I played around with Mandos to automatically open an encrypted root device. I wanted to setup an encrypted btrfs raid 1 (sda1 and sdb1: LUKS). The first device is decrypted correctlly, but the second will noch be opened. Is there a way to do this?
As of Debian Stretch, it just works (tm). Both devices should be listed in /etc/crypttab and the btrfs raid1 should be setup. Then install mandos. Confirmed working on Debian Stretch 9.5.
The solution is relative simple:
Instead of adding your disks to /etc/crypttab, add them directly to /etc/initramfs-tools/conf.d/cryptroot and don't forget the keyscript part (keyscript=/lib/mandos/plugin-runner).
/etc/initramfs-tools/conf.d/cryptroot:
target=sda2_crypt,source=UUID=0f47884b-fb02-478e-b4dd-c594cf1cbbf1,key=none,rootdev,discard,keyscript=/lib/mandos/plugin-runner
target=sdb2_crypt,source=UUID=65f16e28-5b74-4b1f-9f81-01729244ac2c,key=none,rootdev,discard,keyscript=/lib/mandos/plugin-runner
To be sure the complete cryptsetup stack is compiled correctly into the initramfs, add a dummy device to /etc/crypttab. Take care to add noauto, otherwise it will try to unlock the device on startup and will fail.
/etc/crypttab:
dummy_device UUID=087963da-63bb-439b-bb5a-15e712d02a29 none noauto,luks,discard
I would suggest that you on the root file system (I would suggest in /etc/keys) have a file containing the password to any other disks, and enter that file name in the third field in /etc/crypttab.
Related
I am using the commandline app xmlsec to encrypt and decrypt files. I got an XML File with a node at 40 MB of size.
I already found out i need to set
LIBXML_PARSEHUGE
to parse nodes bigger than 10 MB
Does anyone know how to enable this?
I searched the source code of xmlsec for the Parser init, but couldn't find a way to integrate the option
Do i have to set this inside the source and recompile it? When so, do i have to recompile libxml or xmlsec?
Ok, so i found the solution and post it here just in case anyone needs this sometime
In
src/Parser.c
xmlDocPtr xmlSecParseFile(const char *filename){}
Contains this
/* enable parsing of XML documents with large text nodes */
xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE);
Orinigally, the second line is commented out. You have to uncomment it and recompile the tool
You can also activate the parameter via the simplexml_load_string function itself:
simplexml_load_string($xmlString,'SimpleXMLElement', LIBXML_PARSEHUGE);
in prokb,its mentioned
In 10.0B02 and above, the client session startup parameter -noincrwarn was reintroduced
to allow the selective suppression of the above four warning messages ONLY. Since the
execution of the 4GL statement: SESSION:SUPPRESS-WARNINGS = YES. suppresses ALL warning
messages during the session.
Where and how could i set i this startup parameter -noincrwarn to suppress this warning
message?
"SESSION:SUPPRESS-WARNINGS = YES." doesn't do much of anything useful. Or at least it didn't the last time I tested it.
The -mmax warning is harmless. It is a "soft" limit that is dynamically allocated and expanded as needed. You can ignore it. Or if the .lg file entries really bother you, you can simply increase it to a reasonable value. I routinely set it to 8192 for character sessions, 32768 for Windows. The default, as JensD says, is ludicrously low.
Startup parameters, such as -noincwarn, can set in a number of ways:
1) Via the command line. If your application starts via a script it will eventually invoke progress via "pro", "mpro", progress, prowin32, proapsv or some other executable (you can potentially link your own objects and create custom executables...) The command line that invokes Progress will have a number of parameters. You could add it there. Windows example:
#echo off
set DLC=\Progress\OpenEdge
%DLC%\bin\prowin32 -db mydb -p start.p -noincwarn
(On windows it is also common for the shortcut properties to have the command line listed.)
2) In a "pf" file. "PF" files are parameter files. They contain a list of parameters in a text file. This makes it easy to share and manage parameters between many scripts. To use a parameter file you need at least one -pf filename.pf parameter. Unix example:
#!/bin/sh
DLC=/usr/dlc
export DLC
${DLC}/bin/_progres -db mydb -pf mypf.pf
Where "mypf.pf" might contain:
# mypf.pf
-p start.p
-noincwarn
There is a global .pf file in the Progress install directory called startup.pf. You could also add it to that.
3) In an "ini file". Sort of like the pf file but more complicated. Indicated by the -ininame startup parameter. Can also be influenced by registry keys.
Why not removing or trying another value for -mmax? If you're moving from an old version of Progress it might be that -mmax is set very low.
The Maximum Memory (-mmax) client session parameter specifies the maximum amount of memory allocated for r-code segments, in kilobytes.
Source: http://knowledgebase.progress.com/articles/Article/P11351?popup=true
Large memory consumption might depend on complicated business logic (things like very large and or deeply nested procedures) so you might consider looking into that.
However a much easier fix would be to increase the value. Default is 3096, meaning each client "only" gets 3 Mb for this. Not a very large amount with today's standards.
If you really only want to suppress the message. Set -noincrwarn in your client side startup script (or corresponding .pf-file/startup.pf).
Hosting a WPF element (windows Presentation Foundation) in an OpenEdge application can cause application to crash if any message cover the window. It is also the case of this message.
In order to suppress any messages including message 5409 ()
According to article "HOW TO SUPPRESS WARNING MESSAGES (5407),(5408),(5409),(5410) FROM DISPLAYING ON CLIENT SCREENS."
I used with expected results SESSION:SUPPRESS-WARNINGS = YES. As the first line in the starting procedure of the aplication.
Using -noincrwarn as the session startup parameter had no effect in Open Edge 11.4
Supress openedge messages:
http://knowledgebase.progress.com/articles/Article/P79795?popup=true
.NET related error for OpenEdge-WPF hibrid application "Invisible or disabled control cannot be activated"
https://social.msdn.microsoft.com/Forums/windows/en-US/e8cf6431-2a59-4335-8b36-fc8f35083823/invisible-or-disabled-control-cannot-be-activated?forum=winforms
I have been using pyudev to look for bluetooth devices and then used the "features" attribute to determine if the device has LE support. However, just recently in the latest version of Ubuntu, udev no longer reports anything for "features".
Here's what details I do get:
$ udevadm info --attribute-walk /sys/class/bluetooth/hci0
looking at device '/devices/pci0000:00/0000:00:1a.0/usb1/1-1/1-1.4/1-1.4:1.0/bluetooth/hci0':
KERNEL=="hci0"
SUBSYSTEM=="bluetooth"
DRIVER==""
ATTR{name}=="ubuntu-0"
ATTR{type}=="BR/EDR"
ATTR{address}=="08:3e:8e:xx:xx:xx"
And then on another device that is continuing to work as I expected I get:
$ udevadm info --attribute-walk /sys/class/bluetooth/hci0
looking at device '/devices/platform/sw-ohci.1/usb3/3-1/3-1:1.0/bluetooth/hci0':
KERNEL=="hci0"
SUBSYSTEM=="bluetooth"
DRIVER==""
ATTR{bus}=="USB"
ATTR{sniff_min_interval}=="80"
ATTR{name}=="linaro-nano-0"
ATTR{type}=="BR/EDR"
ATTR{hci_version}=="6"
ATTR{class}=="0x000000"
ATTR{idle_timeout}=="0"
ATTR{address}=="00:02:72:xx:xx:xx"
ATTR{features}=="0xbffecffedbff7b87"
ATTR{sniff_max_interval}=="800"
ATTR{manufacturer}=="15"
ATTR{hci_revision}=="4096"
Is there some sort of configuration change somewhere that causes the difference in responses?
EDIT
I've found that most of those missing values are now in /sys/kernel/debug/bluetooth/hci0/ but I have no idea why that's so. However the format of the features file is different. Is this controlled by a configuration file, compiler options, or something else?
I think changes have been made in the kernel code to use debugfs instead of sysfs for several bits of information. So, I'll just have to rethink how I get that information now.
I am writing a script which touches a file and afterwards modifies the access control list the way that one particular user (say peter) shall have full permissions to that file. Therefore I must add peter and a mask as well, if there was no one before.
For example
# file: newfile
# owner: hans
# group: hansgroup
user::rwx
user:peter:rwxc
group::r-x
mask::rwx
other::r--
The mask must give full permissions as well, otherwise peter's entry would be masked.
So, what if there is already a mask entry because there are other special user or group entries (which could come from a default ACL for the directory) - can I just change the mask to rwx in order to enable full permissions for my new peter entry? I am sure I would - in some cases - change the effective permissions of some other special entries if I extend the mask?
If no, don't I need to worry about the extension of the mask? Isn't that a problem?
If yes, I see a dilemma in it. What could I do?
I am familiar with this documentation of acls: http://www.suse.de/~agruen/acl/linux-acls/linux-acls-final.pdf
Hey i am in atrouble please help me out.i want to download file from other website to on my location and i used code below
Dim wc As New System.Net.WebClient
wc.DownloadFile(pathUrl, fileName)
PathUrl,fileName both are correct m 100% sure.
after execution of these 2 line my browser progress-bar goes in to wait state like something is retrieving.but file not download any where.what should i do next?
Not enough rep to leave a comment so:
#AZHAR, the file save location is the second parameter. In your example it is fileName, in NiL's example it is "uploads/myPath.doc"
If you use wc.DownloadFileAsync, make sure to include an AsyncCompletedEventHandler so you know when it's done.
I'm not sure about the correctness of what you did, relatively to your goal (I don't mean the code is incorrect, as it is syntactically correct otherwise it won't compile).
If you want to retrieve a file from a remote location and save it to your local machine, this is surely the worst way!!!!
If, instead, you want to download the file onto your server, then your problem is patience :)
I mean, the DownloadFile method is blocking and can take even hours if you are trying to download something a bluray ripped film or a Linux ISO, no matter how fast is your server.
You could think about using an asynchronous job in this case...
The code you wrote did download the file, I tested it and it surely download it
the usage of the DownloadFunction is as follows:
wc.DownloadFile("http://www.domaine.com/uploads/file.doc", "uploads/myPath.doc");
If you are trying to download a big file you can use :
wc.DownloadFileAsync
and it is the same