Definite's Extractor

My findings on Life, Linux, Open Source, and so on.

Jenkins: No entry currently exists in the Known Hosts file for this host

I have encountered the following error message when I was trying to connect Jenkins slave after plugin update:

[SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
 Key exchange was not finished, connection is closed.
 java.io.IOException: There was a problem while connecting to xxx.xxx.xxx.xxx:22

I have tried to connect using ssh in console, it connected successfully, but Jenkins still refuse to connect.

Then I discovered that, if I provided the RSA Host key, Jenkins can now connected to slaves.

I guess the reason is ssh just use the known host key to determine whether it is known, and be able to fallback to RSA for actual authentication. On the other hand, Jenkins does not seem to have the fallback. You given RSA identity, then Jenkins expect RSA in known_hosts.

The issue is already filed as JENKINS-42959 Failed known_hosts verification for SSH agent. In the meantime you can use following workaround:

stdbuf -o0 -e0 ssh-keyscan -H <host> &>> ~/.ssh/known_hosts

The stdbuf here is for printing the stdout and stderr as the order of time they appear, just like what you would see in console. Otherwise the stderr will go first and then stdout.

Advertisements

在微信 (WeChat) 回報 Feature Request 的歡樂體驗

我把手機 reset 後,開始了漫長的回復過程。其他的軟體,從遊戲到Facebook、line都是只給帳密就什麼都恢復了…除了微信。

微信也做了一番努力把通訊錄和朋友圈保留了,可是看到空空如也的群聊,實在很無聊。
所謂空空如也,不是一堆空群組,而是什麼都沒有、Nothing、白茫茫一片真乾淨這種沒有。
好吧,共產主義等不來。於是我上朋友圈問計,得到的回答是。

「你可以傳資料啊」
(我也想讓微信伺服端傳資料啊)
「你可以從舊手機導資料啊」
(我也想這樣做,可是光reset 生不出舊手機)
「你怎麼不備份?」
(我錯了,我不應該假設 Facebook 能,作為競爭對手的微信也能)
「微信使用者太多了,這些功能太耗資源了」
(雖然 Facebook 用戶更多,可是騰訊的工資和設備比臉書較便宜(應該吧),還是應該體諒人家)
「幹嘛要看過去的歷史,要展望未來」
(This is not a bug, it is a feature!)

本以為沒招了,眼睛瞄到,嘿,還有 WeChat Team 在啊,頓時躁動的心獲得解脫。馬上把
「我希望微信能像 Faceobook 和 line 一樣,手機 reset 後還能撈回群裡的歷史資料。」
這段貼給 WeChat Team。人家是專業的,必然能給專業的答案。

沒過幾秒,馬上收到回音,這服務態度和效率只應天上有啊。回復是這樣的:

 

请根据以下步骤操作:
步骤一:手机设置->通用->多语言环境->区域格式->选择非中国地区。
步骤二:请(轻触此处)搜索“facebookapp”->启用该功能,可添加facebook功能。
步骤三:请在微信中选择【我】-【设置】-【帐号与安全】,选择“Facebook”进行绑定即可。
注:绑定Facebook账号,需要手机能翻墙或设置VPN才可访问facebook官网。

 

我沒看錯吧,要撈微信群的資料居然要動用 Facebook? 這跟當年問 iphone 誰是世界上最好的手機時,它推薦 三星手機 是一樣的無私啊。要是能用 Facebook 救微信的資料,那也是功德無量。既然這樣那還不趕快照著步驟做?

  1. 設置 -> 通用 ,可是我就是沒找著安卓上這個設定在那。查了一下,原來是蘋果的設置方法。往好處想,看來微信沒有偷查你是安卓還是蘋果,
  2. 雖然我對(轻触此处)不能直接連到 facebookapp略有微詞,不過瑕不掩瑜。可是我搜了半天,愣沒搜到 facebookapp 或 facebook 。這又使我對微信的嚴謹感到敬佩:你看,沒照步驟來,人家就不理你了,活該。

 

感謝微信在繁忙的工作中,帶給我們幽默和歡樂。

Introducing Bus Factor

bmez9ovciaa7sdh

The Bus factor measures the degree of the knowledge sharing. High number means the knowledge is well shared. For example, bus factor 10 means 10 team members need to be “neutralized” to stop the project working.

This lead to the following issue: How to introduce it to your team members.
Even it is called *bus factor* does not mean you should introduce as such.

I still remember when one of my colleague explaining the idea:

Consider when you are hitting by a bus …

My real feeling on that time was:

Are you trying to curse me?

That’s right. It triggers all negative feeling and reaction. In other words, that will not help knowledge sharing.

A good way to get around this is terming it with holiday factor instead. Ah, holiday, this associate with more pleasant mood, thus make the concept much easier to be delivered and heard. And, hey, we do need to consider the impact of long holidays like Christmas and Chinese New Year.

Using holiday factor also deliver following message:

If you do not share, we may need to call you in the most inconvenient time …

So, using holiday factor is more acceptable, realistic and passive aggressive. 🙂

Yet, everything has it own limitation, and the “bus factory” is no exception. One of my respected colleague, Seth Vidal, was indeed killed in car accident, and his project, yum, is postponed. However, dnf takes its place and has been adopted by Fedora community since Fedora 22.

Turn on “Ok Google” for any screen with HTC E9+ without Google Now Launcher

If you have invested to many time to organize the apps and folders, or just don’t want to change to Google Now launcher for any reason, you can still enjoy the “OK Google” from any screen.

Simply put, you can enable it with Google App.  Just follow the instruction provided from Google support.

systemd: remember to keep the daemons alive

My sinopia daemon refused to start. After dig out the journal, I found that ExecStop run straight after ExecStart, what the…

After some research, I found that for daemons, or any other program that put themselves at the background, systemd thought they are stopped, thus stop the service for you. To prevent this, you need following in your systemd service file:

[Service]
...
RemainAfterExit=yes

so your daemons can live happily ever after.

The END

nodejs/npm yum repo for EL7

The nodejs and npm in EL7 is too old, so I borrowed the  to latest nodejs spec from  rawhide. Long story short, the result is at:

https://copr.fedorainfracloud.org/coprs/dchen/nodejs/

Please read the disclaimer and do follow the installation instruction if you choose to proceed. I don’t usually put the disclaimer like that but you need to know that:

  1. The build dependency of nodejs include openssl-1.0.2, but EL7 only shipped with 1.0.1, yet nodejs can run with openssl-1.0.1.
  2. openssl-libs is an important package, without it,  yum, curl and rpm URL install won’t work, so restore it is a bit tricky. The instruction is, however, written in the copr page.

Longer story:

To build this copr, following dependencies need to go in as well:

  1. libuv
  2. crypto-policies
  3. openssl-1.0.2

libuv is piece of cake. But crypto-policies and openssl bring the worst packager nightmare: circular dependency. After F23, crypto-policies require openssl-devel to build, yet openssl require crypto-policies to run.

I eventually dug out crypto-policies from F21 and built it, thus broke the circular dependency and finished the build.

ibus-chewing-1.5.1 Released

ibus-chewing 1.5.1 這次的更新修正了很多操作上的問題,

諸如按Ctrl-2~4 選字的功能,數字版(NumPad)的選字,以及insert 等特殊鍵的處理。

特別感謝 hiunnhue 的貢獻。他不僅提出了更好的處理數字鍵的方法,這個 release  的所有 issue 都是他修復的。再一次感謝各位參與者的意見與 pull request ,使得 ibus-chewing 更為完善。

ibus-chewing-1.5.0釋出

除了修了一些 bug 之外,這個版本有幾個亮點:

  1. 使用者可以選擇在系統匣顯示「中/英」以及「全/半」狀態,如圖:
    systray
    Gnome 3的使用者可能沒法看到,但是其他桌面環境諸如 KDE/Plasma、XFCE、LXDE、LXQT,或是支援systray的視窗管理器如 fluxbox 可以看見。
    在「中」圖示按滑鼠左鍵切換「中/英」,右鍵切換「全/半」。也可用鍵盤 shift 鍵切換「中/英」,shift-space 切換「全/半」

    啟用/停用: 進入設定畫面後,在「鍵盤(keyboard)」分頁中,選項「在系統匣中顯示圖示 (Show systray icons)」。

  2. 更好地處理 Caps Lock 及中英切換。
    現在你可以選擇是用 Shift 來切換中英,或是 Caps Lock 切換中英。
    喜歡用 Caps Lock 切換英數大小寫的使用者可以停用「Caps Lock 切換中文模式」,這樣就不用擔心輸入英文時無法用 Caps Lock 切換大小寫。

RHEL 7 mock build with staff_selinux

By default, mock won’t work with staff_selinux mode in RHEL 7. The instruction from Fedora is mostly correct, but insufficient for staff_selinux. This is because:

  1. /usr/bin/mock is now a sym-link to /usr/bin/consolehelper, thus consolehelper permission should be also allowed.
  2. The Fedora mock policy module does not have the types like staff_consolehelper_t.

There are a lot more reasons, but long story short, I have edited a policy file (PackageMaintainers_MockTricks_mock.te) that should covered the most mock usage. My SELinux skill quickly build up by editing that file. 🙂

Time for script that setup the mock, assuming you are running as root:

# getting dependencies
yum -y install selinux-policy-devel policycoreutils-python mock

# Download policy files
wget https://fedoraproject.org/w/uploads/2/2f/PackageMaintainers_MockTricks_mock.if
wget https://fedoraproject.org/w/uploads/7/73/PackageMaintainers_MockTricks_mock.fc
wget https://dchen.fedorapeople.org/files/PackageMaintainers_MockTricks_mock.te

# Build and install
make -f /usr/share/selinux/devel/Makefile
semodule -i PackageMaintainers_MockTricks_mock.pp

That’s it.

But just in case you are still getting SELinux AVC denials, you can get around yourself by using following scripts:

grep -E -e "(mock|consolehelper)" /var/log/audit/audit.log | audit2allow -M my_mock
semodule -i my_mock.pp

Autostart in lxqt + fluxbox

Now day I start playing with fluxbox, which is light weight, yet surprisingly has excellent feature set. For one, it can remember window location  and  size.

The other window mangers that are capable of window remembering have their own downside:

  • KDE: It is indeed full featured but heavy weight. The other weird thing is it asks password for Calendar in Google Chrome whenever my session start, even I do not intent to use it.
  • Enlightenment: starting from 0.20, they dropped systray (Xembed) support. Basically that means the Network Manager and Input Method indicators are gone.

The fluxbox built-in panel (a.k.a. toolbar) has the basic feature sets which I can live with, but it would be better to have the volume control, battery status and popup calendar when I click on the clock.

First candidate is fbpanel, but it’s popup calendar is block by the panel itself.

Then I found lxqt-panel. It has good feature sets like memory graph. But it fail to find the launcher icons, and “logout” won’t logout you.

At last, I came out with use lxqt as session, but fluxbox as window manager. But the autostart did not seem to work. Luckily, you can use startfluxbox as window manager, and you can put whatever you want to autostart in ~/.fluxbox/startup.

Enjoy.