
Release: 1
Summary: My Own Tomcat
License: My License
Group: my.group
autoprov: yes
autoreq: yes
Requires: my-jre
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
# dependance vers le jdk 7 par facilite (le 8 serait mieux)
BuildRequires: apr-devel openssl-devel java-1.7.0-openjdk, java-1.7.0-openjdk-devel, chrpath
%define source_file http://mirrors.ircam.fr/pub/apache/tomcat/tomcat-%{major_version}/v%{full_version}/bin/apache-tomcat-%{full_version}.tar.gz
%define openssl_file https://www.openssl.org/source/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}.tar.gz
%define apr_file http://wwwftp.ciril.fr/pub/apache/apr/apr-%{apr_major}.%{apr_minor}.%{apr_revision}.tar.bz2
Source: %{source_file}
Source1: mysql-connector-java-5.1.23-bin.jar
Source2: OracleDriver-7.jar
Source3: postgresql-9.4.1209.jar
Source6: %{openssl_file}
Source7: %{apr_file}
Patch: manager.patch
Patch1: server.xml.patch
Patch2: tomcat-users.xml.patch
# FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/
%define basedir %{_var}/lib/%{name}
%define appdir %{basedir}/webapps
%define bindir %{_datadir}/%{name}/bin
%define confdir %{_sysconfdir}/%{name}
%define homedir %{_datadir}/%{name}
%define libdir %{_javadir}/%{name}
%define logdir %{_var}/log/%{name}
%define cachedir %{_var}/cache/%{name}
%define tempdir %{cachedir}/temp
%define workdir %{cachedir}/work
%define _initrddir %{_sysconfdir}/init.d
%define tomcat_base %{homedir}
%description
My desc
Startup and shutdown are managed with commons-daemon %{commons_daemon_version}.
%prep
%{__mkdir} -p $RPM_BUILD_DIR/%{name}
cat << \EOF > %{_builddir}/%{name}/%{name}-req
#!/bin/sh
%{__find_requires} $* |\
sed -e '/libcrypto/d' -e '/libssl.so/d' -e '/pkgconfig'
EOF
%define __find_requires %{_builddir}/%{name}/%{name}-req
chmod +x %{__find_requires}
%define _use_internal_dependency_generator 0
%setup -T -D -a 6 -n .
%setup -T -D -a 7 -n .
%setup -T -D -a 0 -n .
%patch -p0
%patch1 -p0
%patch2 -p0
cd ${RPM_BUILD_DIR}
tar xvzf apache-tomcat-%{full_version}/bin/tomcat-native.tar.gz
tar xvzf apache-tomcat-%{full_version}/bin/commons-daemon-native.tar.gz
if [ ! -d ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ]; then
mv ${RPM_BUILD_DIR}/openssl-* ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}
fi
%build
%{__rm} -rf $RPM_BUILD_ROOT
pushd .
cd ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}
./config --prefix=${RPM_BUILD_DIR}/openssl-inst no-shared -fPIC
make
make install_sw
popd
pushd .
cd ${RPM_BUILD_DIR}/apr-%{apr_major}.%{apr_minor}.%{apr_revision}
CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/apr-inst
make
make install
# lthis line desactivate dynamic linking against openssl
sed -i -e "/dlname=/d" -e "/library_names=/d" ${RPM_BUILD_DIR}/apr-inst/lib/libapr-1.la
popd
pushd .
cd ${RPM_BUILD_DIR}/tomcat-native-%{native_full_version}-src/native
CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/tomcat-native-inst --with-apr=${RPM_BUILD_DIR}/apr-inst/bin/apr-1-config -with-ssl=${RPM_BUILD_DIR}/openssl-inst --with-java-home=%{jdk_home}
make
make install
popd
pushd .
cd ${RPM_BUILD_DIR}/commons-daemon-%{commons_daemon_version}-native-src/unix/
./configure --with-java=%{jdk_home}
make
popd
%install
# structure de répertoire initiale
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_bindir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sbindir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_javadocdir}/%{name}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_initrddir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/logrotate.d
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{appdir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{bindir}
%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{cachedir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{confdir}
%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{confdir}/Catalina/localhost
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{libdir}
%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{logdir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}%{homedir}
%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{tempdir}
%{__install} -d -m 0775 ${RPM_BUILD_ROOT}%{workdir}
%{__install} -d -m 0755 ${RPM_BUILD_ROOT}/%{tomcat_base}
# symlink to the FHS locations where we've installed things
pushd ${RPM_BUILD_ROOT}%{homedir}
%{__ln_s} %{appdir} webapps
%{__ln_s} %{confdir} conf
%{__ln_s} %{libdir} lib
%{__ln_s} %{logdir} logs
%{__ln_s} %{tempdir} temp
%{__ln_s} %{workdir} work
popd
pushd ${RPM_BUILD_DIR}/apache-tomcat-%{full_version}
if [ -e "bin/tomcat-juli.jar" ]; then
%{__mv} bin/tomcat-juli.jar ${RPM_BUILD_ROOT}%{libdir}/tomcat-juli.jar
fi
%{__ln_s} %{libdir}/tomcat-juli.jar ${RPM_BUILD_ROOT}%{bindir}/tomcat-juli.jar
%{__cp} -a bin/*.{sh,jar,xml} ${RPM_BUILD_ROOT}%{bindir}
%{__cp} -a conf/*.{policy,properties,xml} ${RPM_BUILD_ROOT}%{confdir}
%{__cp} -a lib/*.jar ${RPM_BUILD_ROOT}%{libdir}
%{__cp} -a webapps/manager ${RPM_BUILD_ROOT}%{appdir}
popd
%{__cp} -a ${RPM_BUILD_DIR}/apr-inst/lib/*.so* ${RPM_BUILD_ROOT}%{libdir}/
%{__cp} -a ${RPM_BUILD_DIR}/tomcat-native-inst/lib/*.so* ${RPM_BUILD_ROOT}%{libdir}/
# la rpath
chrpath -d ${RPM_BUILD_ROOT}%{libdir}/libtcnative-1.so*
# jar des pilotes de base de donnees
%{__cp} %{SOURCE1} ${RPM_BUILD_ROOT}/%{libdir}
%{__cp} %{SOURCE2} ${RPM_BUILD_ROOT}/%{libdir}
%{__cp} %{SOURCE3} ${RPM_BUILD_ROOT}/%{libdir}
# jsvc
%{__cp} ${RPM_BUILD_DIR}/commons-daemon-%{commons_daemon_version}-native-src/unix/jsvc ${RPM_BUILD_ROOT}/%{tomcat_base}/bin
# supprimer des webapps non integrees en prod
%{__rm} -rf ${RPM_BUILD_ROOT}/%{tomcat_base}/webapps/host-manager
%{__rm} -rf ${RPM_BUILD_ROOT}/%{tomcat_base}/webapps/examples
%{__rm} -rf ${RPM_BUILD_ROOT}/%{tomcat_base}/webapps/docs
%{__rm} -rf ${RPM_BUILD_ROOT}/%{tomcat_base}/webapps/ROOT
%{__mkdir_p} ${RPM_BUILD_ROOT}/etc/sysconfig/
cat > ${RPM_BUILD_ROOT}/etc/sysconfig/%{name} <<POUET
export CATALINA_HOME="%{tomcat_base}"
# use our custom jre
export JAVA_HOME="/path/to/jre"
export JAVA_OPTS="-Xms512M -Xmx2048M"
#use tomcat native
export LD_LIBRARY_PATH=\$LD_LIBRARY_PATH:\$CATALINA_HOME/lib
# JAVA_OPTS are defined in setenv.sh of CATALINA_BASE/bin or CATALINA_HOME/bin
# to avoid issues with some graphic libs
unset DISPLAY
# user
export TOMCAT_USER=tomcat
# umask
export JSVC_OPTS="-umask 022"
POUET
cat > ${RPM_BUILD_ROOT}/%{bindir}/setenv.sh <<POUET
# EL option
export JAVA_OPTS="\${JAVA_OPTS} -Dorg.apache.el.parser.COERCE_TO_ZERO=false"
# truststore
export JAVA_OPTS="\${JAVA_OPTS} -Djavax.net.ssl.trustStore=/pat/to/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
# we speak French
export LANG="fr_FR"
POUET
%{__mkdir_p} ${RPM_BUILD_ROOT}/etc/init.d/
cat > ${RPM_BUILD_ROOT}/etc/init.d/%{name} <<POUET
# chkconfig: 345 80 20
#
### BEGIN INIT INFO
# Provides: my-tomcat
# Required-Start: \$network \$syslog
# Required-Stop: \$network \$syslog
# Default-Start:
# Default-Stop:
# Description: My Tomcat
# Short-Description: My Tomcat
### END INIT INFO
. /etc/sysconfig/%{name}
invocation_name=\`basename \$0\`
if [ -e "/etc/init.d/\$invocation_name" ] && [ "\$invocation_name" != "%{name}" ]; then
. /etc/sysconfig/\$invocation_name
\$CATALINA_HOME/bin/daemon.sh \$@
else
echo "This script should not be used directly. You should use the link defined by an instance."
fi
POUET
%files
%defattr(0644,root,root,0755)
%{tomcat_base}
%attr(0755,root,root) /etc/init.d/%{name}
%attr(0755,root,root) %{tomcat_base}/bin/*.sh
%attr(0755,root,root) %{tomcat_base}/bin/jsvc
%attr(0755,tomcat,tomcat) %{tomcat_base}/conf
%config(noreplace) /etc/sysconfig/%{name}
%{appdir}
%{confdir}
%{libdir}
%{logdir}
%{tempdir}
%{workdir}
%pre
echo "Installing %{name} version %{version}..."
%post
echo "Installed %{name} version %{version}."
%preun
%postun
%changelog
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
