How to enable fips openssl in mysql - mysql

I was following the below enable fips for mysql
https://dev.mysql.com/blog-archive/openssl-fips-support-in-mysql-8-0/
downloaded these two tars openssl-1.0.2t.tar.gz openssl-fips-2.0.16.tar.gz and tried to build it first into an exe
But running thru lot of issues
The build of FIPS is erroring for missing nmake.dll
mysql blog
C:\openssl\openssl-fips-2.0.16>rem #echo off
C:\openssl\openssl-fips-2.0.16>SET ASM=no--asm
C:\openssl\openssl-fips-2.0.16>SET EXARG=
C:\openssl\openssl-fips-2.0.16>SET MFILE=ntdll.mak
C:\openssl\openssl-fips-2.0.16>if NOT X == X goto wince
C:\openssl\openssl-fips-2.0.16>if NOT XAMD64 == X goto defined
C:\openssl\openssl-fips-2.0.16>if AMD64 == x86 goto X86
C:\openssl\openssl-fips-2.0.16>if AMD64 == IA64 goto IA64
C:\openssl\openssl-fips-2.0.16>if AMD64 == AMD64 goto AMD64
C:\openssl\openssl-fips-2.0.16>echo Auto Configuring for AMD64
Auto Configuring for AMD64
C:\openssl\openssl-fips-2.0.16>SET TARGET=VC-WIN64A
C:\openssl\openssl-fips-2.0.16>if xno--asm == xno-asm goto compile
C:\openssl\openssl-fips-2.0.16>if xno--asm == xno-asm SET EXARG=no-asm
C:\openssl\openssl-fips-2.0.16>perl Configure VC-WIN64A no-asm fipscheck
Configuring for VC-WIN64A
no-asm [option] OPENSSL_NO_ASM
no-ec_nistp_64_gcc_128 [default] OPENSSL_NO_EC_NISTP_64_GCC_128 (skip dir)
no-gmp [default] OPENSSL_NO_GMP (skip dir)
no-jpake [experimental] OPENSSL_NO_JPAKE (skip dir)
no-krb5 [krb5-flavor not specified] OPENSSL_NO_KRB5
no-md2 [default] OPENSSL_NO_MD2 (skip dir)
no-rc5 [default] OPENSSL_NO_RC5 (skip dir)
no-rfc3779 [default] OPENSSL_NO_RFC3779 (skip dir)
no-store [experimental] OPENSSL_NO_STORE (skip dir)
no-zlib [default]
no-zlib-dynamic [default]
IsMK1MF=1
CC =cl
CFLAG =-DOPENSSL_FIPSCANISTER -DOPENSSL_THREADS -DDSO_WIN32 -W3 -Gs0 -Gy -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DUNICODE -D_UNICODE -D_CRT_SECURE_NO_DEPRECATE
EX_LIBS =
CPUID_OBJ =mem_clr.o
BN_ASM =bn_asm.o
DES_ENC =des_enc.o fcrypt_b.o
AES_ENC =aes_core.o aes_cbc.o
BF_ENC =bf_enc.o
CAST_ENC =c_enc.o
RC4_ENC =rc4_enc.o rc4_skey.o
RC5_ENC =rc5_enc.o
MD5_OBJ_ASM =
SHA1_OBJ_ASM =
RMD160_OBJ_ASM=
CMLL_ENC =camellia.o cmll_misc.o cmll_cbc.o
MODES_OBJ =
ENGINES_OBJ =
PROCESSOR =
RANLIB =true
ARFLAGS =
PERL =perl
SIXTY_FOUR_BIT mode
DES_INT used
RC4_CHUNK is unsigned long long
Configured for VC-WIN64A.
WARNING: OpenSSL has been configured to generate a fipscanister.o object module.
That compiled module is NOT FIPS 140-2 validated or suitable for use in
satisfying a requirement for the use of FIPS 140-2 validated cryptography
UNLESS the requirements of the Security Policy are followed exactly (see
http://openssl.org/docs/fips/ or http://csrc.nist.gov/cryptval/).
This is the OpenSSL FIPS 2.0 module.
C:\openssl\openssl-fips-2.0.16>pause
Press any key to continue . . .
C:\openssl\openssl-fips-2.0.16>echo on
C:\openssl\openssl-fips-2.0.16>perl util\mkfiles.pl 1>MINFO
C:\openssl\openssl-fips-2.0.16>perl util\mk1mf.pl dll no--asm VC-WIN64A 1>ms\ntdll.mak
***************************
****FIPS BUILD FAILURE*****
***************************

Related

lighttpd daemon failed to start after adding python support to read from cgi-bin

getting python to run from cgi-bin causes lighttpd daemon failed to start
$HTTP["url"] =~ "^/cgi-bin/" {
alias.url += ( "/cgi-bin/" => "/var/www/cgi-bin" )
cgi.assign = (".py" => "/usr/bin/python")
}
Am I doing something wrong
I also have below added in the beginning of /etc/lighttpd/lighttpd.conf
server.modules = (
"mod_indexfile",
"mod_setenv",
"mod_access",
"mod_alias",
"mod_redirect",
"mod_cgi"
)
Look in the lighttpd error log and review the trace for what you broke.
Alternatively, run lighttpd pre-flight tests on your config:
lighttpd -tt -f /etc/lighttpd/lighttpd.conf

Meson find_program not finding program

I'm building a Vala program with gnome-builder and flatpak. I wan't to connect to a mySQL Database. Thats why I need to run mysql_config to get the right compiler flags.
So I added mysql_config = find_program('mysql_config')to my meson.build file.
When I try to compile I get meson.build:7:0: ERROR: Program(s) ['mysql_config'] not found or not executable.
When I run whereis mysql_config on command line I get the expected result mysql_config: /usr/bin/mysql_config. Also I can run mysql_config --cflags from command line with the expected result -I/usr/include/mysql -I/usr/include/mysql.
Thats why I think that the problem is that I'm building with flatpak-builder.
My ./meson.build:
project('zeiterfassunggtk', ['c', 'vala'], version: '0.1.0',
meson_version: '>= 0.40.0',
)
i18n = import('i18n')
mysql_config = find_program('mysql_config')
mysql_vapi = meson.get_compiler('vala').find_library('mysql')
mysql_dep = declare_dependency(c_args: run_command([mysql_config, '--cflags']).stdout().split(),
link_args: run_command([mysql_config, '--libs']).stdout().split(),
dependencies: [mysql_vapi])
subdir('data')
subdir('src')
subdir('po')
meson.add_install_script('build-aux/meson/postinstall.py')
My ./src/meson.build
zeiterfassunggtk_sources = [
'main.vala',
'window.vala',
'mysql.vala',
]
zeiterfassunggtk_deps = [
dependency('gio-2.0', version: '>= 2.50'),
dependency('gtk+-3.0', version: '>= 3.22'),
]
gnome = import('gnome')
zeiterfassunggtk_sources += gnome.compile_resources('zeiterfassunggtk-resources',
'zeiterfassunggtk.gresource.xml',
c_name: 'zeiterfassunggtk'
)
executable('zeiterfassunggtk', zeiterfassunggtk_sources,
vala_args: '--target-glib=2.50', dependencies: zeiterfassunggtk_deps,
install: true,
)
The full output of the build process:
flatpak build --env=LANG=de_AT.UTF-8 --env=USER=g.zehetner --env=HOME=/home/g.zehetner --env=PATH=/usr/bin:/bin --env=TERM=xterm-256color --env=V=0 --env=CCACHE_DIR=/home/g.zehetner/.cache/gnome-builder/flatpak-builder/ccache --env=PATH=/app/bin:/usr/bin --build-dir=/home/g.zehetner/.cache/gnome-builder/projects/ZeiterfassungGtk/builds/org.gnome.Zeiterfassunggtk.json-flatpak-org.gnome.Platform-x86_64-3.26-master --share=network --nofilesystem=host --filesystem=/home/g.zehetner/.cache/gnome-builder --filesystem=/home/g.zehetner/Projekte/ZeiterfassungGtk --filesystem=/home/g.zehetner/.cache/gnome-builder/projects/ZeiterfassungGtk/builds/org.gnome.Zeiterfassunggtk.json-flatpak-org.gnome.Platform-x86_64-3.26-master --env=V=1 '--env=CFLAGS=-O2 -g' '--env=CXXFLAGS=-O2 -g' --env=NOCONFIGURE=1 /home/g.zehetner/.cache/gnome-builder/projects/ZeiterfassungGtk/flatpak/staging/x86_64-master ninja
[0/1] Regenerating build files.
The Meson build system
Version: 0.46.0
Source dir: /home/g.zehetner/Projekte/ZeiterfassungGtk
Build dir: /home/g.zehetner/.cache/gnome-builder/projects/ZeiterfassungGtk/builds/org.gnome.Zeiterfassunggtk.json-flatpak-org.gnome.Platform-x86_64-3.26-master
Build type: native build
Project name: zeiterfassunggtk
Native C compiler: ccache cc (gcc 6.2.0 "cc (GCC) 6.2.0")
Appending CFLAGS from environment: '-O2 -g'
Appending LDFLAGS from environment: '-L/app/lib '
Native Vala compiler: valac (valac 0.38.2)
Appending LDFLAGS from environment: '-L/app/lib '
Build machine cpu family: x86_64
Build machine cpu: x86_64
Program mysql_config found: NO
meson.build:7:0: ERROR: Program(s) ['mysql_config'] not found or not executable
A full log can be found at /home/g.zehetner/.cache/gnome-builder/projects/ZeiterfassungGtk/builds/org.gnome.Zeiterfassunggtk.json-flatpak-org.gnome.Platform-x86_64-3.26-master/meson-logs/meson-log.txt
FAILED: build.ninja
/usr/bin/python3 /usr/bin/meson --internal regenerate /home/g.zehetner/Projekte/ZeiterfassungGtk /home/g.zehetner/.cache/gnome-builder/projects/ZeiterfassungGtk/builds/org.gnome.Zeiterfassunggtk.json-flatpak-org.gnome.Platform-x86_64-3.26-master --backend ninja
ninja: error: rebuilding 'build.ninja': subcommand failed
You can find the full code at Github.com

Sidekiq server is not processing scheduled jobs when started using systemd

I have a cuba application which I want to use sidekiq with.
This is how I setup the config.ru:
require './app'
require 'sidekiq'
require 'sidekiq/web'
environment = ENV['RACK_ENV'] || "development"
config_vars = YAML.load_file("./config.yml")[environment]
Sidekiq.configure_client do |config|
config.redis = { :url => config_vars["redis_uri"] }
end
Sidekiq.configure_server do |config|
config.redis = { url: config_vars["redis_uri"] }
config.average_scheduled_poll_interval = 5
end
# run Cuba
run Rack::URLMap.new('/' => Cuba, '/sidekiq' => Sidekiq::Web)
I started sidekiq using systemd. This is the systemd script which I adapted from the sidekiq.service on the sidekiq site.:
#
# systemd unit file for CentOS 7, Ubuntu 15.04
#
# Customize this file based on your bundler location, app directory, etc.
# Put this in /usr/lib/systemd/system (CentOS) or /lib/systemd/system (Ubuntu).
# Run:
# - systemctl enable sidekiq
# - systemctl {start,stop,restart} sidekiq
#
# This file corresponds to a single Sidekiq process. Add multiple copies
# to run multiple processes (sidekiq-1, sidekiq-2, etc).
#
# See Inspeqtor's Systemd wiki page for more detail about Systemd:
# https://github.com/mperham/inspeqtor/wiki/Systemd
#
[Unit]
Description=sidekiq
# start us only once the network and logging subsystems are available,
# consider adding redis-server.service if Redis is local and systemd-managed.
After=syslog.target network.target
# See these pages for lots of options:
# http://0pointer.de/public/systemd-man/systemd.service.html
# http://0pointer.de/public/systemd-man/systemd.exec.html
[Service]
Type=simple
Environment=RACK_ENV=development
WorkingDirectory=/media/temp/bandmanage/repos/fall_prediction_verification
# If you use rbenv:
#ExecStart=/bin/bash -lc 'pwd && bundle exec sidekiq -e production'
ExecStart=/home/froy001/.rvm/wrappers/fall_prediction/bundle exec "sidekiq -r app.rb -L log/sidekiq.log -e development"
# If you use the system's ruby:
#ExecStart=/usr/local/bin/bundle exec sidekiq -e production
User=root
Group=root
UMask=0002
# if we crash, restart
RestartSec=1
Restart=on-failure
# output goes to /var/log/syslog
StandardOutput=syslog
StandardError=syslog
# This will default to "bundler" if we don't specify it
SyslogIdentifier=sidekiq
[Install]
WantedBy=multi-user.target
The code calling the worker is :
raw_msg = JSON.parse(req.body.read, {:symbolize_names => true})
if raw_msg
ts = raw_msg[:ts]
waiting_period = (1000*60*3) # wait 3 min before checking
perform_at_time = Time.at((ts + waiting_period)/1000).utc
FallVerificationWorker.perform_at((0.5).minute.from_now, raw_msg)
my_res = { result: "success", status: 200}.to_json
res.status = 200
res.write my_res
else
my_res = { result: "not found", status: 404}.to_json
res.status = 404
res.write my_res
end
I am only using the default q.
My problem is that the job is not being processed at all.
After you run systemctl enable sidekiq so that it starts at boot and systemctl start sidekiq so that it starts immediately, then you should have some logs to review which will provide some detail about any failure to start:
sudo journalctl -u sidekiq
Review the logs, review the systemd docs and adjust your unit file as needed. You can find all the installed systemd documentation with apropos systemd. Some of the most useful man pages to review are systemd.service,systemd.exec and systemd.unit

OS X, Elixir, Ecto, Crypto, MySQL

Trying out Elixir & Ecto (not Phoenix) in a sample app to help me learn the language.
Running my program results in the following error:
=INFO REPORT==== 7-Apr-2016::16:23:28 ===
application: logger
exited: stopped
type: temporary
** (Mix) Could not start application tpos: exited in: Tpos.start(:normal, [])
** (EXIT) exited in: GenServer.call(#PID<0.164.0>, {:get_all, Tpos.Data.Models.ProfitCenter}, 5000)
** (EXIT) exited in: GenServer.call(#PID<0.163.0>, {:checkout, :run}, 5000)
** (EXIT) exited in: GenServer.call(#PID<0.168.0>, {:connect, [hostname: "localhost", timeout: 5000, otp_app: :tpos, repo: Tpos.Repo, adapter: Ecto.Adapters.MySQL, database: "tpos", username: "tpos", password: "tpos", port: 3306]}, 5000)
** (EXIT) an exception was raised:
** (UndefinedFunctionError) undefined function :crypto.hash/2 (module :crypto is not available)
(crypto) :crypto.hash(:sha, "tpos")
(mariaex) lib/mariaex/protocol.ex:150: Mariaex.Protocol.mysql_native_password/2
(mariaex) lib/mariaex/protocol.ex:47: Mariaex.Protocol.dispatch/2
(mariaex) lib/mariaex/connection.ex:284: Mariaex.Connection.process/2
(mariaex) lib/mariaex/connection.ex:251: Mariaex.Connection.handle_info/2
(stdlib) gen_server.erl:615: :gen_server.try_dispatch/4
(stdlib) gen_server.erl:681: :gen_server.handle_msg/5
(stdlib) proc_lib.erl:240: :proc_lib.init_p_do_apply/3
If I do a mix deps.clean --all and a mix.deps get and run the program again, it works. But only once. If I exit and attempt to run it again, I receive the above error.
The line that causes the error is:
data = Repo.all(ProfitCenter)
As I said, the first time through this runs fine and returns the expected data. It's only on subsequent runs that the error pops up.
From mix.exs:
defmodule Tpos.Mixfile do
use Mix.Project
def project do
[app: :tpos,
version: "0.0.1",
elixir: "~> 1.2",
build_embedded: Mix.env == :prod,
start_permanent: Mix.env == :prod,
deps: deps]
end
def application do
[ applications: [:mariaex, :ecto],
mod: { Tpos, [] } ]
end
defp deps do
[
{:credo, "~> 0.3", only: [:dev, :test]},
{:mariaex, "~> 0.5.0"},
{:ecto, "~> 1.1.5"},
{:exactor, "~> 2.2.0"}
]
end
end
I'm running OS X 10.11.1, and have tried several things to get it going based on advice like this.
Thoughts? Thanks!
The error states that you don't have :crypto module. You can verify that by running:
iex(1)> Application.start(:crypto)
:ok
If you get anything else than :ok, it means that your Erlang installation is not fully functional. It happens very often when you install Erlang via kerl. Kerl doesn't consider lack of openssl an error. It just skips crytpo libraries without warning.
To install fully functional Erlang with kerl you need to run:
brew install openssl
brew install unixodbc
After that create ~/.kerlrc file with following contents:
KERL_INSTALL_MANPAGES=yes
KERL_CONFIGURE_OPTIONS="--disable-hipe --enable-smp-support --enable-threads
--enable-kernel-poll --with-wx
--with-ssl=/usr/local/opt/openssl
--with-odbc=/usr/local/opt/unixodbc"
And try to reinstall Erlang. This config also adds wx-widgets which are handy if you want to run :observer application. Unixodbc also may come in handy, but less often.
If you are using different tool to install Erlang, you still need to point it to openssl path during compilation.
Alternatively, you can use packages provided by Erlang Solutions: https://www.erlang-solutions.com/resources/download.html They should install all required dependencies including crypto.

JRuby / Warbler / GlassFish - (NameError) uninitialized constant ApplicationController::SessionsHelper

Really Short Story:
I'm incredibly frustrated by this issue
Short Story:
JRuby-1.7.2 building to a .war using Warbler (1.3.8) deploying to a glassfish v3 server. I can build on my machine and everything works fine, however when I try to build with Jenkins, the war gives the following error when trying to load the first page:
org.jruby.exceptions.RaiseException: (NameError) uninitialized constant ApplicationController::SessionsHelper
Long Story:
Build script on our Jenkins server:
#path to rvm
[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"
# Use the correct ruby
rvm use "jruby-1.7.2#webadmin"
# Set "fail on error" in bash
set -e
# build
bundle update
warble compiled war
Error log from Glassfish....which I hope has enough info.
[#|2013-05-31T17:10:14.634-0400|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=19;_ThreadName=Thread-2;|PWC1412: WebModule[null] ServletContext.log():INFO: pool was empty - getting new application instance|#]
[#|2013-05-31T17:10:25.181-0400|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=19;_ThreadName=Thread-2;|PWC1412: WebModule[null] ServletContext.log():An exception happened during JRuby-Rack startup
uninitialized constant ApplicationController::SessionsHelper
--- System
jruby 1.7.4 (1.9.3p392) 2013-05-16 2390d3b on OpenJDK 64-Bit Server VM 1.6.0_27-b27 [linux-amd64]
Time: 2013-05-31 17:10:25 -0400
Server: GlassFish Server Open Source Edition 3.1.2.2
jruby.home: classpath:/META-INF/jruby.home
--- Context Init Parameters:
com.sun.faces.forceLoadConfiguration = true
com.sun.faces.validateXml = true
public.root = /
rails.env = production
--- Backtrace
NameError: uninitialized constant ApplicationController::SessionsHelper
--- RubyGems
Gem.dir: /opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF/gems
Gem.path:
/opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF/gems
Activated gems:
bundler-1.3.5
rake-10.0.4
i18n-0.6.1
multi_json-1.7.4
activesupport-3.2.13
builder-3.0.4
activemodel-3.2.13
erubis-2.7.0
journey-1.0.4
rack-1.4.5
rack-cache-1.2
rack-test-0.6.2
hike-1.2.2
tilt-1.4.1
sprockets-2.2.2
actionpack-3.2.13
mime-types-1.23
polyglot-0.3.3
treetop-1.4.12
mail-2.5.4
actionmailer-3.2.13
arel-3.0.2
tzinfo-0.3.37
activerecord-3.2.13
activeresource-3.2.13
gyoku-1.0.0
nokogiri-1.5.9-java
akami-1.2.0
bcrypt-ruby-3.0.1-java
sass-3.2.9
bootstrap-sass-2.3.1.2
will_paginate-3.0.4
bootstrap-will_paginate-0.0.9
bouncy-castle-java-1.5.0147
coffee-script-source-1.6.2
execjs-1.4.0
coffee-script-2.2.0
rack-ssl-1.3.3
json-1.8.0-java
rdoc-3.12.2
thor-0.18.1
railties-3.2.13
coffee-rails-3.2.2
faker-1.1.2
httpi-2.0.2
jquery-rails-2.2.2
jruby-openssl-0.8.8
nori-2.1.0
rails-3.2.13
sass-rails-3.2.6
wasabi-3.1.0
savon-2.2.0
therubyrhino_jar-1.7.4
therubyrhino-2.0.2
uglifier-1.0.4
uuidtools-2.1.4
--- Bundler
Bundler.bundle_path: /opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF/gems
Bundler.root: /opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF
Gemfile: /opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF/Gemfile
Settings:
gemfile = /opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF/Gemfile
without = development:test:assets
bin_path = /opt/glassfish3/glassfish/domains/myDomain/applications/web-admin/WEB-INF/gems/gems/bundler-1.3.5/bin/bundle
--- JRuby-Rack Config
compat_version =
default_logger = org.jruby.rack.logging.StandardOutLogger#62a49a04
equals =
err = com.sun.common.util.logging.LoggingOutputStream$LoggingPrintStream#7a21bdb8
filter_adds_html = true
filter_verifies_resource = false
ignore_environment = false
initial_memory_buffer_size =
initial_runtimes =
jms_connection_factory =
jms_jndi_properties =
logger = org.jruby.rack.logging.ServletContextLogger#19a2312c
logger_class_name = servlet_context
logger_name = jruby.rack
maximum_memory_buffer_size =
maximum_runtimes =
num_initializer_threads =
out = com.sun.common.util.logging.LoggingOutputStream$LoggingPrintStream#52f8d395
rackup =
rackup_path =
rewindable = true
runtime_arguments =
runtime_environment =
runtime_timeout_seconds =
serial_initialization = false
servlet_context = org.apache.catalina.core.ApplicationContextFacade#16c7e149
throw_init_exception = false
|#]
[#|2013-05-31T17:10:25.182-0400|INFO|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=19;_ThreadName=Thread-2;|PWC1412: WebModule[null] ServletContext.log():DEBUG: resetting rack response due exception|#]
Turns out it was an issue with source code control. My helpers directory was not added and therefore Jenkins was not including in the build. Always check the obvious first, if it says it isn't there it probably isn't.