Penguin, small TECH.BARWICK.DE
Start
 

Recent posts

Categories

Archive

Syndication

 



Powered By

Info

Friday, January 24, 2020   6:07 AM

Making GPG pinentry work over SSH

When logged into a server via SSH, usually any attempt to decrypt a file with GPG results in an unhelpful error message like:

gpg: cancelled by user
... gpg: decryption failed: No secret key

with no attempt made to ask for a password.

Fix for this is simply to execute: export GPG_TTY=`tty`,

Note that if pinentry-program in ~/.gnupg/gpg-agent.conf is set to /usr/bin/pinentry-gtk, and this is an alias for /usr/bin/pinentry-gtk-2, set pinentry-program to the latter (/usr/bin/pinentry-gtk-2), which appears to change the behaviour (pinentry-gtk-2 should be able to automatically detect whether to execute in GUI or text mode, whereas the original pinentry-gtk is GUI-only.

See also "Forcing GPG passphrase input in the terminal".


Posted in Linux | add a comment

My email client suddenly became unable to log in to my Gmail account with the error message:

Please log in via your web browser: https://support.google.com/mail/accounts/answer/78754 (Failure)

However I was logged in via my web browser on two different devices, and even when providing the email client with definitively the correct password, the above error recurred.

The provided link wasn't very helpful.


Posted in email | add a comment

Tuesday, September 24, 2019  11:12 PM

Yum and "Thread died in Berkeley DB library" errors

I started getting intermittent sets of error messages like this:

error: rpmdb: BDB0113 Thread/process 26154/140393252489024 failed: BDB1507 Thread died in Berkeley DB library
error: db5 error(-30973) from dbenv->failchk: BDB0087 DB_RUNRECOVERY: Fatal error, run database recovery
error: cannot open Packages index using db5 -  (-30973)
error: cannot open Packages database in /var/lib/rpm

when deploying changes to a bunch of AWS EC2 instances.

The error messages are misleading as (in this case at least) the RPM database is not corrupted; the underlying issue was this:


[67897.740241] Out of memory: Kill process 28759 (yum) score 330 or sacrifice child
[67905.749492] yum invoked oom-killer: gfp_mask=0x201da, order=0, oom_score_adj=0

i.e. simply a lack of memory (the instances were just too small).


Posted in Linux | add a comment

The Prometheus PostgreSQL storage adapter does not seem amenable to being executed directly from a systemd service file.

As a workaround I created a wrapper script like this (adjust parameters as required):

#!/bin/bash

# Wrapper to launch prometheus-postgresql-adapter, as calling
# it directly from the systemd service file doesn't seem to work.
#
# Disclaimer: there is probably a better way of doing this.

nohup /usr/local/bin/prometheus-postgresql-adapter \
-pg-host=... \
-pg-port=... \
-pg-database="..." \
-pg-user="..." \
>> /var/log/prometheus-postgresql-storage-adapter/prometheus-pg-adapter.log 2>&1

and a service file like this:

[Unit]
Description=Prometheus PostgreSQL Storage Adapter
Documentation=https://github.com/timescale/prometheus-postgresql-adapter
Wants=network-online.target
After=network-online.target

[Service]
Type=simple
User=prometheus
Group=prometheus
ExecStart=/usr/local/bin/prometheus-postgresql-adapter-wrapper
Restart=on-failure

[Install]
WantedBy=multi-user.target

which works fine (YMMV of course).

There may of course be a more elegant way of solving this issue, if so feel free to share.


Posted in Linux | add a comment

Tuesday, August 27, 2019  10:25 PM

The unicode() function and Python3

Recently I had to work with some Python code which needs to be compatible with both the hopefully-soon-to-be-finally-deprecated Python 2.7 and recent 3.x versions.

String handling can be a tricky issue, particularly if the string in question needs to be cast to a Unicode object. Take the following example:

#!/usr/bin/env python

import ipaddress

addresses = list(ipaddress.ip_network(unicode('192.168.1.0/24')));

for address in addresses:
    print(address)

This does of course fail in Python 3.x with an error like:

Traceback (most recent call last):
  File "./python.py", line 5, in 
    addresses = list(ipaddress.ip_network(unicode('192.168.1.0/24')));
NameError: name 'unicode' is not defined

Remove the unicode() wrapper and it fails in Python 2.x with:

ipaddress.AddressValueError: '192.168.1.0/24' does not appear to be an IPv4 or IPv6 network. Did you pass in a bytes (str in Python 2) instead of a unicode object?

The solution is to use the "six" compatibility layer and add the following directive, which reassigns unicode() to a mutually compatible function:

#!/usr/bin/env python

import ipaddress

from six import u as unicode

addresses = list(ipaddress.ip_network(unicode('192.168.1.0/24')));

for address in addresses:
    print(address)

Note that the "six" compatibility layer may need to be installed separately, in RedHat et al via the packages python2x-six and python3x-six respectively.

Useful links


Posted in Devel | add a comment

Tuesday, January 10, 2017   3:25 AM

TLS key negotiation failed to occur within 60 seconds

Spent a lot of time working out why openvpn wouldn't connect from a Vagrant virtual machine (running Ubuntu 14.04 LTS):

Tue Jan 10 02:51:25 2017 Control Channel Authentication: tls-auth using INLINE static key file
Tue Jan 10 02:51:25 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 10 02:51:25 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jan 10 02:51:25 2017 Socket Buffers: R=[212992->200000] S=[212992->200000]
Tue Jan 10 02:51:25 2017 UDPv4 link local: [undef]
Tue Jan 10 02:51:25 2017 UDPv4 link remote: [AF_INET]xxx.xxx.xxx.xxx:1194
Tue Jan 10 02:51:25 2017 TLS: Initial packet from [AF_INET]xxx.xxx.xxx.xxx::1194, sid=92749f62 ced33a12
Tue Jan 10 02:52:25 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Tue Jan 10 02:52:25 2017 TLS Error: TLS handshake failed
Tue Jan 10 02:52:25 2017 SIGUSR1[soft,tls-error] received, process restarting
Tue Jan 10 02:52:25 2017 Restart pause, 2 second(s)

Turns out the openvpn version (2.3.2) is outdated; 2.3.4 or later is needed.


Posted in Solutions | add a comment

Monday, May 30, 2016  11:54 AM

Forcing GPG passphrase input in the terminal

One annoyance when entering GPG passphrases in terminal applications on many systems is that a seperate GUI window pops up. To enable passphrase entry in the comfort of your own terminal, set the following line in .gnupg/gpg-agent.conf

pinentry-program /usr/bin/pinentry-tty

or in some older distributions (e.g. CentOS 7):

pinentry-program /usr/bin/pinentry-curses

The running agent's settings can be reconfigured with:

gpg-connect-agent reloadagent /bye

See also "Making GPG pinentry work over SSH".


Posted in Linux | add a comment

Sunday, October 18, 2015  10:17 PM

Improving top output in OS X / macOS

The OS X "top" command default output is somewhat hard to decipher (and modify interactively) compared to Linux. A simple workaround is to launch it with:

top -o cpu

(or another field) which sorts on cpu activity rather than the PID (default).

htop is also available via MacPorts.


Posted in Mac OS X | add a comment

Sunday, February 22, 2015   5:44 AM

openSUSE 13.2 - Notes


Posted in Linux | add a comment

Monday, November 17, 2014   5:08 AM

Error: "util.c: No such file or directory" - a gnuplot thing

I was setting up a cronjob and it kept failing with the very unhelpful util.c: No such file or directory. After much headscratching it turns out this is a gnuplot error message, meaning it is unable to read from or write to a file (in this case the latter). The file in question is not of course util.c.


Posted in Devel | add a comment

Saturday, September 27, 2014   1:42 AM

Ansible and "powershell: not found" error

I was bemused by the below error when attempting to run an Ansible playbook on a new (Linux) server for the first time:

PLAY [someserver] ***************************************************************** 

GATHERING FACTS *************************************************************** 
failed: [someserver] => {"failed": true, "parsed": false}

SUDO-SUCCESS-fdhntaxupgygzrcocwghbosdkgbgguvy
/bin/sh: 1: powershell: not found

This happened with gather_facts set to true. Setting it to false worked around the issue, however I'm pretty sure powershell hasn't been ported to Debian... Ansible version:

$ ansible-playbook --version
ansible-playbook 1.8 (devel ffee9a8fe0) last updated 2014/09/27 14:24:58 (GMT +900)

The actual cause was the absence of python on the target server; this will need to be manually installed before Ansible can be of much use.


Posted in Devel | add a comment

Sunday, February 16, 2014   8:39 AM

OpenSUSE / Samba: "Invalid key 0 given to dptr_close" error

After upgrading to openSUSE 13.1, the Samba configuration - which I use mainly to share a directory on my workstation-cum-fileserver to a media player on the local network - mysteriously failed to work as expected. The client could mount, but not see, any directories or files. The only vaguely relevant clue appeared to be this entry in /var/log/samba/log.smbd:

Invalid key 0 given to dptr_close

After much head-scratching, it turns out AppArmor is enabled by default on openSUSE 13.1 and was the source of the error. Resolving the issue with AppArmor brought Samba back to life.


Posted in Linux | add a comment