We Keep Coding

How to install x509 certificate to the Personal store Current User in Openshift4 Pod?

I need to install the certificate to the personal store of CurrentUser in openshift4 pod. When I run the below code, it throws the error.
private static void InstallCertificate(string cerFileName, string friendlyName)
{
X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly);
try
{
X509Certificate2 certificate = new X509Certificate2(cerFileName, "<<CertificatePassword>>");
if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows) && !string.IsNullOrEmpty(friendlyName))
{
certificate.FriendlyName = friendlyName;
}
store.Open(OpenFlags.ReadWrite);
store.Add(certificate);
}
catch (Exception ex)
{
Console.WriteLine($"Error in adding cert: {ex.Message}");
}
store.Close();
}
Code is in a .NET 6 console application. This certificate will be used for SSL authentication required for connecting to MQ from OCP4 pod.
Error Message: The X509 certificate could not be added to the store.
Error:
System.Security.Cryptography.CryptographicException: The X509 certificate could not be added to the store.
---> System.UnauthorizedAccessException: Access to the path '/.dotnet/corefx/cryptography/x509stores/my' is denied.
---> System.IO.IOException: Permission denied
--- End of inner exception stack trace ---
at System.IO.FileSystem.CreateDirectory(String fullPath)
at System.IO.Directory.CreateDirectory(String path)
at Internal.Cryptography.Pal.DirectoryBasedStoreProvider.AddCertToStore(ICertificatePal certPal)
at Internal.Cryptography.Pal.DirectoryBasedStoreProvider.Add(ICertificatePal certPal)
--- End of inner exception stack trace ---
at Internal.Cryptography.Pal.DirectoryBasedStoreProvider.Add(ICertificatePal certPal)
at System.Security.Cryptography.X509Certificates.X509Store.Add(X509Certificate2 certificate)

I was able to resolve the issue using the below steps:
Added the command to create the .dotnet folder only in the dockerfile. (This created the folder .dotnet in the root directory.)
RUN mkdir /.dotnet
Added the below command to provide the permission to root group for the .dotnet folder
RUN chgrp -R 0 /.dotnet && \
chmod -R g=u /.dotnet
By default the container started in OpenShift gets a random user ID. Therefore images not designed to handle such a random UID will fail with permission errors. Adding the given command to the Dockerfile sets the directory and file permissions to allow users in the root group to access them in the built image. Because the container user is always a member of the root group, the container user can read and write these files. The root group does not have any special permissions (unlike the root user) so there are no security concerns with this arrangement.
After adding the above two commands in the dockerfile, the code ran without any issues.
I have collated all the steps that might help others!

expect garbage before prompt

I try to connect to my router using ssh in order to automatically extract some logs from it.
I developed this code below :
#!/usr/bin/expect -f
spawn ssh root#192.168.1.1
expect "Are you sure you want to"
send -- "yes\r"
expect "password"
send -- "root\r"
expect "\#"
send -- "ls\r"
expect "\#"
the problem is I expected a garbage before the prompt in the output log.
spawn ssh root#192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is SHA256:6aeE74qXMeQzg0SGJBZMIa0HFQ5HJrNqE5f3XZ6Irds.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/amin/.ssh/known_hosts).
root#192.168.1.1's password:
BusyBox v1.30.1 () built-in shell (ash)
OpenWrt Version: ALPHA
OpenWrt base: 19.07
------------------------------------
]0;root#openwrt: ~root#openwrt:~# ls
[0;0mnetwork[m
]0;root#openwrt: ~root#openwrt:~#
what's the main cause of this issue? How I can fix it?

The problem is that there are terminal escape sequences being issued, probably to control what colour the terminal uses. The easiest fix is to set the terminal type (an environment variable) to something that doesn't support colour before doing the spawn. Perhaps this will do the trick:
set env(TERM) "dumb"
If that doesn't work (it depends on exactly what is in someone's .bashrc) then you can just override the PS1 environment variable on the remote side with your first command after logging in.
# etc for logging in
expect "# "
send "PS1='# '\r"
expect "# "
# Everything should be right from here on

Failed to import extension mercurial_keyring - Rhodecode - Object has no attribute NullHandler

Machine Env: Windows7 box with Cygwin/TortoiseHg, Linux box (RHEL).
Mercurial/Hg - 3.0.1 version
I'm trying to integrate mercurial_keyring to perform username/password less operations. Mercurial keyring prompts first time per user / per repository link but after that, it doesn't prompt.
Our Hg repository code recently migrated to RhodeCode.
I have mercurial_keyring.py (python) file available on my machine (provided by this link): https://pypi.python.org/pypi/mercurial_keyring and https://bitbucket.org/Mekk/mercurial_keyring/src/tip/mercurial_keyring.py
While doing hg clone or any hg command, I'm getting the following error when used at command prompt (either in Linux or Windows machine via Cygwin).
*** failed to import extension hgext.mercurial_keyring from /root/AKS/goga/mercurial_keyring.py: 'module' object has no attribute 'NullHandler'
My ~/.hgrc file looks like:
# example config (see "hg help config" for more info)
[ui]
# name and email, e.g.
# username = Jane Doe <jdoe#example.com>
username=koba <koba.loki#shenzi.com>
[extensions]
# uncomment these lines to enable some popular extensions
# (see "hg help extensions" for more info)
# pager =
# progress =
# color =
hgext.mercurial_keyring = /root/AKS/goga/mercurial_keyring.py
[paths]
default = http://hg-server.cm.shenzi.com:8082
[auth]
default1.schemes = http https
default1.prefix = hg-server:8082
default1.username = koba
default.schemes = http https
default.prefix = hg-server.cm.shenzi.com:8082
default.username = koba
default3.schemes = http https
default3.prefix = 12.112.91.112
default3.username = koba
In Cygwin, I also got another error:
*** failed to import extension hgext.mercurial_keyring from ~/MerKeyRing/mercurial_keyring.py: No module named keyring

Smtp error 451 Temporary local - please try later on Cpanel Server

I have a Cpanel Server.
It send emails correctly expect from 1 domain which hosted on the server , so when I try to send email from that domain using roundcube or Horde I got the errror
SMTP Error (451): Failed to add recipient "recipient#exmple.com" (Temporary local problem - please try later).
does anyone know why and how to fix this?
I found the porblem:
After reviewing the file /var/log/exim_mainlog using
tail -f /var/log/exim_mainlog
I noticed that the error was:
2013-05-29 20:04:28 SMTP connection from [127.0.0.1]:36797 (TCP/IP connection count = 1)
2013-05-29 20:04:28 lowest numbered MX record points to local host: domain.com (while verifying <user#domain.com> from host localhost.localdomain (domain.com) [127.0.0.1]:36797)
2013-05-29 20:04:28 H=localhost.localdomain (domain.com) [127.0.0.1]:36797 sender verify defer for <user#domain.com>: lowest numbered MX record points to local host
2013-05-29 20:04:28 H=localhost.localdomain (domain.com) [127.0.0.1]:36797 F=<user#domain.com> A=dovecot_login:narena temporarily rejected RCPT <recipient#exmple.com>: Could not complete sender verify
2013-05-29 20:04:28 SMTP connection from localhost.localdomain (domain.com) [127.0.0.1]:36797 closed by QUIT
so the main problem was:
lowest numbered MX record points to local host
after couple of search I found the soluation in http://forums.cpanel.net/f5/lowest-numbered-mx-record-points-local-host-73563.html
which was to:
login to WHM and go to Main >> DNS Functions >> Edit MX Entry for the domain
set MX priority to 0 for the related domain and save.

I had the same problem after running a script to fix directory permissions on a cPanel-powered server (CentOS 6.5). I checked the logfile (tail -f /var/log/exim_mainlog) and found this error:
require_files: error for /home/user_name/etc/domain.com: Permission denied
Just ran the following command and the issue was fixed:
chown -R user_name:mail /home/user_name/etc/
Hope this helps someone.

check the the file /var/log/exim_mainlog to see more information about the error
tail -f /var/log/exim_mainlog
while trying to send email

Check your MX Entry in Cpanel, if the existing domain priority is less than or equals to 0, set it to 1. Mine is fixed. Hope it will help you.

Wow, after about an hour of searching and meddling with different files, I'd caution any novice not to venture out editing anything before you have a backup or image if your server, as you can cause irrevocable damage to your server. So many people talking garbage about what you should do or test without any real solution.
Anyways, here's what worked for me:
Real problem: Exim was updated to latest version which has loads of bugs like this issue.
How I fixed my server:
Authenticate to Linux via SSH and run the command lines through which we download and install the old version of EXIM.
Command Line 1: wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
Command Line 2: rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm
Command Line 3: systemctl restart exim
Command Line 4: Systemctl restart clamd
Command Line 5: systemctl restart spamassassin
Optional: just type "Reboot" to restart your server
The command lines above does the following:
Downloads the old package (I'm sure you can google other sources with this file)
Install the old package without prompt
Restart the Exim service
Restart the Clamd Service (AV)
Restart the spamassassin service (Spam Filter)
Restart outlook or whatever you use for mail client and send an email. Mine works, hope yours do too.

TC7 (20939) : upgrade : mercurial : http auth : Test Connection Succeeds... but build checks fail (http auth)

Have been using EAP 7 for a couple of months, this is the 2nd upgrade.
Upgraded to build 20939 today and now get errors when builds are trying to check mercurial for changes (VCS problem: FOO Edit this VCS root>>). If I edit the VCS Root and click Test Connection it succeeds. How do I go about debugging this issue?
Have tried re-saving the vcs root. I deleted and recreated the vcs root on one project and get the same result.
The recent entries in the teamcity-vcs log don't have domain\user:password, should they?
I now have both the teamcity and buildagent services running under my AD account. I don't remember what account the teamcity service was using before the upgrade (is that logged somewhere?).
If the vcs root is configured with an 'https://' and has user/password why don't I see the credentials in the log message (see above post)?
My user directory contains mercurial.ini / ssl cert (and was working pre-upgrade).
TeamCity hosted on Windows2k8, mercurial repo, using Active Directory credentials for authentication.
teamcity service is running as Local System
buildagent running as AD account (for builds that deploy to other machines)
newest errors:
[2012-01-11 17:12:39,578] WARN [cutor 4 {id=29}] - jetbrains.buildServer.VCS - Error while loading changes for root mercurial: https://mycompany.com/myproject {instance id=29, parent id=8}, cause: 'cmd /c hg pull https://mycompany.com/MyProject' command failed.
stderr: abort: http authorization required
older errors:
[2012-01-10 16:38:02,791] INFO [TeamCity Agent ] - jetbrains.buildServer.VCS - Patch applied for agent=computer {id=1, host=127.0.0.1:9090}, buildType=Project :: MVC3 {id=bt12}, root=mercurial: https://mycompany/myproject {instance id=12, parent id=1}, version=3775:7fc0ae5029e6
[2012-01-11 10:30:36,277] INFO [_Server_StartUp] - jetbrains.buildServer.VCS - Server-wide hg path is not set, will use path from the VCS root settings

The problem persisted after a complete uninstall/re-install.
In the VCS Root definition... I left the user/password fields blank and encoded the user:password into the 'Pull changes from' string (just like you'd do on the command-line.
https://domain\user:password#hg.mycompany.com/Repo
To sorta clean up the plaintext password I created a project level property 'MyPassword' (type password) and used it in the connection string like this:
https://domain\user:%MyPassword%#hg.mycompany.com/Repo
Still not great but I'm up and running and the password is not viewable by causal users.