I need to run apache in fips 140-2 mode and I am following the instructions given here: https://wiki.openssl.org/index.php/FIPS_Library_and_Apache
However I am using a newer version of apache, I have these packages instead of the ones listed in the wiki:
openssl-fips-2.0.16.tar.gz
openssl-1.0.2n.tar.gz
httpd-2.4.29.tar.gz
apr-util-1.6.1.tar.gz
apr-1.6.3.tar.gz
pcre-8.41.tar.gz
Everything works fine until I attempt a make on the httpd package and it then fails. If I run a make without the two exports for the fingerprints, it completes without issue:
export CC=/usr/local/ssl/fips-2.0/bin/fipsld
export FIPSLD_CC=/usr/bin/gcc
However as the wiki describes when you enable SSLFIPS in httpd.conf it will fail to start with the fingerprint issue without these variables set. But when I attempt to run a make with these exports I get the following error:
/root/httpd-2.4.29/srclib/apr/libtool --silent --mode=link /usr/local/ssl/fips-2.0/bin/fipsld -g -O2 -pthread -L/usr/local/ssl/lib -lssl -lcrypto -luuid -lrt -lcrypt -lpthread -ldl \
-o ab ab.lo /root/httpd-2.4.29/srclib/apr-util/libaprutil-1.la -lexpat /root/httpd-2.4.29/srclib/apr/libapr-1.la -luuid -lrt -lcrypt -lpthread -ldl -lm
./.libs/ab: error while loading shared libraries: libaprutil-1.so.0: cannot open shared object file: No such file or directory
Makefile:73: recipe for target 'ab' failed
make[2]: *** [ab] Error 127
make[2]: Leaving directory '/root/httpd-2.4.29/support'
/root/httpd-2.4.29/build/rules.mk:75: recipe for target 'all-recursive' failed
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/root/httpd-2.4.29/support'
/root/httpd-2.4.29/build/rules.mk:75: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1
I'm no expert in compiling apache, so no idea why it fails when using those exported variables. Can anyone help?
After a lot of testing, the instructions seem to be working for the older versions, but for the newer version of apr and httpd the "--with-included-apr" appeared to be the problem.
Instead of using this, we built apr and apr-util first by its self, then ran the .config with "“-with-apr=/usr/local/apr/ -with-apr-util=/usr/local/apr-util/" instead. This allowed it to compile and I was able to set SSLFIPS on without issue.
Related
Can anyone help me with this issue?
In order to use dealii, I tried to install p4est using the command
./configure && make && make install
and
cmake .. -DP4EST_DIR=/usr/local -DDEAL_II_WITH_P4EST=ON -DDEAL_II_WITH_MPI=ON -DCMAKE_INSTALL_PREFIX=/usr/local
under "build" folder, but some error occurs.
I also opened the file dealii-9.0.0/build/CMakeFiles/CMakeError.log, it says:
Source file was:
int main() { return 0; }
Performing C++ SOURCE FILE Test rt_LIBRARY failed with the following output:
Change Dir: /Users/chuxiaoyun/Downloads/dealii-9.0.0/build/CMakeFiles/CMakeScratch/TryCompile-Fscvq9
Run Build Command(s):/usr/bin/make -f Makefile cmTC_bc7f9/fast && /Applications/Xcode.app/Contents/Developer/usr/bin/make -f CMakeFiles/cmTC_bc7f9.dir/build.make CMakeFiles/cmTC_bc7f9.dir/build
Building CXX object CMakeFiles/cmTC_bc7f9.dir/src.cxx.o
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -Drt_LIBRARY -arch arm64 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk -mmacosx-version-min=11.6 -MD -MT CMakeFiles/cmTC_bc7f9.dir/src.cxx.o -MF CMakeFiles/cmTC_bc7f9.dir/src.cxx.o.d -o CMakeFiles/cmTC_bc7f9.dir/src.cxx.o -c /Users/chuxiaoyun/Downloads/dealii-9.0.0/build/CMakeFiles/CMakeScratch/TryCompile-Fscvq9/src.cxx
Linking CXX executable cmTC_bc7f9
/opt/homebrew/Cellar/cmake/3.25.0/bin/cmake -E cmake_link_script CMakeFiles/cmTC_bc7f9.dir/link.txt --verbose=1
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/c++ -arch arm64 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX12.1.sdk -mmacosx-version-min=11.6 -Wl,-search_paths_first -Wl,-headerpad_max_install_names CMakeFiles/cmTC_bc7f9.dir/src.cxx.o -o cmTC_bc7f9 -lrt
ld: library not found for -lrt
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [cmTC_bc7f9] Error 1
make: *** [cmTC_bc7f9/fast] Error 2
CMake Error at cmake/macros/macro_configure_feature.cmake:112 (MESSAGE):
Could not find the p4est library!
Insufficient p4est installation found!
p4est has to be configured with MPI enabled.
Please ensure that a suitable p4est library is installed on your computer.
If the library is not at a default location, either provide some hints for
autodetection,
$ P4EST_DIR="..." cmake <...>
$ cmake -DP4EST_DIR="..." <...>
or set the relevant variables by hand in ccmake.
Call Stack (most recent call first):
cmake/macros/macro_configure_feature.cmake:269 (FEATURE_ERROR_MESSAGE)
cmake/configure/configure_p4est.cmake:78 (CONFIGURE_FEATURE)
cmake/macros/macro_verbose_include.cmake:19 (INCLUDE)
CMakeLists.txt:124 (VERBOSE_INCLUDE)
I guess I haven't installed p4est correctly, so I configure it again.
# p4est-2.8 ./configure --enable-mpi.
( Here shows we are using MPI. I also tried p4est-2.8 ./configure --enable-mpi --prefix=/usr/local)
Then I tried to build and install p4est, but it gives me an error during installation:
# make
# ➜ p4est-2.8 make install
/Applications/Xcode.app/Contents/Developer/usr/bin/make install-recursive
Making install in sc
/Applications/Xcode.app/Contents/Developer/usr/bin/make install-am
build-aux/install-sh -c -d '/Users/xiaoyun/Downloads/p4est-2.8/local/lib'
/bin/sh ./libtool --mode=install /usr/bin/install -c src/libsc.la '/Users/xiaoyun/Downloads/p4est-2.8/local/lib'
libtool: install: /usr/bin/install -c src/.libs/libsc.0.dylib /Users/xiaoyun/Downloads/p4est-2.8/local/lib/libsc.0.dylib
install: /Users/xiaoyun/Downloads/p4est-2.8/local/lib/libsc.0.dylib: Permission denied
make[4]: *** [install-libLTLIBRARIES] Error 71
make[3]: *** [install-am] Error 2
make[2]: *** [install] Error 2
make[1]: *** [install-recursive] Error 1
I have no idea why the permission is denied, I also tried sudo make install:
objc[71909]: Class AMSupportURLConnectionDelegate is implemented in both /usr/lib/libauthinstall.dylib (0x20230f7e8) and /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10c9082c8). One of the two will be used. Which one is undefined.
objc[71909]: Class AMSupportURLSession is implemented in both /usr/lib/libauthinstall.dylib (0x20230f838) and /System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x10c908318). One of the two will be used. Which one is undefined.
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted
job-working-directory: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted
make: getcwd: Operation not permitted
make: Nothing to be done for `install'.
I was trying to install global from source. I run
./configure --with-exuberant-ctags=/usr/bin/ctags
and it runs OK. However, when I run
make
it gives the error
/bin/sh ../libtool --tag=CC --mode=link gcc -g -O2 -o gtags-cscope gtags-cscope.o alloc.o basename.o
build.o command.o display.o edit.o exec.o find.o help.o history.o input.o logdir.o mouse.o mygetenv.o mypop
en.o ../libparser/libgloparser.a ../libutil/libgloutil.a ../libdb/libglodb.a ../libglibc/libgloglibc.a -llt
dl -lncurses
libtool: link: gcc -g -O2 -o gtags-cscope gtags-cscope.o alloc.o basename.o build.o command.o display.o edi
t.o exec.o find.o help.o history.o input.o logdir.o mouse.o mygetenv.o mypopen.o ../libparser/libgloparser
.a ../libutil/libgloutil.a ../libdb/libglodb.a ../libglibc/libgloglibc.a -lltdl -lncurses
/usr/bin/ld: input.o: undefined reference to symbol 'erasechar'
/usr/lib/libtinfo.so.6: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make[2]: *** [Makefile:461: gtags-cscope] Error 1
make[2]: Leaving directory '/home/pspencil/tmp/global-6.5.7/gtags-cscope'
make[1]: *** [Makefile:517: all-recursive] Error 1
make[1]: Leaving directory '/home/pspencil/tmp/global-6.5.7'
make: *** [Makefile:424: all] Error 2
I have installed the package ncurses which apparently should provide the erase char symbol. I cannot find anything useful on Google.
Explicitly link the tinfo library.
NCurses uses tinfo, from what I have read ncurses should include the tinfo functionality in it's own library, maybe this has changed recently.
How can I use WiringPi library through SSH on Netbeans? When I run a simple HelloWorld program, it works.
This is the output message:
Copying project files to /root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64 at root#RASPBERRYPI
Building project files list...
Checking directory structure...
Checking previously uploaded files...
Checking links...
Uploading changed files:
Zipping 10 changed files...
Uploading zip to root#RASPBERRYPI...
Unzipping changed files...
Checking exec permissions...
Uploading changed files finished successfully.
cd '/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED'
/usr/bin/make -f Makefile CONF=Debug
"/usr/bin/make" -f nbproject/Makefile-Debug.mk QMAKE= SUBPROJECTS= .build-conf
make[1]: Entering directory '/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED'
"/usr/bin/make" -f nbproject/Makefile-Debug.mk dist/Debug/GNU-Linux/blinkingled
make[2]: Entering directory '/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED'
mkdir -p build/Debug/GNU-Linux
rm -f "build/Debug/GNU-Linux/main.o.d"
gcc -c -g -std=c11 -MMD -MP -MF "build/Debug/GNU-Linux/main.o.d" -o build/Debug/GNU-Linux/main.o main.c
mkdir -p dist/Debug/GNU-Linux
gcc -o dist/Debug/GNU-Linux/blinkingled build/Debug/GNU-Linux/main.o
build/Debug/GNU-Linux/main.o: In function `main':
/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED/main.c:24: undefined reference to `wiringPiSetup'
/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED/main.c:29: undefined reference to `pinMode'
/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED/main.c:32: undefined reference to `digitalWrite'
/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED/main.c:34: undefined reference to `delay'
/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED/main.c:35: undefined reference to `digitalWrite'
/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED/main.c:37: undefined reference to `delay'
collect2: error: ld returned 1 exit status
nbproject/Makefile-Debug.mk:62: recipe for target 'dist/Debug/GNU-Linux/blinkingled' failed
make[2]: *** [dist/Debug/GNU-Linux/blinkingled] Error 1
make[2]: Leaving directory '/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED'
nbproject/Makefile-Debug.mk:59: recipe for target '.build-conf' failed
make[1]: *** [.build-conf] Error 2
make[1]: Leaving directory '/root/.netbeans/remote/RASPBERRYPI/win-7pjgqkgjsj4-Windows-x86_64/C/Users/Public/Remote Projects/BlinkingLED'
nbproject/Makefile-impl.mk:39: recipe for target '.build-impl' failed
make: *** [.build-impl] Error 2
This is a quite old post, but since I've had the same problem and I've resolved it I'm now writing down the solution, so if someone needs it, it's ready ;)
The only thing to do is to add some parameters to the compilation command, in particular the path to binaries and includes plus the -lwiringpi option.
To do that in NetBeans, rightclick on the project, then properties. From there, Build->C Compiler.
Now, find the voice Additional Options, open it and copy paste the following:
-I/usr/local/include -L/usr/local/lib -lwiringPi
(that are the paths to the standard installation of wiringPi, if you have changed the location of the library change the paths accordingly)
Now it should work, at least it worked for me.
Hope it helped someone,
Bye
EDIT:
I forgot to add that you must ssh as root user, otherwise wiringPi doesn't work.
For that you must do:
passwd root
to set root password
sudo nano /etc/ssh/sshd_config
And change PermitRootLogin to yes
reboot
I am trying to install RabbitMQ (3.6.1) on linux machine Red Hat Enterprise Linux Server release 6.6. To install rabbitMQ , first I have installed Erlang R16B03 version from source (otp_src_R16B03) and followed below commands
wget http://www.erlang.org/download/otp_src_R16B03.tar.gz
tar xvfz /usr/tmp/otp_src_R16B03.tar
cd otp_src_R16B03
LANG=C; export LANG
./configure --with-ssl=/usr/bin
I get the message shown below:
*********************************************************************
********************** APPLICATIONS DISABLED **********************
*********************************************************************
crypto : OpenSSL is configured for kerberos but no krb5.h found
jinterface : No Java compiler found
odbc : ODBC library - link check failed
orber : No C++ compiler found
ssh : OpenSSL is configured for kerberos but no krb5.h found
ssl : OpenSSL is configured for kerberos but no krb5.h found
*********************************************************************
*********************************************************************
********************** APPLICATIONS INFORMATION *******************
*********************************************************************
wx : wxWidgets not found, wx will NOT be usable
*********************************************************************
though I continued with make & make install but while starting Rabbitmq server I get the following error
sbin/rabbitmq-server
Getting message
BOOT FAILED
===========
Error description:
{error,{missing_dependencies,[crypto,ssl],[mochiweb,cowlib,cowboy]}}
Log files (may contain more information):
/usr/tmp/rabbitmq_server-3.6.1/var/log/rabbitmq/rabbit.log
/usr/tmp/rabbitmq_server-3.6.1/var/log/rabbitmq/rabbit-sasl.log
Stack trace:
[{rabbit_plugins,ensure_dependencies,1,
[{file,"src/rabbit_plugins.erl"},{line,179}]},
{rabbit_plugins,prepare_plugins,1,
[{file,"src/rabbit_plugins.erl"},{line,198}]},
{rabbit,broker_start,0,[{file,"src/rabbit.erl"},{line,284}]},
{rabbit,start_it,1,[{file,"src/rabbit.erl"},{line,303}]},
{init,start_it,1,[]},
{init,start_em,1,[]}]
{"init terminating in do_boot",{error,{missing_dependencies,[crypto,ssl],[mochiweb,cowlib,cowboy]}}}
Crash dump was written to: erl_crash.dump
init terminating in do_boot ()
After exploring multiple solution I understood that I need to install latest Openssl and provide the path of newly installed openssl.
I installed Openssl from the source and installed with -fPIC
wget https://www.openssl.org/source/openssl-1.0.2.tar.gz
tar xvfz /usr/tmp/openssl-1.0.2.tar.gz
cd /usr/tmp/openssl-1.0.2
./config -fPIC
make
make install
Now new openssl is installed in bin/local/ssl location and I have reinstalled the Erlang with below configuration
export PATH="/usr/local/ssl/bin:$PATH”
export CFLAGS=-fPIC
cd /usr/tmp/otp_src_RB1603
LANG=C; export LANG
./configure --with-ssl=/usr/local/bin
make
make install
now I get the error
/usr/bin/ld: /usr/local/ssl/lib/libcrypto.a(rsaz_exp.o): relocation R_X86_64_32 against `.rodata' can not be used when making a shared object; recompile with -fPIC
/usr/local/ssl/lib/libcrypto.a: could not read symbols: Bad value**
collect2: ld returned 1 exit status
make[6]: *** [../priv/lib/x86_64-unknown-linux-gnu/crypto.so] Error 1
make[6]: Leaving directory `/var/tmp/otp_src_R16B03/lib/crypto/c_src'
make[5]: *** [release_spec] Error 2
make[5]: Leaving directory `/var/tmp/otp_src_R16B03/lib/crypto/c_src'
make[4]: *** [release] Error 2
make[4]: Leaving directory `/var/tmp/otp_src_R16B03/lib/crypto/c_src'
make[3]: *** [release] Error 2
make[3]: Leaving directory `/var/tmp/otp_src_R16B03/lib/crypto/c_src'
make[2]: *** [release] Error 2
make[2]: Leaving directory `/var/tmp/otp_src_R16B03/lib/crypto'
make[1]: *** [release] Error 2
make[1]: Leaving directory `/var/tmp/otp_src_R16B03/lib'
make: *** [install.libs] Error 2
I could not resolve this error , any suggestion..
Please note I am using accessing machine as root user
/usr/bin/ld: /usr/local/ssl/lib/libcrypto.a(rsaz_exp.o): relocation R_X86_64_32 against `.rodata'
can not be used when making a shared object; recompile with -fPIC
/usr/local/ssl/lib/libcrypto.a: could not read symbols: Bad value**
collect2: ld returned 1 exit status
You need to build OpenSSL with the shared option. Maybe something like the following for a 64-bit Intel machine.
wget https://www.openssl.org/source/openssl-1.1.0b.tar.gz
tar xzf openssl-1.1.0b.tar.gz
cd openssl-1.1.0b
./Configure no-ssl2 no-ssl3 shared enable-ec_nistp_64_gcc_128
...
make -j 8
...
make test
...
suod make install
enable-ec_nistp_64_gcc_128 make EC Diffie-Hellman 2x to 4x faster, but it has some limitations. You are OK to use it on a 64-bit Intel machine. Also see Compilation and Installation | Configure Options on the OpenSSL wiki.
Also, be sure to either make dclean for OpenSSL 1.0.2 and below; or make distclean for OpenSSL 1.1.0 and above. Otherwise, some of the old configuration lingers even after changing the option.
Could you, please, help me with this error. I'm trying to install alize-1.4 on Ubuntu from this site http://mistral.univ-avignon.fr/download_en.html. But I get such error at the end
make[1]: Leaving directory `/home/admin-pc/alize/src'
make: *** [all-recursive] Error 1 cp: cannot stat `src/libalize.a': No
such file or directory
Maybe someone of you used ALIZE code?
Thanks
So, according to the log the real error is
g++ -DPACKAGE_NAME=\"\" -DPACKAGE_TARNAME=\"\" -DPACKAGE_VERSION=\"\" -DPACKAGE_STRING=\"\" -DPACKAGE_BUGREPORT=\"\" -DPACKAGE_URL=\"\" -DPACKAGE=\"libalize\" -DVERSION=\"0.0\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1 -DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1 -DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1 -DLT_OBJDIR=\".libs/\" -I. -O3 -ffast-math -Wall -march=pentium4 -MT SegServerFileWriter.o -MD -MP -MF .deps/SegServerFileWriter.Tpo -c -o SegServerFileWriter.o SegServerFileWriter.cpp
SegServerFileWriter.cpp: In member function void alize::SegServerFileWriter::writeSegServerTrs(const alize::SegServer&):
SegServerFileWriter.cpp:299: error: 'qsort' was not declared in this scope
make[1]: *** [SegServerFileWriter.o] Error 1
This type of error is quite common when you compile old style C++ projects with newer gcc due to the restrictions of the new compiler
The easy way would be just to checkout the latest code with subversion, it has all such issues fixed:
svn checkout http://alize.univ-avignon.fr/svn/ALIZE/trunk/
Or to add #include <cstdlib> into the file header to import the qsort declaration.