On Unix systems, is there a way to fake the perceived date and time of a child process?
I.e., imagine:
$ date
Fri Jun 28 10:50:35 CEST 2019
$ with_date 10/05/2019 date
Fri May 10 10:50:36 CEST 2019
How to implement the with_date command?
The typical use case would be the testing of date/time-related software, simulating various conditions.
There is the library libfaketime. It uses a library preload mechanism to intercept system calls of the to-be-run programs. A use-case (from the manual) is:
user#host> date
Tue Nov 23 12:01:05 CEST 2016
user#host> LD_PRELOAD=/usr/local/lib/libfaketime.so.1 FAKETIME="-15d" date
Mon Nov 8 12:01:12 CEST 2016
user#host> LD_PRELOAD=/usr/local/lib/libfaketime.so.1 FAKETIME="-15d"
FAKETIME_DONT_FAKE_MONOTONIC=1
java -version
java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14) Java HotSpot(TM)
64-Bit Server VM (build 25.111-b14, mixed mode)
Related
I was trying to connect to a .ovpn file using OpenVPN but when I try to connect it with this command:
sudo openvpn --config downloaded-client-config.ovpn
It failed with the following output:
Wed Jun 17 23:53:03 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan 9 2019
Wed Jun 17 23:53:03 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Jun 17 23:53:03 2020 Cipher algorithm 'AES-256-GCM' not found (OpenSSL)
Wed Jun 17 23:53:03 2020 Exiting due to fatal error
My OpenSSL version: OpenSSL 1.1.0h 27 Mar 2018
OpenVPN version: OpenVPN 2.3.10
Ubuntu Version: 16.04
Also, I ran this command as well to see the list of ciphers I have:
openvpn --show-ciphers
and AES-256-GCM was not present in that in that list.
How can I add it manually if it's possible?
PS: I am kind of a layman with respect to OpenVPN
This is an issue with the OpenVPN version. The AES-256-GCM cipher was added in version 2.4.
You can follow these steps to install OpenVPN 2.4 on Ubuntu 16.04 at which point the cipher should properly work. The suggestion in the comments to upgrade your OS entirely would also work, but is certainly not necessary!
I had a similar issue trying to connect a 2.3.2 client to a 2.4.4 server. I referred to this cipher negotiation reference and updated both server and client config to use cipher AES-256-CBC
When the 2.4 server is set to AES-256-CBC, the clients (also set to AES-256-CBC) negotiate the following ciphers:
2.5 - AES-256-GCM
2.4 - AES-256-GCM
2.3 - AES-256-CBC
2.2 - AES-256-CBC
I'm trying to use the gluon iOS-simulator on my Mac (Catalina 10.15.4), using the maven-client-plugin, but I can't get past the man client:compile stage. When I run that, I get the following error in the log file:
[Wed May 06 10:47:01 EDT 2020][INFO] ==================== COMPILE TASK ====================
[Wed May 06 10:47:01 EDT 2020][FINE] PB Command for check version: /Users/bobyetman/graalvm-svm-darwin-20.1.0-ea+26/bin/java -version
[Wed May 06 10:47:01 EDT 2020][FINE] Start process check version...
[Wed May 06 10:47:02 EDT 2020][FINE] [SUB] openjdk version "11.0.5" 2019-10-15
[Wed May 06 10:47:02 EDT 2020][FINE] [SUB] OpenJDK Runtime Environment (build 11.0.5+10-jvmci-19.3-b05-LTS)
[Wed May 06 10:47:02 EDT 2020][FINE] [SUB] OpenJDK 64-Bit Server VM GraalVM 20.1.0-dev (build 11.0.5+10-jvmci-19.3-b05-LTS, mixed mode, sharing)
[Wed May 06 10:47:02 EDT 2020][FINE] Result for check version: 0
[Wed May 06 10:47:02 EDT 2020][INFO] We will now compile your code for x86_64-apple-ios. This may take some time.
[Wed May 06 10:47:02 EDT 2020][FINE] Processing JavaStatic dependencies at /Users/bobyetman/.gluon/substrate/javaStaticSdk/15-ea+2/ios-x86_64/labs-staticjdk/lib/static
[Wed May 06 10:47:02 EDT 2020][FINE] Processing JavaFXStatic dependencies at /Users/bobyetman/.gluon/substrate/javafxStaticSdk/15-ea+gvm16/ios-x86_64/sdk/lib
[Wed May 06 10:47:02 EDT 2020][INFO] Downloading Java Static Libs...
[Wed May 06 10:47:02 EDT 2020][FINE] Processing zip file: url = https://download2.gluonhq.com/substrate/staticjdk/labs-staticjdk-ios-x86_64-gvm-15-ea+2.zip, zip = /Users/bobyetman/.gluon/substrate/labs-staticjdk-ios-x86_64-gvm-15-ea+2.zip, subDir = javaStaticSdk, levels = [15-ea+2, ios-x86_64], md5 = javaStaticSdk-ios-x86_64.md5
[Wed May 06 10:47:02 EDT 2020][SEVERE] Downloading failed: https://download2.gluonhq.com/substrate/staticjdk/labs-staticjdk-ios-x86_64-gvm-15-ea+2.zip
the pom is fairly plain:
<plugin>
<groupId>com.gluonhq</groupId>
<artifactId>client-maven-plugin</artifactId>
<version>0.1.21</version>
<configuration>
<target>ios-sim</target>
<mainClass>com.boby.ClosedKnightFX</mainClass>
<graalvmHome>/Users/bobyetman/graalvm-svm-darwin-20.1.0-ea+26</graalvmHome>
</configuration>
I've cut and pasted the URL to the zip file into my browser, and it says 'file not found'. If I take out the target, and I can run the app on my Mac, it builds, links, and runs.
Suggestions?
I'm trying to use Radicale via uWSGI and Apache.
After some struggle, I managed to use WSGI for radicale on Apache but I would like to offload the authentication to Apache.
So I created the apache conf as
<VirtualHost *:80>
ServerAdmin xxx#gmail.com
ServerName radicale.domain.com
ProxyPass / uwsgi://127.0.0.1:5232/
<Directory "/etc/radicale">
AllowOverride None
Require all granted
</Directory>
TransferLog /var/log/apache2/radicale_access.log
ErrorLog /var/log/apache2/radicale_error.log
</VirtualHost>
My uwsgi app is
[uwsgi]
http-socket = 127.0.0.1:5232
processes = 2
plugin = python3
#module = radicale
wsgi-file=/etc/radicale/radicale.wsgi
env = RADICALE_CONFIG=/etc/radicale/config
When I call http://radicale.domain.com, I get a generic 500 error but I can't see any errors in the apache error log or the uswgi log.
The uwsgi log shows (in verbose)
Thu May 7 17:40:39 2020 - *** Starting uWSGI 2.0.14-debian (64bit) on [Thu May 7 17:40:39 2020] ***
Thu May 7 17:40:39 2020 - compiled with version: 6.3.0 20170516 on 17 March 2018 15:41:47
Thu May 7 17:40:39 2020 - os: Linux-2.6.32-042stab128.2 #1 SMP Thu Mar 22 10:58:36 MSK 2018
Thu May 7 17:40:39 2020 - nodename: xxx
Thu May 7 17:40:39 2020 - machine: x86_64
Thu May 7 17:40:39 2020 - clock source: unix
Thu May 7 17:40:39 2020 - pcre jit disabled
Thu May 7 17:40:39 2020 - detected number of CPU cores: 8
Thu May 7 17:40:39 2020 - current working directory: /
Thu May 7 17:40:39 2020 - writing pidfile to /run/uwsgi/app/radicale/pid
Thu May 7 17:40:39 2020 - detected binary path: /usr/bin/uwsgi-core
Thu May 7 17:40:39 2020 - setgid() to 33
Thu May 7 17:40:39 2020 - set additional group 125 (redis)
Thu May 7 17:40:39 2020 - set additional group 5003 (ispapps)
Thu May 7 17:40:39 2020 - set additional group 5004 (ispconfig)
Thu May 7 17:40:39 2020 - setuid() to 33
Thu May 7 17:40:39 2020 - your processes number limit is 256137
Thu May 7 17:40:39 2020 - your memory page size is 4096 bytes
Thu May 7 17:40:39 2020 - detected max file descriptor number: 131072
Thu May 7 17:40:39 2020 - lock engine: pthread robust mutexes
Thu May 7 17:40:39 2020 - thunder lock: disabled (you can enable it with --thunder-lock)
Thu May 7 17:40:39 2020 - uwsgi socket 0 bound to UNIX address /run/uwsgi/app/radicale/socket fd 3
Thu May 7 17:40:39 2020 - uwsgi socket 1 bound to TCP address 127.0.0.1:5232 fd 5
Thu May 7 17:40:39 2020 - Python version: 3.5.3 (default, Sep 27 2018, 17:25:39) [GCC 6.3.0 20170516]
Thu May 7 17:40:39 2020 - *** Python threads support is disabled. You can enable it with --enable-threads ***
Thu May 7 17:40:39 2020 - Python main interpreter initialized at 0x7fc12c963dd0
Thu May 7 17:40:39 2020 - your server socket listen backlog is limited to 100 connections
Thu May 7 17:40:39 2020 - your mercy for graceful operations on workers is 60 seconds
Thu May 7 17:40:39 2020 - mapped 218304 bytes (213 KB) for 2 cores
Thu May 7 17:40:39 2020 - *** Operational MODE: preforking ***
Thu May 7 17:40:39 2020 - WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0x7fc12c963dd0 pid: 23261 (defau
lt app)
Thu May 7 17:40:39 2020 - *** uWSGI is running in multiple interpreter mode ***
Thu May 7 17:40:39 2020 - spawned uWSGI master process (pid: 23261)
Thu May 7 17:40:39 2020 - spawned uWSGI worker 1 (pid: 23267, cores: 1)
Thu May 7 17:40:39 2020 - spawned uWSGI worker 2 (pid: 23268, cores: 1)
How can I debug uwsgi? How can I see why Apache returns the 500 error? Have I done anything wrong with the conf - I find the docs not very useful when it comes to error debugging or understanding how to define modules
Okay, after a week of contemplating, debugging and some swearing, I saw my quite stupid mistake :(
I configured a HTTP socket in UWSGI
http-socket = 127.0.0.1:5232
but specified the uwsgi protocol in Apache ...
ProxyPass / uwsgi://127.0.0.1:5232/
I have both php7.0 and php7.1 installed on Ubuntu.
Both CLI and Apache are switched to use 7.1
php -v
PHP 7.1.14-1+ubuntu16.04.1+deb.sury.org+1 (cli) (built: Feb 9 2018
09:33:27) ( NTS )
but the built-in http server of Symfony still uses 7.0
PHP Version 7.0.27-1+ubuntu16.04.1+deb.sury.org+1
System Linux spring.home.lan 4.4.0-112-generic #135-Ubuntu SMP Fri
Jan 19 11:48:36 UTC 2018 x86_64
Build Date Jan 5 2018 14:12:46
Server API Built-in HTTP server
Any suggestions what is wrong?
This is new domain for me so not entirely sure how to interpret the available information.
Research yields the following relevant posts:
Version 1.50 + WebStart: signature not verified
java SSL and cert keystore
However, still not sure if this is noise or if I am lacking configuration in my JVM or JDK environment.
Do I conclude that these files are valid and safe to use?
What do I need to do to eliminate the warning messages?
My question is how do I interpret the following messages that are generated by this command:
jarsigner -verify -verbose -certs bcmail-jdk15on-157.jar
Generates the following output:
s 11224 Thu May 11 17:31:18 EDT 2017 META-INF/MANIFEST.MF
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
[certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
[certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
[entry was signed on 5/11/17 3:31 AM]
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
8546 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.SF
2221 Thu May 11 17:31:20 EDT 2017 META-INF/BC1024KE.DSA
8546 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.SF
6365 Thu May 11 17:31:18 EDT 2017 META-INF/BC2048KE.DSA
0 Thu May 11 17:30:54 EDT 2017 org/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/examples/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/handlers/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/util/
0 Thu May 11 17:30:54 EDT 2017 org/bouncycastle/mail/smime/validator/
sm 715 Thu May 11 17:27:56 EDT 2017 org/bouncycastle/mail/smime/CMSProcessableBodyPart.class
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Sun Microsystems Inc
[certificate is valid from 3/10/17 8:15 PM to 4/25/20 3:00 AM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
[certificate is valid from 4/25/01 3:00 AM to 4/25/20 3:00 AM]
[CertPath not validated: Path does not chain with any of the trust anchors]
[entry was signed on 5/11/17 3:31 AM]
X.509, CN=Legion of the Bouncy Castle Inc., OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 3/10/17 8:07 PM to 3/10/22 8:07 PM]
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation
[certificate is valid from 7/6/16 7:48 PM to 12/30/30 7:00 PM]
[CertPath not validated: Path does not chain with any of the trust anchors]
.
.
.
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
Warning:
This jar contains entries whose certificate chain is not validated.
This jar contains signatures that does not include a timestamp. Without a timestamp, users may not be able to validate this jar after the signer certificate's expiration date (2020-04-25) or after any future revocation date.
BouncyCastle signs the JAR only with their special code signing certificate for security providers. This is necessary in order to use the JAR as security provider in Java. BouncyCastle doesn't sign the JAR for using e.g. in applets or WebStart. If you need to use it e.g. in applets or WebStart, you need to sign the JAR additionally with your public certificate.