Categories
Coding Unix

Perl – SSL connection error: Validation of SSL server certificate failed

I have a VM running Rocky Linux release 8.7 (Green Obsidian) and have some Perl programs that use DBI/DBD for mysql connections to a Google Cloud database that requires a SSL connection.

All the parameters (i.e., ssl cert/key/server-ca) work fine when running the mysql command line to connect to the database. However, when running the Perl programs, they fail with that error.

So it is NOT a bad certificate on the server side (at least in my case), but instead something with the Perl libraries.

Some resources talk about how mariadb is the culprit, but I was running mysql-community server and still had an issue, and I even downgraded MySQL to 5.7 from 8.0 with no luck. It turns out however that when I installed Perl libraries for perl-DBD-MySQL and perl-DBI those did a dependency install of a mariadb connector!

So basically I removed all mariadb packages, and then made sure we had the packages for:

  • mysql-community-common
  • mysql-community-devel
  • mysql-community-libs

And then used CPAN to install the DBI and DBD::mysql packages

Then things worked! So the key I believe is to not use the yum/dnf versions for DBI/DBD that tie to mariadb, and instead install those via CPAN.

Hope this helps someone out there, because I really went through a lot of attempts on this to get it going.

Categories
Unix Windows

Powershell in Linux

If you are having to work with a Microsoft email server but typically use a Linux box for your daily work, being able to use Powershell to access it can be handy!

The page that MSFT provides to show how to install is at: https://docs.microsoft.com/en-us/powershell/scripting/install/install-fedora?view=powershell-7.2

Now one note is that version 7.2 can have trouble with some versions of Linux, and this page could be helpful to explain that: https://issueexplorer.com/issue/PowerShell/PowerShell/16382

The error that I got when using v7.2 was: “New-PSSession: This parameter set requires WSMan, and no supported WSMan client library was found. WSMan is either not installed or unavailable for this system.”

The solution is to downgrade, this worked for me:

yum –showduplicates list available powershell

yum “downgrade” powershell-7.1.5-1.rhel.7

Categories
Unix

KDE Screen Edge Gestures

I’ve been working on a new Fedora32 install these past few weeks for my personal desktop, and so far it has been great! Faster, more memory, nicer dual monitors and 20 virtual desktops!

But it seems whenever I do a yum/dnf update to get a new kernel and keep packages updated, SOMETHING always goes amiss! That latest mystery was my KDE Desktop effects stopped working, specifically the one where you move your mouse to the upper-left corner and you get to see every window across all the desktops. Since I literally will have 100 windows total across all my virtual desktops, this feature has been pretty helpful!

My clue was in /var/log/messages, “kwin_core: Compositing is not possible”

The solution is to edit ~/.config/kwinrc and update this variable to be “false”:

[Compositing]
OpenGLIsUnsafe=false

And that did the trick for me, hope this helps.

Categories
Unix

Prevent GPG Popups

So I just installed a fresh install of Fedora 32 w/ KDE and when I go to decrypt a GPG (PGP) file from a shell window, a GUI popup asks for the password. Now in the past, this would be inline so I would get the prompt in the shell.

But now with the popup, my mouse pointer would almost be never near it, and since I had strict focus under mouse, I would constantly have to move my mouse to the popup window!

Anyway, I found a number of ways to fix this out there, but here are the steps that worked for me:

Edit ~/.gnupg/gpg-agent.conf and add:

pinentry-program /usr/bin/pinentry-curses

And then add this to your environment variables (i.e., .bashrc, .profile, etc):

PINENTRY_USER_DATA “USE_CURSES=1”

And then you can restart the gpg agent via:

pkill -HUP gpg-agent

Categories
Coding Unix

Stopping vim8 from auto inserting on paste

After updating my linux system I found that when I went to do a mouse-paste in VIM that instead of just interpreting the characters, it went right into insert mode. This is a problem when I want to paste in a bunch of vim commands, which can be helpful if you need to re-do a series of actions multiple times.

It turns out the fix has to do with “xterm-bracketed-paste” and I had to put this in the .vimrc:

set t_BE=

I hope this helps someone who got surprised by vim version 8 functionality!

 

Categories
Hardware Unix

Recovery LVM Data from RAID

We had a client that had an OLD fileserver box, a Thecus N4100PRO. It was completely dust-ridden and the power supply had burned out.

Since these drives were in a RAID configuration, you could not hook any one of them up to a windows box, or a linux box to see the data. You have to hook them all up to a box and reassemble the RAID.

We took out the drives (3 of them) and then used an external SATA to USB box to connect them to a Linux server running CentOS. You can use parted to see what drives are now being seen by your linux system:

parted -l | grep ‘raid\|sd’

Then using that output, we assembled the drives into a software array:

mdadm -A /dev/md0 /dev/sdb2 /dev/sdc2 /dev/sdd2

If we tried to only use two of those drives, it would give an error, since these were all in a linear RAID in the Thecus box.

If the last command went well, you can see the built array like so:

root% cat /proc/mdstat
Personalities : [linear]
md0 : active linear sdd2[0] sdb2[2] sdc2[1]
1459012480 blocks super 1.0 128k rounding

Note the personality shows the RAID type, in our case it was linear, which is probably the worst RAID since if any one drive fails, your data is lost. So good thing these drives outlasted the power supply! Now we find the physical volume:

pvdisplay /dev/md0

Gives us:

— Physical volume —
PV Name /dev/md0
VG Name vg0
PV Size 1.36 TB / not usable 704.00 KB
Allocatable yes
PE Size (KByte) 2048
Total PE 712408
Free PE 236760
Allocated PE 475648
PV UUID iqwRGX-zJ23-LX7q-hIZR-hO2y-oyZE-tD38A3

Then we find the logical volume:

lvdisplay /dev/vg0

Gives us:

— Logical volume —
LV Name /dev/vg0/syslv
VG Name vg0
LV UUID UtrwkM-z0lw-6fb3-TlW4-IpkT-YcdN-NY1orZ
LV Write Access read/write
LV Status NOT available
LV Size 1.00 GB
Current LE 512
Segments 1
Allocation inherit
Read ahead sectors 16384

— Logical volume —
LV Name /dev/vg0/lv0
VG Name vg0
LV UUID 0qsIdY-i2cA-SAHs-O1qt-FFSr-VuWO-xuh41q
LV Write Access read/write
LV Status NOT available
LV Size 928.00 GB
Current LE 475136
Segments 1
Allocation inherit
Read ahead sectors 16384

We want to focus on the lv0 volume. You cannot mount yet, until you are able to lvscan them.

lvscan

Show us things are inactive currently:

inactive ‘/dev/vg0/syslv’ [1.00 GB] inherit
inactive ‘/dev/vg0/lv0’ [928.00 GB] inherit

So we set them active with:

vgchange vg0 -a y

And doing lvscan again shows:

ACTIVE ‘/dev/vg0/syslv’ [1.00 GB] inherit
ACTIVE ‘/dev/vg0/lv0’ [928.00 GB] inherit

Now we can mount with:

mount /dev/vg0/lv0 /mnt

And viola! We have our data up and accessable in /mnt to recover! Of course your setup is most likely going to look different from what I have shown you above, but hopefully this gives some helpful information for you to recover your own data.

Categories
Coding Unix

SFTP in Perl Connecting to Legacy Server

We had a client that had a need to do automated SFTPs to various sites. It turns out that some of the sites had an older SSHD that would generate an error like “DH Group Exchange reply out of range”, and that required this parameter if you were using SFTP from the command line:

-oKexAlgorithms=diffie-hellman-group1-sha1

Now in Perl we were using Net::SFTP and it took some finagling (yes, that’s really a word) to figure out the proper settings, so here they were in case you were having trouble. And we had to add the warn flag otherwise we would get this warning:

Couldn’t fsetstat: Permission denied

Another oddity was that when we were putting files, the SFTP server allowed multiple files with the same name! Very odd, so we had to make sure to add a $sftp->do_remove command prior to the put command.

Here is what we used for the function call:

%sftp_args =
( “user” => “myuser”,
“password” => “mypass”,
“debug” => 0,
“warn” => 0,
“ssh_args” => [ options => [ “KexAlgorithms diffie-hellman-group1-sha1” ] ]
);

$sftp = Net::SFTP->new($sftp_host,%sftp_args);

Categories
Unix

Adding Skype to Pidgin

I’m running Fedora Linux using KDE and like using the IM client Pidgin to handle gmail/yahoo im services. But I just recently added Skype which is nice… I did get an error message from Pidgin at first, “Failed getting PIE value” which was due to the skype client plugin being too old in my yum installation. So, I installed by source as follows and everything worked great!

git clone git://github.com/EionRobb/skype4pidgin.git
cd skype4pidgin/skypeweb
make
sudo make install

 

Categories
Unix

Postfix shows Connection Timed Out but direct telnet works

I ran into an interesting problem the other day when a client’s mail server was failing to send email. If you viewed the mail queue you would see a lot of “Connection timed out” errors.

Now one way to test this is to manually telnet to port 25 of the server you are emailing to, and walk through the handshaking manually. This in fact worked in this case! So why wouldn’t Postfix work?

The one thing that comes to mind is the ISP is not allowing port 25 outgoing, or in general it is a firewall issue. But as I said, I could use telnet just fine.

I found that the server had multiple IP addresses configured, and indeed it was a firewall issue, BUT only on some of the IPs! You can configure Postfix to use certain IPs outbound under certain scenarios, which was exactly the problem. After editing “/etc/postfix/master.cf” and reviewing the lines with “smtp_bind_address”, once I updated those address settings to be the main server IP that was allowed outbound, then everything worked.

Categories
Coding Unix

Installing Node.js4 in Centos7 with Yum

A quick summary that may help people who are installing AngularJS v2 and need to make sure they have the latest stuff.

First off, CentOS does not use a recent version of Node,js or NPM due to, well, lots of reasons! In fact the version the repo has for Nodejs is ZERO and it is already up to 4, 5 and 6. So that’s pretty damn old. When I’m in the software store and the guy asks “hey, do you want version 6 of that software?”, I rarely find myself saying, “Nah, please hit me with version zero.” What software store do I speak of? Well, this one of course!

All your software needs conveniently located at the shopping mall

Anyway, here is what you do to get the version 4 for nodejs etc:

curl –silent –location https://rpm.nodesource.com/setup_4.x | bash –

yum install -y nodejs