Just a quick tip for whoever wants to change the context path of Hudson stand-alone continuous integration server. It runs on Winstone, simply adds the --prefix=/${context.path} to the start-up command.
Yes, they named it "prefix".
- yc
Saturday, June 28, 2008
'publickey' SSH Authorization fails if 'authorized_keys' file is writable by non-owners
I didn't realize this. SSH kept prompting me to fill in password even though I forced it to use just 'publickey' authorization:
Fixed by revoking write permissions (chmod 700) to the authrozied_keys file. Very simple logic, brrr.
Some links that I came across:
- yc
$ ssh -i id_kimmy somewhere.com -v
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/yclian/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/yclian/.ssh/identity
debug1: Trying private key: /home/yclian/.ssh/id_dsa
debug1: Next authentication method: password
yclian@somewhere.com's password:
ssh -i id_kimmy somewhere.com -o 'PreferredAuthentications publickey' -v
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/yclian/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /home/yclian/.ssh/identity
debug1: Trying private key: /home/yclian/.ssh/id_dsa
debug1: No more authentication methods to try.
Permission denied (publickey,password).
Fixed by revoking write permissions (chmod 700) to the authrozied_keys file. Very simple logic, brrr.
Some links that I came across:
- http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
- http://kimmo.suominen.com/docs/ssh/
- http://www.eng.cam.ac.uk/help/jpmg/ssh/authorized_keys_howto.html
- yc
Friday, June 27, 2008
Maven does NOT support SOCKS for HTTP
I have a internal repository which can only be accessed through SOCKS, so I thought, if I set up a <proxy> in settings.xml with SOCKS_5 as its protocol, it shall work -- to download artifacts from the repository through the proxy. By the way, the documentation is not clear about what you should specify for the protocol. I used SOCKS_5 because ProxyInfo sounded right.
After a few attempts, I realized from the error logs that Maven did not go through the SOCKS proxy I defined, it basically skipped it. I hooked my IDE to the process to for some debugging to realize that Wagon (the transport abstraction of Maven) chose to use LightweightHttpWagon to download the artifacts and would only know how to deal with HTTP based proxy. Wagon chose it by looking up for Plexus component with the role-hint of http, damn.
I believe I could create a local repository by mounting the remote end using FUSE/sshfs. I didn't anyway, I made HTTPd to allow external connections to the repository with basic auth enabled (the server uses Archiva anyway). That's quick and at least I wouldn't have to guess why scp or file wasn't working later.
Playing with Maven is a pain, sometimes.. or most of the time if it doesn't work.
P/S: If you can really make Maven to work with HTTP+SOCKS, let me know and tell me that I'm wrong.
- yc
After a few attempts, I realized from the error logs that Maven did not go through the SOCKS proxy I defined, it basically skipped it. I hooked my IDE to the process to for some debugging to realize that Wagon (the transport abstraction of Maven) chose to use LightweightHttpWagon to download the artifacts and would only know how to deal with HTTP based proxy. Wagon chose it by looking up for Plexus component with the role-hint of http, damn.
I believe I could create a local repository by mounting the remote end using FUSE/sshfs. I didn't anyway, I made HTTPd to allow external connections to the repository with basic auth enabled (the server uses Archiva anyway). That's quick and at least I wouldn't have to guess why scp or file wasn't working later.
Playing with Maven is a pain, sometimes.. or most of the time if it doesn't work.
P/S: If you can really make Maven to work with HTTP+SOCKS, let me know and tell me that I'm wrong.
- yc
Monday, June 16, 2008
WTF is wrong with RMI
Yes, WTF is wrong with RMI. Taken from the "Getting Started using RMI" page:
UPDATED: Omg :) That's documentation for 1.4.2. If you refer to the latest one, it actually highlights on the classDir. So ultimately, my problem of not referring to a newer documentation.Note: Before you start the rmiregistry, you must make sure that the shell or window in which you will run the registry either has no CLASSPATH set or has a CLASSPATH that does not include the path to any classes that you want downloaded to your client, including the stubs for your remote object implementation classes.
If you start the rmiregistry, and it can find your stub classes in its CLASSPATH, it will ignore the server's java.rmi.server.codebase property, and as a result, your client(s) will not be able to download the stub code for your remote object. For an explanation of how code downloading works in RMI, please take a look at the tutorial on Dynamic code downloading using RMI.
Not paying much attention to these lines, it got me wasted a few valuable hours to get a simple example working. I have a Hello interface and a HelloImpl implementation with a main method in it to do the binding.
I kept getting either:
java.lang.ClassNotFoundException: foo.Hello
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
and
java.lang.ClassNotFoundException: foo.HelloImpl_Stub
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
Whenever I ran:
java -classpath classes/ foo.HelloImpl
The error is misleading. It made me wondered why Java would complain about ClassNotFoundException when those classes were in the classpath! To put that paragraph in bullet points:
- Please set the CLASSPATH variable before you run rmiregistry, e.g.
export CLASSPATH=classes/
rmiregistry &
java -classpath classes/ foo.HelloImpl - Or, please set the -Djava.rmi.server.codebase system property to point to your classpath when you start your application, e.g.
rmiregistry &
java -Djava.rmi.server.codebase=file:classes/ -classpath classes/ foo.HelloImpl
Yes, it was actually my problem of not reading the documentation clearly. But can't just the Java guys fix it so that it will pick up from the classpath without setting either the environment variable or system property?
- yc, rants!!
Sunday, June 8, 2008
Can't call method "value" on an undefined value at /usr/share/perl5/IO/Uncompress/RawInflate.pm line 64
I tried to install SocialText Open about two weeks ago and it had then screwed up my CPAN. This is the error that showed whenever I tried to install a module:
For not being a Perl user (I'm a Java guy after all and a Linux end-user), I went to #perl of irc.freenode.net to seek for some help and I was asked to raise a bug instead in the Ubuntu site. I didn't do it nor tried to fix it after that as I was stuck with other higher priority tasks.
I have a little bit more time this afternoon so I asked Google for an answer and it appeared to have more results this time (two weeks ago, it had just two entries). That basically has concluded that this is a pretty new problem on Debian/Ubuntu.
Removing libcompress-raw-zlib-perl solved my problem, as suggested by nxadm. You may also want to try other options provided by other blog readers if you hit into similiar issue.
Good luck messing with Perl.
- yc
Can't call method "value" on an undefined value at /usr/share/perl5/IO/Uncompress/RawInflate.pm line 64
For not being a Perl user (I'm a Java guy after all and a Linux end-user), I went to #perl of irc.freenode.net to seek for some help and I was asked to raise a bug instead in the Ubuntu site. I didn't do it nor tried to fix it after that as I was stuck with other higher priority tasks.
I have a little bit more time this afternoon so I asked Google for an answer and it appeared to have more results this time (two weeks ago, it had just two entries). That basically has concluded that this is a pretty new problem on Debian/Ubuntu.
Removing libcompress-raw-zlib-perl solved my problem, as suggested by nxadm. You may also want to try other options provided by other blog readers if you hit into similiar issue.
Good luck messing with Perl.
- yc
Saturday, June 7, 2008
PGP Signing and Encrypting Emails
In our company, we use PGP to sign or sometimes encrypt emails due to the agreement with customers who demand high security. However, as for my personal mails, I have never put PGP into the equation.
So I spent some time in the afternoon to set up PGP for my personal accounts (and got the chance to play around with revocation too). I got myself to set up Enigmail too, a Thunderbird extension to manage PGP keys and your mails with them. As a Linux user, I actually use GnuPG more (and it works, I'm not sure why uploading keys to MIT server failed a few times on my browser and Enigmail) and here are the commands to share, for GnuPG and support for OpenPGP:
Remember to protect these files, e.g. chmod 700 *.
I will be digitally signing my emails from now on anyway and whenever necessary encrypt them. Here is my public key for yuenchi.lian@gmail.com, which you can also find in the MIT key server:
I have a question, where would be the best place to store my private keys? I actually had them packed in a protected zip and sent over the wire to somewhere. The sites returned by Google suggest to do paper or disk backup.
Now if every one in this world uses PGP and applications are built with its support, will people still be the victims of phishing?
- yc
So I spent some time in the afternoon to set up PGP for my personal accounts (and got the chance to play around with revocation too). I got myself to set up Enigmail too, a Thunderbird extension to manage PGP keys and your mails with them. As a Linux user, I actually use GnuPG more (and it works, I'm not sure why uploading keys to MIT server failed a few times on my browser and Enigmail) and here are the commands to share, for GnuPG and support for OpenPGP:
gpg --gen-key
gpg --export yuenchi.lian@gmail.com > yuenchi.lian@gmail.com.public.gpg
gpg --export-secret-keys yuenchi.lian@gmail.com > yuenchi.lian@gmail.com.private.gpg
gpg --armor --export yuenchi.lian@gmail.com > yuenchi.lian@gmail.com.pub.pgp
gpg --armor --export-secret-keys yuenchi.lian@gmail.com > yuenchi.lian@gmail.com.sec.pgp
gpg --armor -a --export yuenchi.lian@gmail.com > yuenchi.lian@gmail.com.pub.pgp.asc
gpg --armor -a --export-secret-keys yuenchi.lian@gmail.com > yuenchi.lian@gmail.com.sec.pgp.asc
Remember to protect these files, e.g. chmod 700 *.
I will be digitally signing my emails from now on anyway and whenever necessary encrypt them. Here is my public key for yuenchi.lian@gmail.com, which you can also find in the MIT key server:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Key Server 0.9.6
Comment: PGP public key for yuenchi.lian@gmail.com
mQGiBEhKUl0RBAChtf+UhgLMq+yzN8J5rNQkl1T2fHBYeP7xELhqEw71bJ1mGx4i
jQ2Ih524rlDgUsSPoAcArVTrN4Tvg7pG8W8XWGJqOh1L62UBYJhwKEmMOC3iQgKx
Uk4N5Ldfum85yhRVZ+78LQuHJUR8OV4Oeg+ny/6d6fIfzru6jO4gBp/A7wCg0PNk
yFyg/slc9Apq4klDhWvXs2UD/3ycSGQvZvd0u+hBgrg3nC40YJ5qUB/fkUYbPS8J
WEi/kMfR9e9PLs3GTYssHFt7of6IgVgVBmJWeSSwT2ADIgs0EDfzIrmqiSL5DcXZ
kBHZsaBRm8Q/qa/Rip1cXZwNuYFn5dfYK+GLbOCHDJO5JIfmYrTpXb+QE19Qcrg4
AXtxBAChoTIAtAvG4thP4miKY5ohRLsLk3GPT7/NtzpplpbnWrA5m+KOypTGS3Cz
UuRTekbB1cwyM6eS+3uXmW2JSI2LqXcHCIcU6fXzUFwSAUqHlNC2GI7TnYyNNqdT
tw9/Zg1gApAumuGs8BmpDVOcki/9XdHZuBCGmwAFsGpU2SMQv7QmWXVlbi1DaGkg
TGlhbiA8eXVlbmNoaS5saWFuQGdtYWlsLmNvbT6IYAQTEQIAIAUCSEpSXQIbAwYL
CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEDonh/rtNGxvGeQAoMGSSIwcIt+wx2Oo
2wR63Lv/Ot2pAJ4l086fL64CqGVUz5AHwKfpbyHLCbkCDQRISlJhEAgAvTprlG2K
fSoiuRjLgS3wxXTxKcAm9sbMFAlsKd21lZyCSR6K8g1KYxqkBTIvygO8CSIt+mbU
uNLZh6GTlpLmCGKANPwmP6AwO1Q3LVvI17MvWF9UwJ5K6q2RY52PggM/50vYAGVp
Wold9Y9O6cfYWfpv47ShBh7J/FLvZ4u5yXkswnmDrjoS1XKJi06ExAySJ3aKFNF5
+xBjgyYb/iqVFSG8eJc3ESfzde95Yt7nDFHWEr97DGVYHSj6XFq3To0XpYNxYRQz
AxPmg49wnmkWIYSzxzcx4XjKj4DFalOm3EO4VAxqnfjUzhc5xdIjJ2SX6pAE2oiZ
UJM5Ly7X4DEG3wADBQgAl9GaoLhIaxJx8Mp3hxK4ZBLYzbYSXa+kQbi/stpBbfxJ
eaiRa0hS4rQ5BR2C9ADLNND6n1b0NEuaxu/MwjhBh1FPIh/WR8cJJVraaQulNaFt
lyvevQ3gj4Hfdjd+SLTZC4GPjsG4HN1ff8QGu6lPxck9VJJVV4fENxjQFTi4Hj1D
s+ATIGMy7jQ2/CsVpkfU3i/QICjegiiLzkTozHmzo6kNg3DDHscbyzDzgxMTRQtE
4GYffDRD8KeJjt3wcF8X5zXsOIcYbOqq19pi8XaP4fQXHIqVWbstfprTRqUiuDu4
RNVsg865jXIExBC9uo4zt2DS5/yflHNhLQyY+XH+f4hJBBgRAgAJBQJISlJhAhsM
AAoJEDonh/rtNGxvlhMAn05pvdyvCYA1bO3I8wzRBAo0WBmHAKCL9MWzFb+essGZ
zFm7O2D/hrNcnw==
=Ot82
-----END PGP PUBLIC KEY BLOCK-----
I have a question, where would be the best place to store my private keys? I actually had them packed in a protected zip and sent over the wire to somewhere. The sites returned by Google suggest to do paper or disk backup.
Now if every one in this world uses PGP and applications are built with its support, will people still be the victims of phishing?
- yc
Friday, June 6, 2008
Some Status Update
Haven't been blogging much as I have been busy with some stuff lately, although I have been heavily blogging in CustomWare's intranet, like one blog or two blogs per day. This is a quick blog to update you about what I'm up to these days.
We, the Malaysian Java User Group, just had a meeting two weeks back and we want to keep this momentum up. Naresh has volunteered himself to speak on Spring and what we have to do right now is to bake when and where it will be.
The Malaysian Flex User Group had a "write a review for Flex builder 3 and win a free license" event not too long ago. I got one. :) Here is the review.
yc
We, the Malaysian Java User Group, just had a meeting two weeks back and we want to keep this momentum up. Naresh has volunteered himself to speak on Spring and what we have to do right now is to bake when and where it will be.
The Malaysian Flex User Group had a "write a review for Flex builder 3 and win a free license" event not too long ago. I got one. :) Here is the review.
yc
Subscribe to:
Posts (Atom)