I have a logrotate conf:
/myapps/log.log {
missingok
notifempty
rotate 9
copy
}
then when I run /usr/sbin/logrotate -d -f logrotate.conf
it gives error:
renaming /myapps/log.log.2 to /myapps/log.log.3 (rotatecount 2, logstart 1, i 2)
renaming /myapps/log.log.1 to /myapps/log.log.2 (rotatecount 2, logstart 1, i 1)
renaming /myapps/log.log.0 to /myapps/log.log.1 (rotatecount 2, logstart 1, i 0)
copying /myapps/log.log to /myapps/log.log.1
Not truncating /myapps/log.log.3
error: error opening /myapps/log.log.3: No such file or directory
I don't have the log.log.3 yet, so it does not exist, but because of this, logrotate is not working at all, how can I fix it.
After running into this myself, I learned that the -d flag will run logrotate in debug mode, where it will not actually do anything except throw that error. Try running it not in debug mode, my guess is that it fixes your problem.
https://github.com/logrotate/logrotate/issues/165
Related
I tried to build the Android SDK Addon System Image of halogenOS 13 (AOSP 13, nothing was changed in the AOSP source code yet).
The steps to build are as usual:
source build/envsetup.sh
lunch aosp_sdk_phone_x86_64-eng
m sdk_addon
At 100%, the build fails with following error:
[100% 12483/12483] Packaging SDK Addon System-Image: out/host/linux-x86/sdk_addon/custom-eng.simao--
FAILED: out/host/linux-x86/sdk_addon/custom-eng.simao--img.zip
/bin/bash -c "(cp -R out/target/product/emulator_x86_64/data out/host/linux-x86/obj/SDK_ADDON/custom_intermediates/custom-eng.simao--img/images/x86_64/data ) && (out/host/linux-x86/bin/soong_zip -o out/host/linux-x86/sdk_addon/custom-eng.simao--img.zip -C out/host/linux-x86/obj/SDK_ADDON/custom_intermediates/custom-eng.simao--img/images/ -D out/host/linux-x86/obj/SDK_ADDON/custom_intermediates/custom-eng.simao--img/images/x86_64 )"
cp: bad 'out/target/product/emulator_x86_64/data': No such file or directory
13:17:13 ninja failed with: exit status 1
If I just mkdir out/target/product/emulator_x86_64/data, of course, that just solves the build error but the SDK addon does not actually boot in the emulator due to encryption issues with the userdata partition so I think this is related. This makes me guess that in the data directory there should be some files in there but for some reason the are not created.
EDIT:
What's really odd here is that the file device/generic/goldfish/vendor.mk explicitly adds some data files to PRODUCT_COPY_FILES, notably:
PRODUCT_COPY_FILES += \
device/generic/goldfish/data/etc/dtb.img:dtb.img \
device/generic/goldfish/emulator-info.txt:data/misc/emulator/version.txt \
device/generic/goldfish/data/etc/apns-conf.xml:data/misc/apns/apns-conf.xml \
device/generic/goldfish/radio/RadioConfig/radioconfig.xml:data/misc/emulator/config/radioconfig.xml \
device/generic/goldfish/data/etc/iccprofile_for_sim0.xml:data/misc/modem_simulator/iccprofile_for_sim0.xml \
If I manually build them using, for example, m out/target/product/emulator_x86_64/data/misc/emulator/version.txt, the file is created at the correct location, as expected. Which leads me to wonder when entries PRODUCT_COPY_FILES are considered targets to be built and when they aren't.
EDIT2:
I got the emulator to boot but the data directory is still not being created. (Creating manually or building one target in the data dir is a workaorund).
I am trying to create a TPM-based unlock script using tpm2-tools with instructions from Tevora Secure boot tpm2. I have set up the key, loaded it with cryptsetup luksAddKey secret.bin, then tested it using tpm2_unlock -c 0x81000000 --auth pci:sha1:0,2,3,7 and returns the value of secret.bin. For extra measures, to make sure it works, I loaded secret.bin into "/etc/crypttab", ran # update-initramfs -u -k all, and rebooted. Upon reboot, the system unlocked.
I copied over the following code into "/etc/initramfs-tools/hooks/tpm2"
#!/bin/sh -e
if [ "$1" = "prereqs" ]; then exit 0; fi
. /usr/share/initramfs-tools/hook-functions
copy_exec /usr/local/bin/tpm2_unseal
copy_exec /usr/local/lib/libtss2-tcti-device.so
I appended my etc/crypttab from cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks to cryptname UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx none luks,keyscript=/usr/local/bin/passphrase-from-tpm
I rewrote the following script because the tpm2-tools command was outdated, edited in the new command, and stored it in /usr/local/bin/passphrase-from-tpm:
#!/bin/sh
set -e
echo "Unlocking via TPM" >&2
export TPM2TOOLS_TCTI="device:/dev/tpm0"
/usr/local/bin/tpm2_unseal -c 0x81000000 --auth pcr:sha1:0,2,3,7
if [ $? -eq 0 ]; then
exit
fi
/lib/cryptsetup/askpass "Unlocking the disk fallback $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)\nEnter passphrase: "
I ran # update-initramfs -u -k all then rebooted. In reboot, I get the following error: /lib/cryptsetup/scripts/passphrase-from-tpm: line 5: /usr/local/bin/tpm2_unseal: not found
I have tried many times to edit passphrase-from-tpm unsuccessfully, including:
Moving both passphrase-from-tpm into "/boot/efi/EFI/BOOT/" and referencing crypttab to that file
Modifying passphrase-from-tpm to use a relative file path to tpm_unseal
Before I figured out how to create a backup linux boot using:
objcopy \
--add-section .osrel=/etc/os-release --change-section-vma .osrel=0x20000 \
--add-section .cmdline=cmdline.txt --change-section-vma .cmdline=0x30000 \
--add-section .linux="/boot/vmlinuz" --change-section-vma .linux=0x40000 \
--add-section .initrd="/boot/initrd.img" --change-section-vma .initrd=0x3000000 \
/usr/lib/systemd/boot/efi/linuxx64.efi.stub /boot/EFI/BOOT/BOOT_RECX64.EFI
I would be locked out of the system completely because of the error and had to reinstall Ubuntu about 40 times. I have suffered a lot and want to quit but I am too stubborn to throw in the flag.
just copy tpm2_unseal to /usr/local/bin/
I'm trying to make a working setup following basically those instructions, plus a few others I have found. While not working 100% yet, check that both /etc/initramfs-tools/hooks/tpm2 and /usr/local/bin/passphrase-from-tpm are marked executable (sudo chmod ug+x $filename).
After making the initramfs, you can run the following to ensure that the TPM related files are actually in the image. Replace the path in the filename by whatever update-initramfs said it was generating:
$ lsinitramfs /boot/initrd.img-5.0.0-37-generic | egrep "(tpm|libtss)"
lib/cryptsetup/scripts/passphrase-from-tpm
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/tpm_key_parser.ko
lib/modules/5.0.0-37-generic/kernel/crypto/asymmetric_keys/asym_tpm.ko
lib/udev/rules.d/tpm-udev.rules
usr/local/lib/libtss2-sys.so.0
usr/local/lib/libtss2-mu.so.0
usr/local/lib/libtss2-sys.so.0.0.0
usr/local/lib/libtss2-tcti-device.so
usr/local/lib/libtss2-tcti-device.so.0
usr/local/lib/libtss2-tcti-device.so.0.0.0
usr/local/lib/libtss2-mu.so.0.0.0
usr/local/bin/tpm2_unseal
Additionally, I have modified /usr/local/bin/passphrase-from-tpm to the following:
#!/bin/sh
TPM_DEVICE=/dev/tpm0
TPM_REGISTER=0x81000001
TPM_SEAL_POLICY=sha256:0,2,4,7
export TPM2TOOLS_TCTI="device:$TPM_DEVICE"
if [ "$CRYPTTAB_TRIED" -eq 0 ]; then
echo "Unlocking via TPM" >&2
/usr/local/bin/tpm2_unseal -H $TPM_REGISTER -L $TPM_SEAL_POLICY
UNSEAL_STATUS=$?
echo "Unseal status $UNSEAL_STATUS" >&2
if [ $UNSEAL_STATUS -eq 0 ]; then
exit
fi
else
echo "TPM unlocking previously failed for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME)" >&2
/lib/cryptsetup/askpass "Enter passphrase for $CRYPTTAB_SOURCE ($CRYPTTAB_NAME): "
fi
Note that the command line options to tpm2_unseal are for the 3.x versions of tpm2-tools. If you're using another version, you might need to update the options.
I pulled out various bits into variables at the top of the file. Modify TPM_REGISTER and TPM_SEAL_POLICY to match how you created the TPM object. set -e was removed since if any command failed, the whole script would exit, preventing the askpass fallback from ever running if tpm2_unseal failed.
Additionally, I noticed that if the script fails for some reason, systemd will attempt to run it again. If the secret in the TPM doesn't match the LUKS key, this will render the system unbootable, since the unseal succeeds, but unlocking fails, and systemd will run the script again.
Looking at the man page for crypttab, I discovered that one of the environment variables provided to the keyscript is CRYPTTAB_TRIED which is the number of tries it has attempted to unlock the volume. If CRYPTTAB_TRIED is 0, it'll attempt to use the TPM, as shown by this test (Running as non-root, so accessing the TPM device fails):
$ export CRYPTTAB_SOURCE=some_device
$ export CRYPTTAB_NAME=some_device_name
$ export CRYPTTAB_TRIED=0
$ ./passphrase-from-tpm
Unlocking via TPM
ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open device file /dev/tpm0: Permission denied
ERROR: tcti init allocation routine failed for library: "device" options: "/dev/tpm0"
ERROR: Could not load tcti, got: "device"
Unseal status 1
When it tries running the script again, CRYPTTAB_TRIED will be greater than 0, making it display the password prompt instead:
$ export CRYPTTAB_TRIED=1
$ ./passphrase-from-tpm
TPM unlocking previously failed for some_device (some_device_name)
Enter passphrase for some_device (some_device_name):
Hopefully this is still of use to you, and helpful to anyone else trying to get the house of cards that is disk encryption with a TPM on Linux working.
I checked the log file and I think this is the part that caused the problem:
Setting up database
[15:30:54] Configuring pg11 to point to existing data dir D:\John's Files\My Documents\Code\Databases\PostgreSQL\data\pg11
Setting PostgreSQL port
= 5432
Executing C:\Installed Software\Developer Software\PostgreSQLv11.1/pgc config pg11 --datadir "D:\John's Files\My Documents\Code\Databases\PostgreSQL\data\pg11"
Script exit code: 1
Script output: ################################################
# FATAL SQL Error in check_release
# SQL Message = near "s": syntax error
# SQL Statement = SELECT r.component FROM releases r, versions v
WHERE r.component = v.component
AND r.component LIKE '%D:\John's Files\My Documents\Code\Databases\PostgreSQL\data\pg11%' AND v.is_current = 1
################################################
Script stderr: Program ended with an error exit code
Error with configuration or permissions. Please see log file for more information.
Problem running post-install step. Installation may not complete correctly
Error with configuration or permissions. Please see log file for more information.
I think the problem is the apostrophe in "John's". Does anyone know if that's right? Is there a fix to this problem? I don't want to rename my directory because Postgresql can't handle apostrophes.
CentOS v.7
Logrotate v.3.8.6
I set logrotate to rotate when file reaches 5M but it ignores it, if I add daily it will rotate daily regardless of size, i tried with size, minsize and maxsize all the same the only difference is with "size" it doesnt even refer to it in the output, here is my config and output of logrotate -vdf /etc/logrotate.d/maillog
(the actual log file size when running the following tests was 45K)
(the conf file is the same for all tests only the size parameter changed)
/var/log/maillog {
size 5M
rotate 50
create 644 root root
dateext
dateformat -%Y-%m-%d_%H_%s
notifempty
postrotate systemctl restart rsyslog
systemctl restart postfix
endscript }
SIZE:
logrotate -vdf /etc/logrotate.d/maillog
reading config file /etc/logrotate.d/maillog
Allocating hash table for state file, size 15360 B
Handling 1 logs
rotating pattern: /var/log/maillog forced from command line (50 rotations)
empty log files are not rotated, old logs are removed
considering log /var/log/maillog
log needs rotating
rotating log /var/log/maillog, log->rotateCount is 50
Converted ' -%Y-%m-%d_%H_%s' -> '-%Y-%m-%d_%H_%s'
dateext suffix '-2017-12-19_13_1513689486'
glob pattern '-[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]_[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to unconfined_u:object_r:var_log_t:s0
renaming /var/log/maillog to /var/log/maillog-2017-12-19_13_1513689486
creating new /var/log/maillog mode = 0644 uid = 0 gid = 0
running postrotate script
running script with arg /var/log/maillog: "
systemctl restart rsyslog
systemctl restart postfix
"
No reason for "log needs rotating" is given.
MINSIZE:
logrotate -vdf /etc/logrotate.d/maillog
reading config file /etc/logrotate.d/maillog
Allocating hash table for state file, size 15360 B
Handling 1 logs
rotating pattern: /var/log/maillog forced from command line (50 rotations)
empty log files are not rotated, only log files >= 5242880 bytes are rotated, old logs are removed
considering log /var/log/maillog
log needs rotating
rotating log /var/log/maillog, log->rotateCount is 50
Converted ' -%Y-%m-%d_%H_%s' -> '-%Y-%m-%d_%H_%s'
dateext suffix '-2017-12-19_13_1513689869'
glob pattern '-[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]_[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to unconfined_u:object_r:var_log_t:s0
renaming /var/log/maillog to /var/log/maillog-2017-12-19_13_1513689869
creating new /var/log/maillog mode = 0644 uid = 0 gid = 0
running postrotate script
running script with arg /var/log/maillog: "
systemctl restart rsyslog
systemctl restart postfix
"
Here it shows, "only log files >= are rotated" but no reason for "log needs rotating" is given.
MAXSIZE:
reading config file /etc/logrotate.d/maillog
Allocating hash table for state file, size 15360 B
Handling 1 logs
rotating pattern: /var/log/maillog forced from command line (50 rotations)
empty log files are not rotated, log files >= 5242880 are rotated earlier, old logs are removed
considering log /var/log/maillog
log needs rotating
rotating log /var/log/maillog, log->rotateCount is 50
Converted ' -%Y-%m-%d_%H_%s' -> '-%Y-%m-%d_%H_%s'
dateext suffix '-2017-12-19_13_1513690859'
glob pattern '-[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]_[0-9][0-9]_[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to unconfined_u:object_r:var_log_t:s0
renaming /var/log/maillog to /var/log/maillog-2017-12-19_13_1513690859
creating new /var/log/maillog mode = 0644 uid = 0 gid = 0
running postrotate script
running script with arg /var/log/maillog: "
systemctl restart rsyslog
systemctl restart postfix
"
Here it shows, "log files => are rotated" but no reason for "log needs rotating" is given.
Why is it ignoring file size when rotating?
You're running logrotate with -f, in that scenario it's always going to force a rotation with a complete lack of regard for your other options:
https://manpages.debian.org/jessie/logrotate/logrotate.8.en.html
-f, --force
Tells logrotate to force the rotation, even if it doesn't think this is necessary.
It gives you no reason because you in fact were the reason-giver.
I'm trying to start up WildFly 8 with a custom start.bat file that calls standalone.bat and then also a custom property file. When I run my start.bat I get this error in the command line:
C:\PWServer8>propworks_start.bat
C:\PWServer8\bin>call standalone.bat -P=../propworks/conf/propworks.properties -b 10.10.100.122
Calling "C:\PWServer8\bin\standalone.conf.bat"
Files\Java\jdk1.7.0_40"" was unexpected at this time.
I've done a search for "was unexpected at this time" within all the files in my WildFly folder but nothing turned up so I couldn't pinpoint where the error is coming from. Here is my custom start.bat and afterwards is my property file. If anyone knows what's going on it would be a big help.
propworks_start.bat
C:
cd C:\PWServer8\bin
SET JAVA_HOME="C:\Program Files\Java\jdk1.7.0_40"
call standalone.bat -P=../propworks/conf/propworks.properties -b 10.10.100.122
propworks.properties
#PROPworks Configuration Properties
#Wed Jun 18 17:18:03 EDT 2014
propworks.bind.address=10.10.100.122
propworks.database.class=Oracle10g
propworks.database.connection.sql=select 1 From Dual
propworks.database.desc=support#mcosrvorcl001
propworks.database.dialect=com.airit.propworks.server.dialect.PWOracleDialect
propworks.database.driver=oracle
propworks.database.password=-5522f65bbe2cc1c6
propworks.database.schema=uc2014
propworks.database.url=jdbc\:oracle\:thin\:#10.10.201.10\:1521\:bsdev
propworks.database.user=uc2014
propworks.http.port=8080
propworks.indb.use=NONE
propworks.jdk.home=C\:\\Program Files\\Java\\jdk1.7.0_40
propworks.messaging.port=5445
propworks.remoting.port=4447
archiver.enabled=N
orafin.database.driver=oracle
orafin.database.password=
orafin.database.user=
org.quartz.dataSource.QUARTZ.jndiURL=java\:/propworksDS
org.quartz.dataSource.QUARTZ_NO_TX.jndiURL=java\:/quartzDS
org.quartz.jobStore.class=org.quartz.impl.jdbcjobstore.JobStoreCMT
org.quartz.jobStore.dataSource=QUARTZ
org.quartz.jobStore.driverDelegateClass=org.quartz.impl.jdbcjobstore.StdJDBCDelegate
org.quartz.jobStore.nonManagedTXDataSource=QUARTZ_NO_TX
org.quartz.jobStore.selectWithLockSQL=SELECT * FROM {0}LOCKS WHERE LOCK_NAME \= ? FOR UPDATE
org.quartz.jobStore.tablePrefix=QRTZ_
org.quartz.scheduler.instanceName=DefaultQuartzScheduler
org.quartz.scheduler.rmi.export=false
org.quartz.scheduler.rmi.proxy=false
org.quartz.scheduler.xaTransacted=false
org.quartz.threadPool.class=org.quartz.simpl.SimpleThreadPool
org.quartz.threadPool.threadCount=3
org.quartz.threadPool.threadPriority=9
psfin.database.driver=oracle
psfin.database.password=
psfin.database.user=
pwarchiver.database.driver=oracle
pwarchiver.database.password=
pwarchiver.database.user=
Two solutions:
1) move java to folder that does not have spaces in it.
2) double quote path when you set it
SET JAVA_HOME=""C:\Program Files\Java\jdk1.7.0_40""
add \ similar below :
SET JAVA_HOME=C:\Program Files\Java\jdk1.7.0_40\
this is caused by the space in front of C:\Program , so what u need to do is changing your JAVA file in c:program files \java to another file without spaces , and then in top of your file write :
SET JAVA_HOME=""NEW DIRECTORY WITHOUT SPACE\Java\jdk1.7.0_40""
this worked for me.