Autoupdating AIR apps on Linux without prompting for sudo password - linux

Maybe that's more of a Linux question than an Adobe Air one, but there you go: I have an AIR 2 app that does auto-update in the background, with no need for user interaction. It uses Air's own ApplicationUpdater framework (the one that doesn't require a UI) - all goes well until the package gets downloaded and needs to be installed - at that point, the Air Installer prompts for SUDO password and won't proceed without some user interaction.
Is there any way to circumvent/avoid that?

I solved this by adding a rule to the sudoers file (/etc/sudoers)
<username> ALL=(root) NOPASSWD: /tmp/air.*/setup
This rule can enable the update to all users
ALL ALL=(root) NOPASSWD: /tmp/air.*/setup
Note that it could lead to some security issues but I think if you are going to use this as a Linux Kiosk it's going to work.

You could do that by rolling your own updating mechanism. Is not really that difficult, if you plan it correctly you don't even need to close the app.
We did so for an internal project, where we use git. Since I guess you can't rely on Git being available on the user's machine, you could check out the server, download a zip file, uncompress it and replace the contents of your app.
AIR doesn't sign or checksum the files it installs, you can safely replace them and re-load the app without problems.
HTH,
J

Related

Chrome OS: how to enable direct SFTP access in the Files app / Pixelbook Review

An article on Chrome OS that I read here:
https://medium.com/#JamesCridland/review-five-months-with-a-chromebook-for-web-development-writing-and-more-8adf36b4a061
says:
"Update: Above, I mention that I use SSH and vi to do my programming work. And I did. Except I don’t any more. It turns out that one of the newer updates added direct SFTP access into the Files app (the equivalent of Explorer or Finder), so that my development box appears simply as another drive on my Chromebook. And Caret is an excellent programmer’s editor. So now I have a proper programmer’s editor (as well as the SSH terminal I need to put those changes live)."
Ok. But, when I go into Chrome OS's files app, the apparent way 'mount' my equiv of his
'development box' is via 'add new services', which is launching a webstore-app named 'SFTP' (whose icon is a blue folder outline with "SFTP" on it). i,e.:
https://chrome.google.com/webstore/detail/sftp-file-system/gbheifiifcfekkamhepkeogobihicgmn?hl=en
(My equiv of his 'development box' I'm assuming to be my web-server at bluehost.com, where I currently use Firefox's FireFTP extension, on Win-10.)
I can't get this 3-stars webstore 'SFTP' app (authored by someone from Japan) to authenticate me into my bluehost acc't. So, now I'm wondering whether
this 'SFTP' app is even the right thing to have installed, due to all the one- and two-star showstopper reviews. One typical review by a guy named Tim says:
"It's a nice try, but I really wish someone who knows what they're doing would make this service. It looks like it works but if you drill down more than a few folders deep on the remote filesystem, operations slow to a crawl."
Similarly, the two clients ('sFTP client' and 'sFTP client Lite) also have such low ratings, that my gut says that Google has failed to deliver a robust web-developer infrastructure.
Come on Google...you need to implement this stuff under your own logo.
Am I missing something???
Probably should advertise this functionality better :), but the Secure Shell App supports mounting via SFTP so it will appear in the Files app.
Steps to use:
Install Secure Shell Chrome extension.
Launch the extension (look for it in the bar to the right of the omnibox/browser URL bar -- it'll have a black terminal icon).
Enter the connection details to create a new profile.
Give it a description like "user#foo.com".
Instead of clicking "Connect" in the bottom right, click "Mount".
Authenticate with the server (keys/pass/whatever).
Once it finishes, it'll now be visible in the Files app.
If you suspend/resume the system or otherwise logout/reboot, you'll need to relaunch Secure Shell, select the saved profile, and then click "Mount" again. We probably should make this a bit smoother, but that's how it works currently.
No, not an answer yet...just more wishlist stuff:
Ok, more recent info about the Firefox browser's "FireFTP" addon:
It no longer works on the (new) std Firefox browser, as of a couple of
weeks ago when version 57.0 was released. (No biggie tho...a goggle revealed
a new-to-me browser called 'Waterfox' and it nicely supports FireFTP and the
other addons that Firefox dropped support for.)
So a bit more research yielded only yet more 'mumble-mode' confusion: it revealed that FireFTP is open source...located here:
https://github.com/mimecuvalo/fireftp
(So I submitted a new 'issue' there and asked about porting it to Chrome.)
I'm desperate, and recently test-drove Google's new Pixelbook.
(Sigh...nothing inspirational came of that...I give it one-thumb-down rating.
Here's my notes from that experience:
------------ Review notes of Pixelbook: ----------------------
Google didn’t think to include a USB-C to USB-A adapter. (A $2 item. e.g.)
https://www.amazon.com/Remax-USB3-1-Female-Adapter-Silver/dp/B01MCSRSKN/
That was my 'showstopper'...like a few other reviewers said...it's not well
thought out / matured. To me it feels more like a gimmick, than a product.
At a minimum, it rates my newest hashtag: #NRFPT (not ready for prime time).
I found no obvious way to disable the touchpad, when using a mouse.
In fact, no other reviewers expressed interest in using a mouse. (???)
Lastly, my favorite kind of Android apps are 'widgets', and I see no signs
that it has occurred to Google to allow Chrome-OS's desktop/background to
host any widgets.
Ok, I'm still in mumble-mode...and still in search of a FTP/SFTP GUI client for
the Chrome browser / Chrome-OS that is the quality of FireFTP.
Enable Linux(beta) on your chromebook. Then you can do whatever you want like on others linux machine.
A simple sftp connection command
sftp [user#]host
Enable linux and mount with sshfs
sudo apt install sshfs
then
sshfs -o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3 user#xxx.xxx.xxx.xxx:/remotedir localdir
or with key auth
sshfs -o reconnect,ServerAliveInterval=15,ServerAliveCountMax=3,IdentityFile=~/.ssh/id_rsa user#xxx.xxx.xxx.xxx:/remotedir localdir
These will reconnect after resuming from sleep

I cannot log in to the system FreeBSD

When I write reboot, computer says;
login:
password:
and I wrote these. Then the Welcome message comes to me. Login screen does not open. Like this:
Welcome to freeBSD!
Release notes, Errate htps://ww......
Security etc....
Documents installed with the system are in the
/usr/local/share/doc/freebsd/directory, or can be installed later
with: pkg install en-freebsd-doc. For other languages, replace ''en''
with a language code like de or fr.
Edit /etc/motd to change this login announcement.
I don't know if I understand correctly, but... do you mean that only console is available and there's nothing with UI on screen?
If so, you have to install/launch desktop environment first:
https://www.freebsd.org/doc/handbook/x11-wm.html
Based on your description, and contrary to the title of your question, you have successfully logged-in.
Login screen does not open.
In all likelihood, you are referring to Graphical User Interface (GUI) not appearing... Well, why would it? FreeBSD does not have GUI as part of the OS itself -- you'd have to install that separately...
When you installed FreeBSD you were asked for a root password and for adding more users, check the post-installation guide, therefore you need to use either the user you added or the root password.
In case you are using a custom image something like fabrik.red the username and password may differ.
In case you need to reset the root password check this video: https://www.youtube.com/watch?v=Xzk_U9E9jQU

Rights elevation with UAC

I've just developed a .NET program which has the ability to patch itself.
I've noticed that the patching process only runs if I choose "run as administrator".
It seems I need to "create and embedd an Application Manifest", according this this:
https://msdn.microsoft.com/en-us/library/bb756929.aspx
So my question:
Is it normal for applications like mine (which can patch themselves) to require Admin rights, and is this the route I should be going?
Thanks
If your application does not normally require elevation then I don't recommend that you request it in your manifest because it will be very annoying for your users. Firefox uses a NT service to get around the UAC dialog but I can't really recommend that either unless your updates are very frequent.
I would suggest that you write a little updater application that does the patching. It can request elevation in its manifest and this way the user only has to elevate when there is something to patch. If you don't want another .exe in your bundle, you can execute yourself again with the runas verb when you need to patch.
Edited the NSIS script to include this line:
AccessControl::GrantOnFile \"$INSTDIR" "(S-1-5-32-545)" "FullAccess"
This gave the User account full access to the application folder within Program Files, meaning my patcher could write to it without any problems.

How to repair a Trac installation

On our Trac system, two things suddenly stopped working. The first thing is the update of the "Browse Source". The second thing is the auto-fixing feature. The only solution for the first issue is to manually run the post-commit hook of the SVN repository. But than we still have the problem, that Trac doesn't close ticket anymore depending on the SVN commit message. That was working before without any issues. Ah and a third thing is that PNG images are no longer shown in the HTML preview. The user has to download the file to see it.
Is there any known bug or issue for our described problem. Or how can I update the Trac system without loosing all the information within the Trac projects (I have set up a multi project Trac system).
If all else fails, reboot the server :)
Can you give us some more info about your server and Trac setup? For example, OS and version, Trac version, plugins used, etc.
It's odd for things to suddenly quit working. If you are running a Linux system, it's possible that your server installed some updates that your system isn't fully compatible with (for example, upgrading Trac can cause some plugins to quit working properly). Check your server's logs to see if anything was updated or reconfigured around the time Trac quit working.
Also, try setting Trac's log priority to 'DEBUG' and see if the Trac logfile contains any useful error details.
The solution was the following: file permissions!
To solve the issue we used the sudo in the post-commit hooks of SVN like the following:
sudo /usr/local/bin/trac-admin /var/trac/reponame/ changeset added "reponame" $REV
And we had to allow the SVN user to run the trac-admin command using visudo:
www-data,svn ALL=(ALL) NOPASSWD: /usr/local/bin/trac-admin

Setting up a local SVN repository with encrypted passwords with TortoiseSVN

I am planning on using a local repository, using only TortoiseSVN's "create repository here" feature.
The repo is created and I can read and write to it just fine. The problem is that I can't get authentication to work. I thought I wanted Windows authentication, but I actually want the simple text-file based authentication so I can force the current system user (i.e. any person can be using the same Windows account and I want to differentiate between them) to provide their name and password. I haven't found any information on how to do this without svnserve running.
So far, I have modified svnserve.conf like this:
anon-access = read
auth-access = write
password-db = passwd
realm = LocalOnly
I didn't mess with the [sasl] section.
I also modified passwd:
[users]
harry = teH0wLIpW0gyQ
I am trying to use encrypted passwords created with a simple perl script. However, regardless of what I do with the repo (i.e. including writing to the repo), I am never prompted for a password.
I tried clearing TortoiseSVN's authentication cache since I do connect to a remote repo, but this didn't matter at all.
Has anyone tried this and succeeded? Or is it not possible without svnserve?
Not possible without svnserve - it takes care of the challenge/response.
Try Subversion Edge. you can edit the file you are mentioning using the GUI provided by the tool. It uses its own http server(not svnserve or IIS).
Unfortunately your best bet with a local repository is to use your file system permissions. A simple and free option for a server (that's easy to manager) would be VisualSVN Server. You can hang it off or a workstation or drop it on a public webserver somewhere. I now have mine setup with a reverse proxy with IIS7 so it's integrated with the rest of my web site.

Resources