ChrisSchuld.com

Every once in a while I run across an SSL Cert with an included password. Although the security is great automating an environment or an Apache restart with required interaction is problematic.

Here is an example of the interaction with a password included SSL Cert:

[root@w2 conf.d]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd: Apache/2.2.8 mod_ssl/2.2.8 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.

Server chrisschuld.com:443 (RSA)
Enter pass phrase:

OK: Pass Phrase Dialog successful.

And here is how you remove the password:

[root@w2 conf]# openssl rsa -in chrisschuld.com.key -out chrisschuld.com.key.nopass

Today I had a new server running CentOS5 have trouble with a known good authorize.net library using curl.  It was producing the following error:

error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none

After some research I found it was based on the inability for the apache user to access the ca-bundle.crt file. You will find solutions on the web suggesting adding curl_setopt($link, CURLOPT_SSL_VERIFYPEER, FALSE); to your script to disable the peer verification — I suggest you not do this and simply fix the permissions for your CA file.

Execute this:

/bin/chmod 755 /etc/pki/tls/certs

Solved!

I always have to use the man page of find to remember this — hopefully writing it down will help.  Here is how you find all of the symbolic links in a linux path:

find / -type l

Today I ran across a project need for pdftk (AccessPDF) for CentOS5.  Adding pdftk to CentOS5 was more of struggle than I would have guessed because it was not available in most of the repos I normally use.  Google did not yield any pre-build RPM files for pdftk for CentOS5 so I built them for both 32bit and 64bit.

You can access it here pdftk-112-1i386.rpm (for CentOS5 32bit) and here pdftk-112-1×86_64.rpm (for CentOS5 64bit).

Here is how to do a search and replace using Perl regex over a set of files:

To play MP3 files in Fedora 8 with KDE you need to add software to your default installation. This software does not come “stock” with KDE because the software is not free and RedHat is required to filter it — therefore if you download this update make sure you check the licensing agreements:

1. First, add Livna sources using rpm

   rpm -ivh http://rpm.livna.org/livna-release-8.rpm

2. Next, Install kdemultimedia-extras-nonfree^** using yum

   yum install kdemultimedia-extras-nonfree

That is it, next launch Amarok as an example and hello MP3 music!

Q: Hey Chris, why does the kdemultimedia-extras package end in “-nonfree”
A: Good question, tough answer, the kdemultimedia-extras-nonfree package contains plug-ins which cannot be shipped by Red Hat / Fedora because the license is not LGPL. Please note the the license of the entire library is not LGPL! So of course you shouldn’t install it unless you pay the owners for licensing rights.

To play MP3 files in Fedora 8 you need to add software to your default installation:

1. First, add Livna sources using rpm

   rpm -ivh http://rpm.livna.org/livna-release-8.rpm

2. Next, Install Rhythmbox (assuming you are using Gnome) using yum

   yum install rhythmbox

3. Next, Install gstreamer-plugins-ugly^** using yum

   yum install gstreamer-plugins-ugly

That is it, next launch Rythmbox and hello music!


Q: Hey Chris, why does the gstreamer-plugins end in “-ugly”
A: Good question, tough answer, the GStreamer is a streaming media library which contains plug-ins which cannot be shipped in gstreamer-plugins-good because the license is not LGPL. Please note the the license of the entire library is not LGPL! So of course you shouldn’t install it unless you pay the owners for licensing rights.

I am in the process of building the ultimate ‘vi’ shortcut list:

• Remove Every Other Line:
  :g/.*/norm jdd

If while using ‘yum’ or ‘rpm’ you receive the following error:

rpmdb: Lock table is out of available locker entries

Your RPM dB files are screwed up… here is how you unscrew them!

Here is how you fix this error:

1. Make a backup of your current files
2. Remove the damaged files
3. Rebuild your RPM Berkley dB files
4. Use yum again

Here is the command walk through:

1. As root, execute this:
   

   cd /root; tar cvzf rpm-backup.tar.gz /var/lib/rpm

2. Remove the Berkeley dB files which yum and rpm use:
   

   rm /var/lib/rpm/__db.00*

3. Instruct rpm to rebuild the databases files:
   

   rpm --rebuilddb

4. Test your yum command again:
   

   yum install somepackage

If you ever have to set an environment variable you may run into the same reality I ran into.

A simple call to system using export (as you might do on the command line)…

system( "export MYVAR=somevalue" );

…does not work!

You have to use the Perl ENV hash variable:

$ENV{'MYVAR'} = "somevalue";

Changes to $ENV{’SOMEVAR’} will be available to the current process and children processes only. Thus, if you change an environment variable for an upcoming system() call the process started due to the system() call will see the environment variable change.

Here is an example:

.
.
.
$ENV{'http_proxy'} = "192.168.0.10";
system( "wget --tries=2 --timeout=8 $url" );
.
.
.