Definite's Extractor

My findings on Life, Linux, Open Source, and so on.

Jenkins SSH: Invalid PEM structure, ‘—–BEGIN…’ missing

Quick Solution

  1. Paste the RSA private key (e,g. content of ~/.ssh/id_rsa) to Jenkins, like this:jenkins credentials
  2. Ensure the ~/.ssh/known-hosts in Jenkins master has agent/slave host key. Like:
    stdbuf -o0 -e0 ssh-keyscan -H  &>> ~/.ssh/known_hosts
  3. Ensure the ~/.ssh/authorized_keys of Jenkins agent/slave has Jenkins master’s RSA key.
  4. (Optional) if you can access the terminal of Jenkins master, test the connection by using:


Because the issue Presence of ECDSA SSH keys breaks SSH credentials plugin seems to affect the Jenkins masters that have both ECDSA and RSA.


Jenkins: No entry currently exists in the Known Hosts file for this host

I have encountered the following error message when I was trying to connect Jenkins slave after plugin update:

[SSH] WARNING: No entry currently exists in the Known Hosts file for this host. Connections will be denied until this new host and its associated key is added to the Known Hosts file.
 Key exchange was not finished, connection is closed. There was a problem while connecting to

I have tried to connect using ssh in console, it connected successfully, but Jenkins still refuse to connect.

Then I discovered that, if I provided the RSA Host key, Jenkins can now connected to slaves.

I guess the reason is ssh just use the known host key to determine whether it is known, and be able to fallback to RSA for actual authentication. On the other hand, Jenkins does not seem to have the fallback. You given RSA identity, then Jenkins expect RSA in known_hosts.

The issue is already filed as JENKINS-42959 Failed known_hosts verification for SSH agent. In the meantime you can use following workaround:

stdbuf -o0 -e0 ssh-keyscan -H <host> &>> ~/.ssh/known_hosts

The stdbuf here is for printing the stdout and stderr as the order of time they appear, just like what you would see in console. Otherwise the stderr will go first and then stdout.

在微信 (WeChat) 回報 Feature Request 的歡樂體驗

我把手機 reset 後,開始了漫長的回復過程。其他的軟體,從遊戲到Facebook、line都是只給帳密就什麼都恢復了…除了微信。


(我也想這樣做,可是光reset 生不出舊手機)
(我錯了,我不應該假設 Facebook 能,作為競爭對手的微信也能)
(雖然 Facebook 用戶更多,可是騰訊的工資和設備比臉書較便宜(應該吧),還是應該體諒人家)
(This is not a bug, it is a feature!)

本以為沒招了,眼睛瞄到,嘿,還有 WeChat Team 在啊,頓時躁動的心獲得解脫。馬上把
「我希望微信能像 Faceobook 和 line 一樣,手機 reset 後還能撈回群裡的歷史資料。」
這段貼給 WeChat Team。人家是專業的,必然能給專業的答案。





我沒看錯吧,要撈微信群的資料居然要動用 Facebook? 這跟當年問 iphone 誰是世界上最好的手機時,它推薦 三星手機 是一樣的無私啊。要是能用 Facebook 救微信的資料,那也是功德無量。既然這樣那還不趕快照著步驟做?

  1. 設置 -> 通用 ,可是我就是沒找著安卓上這個設定在那。查了一下,原來是蘋果的設置方法。往好處想,看來微信沒有偷查你是安卓還是蘋果,
  2. 雖然我對(轻触此处)不能直接連到 facebookapp略有微詞,不過瑕不掩瑜。可是我搜了半天,愣沒搜到 facebookapp 或 facebook 。這又使我對微信的嚴謹感到敬佩:你看,沒照步驟來,人家就不理你了,活該。



Introducing Bus Factor


The Bus factor measures the degree of the knowledge sharing. High number means the knowledge is well shared. For example, bus factor 10 means 10 team members need to be “neutralized” to stop the project working.

This lead to the following issue: How to introduce it to your team members.
Even it is called *bus factor* does not mean you should introduce as such.

I still remember when one of my colleague explaining the idea:

Consider when you are hitting by a bus …

My real feeling on that time was:

Are you trying to curse me?

That’s right. It triggers all negative feeling and reaction. In other words, that will not help knowledge sharing.

A good way to get around this is terming it with holiday factor instead. Ah, holiday, this associate with more pleasant mood, thus make the concept much easier to be delivered and heard. And, hey, we do need to consider the impact of long holidays like Christmas and Chinese New Year.

Using holiday factor also deliver following message:

If you do not share, we may need to call you in the most inconvenient time …

So, using holiday factor is more acceptable, realistic and passive aggressive. 🙂

Yet, everything has it own limitation, and the “bus factory” is no exception. One of my respected colleague, Seth Vidal, was indeed killed in car accident, and his project, yum, is postponed. However, dnf takes its place and has been adopted by Fedora community since Fedora 22.

Turn on “Ok Google” for any screen with HTC E9+ without Google Now Launcher

If you have invested to many time to organize the apps and folders, or just don’t want to change to Google Now launcher for any reason, you can still enjoy the “OK Google” from any screen.

Simply put, you can enable it with Google App.  Just follow the instruction provided from Google support.

systemd: remember to keep the daemons alive

My sinopia daemon refused to start. After dig out the journal, I found that ExecStop run straight after ExecStart, what the…

After some research, I found that for daemons, or any other program that put themselves at the background, systemd thought they are stopped, thus stop the service for you. To prevent this, you need following in your systemd service file:


so your daemons can live happily ever after.


nodejs/npm yum repo for EL7

The nodejs and npm in EL7 is too old, so I borrowed the  to latest nodejs spec from  rawhide. Long story short, the result is at:

Please read the disclaimer and do follow the installation instruction if you choose to proceed. I don’t usually put the disclaimer like that but you need to know that:

  1. The build dependency of nodejs include openssl-1.0.2, but EL7 only shipped with 1.0.1, yet nodejs can run with openssl-1.0.1.
  2. openssl-libs is an important package, without it,  yum, curl and rpm URL install won’t work, so restore it is a bit tricky. The instruction is, however, written in the copr page.

Longer story:

To build this copr, following dependencies need to go in as well:

  1. libuv
  2. crypto-policies
  3. openssl-1.0.2

libuv is piece of cake. But crypto-policies and openssl bring the worst packager nightmare: circular dependency. After F23, crypto-policies require openssl-devel to build, yet openssl require crypto-policies to run.

I eventually dug out crypto-policies from F21 and built it, thus broke the circular dependency and finished the build.

ibus-chewing-1.5.1 Released

ibus-chewing 1.5.1 這次的更新修正了很多操作上的問題,

諸如按Ctrl-2~4 選字的功能,數字版(NumPad)的選字,以及insert 等特殊鍵的處理。

特別感謝 hiunnhue 的貢獻。他不僅提出了更好的處理數字鍵的方法,這個 release  的所有 issue 都是他修復的。再一次感謝各位參與者的意見與 pull request ,使得 ibus-chewing 更為完善。


除了修了一些 bug 之外,這個版本有幾個亮點:

  1. 使用者可以選擇在系統匣顯示「中/英」以及「全/半」狀態,如圖:
    Gnome 3的使用者可能沒法看到,但是其他桌面環境諸如 KDE/Plasma、XFCE、LXDE、LXQT,或是支援systray的視窗管理器如 fluxbox 可以看見。
    在「中」圖示按滑鼠左鍵切換「中/英」,右鍵切換「全/半」。也可用鍵盤 shift 鍵切換「中/英」,shift-space 切換「全/半」

    啟用/停用: 進入設定畫面後,在「鍵盤(keyboard)」分頁中,選項「在系統匣中顯示圖示 (Show systray icons)」。

  2. 更好地處理 Caps Lock 及中英切換。
    現在你可以選擇是用 Shift 來切換中英,或是 Caps Lock 切換中英。
    喜歡用 Caps Lock 切換英數大小寫的使用者可以停用「Caps Lock 切換中文模式」,這樣就不用擔心輸入英文時無法用 Caps Lock 切換大小寫。

RHEL 7 mock build with staff_selinux

By default, mock won’t work with staff_selinux mode in RHEL 7. The instruction from Fedora is mostly correct, but insufficient for staff_selinux. This is because:

  1. /usr/bin/mock is now a sym-link to /usr/bin/consolehelper, thus consolehelper permission should be also allowed.
  2. The Fedora mock policy module does not have the types like staff_consolehelper_t.

There are a lot more reasons, but long story short, I have edited a policy file (PackageMaintainers_MockTricks_mock.te) that should covered the most mock usage. My SELinux skill quickly build up by editing that file. 🙂

Time for script that setup the mock, assuming you are running as root:

# getting dependencies
yum -y install selinux-policy-devel policycoreutils-python mock

# Download policy files

# Build and install
make -f /usr/share/selinux/devel/Makefile
semodule -i PackageMaintainers_MockTricks_mock.pp

That’s it.

But just in case you are still getting SELinux AVC denials, you can get around yourself by using following scripts:

grep -E -e "(mock|consolehelper)" /var/log/audit/audit.log | audit2allow -M my_mock
semodule -i my_mock.pp