tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat 8.0.9 native library not found
Date Thu, 21 Aug 2014 19:30:02 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mark,

On 8/21/14, 12:01 PM, Mark Eggers wrote:
> On 8/21/2014 8:10 AM, Caldarale, Charles R wrote:
>>> From: Christopher Schultz [mailto:chris@christopherschultz.net]
>>>  Subject: Re: Tomcat 8.0.9 native library not found
> 
>>> I'm not ld master, but I think you might need to reboot in
>>> order for changes to ld.conf and friends to change anything.
> 
>> Just run the ldconfig utility (as root) to rebuild the cache. 
>> Normally without options, but -v might provide some pertinent 
>> information.
> 
>> - Chuck
> 
> 
> Chuck,
> 
> I probably should have run it with the -v option, but catalina.out 
> didn't list all of the paths specified in the files in
> /etc/ld.so.conf.d.
> 
> Neil,
> 
> I didn't notice --with-ssl=/usr in your configuration. Here's the
> gory details of what I just did:
> 
> My quick and dirty CentOS 7 system:
> 
> 3.10.0-123.6.3.el7.x86_64#1 SMP Wed Aug 6 21:12:36 UTC 2014 x86_64
> x86_64 x86_64 GNU/Linux
> 
> apr-devel-1.4.8-3.el7.x86_64 apr-1.4.8-3.el7.x86_64 
> apr-util-1.5.2-6.el7.x86_64 apr-util-devel-1.5.2-6.el7.x86_64 
> openssl-1.0.1e-34.el7_0.4.x86_64 
> openssl-devel-1.0.1e-34.el7_0.4.x86_64 
> openssl-libs-1.0.1e-34.el7_0.4.x86_64 
> openssl098e-0.9.8e-29.el7.centos.2.x86_64
> 
> Java / JRE Oracle 1.7.0_67 64 bit Ant 1.8.1
> 
> Tomcat 8 from SVN Revision: 1619129
> 
> Steps to install Tomcat native:
> 
> 1. ant (to build Tomcat) 2. cd output/build/bin 3. tar xvfz
> tomcat-native.tar.gz 4.  cd tomcat-native-1.1.31-src/jni/native/ 5.
> ./configure --with-apr=/usr --with-ssl=/usr 6. make 7. make install
> (as root) 8. Create apr.conf in /etc/ld.so.conf.d with the
> following content /usr/local/apr/lib

I really wouldn't recommend messing-around with ld.so.conf. There's no
reason not to use -Djava.library.path.

> 9. ldconfig -v (partial output below)
> 
> libtcnative-1.so.0 -> libtcnative-1.so.0.1.31 libssl.so.6 ->
> libssl.so.0.9.8e libevent_openssl-2.0.so.5 ->
> libevent_openssl-2.0.so.5.1.9 libssl3.so -> libssl3.so libssl.so.10
> -> libssl.so.1.0.1e libgstdataprotocol-0.10.so.0 ->
> libgstdataprotocol-0.10.so.0.30.0 libaprutil-1.so.0 ->
> libaprutil-1.so.0.5.2 libapr-1.so.0 -> libapr-1.so.0.4.8 
> libgnutls-xssl.so.0 -> libgnutls-xssl.so.0.0.0
> 
> This is catalina.out without setenv.sh:
> 
> 21-Aug-2014 08:36:50.460 INFO [main] 
> org.apache.catalina.core.AprLifecycleListener.init The APR based
> Apache Tomcat Native library which allows optimal performance in
> production environments was not found on the java.library.path:
> /usr/java /packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
> 
> The following setenv.sh was created:
> 
> CATALINA_OPTS="-Djava.library.path=/usr/local/apr/lib"
> 
> This is catalina.out with the above setenv.sh:
> 
> 21-Aug-2014 08:44:23.168 INFO [main] 
> org.apache.catalina.core.AprLifecycleListener.init Loaded APR based
> Apache Tomcat Native library 1.1.31 using APR version 1.4.8. 
> 21-Aug-2014 08:44:23.180 INFO [main] 
> org.apache.catalina.core.AprLifecycleListener.init APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false],
> random [true].
> 
> I noticed that you did not include --with-ssl=/usr in your last
> mail message. Do you have the openssl development libraries
> installed?

I wonder if the JVM requires that you have java.library.path set to
where your initial libraries are loaded to protect processes against a
class of security problems. If all of ld.so.conf were available, evil
Java classes could try to load arbitrary libraries from /usr/lib that
are known to have certain vulnerabilities and exploit them. Reducing
the attack surface can make the JVM a safer place to live...

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJT9ki4AAoJEBzwKT+lPKRYwyIP/2dU+FH8khya6Px98YLVP/o3
1rVL+/yc0c+kv4Z4lOpFpW1uzzJfV+fvoUrTeBgVRTXFPDdi+MmD5u7H8jaQdbBR
U1PhhbFUq7vbdCIMvUZ0YhzQY5kTs8GOUQ6uGJAoHGhTMc59dhsXY41fG4SEjgC1
zf9sZB5fGgvSnmm3tTU9L54WXC5YbMiiZRRd2HqamLZMVnyVvv43zaUO5243QUfo
h7+U1QeEn5+SBxu5kaOzx86Lpq8soRgEVVrvRgIW7MziWfZ4HKmef3v9oPZ+ZUiP
hrz326EOnehkz3ZcWZTPG6+MRs2F72jOKo9LAiK+ByxZc77FQ9hVar3gfKhARcO6
OsjgsNIF6w4g0zNOApFJ0SyK0DuK/MU00fgGUEXfgD5W3pw3qunuZX2kbf0uUI71
xNiBS8qknOzD3g4liBsYufo9HarrAajhK4Mp666b4AxSZ0LWf4ZxTqRLZGq9Z26w
f/k84wXrKHgLD7iAUTeGC8KpX0+XHnp/oRVzZjJeYyMnUNuGhZ1rei5fM3xsVPX0
mfdzig7Nn6ymU6ndtcvynOMgwZ97uyv9+ZsucoVs7hgSGcRzI54Yy8YIHbYXQu70
NEUUhCryskjko5Me67tUbUHJcZbo7YfdfWzmOWPlOTEG9Gp8pQiahLJCEkMOkBq9
r6Nhe+K25sJOsi9RlJZo
=YUTy
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message