MuJS is a Javascript interpreter, which doesn't exist in the list of packages for Alpine linux (latest release 3.14 as of now). However, when one installs an OpenJDK11 package on Alpine, as shown below, it does seem to get picked up by security scanning tools:
apk add openjdk11-jre
Where can I find the list of all Linux components that get bundled/ installed along with the installation of OpenJDK11?
Where can I find the list of all Linux components that get bundled/ installed along with the installation of OpenJDK11?
For the list of dependent packages that are installed along with openjdk11-jre, you can refer to the package page. You could also see them when installing the package with apk.
To get the list of installed java modules, run: java --list-modules.
To get the complete list of files that are installed with this package and its dependent packages, you could dump the list of all files of the container:
sudo docker export <container-id> | tar tfv - > out.txt
Then, do the same for the vanilla Alpine 3.14 image, and compare the outputs. You can see the diff here.
However, when one installs an OpenJDK11 package on Alpine, as shown below, it does seem to get picked up by security scanning tools.
This is most likely a false positive, based on available evidence:
As you've noted, there's no MuJS dependency listed, and no MuJS package is available in the Alpine repositories (package name search, content search)
None of the MuJS files could be found on the container: mujs executable, libmujs.a, libmujs.so or any of the source files
In theory, if part of the OpenJDK distribution, MuJS could be statically linked into one of the libraries and executables. So just in case, I searched the OpenJDK 11 github mirror for mujs, which gave 0 results
Similar issue was previously posted on the OpenJDK mailing list, but not answered:
https://mail.openjdk.java.net/pipermail/discuss/2019-June/005069.html
My suggestion is to contact the security scan tool vendor and report this issue as a potential false positive.
Related
This question is somewhat similar to the one here, but I cannot make it work.
So suppose that I have a set of packages (say 2) to install and I want to use pipenv. If I do pipenv install on the directory with a suitable Pipfile the installation fails because there is some metadata issue when installing one of the libraries (say libX) contained in install_requirements of one of the packages. It seems that the problem can be fixed by downgrading the version of setuptools to <=58.0.0.
OK. Now, if I first install that version of setuptools<=58.0.0 in the venv and then install my packages, everything works fine. The issue is that the Pipenvfile does not respect the order when installing, so something like
[packages]
setuptools = "<=58.0.0"
pckg1 = {<github path 1>}
pckg2 = {<github path 2>}
is not ensured to work. Also, by default the seed packages added to the venv include setuptools==65.6.3.
So the idea is to be able to restrict the version of setuptools that is used to check the metadata of the libraries in libX, to mimic the above scenario in which setuptools was installed first. Is there a way to do that?
I have tried placing setuptools<=58.0.0 at the top of the requirements.txt that defines the install_requirements of the problematic package, but it does not work.
If have also tried to fix or restrict the version of libX contained in that requirements.txt file but, surprisingly, pipenvdoes not seem to care: a verbose install shows that it keeps downgrading libX well below the restriction - "using cached libX-vX.X.X"- until it uses a version for which the metadata generation fails (why on earth does it do that, even if I call it with pipenv --clear install?).
I am a bit lost about what could be the best solution here. Any help would be very appreciated.
Question:
Is there a way to install a downloaded NBM (Netbeans Module) into an already installed Netbeans IDE via CLI?
Current setup
Netbeans 12.3 with Windows 10
Netbeans 12.3 with Linux Mint 20.1
Relevant scenario
If the question comes to your mind 'why aren't you just using the GUI?' or anything like that. Think of the following scenario. When working on an air gapped network with 50 computers you're the one having to install Netbeans plugins on all of that PCs. You're able to put files on those PCs and execute a command via console and you don't want to run around all the buildings and clicking through the process.
Thank you very much in advance.
I think I found a solution. I'll post it here to reflect my research because I've never found a answer on stackoverflow.
When Netbeans is already installed you can use the --help parameter like:
C:\Program Files\NetBeans\netbeans\bin\netbeans64.exe --help
This lists lot of available parameters (which I haven't found a list of on the web) like (shortened):
General options:
--help show this help
--jdkhome <path> path to JDK
--console new open new console for output
Module reload options:
--reload /path/to/module.jar install or reinstall a module JAR file
Additional module options:
--modules
--refresh Refresh all catalogs
--list Prints the list of all modules, their versions and enablement status
--install <arg1>...<argN> Installs provided JAR files as modules
--disable <arg1>...<argN> Disable modules for specified codebase names
--enable <arg1>...<argN> Enable modules for specified codebase names
--update <arg1>...<argN> Updates all or specified modules
--update-all Updates all modules
Core options:
--fontsize <size> set the base font size of the user interface, in points
--userdir <path> use specified directory to store user settings
--nosplash do not show the splash screen
In my case the solution was to use the --install parameter pointing to the jar file to install.Be aware that the NBM files are just containers containing the jar file and some more meta data files like config xml files. You're able to open it via 7zip for example. And you'll have to take care of all the dependencies yourself.
Is there a way to install multiple versions of the same package in CentOS/RHEL (7/8) if the package installs separate files in each version?
We have an application we've recently converted to using RPM instead of a home-built package manager based on tar. In order to make atomic-like switches between versions, each version installed in separate directories with the version number in the name, and a symlink with the unversioned name pointed to the current, or previous, version at any given moment in time. The application, of course, used the unversioned name to get init script, configuration files, interpreter version and code. I'm thinking that the alternatives package would be the basis for this, although we wouldn't use the alternatives command to manage symlinks (although there's no technical reason not to).
Not exactly as you describe.
Some packages allow this (Kernel and Kernel-devel being two of them) but i beilieve this is an exception added within the package manager.
Certain Applications like PHP and Python which is perfectly acceptable to have multiple version (Python2.X and 3.X) do this by changing the base name of the application/rpm.
Take a look at: https://rpm.org/user_doc/multiple_versions.html
It gives a good insight on how to achieve what you want
I'm trying to uninstall the current version of Eclipse IDE in my RHEL machine by simply deleting all the files like:
sudo rm -rf ~/.eclipse
sudo rm -rf ~/eclipse-workspace
I also tried
sudo yum remove 'eclipse*'
However, these didn't seem to solve the purpose.
Any help will be appreciated, thanks!
Applications on Linux systems are most often installed using so-called packages, which are managed by a package management system. In the case of RHEL, packages use the RPM format, and the package manager of choice is a tool called yum.
Both installation and removal of software (packages) should be done using yum, so as to allow the package management system keep track of all installed files and current status. Therefore, you shouldn't try to remove software by simply deleting files from the file system. Instead, use the yum command. See the RHEL System Admin Guide for a detailed explanation of how to use yum to search, install, upgrade, and remove packages: Working with Packages.
You have tried the correct command (yum remove <package-name>), but you need to use the correct package name. On RHEL 7.4, the latest version of Eclipse is available as a part of the DevTools channel, and the package name is rh-eclipse47 (see Enabling the Red Hat Developer Tools Repositories). Note that you may have also installed an older version, which would be, for example, rh-eclipse46.
To find out what is the name of the package you have installed, you can run, for example, the following command:
yum list installed | grep eclipse
There is also the possibility that you installed the software not from an RPM package but manually, e.g. from a .tar.gz file distrubuted from eclipse.org. If that's the case, you will need to use the uninstaller program supplied with that distribution of the software.
Write command as:
rpm -qa|grep eclipse
This will give a list of installed packages. Remove all the packages by giving below command:
rpm -e *package-name*
Done!!!
I need to install SUMO 0.30.0 to be used with the VEINS_INET subproject in veins 4.6. I have tried following the instructions here and suggestions from forums but haven't had any luck being able to install sumo. I run ./configure (trying various tool/library options) then run sudo make but all I get is target marouter failed or nothing to be done for 'install-exec-am' 'install-data-am'.
Does anyone know how to install sumo-0.30.0 from source and/or make the veins_inet subproject work with the latest version of sumo-0.32.0?
Don't run sudo make.
Don't run sudo make.
Your problem is probably related to a dependency/packaging change in 16.04, which is explicitly pointed out in the veins tutorial:
Note that Ubuntu 16.04 no longer includes libproj0; this can be worked around by temporarily adding the packet repository of, e.g., Ubuntu Vivid when installing this package.
Short answer: Unfortunately this means that long-term, you're going to either have to package SUMO yourself, use the versions someone else compiled (see this launchpad for example) or rely on an old version.
Long answer:
In general, I would recommend building SUMO from source by building its' dependencies from source, since I've encountered this problem on various distributions. In particular, the fox, proj and gdal libraries tend to be packaged in different versions, and along with changes in the SUMO source code. I currently use this script (with the package versions downloaded) to compile SUMO -- but this is for 0.30.0, and it breaks if any of the referenced source packages are moved (which happens quite often). My general recommendation would be to either use a completely isolated version of SUMO (i.e., compiling by hand as much as possible) or relying on a pre-packaged version (see above), as long as that version is recent enough to work with VEINS.