am trying to upload packages o a PPA (packages that contain custom "sources.list"s designed to make upgrades or downgrades between Ubuntu releases easier) and, even after going through all that work to manually generate a key and sign them with gpg, dput still rejects them as "not signed".
View 3 Repliesi just read that in fc12 you can install sighned packages without root password?
View 1 Replies View RelatedHas anyone setup a system to only allow digitall signed (i.e. approved USB disk drives) to be used on a Linux System.
View 1 Replies View RelatedI just created an rpm and went to install it on another fc12 vm - it said the package was not signed. I searched on this and one place said to edit the yum.conf file to:
gpgcheck=0
How can I add self-signed certificates to e.g: Google Chrome under Linux (from the command line)?
View 1 Replies View Relatedbuild a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign etc. signature like you know it from Windows, but I mean signed by myself. I.e. I choose the software allowed to run, sign it, and then want to deny any other processes to run.If it is somehow possible I'd like to extend this even to scripts and the kernel (i.e. no unsigned modules can be loaded).Does anyone have a good idea how to solve this problem?The bad thing is: I'm pretty fine with coding stuff myself in C, but have absolutely 0 experience or knowledge in kernel (module)-programming.Any tipps, links, literatureOne approach I came up with (just a rough idea at the moment):Linux starts new processes with a fork-and-exec-combination. I therefore wonder if it is possible to change exec() in such a way that it will only execute signed programs
View 5 Replies View RelatedI have a server which I use for mail:
[URL]
The above is the machines actual FQDN. Now because I also use it as a web server to access my website and webmail, I have a pointer record with my domain registrar to also forward all [URL] to the same IP as [URL]. when I generate a SSL self signed certificate for my server. Do I generate one for [URL] or [URL]?
Solving issues with signed and unsigned numbers in BASH.For a start, Yes, BASH is type independent � I know that. My problem lays in catching executables output into a BASH variable.My executables are not quite UNIX compatible, where returned values are 0 for OK, >0 ERROR. They return 0 for OK, >0 WARNING (only, so move on) and <0 ERROR (abort) instead.
Code:
// C++ BIN A
int main(){
[code]...
Updating my install of OpenSUSE from 11.0 to 11.3 and notice that the Nagios network monitor can no longer probe servers with self signed certs.It appears to be any monitor that used openssl 1.0.0 has an issue. If I install the openssl 0.9.8 libraries and use old plugins linked against it, they work fine.
View 9 Replies View RelatedWhen I tried to install LibreOffice 3.3_64 on my Fedora14_64 I received the following error:
Package libobasis3.3-extension-pdf-import-3.3.1-8.x86_64.rpm is not signed Has anyone run into this? Is there a way to fix this?
When I do a "openssl x509 -in server1.pem -issuer -noout" after I've supposedly signed it with the CA, the issuer is, for some reason, the DN string of server1. If server1 generated the CSR, and it is coming up as issued by server1, doesn't that indicate a self signed cert? How could the CA be producing a cert that has an issuer of another server? Am I just completely off base? Sorry, I'm a bit of a newb with the SSL pieces.
I hope this is the right place for this, but I'm having some difficulty using the java keytool and OpenSSL tool on a Solaris system.
I have a server (CA server) with OpenSSL installed that I would like to use as a Certificate Authority. The second server (server1) is a WebLogic server with JDK 1.6.0_21. I'm trying to configure it to use a certificate that has been signed by server1.
For some reason it keeps giving me this error when I try to import the signed SSL certificate: keytool error: java.lang.Exception: Public keys in reply and keystore don't match
Am I doing something wrong in this whole process?
1) Generate the Private Key for the CA server
openssl genrsa -out CA.key -des 2048
2) Generate the CSR on the CA
openssl req -new -key CA.key -out CA.csr
3) Sign the new CSR so that it can be used as the root certificate openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 730 -req -in CA.csr -out CA.pem -extfile /usr/local/ssl/openssl.cnf
4) On server1, create Server Private Key KeyStore keytool -genkey -alias server1 -keysize 2048 -keyalg RSA keystore server1.jks -dname "CN=server1.domain.com,OU=Organization,O=Company,L=City,ST=State,C=US"
5) On server1, create a CSR from the recently created Private Key
keytool -certreq -alias server1 -sigalg SHA1WithRSA -keystore server1.jks -file server1.csr
6) Transfer the CSR over to the CA (server1) so that it can be signed openssl x509 -extensions v3_ca -trustout -signkey CA.key -days 365 -req -in server1.csr -out server1.pem -extfile /usr/local/ssl/openssl.cnf
7) Transfer CA Public Cert to server1 and Import into keytool keytool -import -trustcacerts -alias CA_Public -file CA.pem -keystore server1.jks
8) Import recently signed CSR to app server keystore (This is where I receive the error) keytool -import -trustcacerts -alias server1 -file server1.pem -keystore server1.jks
Things beyond my control are causing me to rush a bit in getting the website moved. I'm working hard to try and get it done, but something else has come up that SSL Certificate.I know that our website's "basket" area is protected by an SSL certificate to ensure customer information, especially credit info, is secure. With the move to Amazon's service, it looks like I may need to create our own self-signed SSL certificate to ensure the basket area remains secure.
I have found guides that walk through how to make one yourself and configuring apache to allow it, but something else has come to mind. The guides I found don't really indicate where the SSL certificate goes afterwards, and also doesn't suggest which sections should be governed by the certificate (as only the basket section uses it, not anything else). How would I find out that information?
I have a Server with Webmin, Usermin and Sendmail using pop3s. I have created a seft signed certificate using webmin. Exported it and imported it to the trusted root certification authorities on my client. This fixes the warning message from internet explorer when attempting making a ssl connection to webmin. When attempting to use usermin or retrieving mail I get that warning that this site's certificate is self signed. I look at the certificate and its not the same as the one I created with webmin. My question is. Is possible to have the same certificate be used by each?
View 6 Replies View RelatedI've got an uber simple test mail script in php on my awesome new dev machine running Ubuntu:
PHP Code:
Unfortunately, something is preventing mail delivery. I can't tell from this error log whether it's the remote machine rejecting me or whether it's my machine rejecting the self-signed cert on the remote machine:
Code:
I'm wondering what I could change in my postfix configuration to remedy this problem.
I tried setting smtp_tls_security_level = may = may but this did not change anything.
I run a web server on Fedora 12, principally using Apache, MySQL, and PHP. I host a variety of sites, one of which is a family website that contains semi-sensitive personal data for several hundred extended family members, who all have access to the database-driven site.
Until now, I have been using a self-signed SSL certificate to encrypt the data as it is read and written back and forth from my database. Family members have simply had to put up with clicking past certificate warnings as they enter the site, as most browsers flag self-signed certificates as bad. It hasn't really been that much of a bother, but I'd love to do it more professionally. I have looked into buying SSL certificates, but it's a site I host for free and would rather find a cheap or free alternative if possible.
So I'm just fishing for ideas to work with. What are some alternatives to using SSL certificates for moderately strong website encryption? So far, I run only one host on the domain, but may eventually need encryption that would support multiple hosts. Or does anybody know a way to make self-signed certificates work on most popular browsers without being flagged as suspicious?
I have configured yum server on my RHEL 5.x box. I just tried to install a particular RPM which is in fact a reference manual of MySQL. Here is what I did:First, listing the available packages:
Code:
[root@mahadeva ~]# yum list available
Loading "rhnplugin" plugin
[code]....
The janitor wants to remove certain applications (svn, virtualbox) which I installed the easy way by going straight to the top and installing a GUI... I then realised the GUIs sucked, so I removed them. Now the computer janitor wants to remove virtuallbox, svn, and who knows what else all because of those stupid packages! how to mark certain packages as deliberatley installed so the computer janitor will take them and their dependencies off the list and let me clean things up?
View 2 Replies View RelatedI'd like to list all packages I installed since the installation. The tricky part is that I don't care for dependencies - only clean list of what I ordered to install. I went through man pages and I did not find anything relevant. Also /var/log/apt/history* doesn't say what I requested and what came as a dependency.
For gentoo-aware folks, I am looking for something like "world" file.
After updating to Karmic, Synaptic shows almost all of my installed packages in the category "Installed (manual)", including about half of the packages that belong to a clean Ubuntu installation (e.g. apparmor, apt and hundreds of others). As a result, I can't easily get a list of those packages that I did indeed install manually and may want to remove. Is there a way of removing the "Installed (manual)" flag from all packages?
If I could do this, all packages that do not belong to the core Ubuntu system should show up as "Installed (auto removable)" and I could individually mark only those as manually installed that I really still need and let apt/synaptic uninstall everything else. I know that with today's hard disks, disk usage of installed packages is not an issue. But those packages accumulate over time and need to be updated with every security update and every ubuntu dist-upgrade, wasting time and bandwidth.
going through synaptic and noticed that a ton of packages are marked as being manually installed when they most definitly did NOT installed them, is there a command i can use to reset all the dependencies?
View 2 Replies View RelatedIs there any way that I can get a list of packages (on the command line) that have been installed manually i.e. all those that haven't been installed as dependencies? I think this must be possible as apt seems to know which dependency packages are no longer required i.e. apt-get autoremove
View 2 Replies View RelatedI want to some how get a list of the packages I installed. I was hoping that I could just list all of the packages that were not installed automatically as a dependency. It turns out that there are 320 packages that match that description (I think). Is there a way to do what I want to do? Shouldn't all of these dependencies have been installed as a handful of meta-packages instead?
View 2 Replies View RelatedI'm trying to force open office to the 3.2.1 version that is available in backports. When I force the openoffice.org package, and try to install it ( with synaptic ), it complains. I assume this is because the dependencies aren't right. Do I have to manually track down all the dependent packages and force their versions to comply as well?
View 4 Replies View Relatedfor a x problem I reinstall the complete x packages. I remove some packages with force.Before this yum works perfect. Exact at this time we have problem with our internet connections and yum hangs somewhere when yum load the repositories and or start the update process.Now yum hangs at start from the command. I can start yum some times and no locking error is rise.strace brings:
stat("/var/lib/rpm/Packages", {st_mode=S_IFREG|0644, st_size=79855616, ...}) = 0
open("/var/lib/rpm/Packages", O_RDONLY) = 4
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
[code]....
The strangest thing is going on. I just did a fresh install of 9.10; however, apt-get upgrade returns different results then Update Manger found under System > Administration > update Manager. In addition, the apt-get upgrade method excludes a few upgrades from being installed. These upgrades are bind9, and a few for FireFox. Has anyone run into this issue recently?
View 4 Replies View RelatedWhy is Add/remove programs in Fedora 14 not working? It is not showing any packages. I am a newbie to Fedora. Also some basic tweaks that should be done immediately after installing fedora.
View 1 Replies View Relatedhave setup a LAMP server with ubuntu 10.04 server edition x86 for my study in VMware Workstation 7.1 For a assignment I had to make a php script that would load a file up to the server and set the name in a mysql database. According to the book the server should set the image in a cryptic folder in the /tmp/ folder.
This isn't working and i also try'd locate and find to find the image i uploaded. I checked the php.ini and file uploads were on but no folder so i set that one to /tmp/ but still no images. Can anyone help me with enabling this function?
Version: #1 SMP Tue Aug 18 15:51:54 EDT 2009Release: 2.6.18-164.el5While running "yum update"After Transaction summary shows download size. I answer the question:"Is this ok [y/N]: y" and process freezes on next line?I have tried yum clean all and retried same result? I have allowed it to continue for several , many, minutes but must CTRL Z to stop process then kill remaining yum processes.I have also deleted and rebuilt the rpm database
View 4 Replies View RelatedI would like to know when usb inserted, its showing cant mount when i clicked details its showing bad blocks in beginning , and smething in /dev/sd6. Can i knw why usb drive cant be mounted automatically , even if its set to do so, and to cope the error mentioned above
View 1 Replies View RelatedHaving one issue with evolution not showing html websites showing up in email like verizon sending a promo. I have gone to edit, preferences, mail preferences, html messages and have always load images from the internet chosen. I have also added sender to contacts. Even if I right click message and tell it to dload images it doesn't.
View 1 Replies View Related