If you’re working with Buildout, then check out mr.scripty, a fantastic Buildout recipe that allows you to use Python code in functions within its options. This means that – in the few instances I’ve used it so far – have conditional statements regarding effectively anything.
In the two examples I added to the source documentation, I go and configure download links based upon architecture and separately, configure some (Java) environment variables based upon which directories exist (eg to handle different Linux distributions that might be running). This is only the start, but it’s a fantastic one.
Amazing I hadn’t gone looking for this earlier. Anyone know of any other Buildout awesomeness out there?
Searching the above-mentioned stack trace reveals lots and lots of results, unsurprisingly. Most results are workarounds where you modify the code, but what about if an application (like Jenkins/Hudson CI, in my case) throws this error at you? The reason the error is occurring is because the SSL certificate of the target you’re connecting to isn’t considered valid by your Java instance’s keystore. This may be because the certificate itself is invalid, or, in my case, the CA chain couldn’t be validated (my OS is RHEL (Red Hat) 5.7, with OpenJDK 1.6). For completeness, I should also mention that the issue here arose when I asked Jenkins CI to use GitHub OAuth. As GitHub’s SSL certificate has been signed by DigiCert, and this isn’t included within RHEL 5.7, the error arises. A solution is, assuming you trust the cert or the CA, to add the relevant certificates/root certificates to your Java keystore.
To do so, get your relevant certificates/root certificates, locate your keystore, and add them accordingly:
wget https://www.digicert.com/CACerts/DigiCertHighAssuranceEVCA-1.crt wget https://www.digicert.com/testroot/DigiCertHighAssuranceEVRootCA.crt keytool -importcert -storepass changeit -keystore /etc/alternatives/java_sdk/jre/lib/security/cacerts -alias digicertevrootca -file DigiCertHighAssuranceEVRootCA.crt keytool -importcert -storepass changeit -keystore /etc/alternatives/java_sdk/jre/lib/security/cacerts -alias digicertevca1 -file DigiCertHighAssuranceEVCA-1.crt
This resolved the issue for me and GitHub OAuth completed successfully. If you’re having issues with just a single certificate, then just import that one certificate.
For the interested Googlers, here’s what the relevant chunk of stacktrace looked like:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:371)
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:390)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:562)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at org.jenkinsci.plugins.GithubSecurityRealm.doFinishLogin(GithubSecurityRealm.java:278)
This fantastic post set me on the right track.
CAS (Central Authentication Service) is a single-sign-on service (say that several times quickly) and through accessing a CAS /logout URL, as an application, you’re able to log the given user out. What wasn’t clear (by Googling) was whether there’s a possibility to redirect the user back to the original application (or a given URL). I now know, thanks to the CAS Protocol Documentation (section 2.3), that any posts that mention adding ?service=http://my.url/ to the /logout URL are incorrect, as this isn’t a valid parameter (at least not at time of writing).
However, you can add a ?url=http://my.url/ to the logout URL and get this (likely, depends on your CAS settings) displayed as a link on the logout page. So, a full URL like this is good to go:
https://cas.foo.edu/cas/logout?url=http://davidjb.com/
I’ve recently been using the Logitech G930 headset with my Ubuntu 11.10 install and I’ve found that the default configuration offers nothing in terms of decent sound (tinny, no bass, etc). Thankfully, I’ve been able to turn to pulseaudio-equalizer for help with turning down the treble and up the bass. However, using pulseaudio-equalizer-gtk wasn’t an entirely satisfying experience as the default volume for my headset kept being set to 100% upon restart. Now, if you recall my previous post on this headset, having the volume for the device set at 100% leads to static being audible and this is a very bad thing.
Continue reading »
We’re currently using Redmine for our project tracking and recently have wanted to have our GitHub projects automatically get updated within Redmine. A post-commit hook to the rescue!
Continue reading »