I just updated to opam 2, on a very old MacBook which I cannot update (running OS X 10.6.8), and which is missing some important packages related to certificate validation (and due to missing tools, I cannot even update Homebrew, because it requires certification... kind of a circular problem).
I would like to update opam without checking certificates, since otherwise I get the following error:
<><> Updating package repositories ><><><><><><><><><><><><><><><><><><><><> 🐫
[ERROR] Could not update repository "default":
OpamDownload.Download_fail(_, "Download command failed:
\"/usr/local/bin/wget --content-disposition -t 3 -O
/private/tmp/opam-17621-5a61c5/index.tar.gz.part
https://opam.ocaml.org/1.2.2/index.tar.gz -U opam/2.0.0\"
exited with code 5
\"ERROR: cannot verify opam.ocaml.org's certificate, issued by
'CN=Let\\'s Encrypt Authority X3,O=Let\\'s Encrypt,C=US':\"")
I was just able to upgrade from 1.2.2 to opam 2.0.0, but now I cannot do opam update. And without it, there's not much I can do.
Is there a way to pass option --no-check-certificate to the wget command used by opam without having to recompile it myself?
Fix your wget instead. Looks like it's missing a recent CA bundle.
First, check where it looks for the bundle -
$ strace wget -O /dev/null https://github.com 2>&1 | grep cert
read(3, "eting an end user certificate as"..., 4096) = 2806
read(5, "eting an end user certificate as"..., 4096) = 2806
openat(AT_FDCWD, "/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file or directory)
Then copy Mozilla's .pem bundle to match the expected .pem path.
If you're on a system that lacks strace or there's simply no mention of a CA bundle location in the output, then try creating a .wgetrc, and add
ca_certificate = /path/to/your/ca-bundle.pem
Save as $HOME/.wgetrc.
wget should then be able to validate the Let's Encrypt cert.
More on .wgetrc at http://gnu.org/software/wget/manual/html_node/Wgetrc-Commands.html
Related
I am trying to start using TPM on Linux, on my Raspberry Pi to be accurate, and the easiest would be to use swtpm to get used to commands and system, before using a TPM chip. I've tried the way presented on https://github.com/stefanberger/swtpm/wiki#compile-on-ubuntu-2104, but I got the error "Unable to locate libtpms-dev".
Then I looked for a way to install libtpms, and found this one solution. But after getting those both, I still couldn't run this command :
sudo swtpm socket --tpmstate dir=/home/ludovic.peyter/swtpm --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --flags not-need-init,startup-clear
All I get is the following error :
swtpm: SWTPM_NVRAM_Lock_Dir: Could not open lockfile: No such file or directory
and
swtpm: Error: Could not initialize libtpms.
And here am I stuck, finding nothing to help me with this problem, or even an other way to avoid it.
Thanks for reading.
I have a complete solution, built with many different solutions and my own tests.
sudo apt -y install dpkg-dev debhelper libssl-dev libtool net-tools libfuse-dev libglib2.0-dev libgmp-dev expect libtasn1-dev socat python3-twisted gnutls-dev gnutls-bin libjson-glib-dev gawk git python3-setuptools softhsm2 libseccomp-dev automake autoconf libtool gcc build-essential libssl-dev dh-exec pkg-config dh-autoreconf libtool-bin tpm2-tools libtss0 libtss2-dev
Then make a new directory for more comfort, and step into it.
Clone git repository for libtpms :
git clone https://github.com/stefanberger/libtpms.git
Move to the generated libtpms directory and run these commands :
./autogen.sh -–with-openssl
make dist
dpkg-buildpackage -us -uc -j4
Then, as asked at the end of the last running command, run :
libtool --finish /usr/lib/aarch64-linux-gnu/
The directory could be different, so pay attention to the warning at the end of dpkg command.
And to finish the installation of libtpms :
sudo apt install ../libtpms*.deb
Now get back to the previous directory and clone swtpm git repository :
git clone https://github.com/stefanberger/swtpm.git
Now run this command :
dpkg-buildpackage -us -uc -j4
And the command asked by the previous running command :
libtool --finish /usr/lib/aarch64-linux-gnu/swtpm
The directory could be different, so pay attention to the warning at the end of dpkg command.
Now finish the installation with this :
sudo apt install ../swtpm*.deb
Everithing you need is installed. Now you need to modify the file ~/.profile or ~/.bash_profile to add this line :
export TPM2TOOLS_TCTI="swtpm:port=2321"
And now, everytime you need your swtpm, open two terminals, and in one of them run :
swtpm socket --tpmstate dir=<swtpm_path> --tpm2 --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --flags not-need-init,startup-clear
In the other terminal, as long as the above command runs, you can run all your TPM commands.
Have you checked that the tpmstate directory exists? A mkdir /home/ludovic.peyter/swtpm2 could fix it for you.
When running ./bootstrap in a freshly-cloned repository (https://github.com/coreutils/coreutils), it seems to either
not find some files it wants to or doesn't trust https://translationproject.org.
./bootstrap: Bootstrapping from checked-out coreutils sources...
./bootstrap: consider installing git-merge-changelog from gnulib
./bootstrap: getting gnulib files...
Submodule 'gnulib' (git://git.sv.gnu.org/gnulib.git) registered for path 'gnulib'
Cloning into '/home/vagrant/coreutils/gnulib'...
Submodule path 'gnulib': checked out '0ac98783691bbf8212537ebe18ddb68feb22a760'
./bootstrap: getting translations into po/.reference for coreutils...
ERROR: The certificate of 'translationproject.org' is not trusted.
ERROR: The certificate of 'translationproject.org' has expired.
So what I am going to do to make the certificate be trusted by my system and make it compilatioin successfully?
First, to get the certificate:
wget --mirror --level=1 -nd -v -A.po -P 'po/.reference' https://translationproject.org/latest/coreutils/
and then make the certificate trusted:
a) ask openssl to trust:
openssl s_client -connect translationproject.org:443 -CApath /etc/ssl/certs -showcerts </dev/null 2>/dev/null
b) ask cert tool to trust
certtool --verbose --verify --infile=/tmp/translationproject.org.certs
Finally, you can use ./bootstrap sucessfully.
I'm new to yocto, my goal is to add a printer driver to the yocto image of imx6 so that we can access the priter from the board. i was trying a build, following the instructions at IMXLXYOCTOUG.PDF.
$ DISTRO=fsl-imx-xwayland MACHINE=imx6qsabresd source fsl-setup-release.sh -b build_dir
$ source setup-environment build_dir
$ bitbake fsl-image-qt5-validation-imx
the basic build was successful, i brought up the board with gui, things were fine.
i wanted to add printer support to the image, so ive added meta-printing (https://github.com/rossburton/meta-printing) layer. i've updated bblayer.conf
BBFILES ?= ""
BBLAYERS = " \
${BSPDIR}/sources/poky/meta \
${BSPDIR}/sources/poky/meta-poky \
\
${BSPDIR}/sources/meta-openembedded/meta-oe \
${BSPDIR}/sources/meta-openembedded/meta-multimedia \
\
${BSPDIR}/sources/meta-freescale \
${BSPDIR}/sources/meta-freescale-3rdparty \
${BSPDIR}/sources/meta-freescale-distro \
**${BSPDIR}/sources/meta-printing \**
as per the instruction in README from github.
Later after booting i was not able to access lp command to print some sample file with the printer. so i added
IMAGE_INSTALL_append = " cups"
in local.conf file which is giving me this error below..
| checking for posix_spawn... yes
| checking for tm_gmtoff member in tm structure... yes
| checking for st_gen member in stat structure... no
| checking for removefile... no
| configure: error: Need pkg-config to enable libusb support.
| NOTE: The following config.log files may provide further information.
| NOTE: /home/jifri/on_board/yocto/imx-yocto-bsp/build_dir/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/cups/2.1.4-r0/cups-2.1.4/config.log
| ERROR: configure failed
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_configure (log file is located at /home/jifri/on_board/yocto/imx-yocto-bsp/build_dir/tmp/work/cortexa9hf-neon-poky-linux-gnueabi/cups/2.1.4-r0/temp/log.do_configure.8342)
ERROR: Task (/home/jifri/on_board/yocto/imx-yocto-bsp/sources/meta-printing/recipes-printing/cups/cups_2.1.4.bb:do_configure) failed with exit code '1'
NOTE: Tasks Summary: Attempted 5414 tasks of which 5399 didn't need to be rerun and 2 failed.
Summary: 2 tasks failed:
/home/jifri/on_board/yocto/imx-yocto-bsp/sources/meta-epson/recipes-epson/bbepson/bbepson_0.1.bb:do_compile
/home/jifri/on_board/yocto/imx-yocto-bsp/sources/meta-printing/recipes-printing/cups/cups_2.1.4.bb:do_configure
Summary: There were 4 ERROR messages shown, returning a non-zero exit code.
i have the pkg-config installed on my host PC
$ pkg-config --version
0.29.1
$ sudo apt-get install libusb-0.1-4
Reading package lists... Done
Building dependency tree
Reading state information... Done
libusb-0.1-4 is already the newest version (2:0.1.12-28).
The following packages were automatically installed and are no longer required:
snap-confine snapd-login-service
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 45 not upgraded.
$ sudo apt-get install libusb-1.0-0-dev
[sudo] password for eldaas:
Reading package lists... Done
Building dependency tree
Reading state information... Done
libusb-1.0-0-dev is already the newest version (2:1.0.20-1).
The following packages were automatically installed and are no longer required:
snap-confine snapd-login-service
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 45 not upgraded.
Any idea why
configure: error: Need pkg-config to enable libusb support.
is happening.
or
is it the right way / is there any better methord to get the lp command running on imx6 through yocto. so that i can access the printer..
any input is apretiated..
Thank you.
I've solved the same. actually I've added meta-printing layer to get the access to cups. but cups were already existing along with the meta layer in poky (imx-yocto-bsp/sources/poky/meta/recipes-extended/cups). so I removed meta-printing layer & then updated build/conf/local.conf with
IMAGE_INSTALL_append = " cups"
This worked for me and after booting I was able to use lp, lpadmin etc.. commands on my imx6 board.
In https://source.android.com/devices/architecture/vndk/deftool, it mentions that Google provides a tag file to classify the framework shared libraries, including LL-NDK, SP-NDK, VNDK, VNDK-SP and etc. However, after searching on this website and googling it, I'm not able to find the tag file. Where does Google provide it?
Thanks
Jincan
I found how to get such files.
You must get the file of vendor.img and system.img, for that is a file for deploying at "vendor partition" and "system partition" at a device.
Step 1
Please visit to Driver Binaries for Nexus and Pixel Devices.
There are images for two devices.
taimen (Pixel 2 XL)
walleye (Pixel 2)
Step 2: Method for file expand
Please read README.md.
There is undermentioned code
$ simg2img system.img system.raw.img
$ simg2img vendor.img vendor.raw.img
$ mkdir system
$ mkdir vendor
$ sudo mount -o loop,ro system.raw.img system
$ sudo mount -o loop,ro vendor.raw.img vendor
$ sudo python3 vndk_definition_tool.py vndk \
--system system \
--vendor vendor \
--aosp-system /path/to/aosp/generic/system \
--tag-file eligible-list-v3.0.csv
For detail, Please see that "README.md".
Thank you
git clone https://android.googlesource.com/platform/development
~/tools/development/vndk/tools/definition-tool/datasets[master]$ ls
eligible-list-o-mr1-release.csv eligible-list-o-release.csv minimum_dlopen_deps.txt minimum_tag_file.csv
Instaling PGPLOT the install gets stopped for ever here:
$ cpanm PGPLOT
--> Working on PGPLOT
Fetching http://www.cpan.org/authors/id/K/KG/KGB/PGPLOT-2.21.tar.gz ... OK
Configuring PGPLOT-2.21 ... OK
Building and testing PGPLOT-2.21 ...
Looking at the Build.log seems that it is waiting for a prompt answer
$ tail ~/.cpanm/build.log
-L/usr/lib -L/usr/local/lib -lcpgplot -lpgplot -lX11 -lpng -L/usr/lib/gcc/x86_64-linux-gnu/4.6 -L/usr/lib -lgfortran -lm \
chmod 755 blib/arch/auto/PGPLOT/PGPLOT.so
cp PGPLOT.bs blib/arch/auto/PGPLOT/PGPLOT.bs
chmod 644 blib/arch/auto/PGPLOT/PGPLOT.bs
Manifying blib/man3/PGPLOT.3
make: warning: Clock skew detected. Your build may be incomplete.
make: Warning: File `Makefile' has modification time 3e+02 s in the future
PERL_DL_NONLAZY=1 /home/pmg/perl5/perlbrew/perls/perl-5.16.0/bin/perl "-Iblib/lib" "-Iblib/arch" test.pl
Default Device for plot tests [recommend /XSERVE] ?
How can I avoid this question either forcing defaults or given the option through env. vars?
[UPDATE] FIX
From the Russell answer I exported the variable for device
export PGPLOT_DEV=/XSERVE; cpanm PGPLOT
And connected with x11vnc to the server (to the main display) for closing all windows the pgplot test was displaying.
[NOTE] don't try to install pgplot perl lib under screen even with ssh -X, chances are that you are not in the same computer you starter your original screen and the X redirection will not work. You can circumvent that limitation with a vnc connection to main display or you will not being able to finish the installation. xrdp and other vnc that open a new session will not work. You need to share the main display.
From reading test.pl in the distribution, it checks the PGPLOT_DEV environment variable. It looks like the valid values are /XSERVE for Unix/Linux and /PNG for Windows.