How to ensure webdrivermanager driver downloads always work? - webdrivermanager-java

When running code:
PhantomJsDriverManager.getInstance().forceCache().setup();
Or:
PhantomJsDriverManager.getInstance().setup();
I get a certificate exception when the driver is being downloaded:
java.lang.RuntimeException: javax.net.ssl.SSLPeerUnverifiedException: Host name 'bbuseruploads.s3.amazonaws.com' does not match the certificate subject provided by the peer (CN=*.s3.amazonaws.com, O=Amazon.com Inc., L=Seattle, ST=Washington, C=US)
at io.github.bonigarcia.wdm.BrowserManager.manage(BrowserManager.java:262)
at io.github.bonigarcia.wdm.BrowserManager.setup(BrowserManager.java:765)
at io.github.bonigarcia.wdm.BrowserManager.setup(BrowserManager.java:725)
This also happens for other drivers like OperaDriverManager and FirefoxDriverManager
I tested:
io.github.bonigarcia webdrivermanager 1.6.2
io.github.bonigarcia webdrivermanager 1.7.0
This certificate problem is probably out of control for the plugin.
My question is:
How can I ensure the downloads always work?
Can I add the browser driver downloads to my local Maven Nexus repository to avoid such problems causing my builds to fail?
Or do I need to setup a local webserver and adapt the webdrivermanager.properties file and adapt:
wdm.phantomjsDriverUrl=https://bitbucket.org/ariya/phantomjs/downloads/
wdm.phantomjsDriverTaobaoUrl=http://npm.taobao.org/mirrors/phantomjs

You can download manually the binary and store it in the place where WebDriverManager is going to look for it. In the case of PhantomJS, and supposing you want to use version 2.5.0, that place is:
~/.m2/repository/webdriver/phantomjs/<plaform>/2.5.0
For example, for Windows:
C:/Users/your-user/.m2/repository/webdriver/phantomjs/windows/2.5.0/phantomjs.exe
... or for Linux (Ubuntu Xenial):
/home/your-user/.m2/repository/webdriver/phantomjs/linux-ubuntu-xenial-x86_64/2.5.0/phantomjs
After that, you can force to use it using the method forceCache():
PhantomJsDriverManager.getInstance().forceCache().setup();

Related

A solution to rEFInd unable to load using shim when Secure Boot is enabled

Background
Ubuntu 21.10 can load on my computer through secure boot, and the shim version is 15.4. Then refer to the official tutorial, I installed rEFInd v0.13.2 (the latest version when I posted this blog) via PPA in Ubuntu 21.10. However, when I restart the system and load rEFInd, it always fails with the message Verification failed:(0x1A)Security Violation. I'm sure that both refind_local.cer and refind.cer under the EFI/refind/keys/ have been enrolled through MokManager (Although only refind_local.cer is needed through PPA installation).
Cause
From this post, I got that rEFInd currently (v0.13.2) lacks the .sbat section. For shim 15.3 and later versions, SBAT is mandatory, resulting in failure to start rEFInd.
The post also indicates that the author of rEFInd is currently studying how to solve the related problems. I hope the later versions can fix this issue.
Solution
To conclude, you need to use shim 15 to solve this problem. For this purpose, you can perform the following steps (applicable to amd64. Steps are also similar if you are on other architectures):
Obtain MokManager and the shim efi file signed by Microsoft from Ubuntu launchpad. To achieve this, download shim_15+1552672080.a4a1fbe-0ubuntu2_amd64.deb and shim-signed_1.45+15+1552672080-064ubuntub_bed64.deb.
Unpack the downloaded shim_15+1552672080.a4a1fbe-0ubuntu2_amd64.deb and take out the mmx64.efi file. (data.tar.xz-> . -> usr/lib/shim/mmx64.efi)
Unpack the download shim-signed_1.45+15+1552672080.a4a1fbe-0ubuntu2_amd64.deb, take out the shimx64.efi.dualsigned file. (data.tar.xz-> . -> usr/lib/shim/shimx64.efi.dualsigned) Rename it to shimx64.efi.
Go to download refind-bin-0.13.2.zip. Then create a new folder, and put the two files taken out together with the downloaded zip file into the new folder.
Open terminal in the fore-mentioned folder, then execute the following commands:
unzip refind-bin-0.13.2.zip
cd refind-bin-0.13.2
sudo ./refind-install --shim ../shimx64.efi
If you encounter any confirmation during the installation process, just enter y to confirm.
After restarting, if it prompts Verification failed, refer to step 9 of the official tutorial. Select Enroll key from disk, and then select the ESP disk where you installed rEFInd. Finally, choose the file of path EFI/refind/keys/refind.cer to import.
If you use a non-Ubuntu Linux system on your computer, you can continue to import the cer files corresponding to your distributions in EFI/refind/keys as above. Failure to do so may cause your Linux distribution to be unable to boot via rEFInd.

bazelisk proxyconnect tcp: net/http: TLS handshake timeout

To build TensorFlow from source I installed bazelisk as recommended. Then when I call ./configure which calls bazelisk I get the following error:
Downloading https://releases.bazel.build/0.29.1/release/bazel-0.29.1-lin
ux-x86_64...
2021/04/07 13:24:54 could not download Bazel: HTTP GET https://releases.bazel.build/0.29.1/r
elease/bazel-0.29.1-linux-x86_64 failed: Get "https://releases.bazel.build/0.29.1/release/ba
zel-0.29.1-linux-x86_64": proxyconnect tcp: net/http: TLS handshake timeout
Bazel is banned in the place I live and I set proxy to Tor to download it (via https://127.0.0.1:8118 through privoxy), but somehow it fails to download it. What's the solution?
As said in the docs bazelisk is just a wrapper that makes sure the version of bazel you are using to build is the best it can be.
Bazelisk does not yet have an offline mode, and appears to always execute an http request or two on invocation.
This model doesn’t appear to work well with your internet settings, so it sounds like you might be better off manually downloading the appropriate release of bazel (check for a .bazelversion file in the project) using their instructions for your platform for the direct binary installation, or if you can use the apt repositories, those appear to be more recommended.
With a direct installation of bazel, you may have to do a couple more things manually, but it won’t be doing those http requests to figure out the right version.
After that, you may find that other dependencies of tensorflow are blocked, and you may have to get bazel itself to use your proxy. Following the instructions for an air gapped environment might be useful for building regularly, but you’ll still need to do the first build. This SO answer appears to be a place to start for your proxy.
As a solution, one can force bazelisk to download bazel from github. To do so you can set the following environment variable before running ./configure
export BAZELISK_BASE_URL="https://github.com/bazelbuild/bazel/releases/download"

Why does pip3 want to create a kdewallet after installing/updating packages on Ubuntu 20.04?

I recently updated my system from Ubuntu 18.04 to 20.04. Afterwards I tried to update all of my pip3 packages using the shell command mentioned here (I changed "pip" to "pip3").
After it updated a couple of packages, this prompt came up:
KDE Wallet Service
Since I never saw it while updating/installing a package, I cancelled it which resulted in an instant reopening of the same prompt and the terminal showed following warning:
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
I pressed CTRL+C after the same happend with the next package it tried to install. Ever since when I try to install a package the same happens.
Example:
pip3 install numpy
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
Collecting numpy
WARNING: Keyring is skipped due to an exception: Failed to unlock the keyring!
Using cached numpy-1.19.2-cp38-cp38-manylinux2010_x86_64.whl (14.5 MB)
Installing collected packages: numpy
WARNING: The scripts f2py, f2py3 and f2py3.8 are installed in '/home/gesuchter/.local/bin' which is not on PATH.
Consider adding this directory to PATH or, if you prefer to suppress this warning, use --no-warn-script-location.
Successfully installed numpy-1.19.2
I already tried to fix my issue with reinstalling python3-pip.
Here are hopefully some helpful information:
pip3 --version
pip 20.0.2 from /usr/lib/python3/dist-packages/pip (python 3.8)
ls ~/.local/share/keyrings
default login.keyring user.keystore
find ~/.config/kwalletrc
find: ‘/home/gesuchter/.config/kwalletrc’: No such file or directory
This solved it for me:
python3 -m keyring --disable
Running it adds:
[backend]
default-keyring=keyring.backends.null.Keyring
to the file ~/.config/python_keyring/keyringrc.cfg.
Presumably PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring mentioned at https://stackoverflow.com/a/68504137/895245 offers an environment variable way to achieve the same result.
Without this, it would show the annoying KDE keyring popup every time I try to install a package:
Google, index this:
The KDE Wallet System
The application '/usr/lib/python3/dist-packages/pip/__main__.py' has requested to create a new wallet named 'kdewallet'. This is used to store sensitive data in a secure fashion. Please choose the new wallet's type below or click cancel to deny the application's request.
Classic, blowfish encrypted file
Use GPG encryption, for better protection
Related: https://askubuntu.com/questions/1205161/annoying-kde-wallet-service-popup-the-application-kded5-has-requested-to-open
Tested on Ubuntu 21.04, Python 3.9.5, pip3 20.3.4, keyring==22.2.0.
This issue was reported upstream, see https://github.com/pypa/pip/issues/8090 and the other issues linked from that thread.
tl;dr: new versions of pip too eagerly search keyrings for credentials that might be required to access some package downloads. If it ends up querying a keyring (such as kdewallet) which doesn't exist yet, the prompt you noticed shows up. It's not yet clear how exactly and in which release this will be fully fixed.
EDIT: Please note that stackoverflow is not the right place for bug reports: pip maintainers are unlikely to see this, and as far as I can tell it's also not really in scope for stackoverflow. It could be a question for another stackexchange community (superuser maybe?). But since you were already sure that this was a problem with pip, the best place for a report would have been any of the communication channels indicated in the README on https://github.com/pypa/pip
You can add this to your startup file
export PYTHON_KEYRING_BACKEND=keyring.backends.null.Keyring
Credit to jrd's comment on a python bug

Puppet 6.1.0: node.rb missing from installed files?

For testing, I have installed two instances of Ubuntu server 18.04 on VirtualBox. I then installed one with Puppet-server 6.1.0 and one with Puppet-agent 6.1.0, as per the documentation at Puppetlabs for version 6.1. Foreman is not installed.
After registering my agent at the puppetserver and signing the certificate, starting a puppet-run (sudo /opt/puppetlabs/bin/puppet agent --test) fails with the following error:
Error: Could not retrieve catalog from remote server: Error 500 on SERVER: Server Error: Failed when searching for node puppetagent.fritz.box: Exception while executing '/etc/puppetlabs/puppet/node.rb': Cannot run program "/etc/puppetlabs/puppet/node.rb" (in directory "."): error=2, No such file or directory
I was dumbstruck to find that the script /etc/puppetlabs/puppet/node.rb was indeed missing and was also not included in the packages of puppetserver, puppet-agent or facter (sudo dpkg-query -L ...).
Googling for it, I only found a script of the same name that belonged to Foreman.
The file does also not seem to be present in the puppetserver source-code at github.
Is anyone able to shed some light on this?
Your server configuration seems to be set up to specify use of an external node classifier. This is optional: Puppet does not require an ENC and does not provide one by default. That's part of what makes them "external". If you obtained the result you describe straight out of the box then it probably reflects a packaging flaw that you should report.
In the meantime, you should be able to update the configuration to disable use of an ENC by changing the value of the node_terminus setting to plain. Alternatively, you should be able to just delete both node_terminus and external_nodes from your configuration, because the default for the former is plain.
Tagging on to John's answer, your configuration is probably configured to talk to the Foreman. If you didn't write it yourself or copy it from somewhere and you're sure you don't have any Foreman packages installed, then it's definitely a packaging error that you should report.
That said, puppet repos are almost always the right answer rather than distro packages.

centOS7 netinstall with kickstart fails to get installation source

I'm trying to install CentOS7 using a kickstart file with a VM. I am using a netinstall version of the ISO.
When I try to put the URL in the kickstart file, it will take a long time to check the installation source, and then fail.
I have checked the ISO, installing successfully without kickstart and using this address for the source:
url --url="http://sunsite.rediris.es/mirror/CentOS/7/os/x86_64/"
However, when using kickstart file, I install and then fail with below error message -
Error setting up base repository
Even if I manually type it in after it errors out.
Does anyone have any ideas? I have reduced my kickstart file to just that one line and it still shows the same behaviour. I don't have this problem with kickstart using the minimal or full install ISO's.
I'm just learning Linux so I didn't realize you could switch into another screen and monitor the install/run commands simultaneously.
After doing so I realised it wouldn't resolve names.
My DNS is dead/isn't responding. Used kickstart to manually assign another DNS server to the interface. This allowed the install to resolve the url. This would explain why the install worked with the netinstall iso on its own, as it was using default settings.
Hope this helps someone.

Resources