Git Cheat Sheet

November 25th, 2016 No comments

Small cheat sheet of git commands I frequently use.

Cloning a repository

git clone <remote-url>

Revert changes in working copy

git checkout .

Revert all local commits

git reset

Remove untracked files and directories

git clean -fd

Show remotes

git remote -v

Switch branch

git checkout <branch>
Categories: Linux, Uncategorized Tags:

Self Signed Certificate Script

November 18th, 2016 No comments

Just a small script to generate self signed certificates.

#!/bin/bash
if [[ $EUID -ne 0  ]]; then
    echo "This script must be run as root" 1>&2
    exit 1
fi
if [ "$#" -ne 1 ]; then
        echo "No site name supplied e.g. jenkins"
        exit
fi
openssl genrsa -des3 -passout pass:x -out $1.pass.key 2048
openssl rsa -passin pass:x -in $1.pass.key -out $1.key
rm $1.pass.key
openssl req -new -key $1.key -out $1.csr
openssl x509 -req -days 365 -in $1.csr -signkey $1.key -out $1.crt
Categories: Linux Tags:

Atom plugin installation from command line

November 15th, 2016 No comments

Once you have set up your atom editor it is nice if you can store the list of installed plugins so you can easily reinstall or share with friends. Here are the commands to do so from the command line:

backup:

apm list --installed --bare > packages.txt

install:

apm install --packages-file packages.txt

🙂

Categories: Coding Tags:

Java custom validation with predicate annotation

October 14th, 2016 No comments

Just two small classes I wrote to be able to do some easy validation when you need to have more contextual information when validating an entity. This will allow you to do that easily while preventing the rewriting of boilerplate code.

The annotation:

import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
 
import static java.lang.annotation.ElementType.*;
import static java.lang.annotation.RetentionPolicy.*;
 
import java.lang.annotation.Repeatable;
import javax.validation.Constraint;
import javax.validation.Payload;
 
@Target({TYPE})
@Retention(RUNTIME)
@Repeatable(Predicate.List.class)
@Constraint(validatedBy = PredicateValidator.class)
@Documented
public @interface Predicate {
 
	String message() default "{predicate.invalid}";
 
	Class<?>[] groups() default {};
 
	Class<? extends Payload>[] payload() default {};
 
	String name();
 
	@Target({TYPE})
	@Retention(RUNTIME)
	@Documented
	public @interface List {
		Predicate[] value();
	}
}

The validator:

import java.util.HashMap;
import java.util.Map;
 
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorContext;
 
public class PredicateValidator implements ConstraintValidator<Predicate, Object> {
 
	private static final Map<String, java.util.function.Predicate> PREDICATES = new HashMap<>();
 
	private java.util.function.Predicate predicate;
 
	@Override
	public void initialize(Predicate predicate) {
		if (!PREDICATES.containsKey(predicate.name())) {
			throw new IllegalArgumentException("No predicate with name " + predicate.name() + " found");
		}
		this.predicate = PREDICATES.get(predicate.name());
	}
 
	@Override
	public boolean isValid(Object value, ConstraintValidatorContext context) {
		return predicate.test(value);
	}
 
	public static void addPredicate(String name, java.util.function.Predicate p) {
		PREDICATES.put(name, p);
	}
}

And a small example:

import java.util.Objects;
 
@Predicate(name = "myPredicate")
@Predicate(name = "myPredicate2")
public class Pojo {
 
	static {
		PredicateValidator.addPredicate("myPredicate", obj -> {
			Pojo p = (Pojo) obj;
			System.out.println("Test 1");
			return Objects.equals(p.getValueOne(), p.getValueTwo());
		});
 
		PredicateValidator.addPredicate("myPredicate2", obj -> {
			Pojo p = (Pojo) obj;
			System.out.println("Test 2");
			return Objects.equals(p.getValueOne(), p.getValueTwo());
		});
	}
 
	private String valueOne;
	private String valueTwo;
 
	public String getValueOne() {
		return valueOne;
	}
 
	public void setValueOne(String valueOne) {
		this.valueOne = valueOne;
	}
 
	public String getValueTwo() {
		return valueTwo;
	}
 
	public void setValueTwo(String valueTwo) {
		this.valueTwo = valueTwo;
	}
 
}

Import pem certificate into jks

June 30th, 2016 No comments

The trick is to export it to pkcs12 so that it can be imported by the java keytool.
Other ways of importing caused verification failures on the intermediate certificates for me.

openssl pkcs12 -export -out keystore.p12 -inkey certificate.pem -in certificate.pem
keytool -importkeystore -destkeystore keystore.jks -srcstoretype PKCS12 -srckeystore keystore.p12
# Change alias: keytool -changealias -alias 1 -keystore keystore.jks -keypass <pass> -destalias <destalias>
# Add intermediate certificates:
# openssl x509 -in root.crt -outform der -out root.der
# openssl x509 -in intermediate.crt -outform der -out intermediate.der
# keytool -import -trustcacerts -alias root -file root.der -keystore keystore.jks
# keytool -import -trustcacerts -alias root -file intermediate.der -keystore intermediate.jks

When used in Tomcat this would become something like the following:

    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
               maxThreads="150" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS"
               keystoreFile="/path/to/keystore.jks" keystorePass="<keystorePass>" keyAlias="<alias_for_the_key>" />
Categories: Uncategorized Tags:

Raspberry Pi – RAID 1 with NFS

June 18th, 2016 No comments

I decided to give my Raspberry Pi a new life and installed the latest version of Raspbian.
I also ordered two similar usb sticks of the same size to make a raid 1 (mirrored) device with mdadm which I want to export with NFS.
Note that you should be knowing what you are doing since any of these steps might lead to data loss.

# Short session as root
sudo -i
 
# Determine where the usb sticks are.
fdisk -l
# Remove existing partitions and create the new Linux partitions. Combination of the following commands: p, d, n and w
fdisk /dev/<usb-device1>
fdisk /dev/<usb-device2>
 
# Install adm. When asked about installing it to the root os answer with 'none' since we will keep booting from the sd card.
apt-get install mdadm
 
mdadm --create --verbose /dev/md0 --level=mirror --raid-devices=2 /dev/<usb1-partition1> /dev/<usb2-partition1>
 
# Check if everything is ok.
mdadm --detail /dev/md0
 
# Write stuff to the mdadm config
mdadm --detail --scan >> /etc/mdadm/mdadm.conf
 
# Create the fs (-m 0 = no reserved blocks)
mkfs.ext4 -m 0 /dev/md0
 
mkdir /mnt/raid
 
mount /dev/md0 /mnt/raid
 
# I copied the directories I wanted to move over to the raid device (/var, /tmp, /opt, /root)
# copy var without the symlinks use the same command for the other directories.
find /var -depth -type f -o -type d | cpio -pamVd /mnt/raid
 
# Determine the uuid of the raid device to be used in fstab
blkid /dev/md0

Edit fstab to mount everything from the raid device.

UUID="<your_raid_uuid>"        /mnt/raid       ext4    defaults,noatime        0       2
/mnt/raid/var   /var            none    defaults,bind           0       0
/mnt/raid/tmp   /tmp            none    defaults,bind           0       0
/mnt/raid/root  /root           none    defaults,bind           0       0
/mnt/raid/home  /home           none    defaults,bind           0       0
/mnt/raid/opt   /opt            none    defaults,bind           0       0

Next I installed nfs and created a dir for the nfs shares.

apt-get install nfs-kernel-server
# Don't forget to start rpcbind. Otherwise you will have strange problems connecting to your nfs share from other machines. (Connection timed out most probably)
service start rpcbind
mkdir /mnt/raid/share
mkdir /export
cd /export
ln -s /mnt/raid/share

Edited /etc/exports

/export/share           192.168.1.0/24(rw,sync,no_subtree_check)
# export everything. Restart nfs to be certain our changes made it.
exportfs -r
service nfs-kernel-server restart

Well that’s it for now. I will be testing this to see how it holds up on my Raspberry.

Categories: Linux Tags:

Encrypting an external drive

July 26th, 2015 No comments

I wanted to encrypt the disks that I use to regularly make a backup so I can put it offsite without that nagging thought that just about anyone can read it’s contents when it gets stolen/lost.

Find out the name of the disk you want to encrypt. I usually use a ‘sudo fdisk -l’ to find out which disk. In my case /dev/sdc3 so I will use that in this example. Substitute with your own unless you want to lose data.

Make sure your disk is not mounted:

sudo umount /dev/sdc3

It is good practice to fill the disk with some initial garbage to make any decryption attempts harder.

sudo dd if=/dev/urandom of=/dev/sdc3

Initial creation:

# Login as root
sudo -i
# Install cryptsetup
apt-get install cryptsetup
# I am using a passphrase to setup the encryption you could optionally use a keyfile. Check out the manual for more info.
cryptsetup -y create crypt /dev/sdc3
# Create an ext4 filesystem. (-m 0 -> No reserved blocks for root, this is an external disk)
mkfs.ext4 -m 0 /dev/mapper/crypt
# Create a directory to mount to and mount
mkdir /mnt/crypt && mount /dev/mapper/crypt /mnt/crypt

Remounting:

sudo cryptsetup create crypt /dev/sdc3
sudo mount /dev/mapper/crypt /mnt/crypt

That did it for me. I just wanted a small barrier to chase away curious people.

Categories: Debian, Ubuntu Tags: ,

Tomcat – High CPU Breakdown

June 5th, 2015 No comments

Determine the process id (PID) of the process that has high CPU load.

The culprit:

16397 tomcat    24   0 2809m 1.2g  26m S 197.4 14.8 112:28.42 java

Use top, ps or the java jps tool. I used jps here.

sudo -u tomcat jps -l

Output:

16397 org.apache.catalina.startup.Bootstrap
8985 sun.tools.jps.Jps

We then try to create a thread dump with the java jstack tool.

sudo jstack 16397 > stacktrace.dmp

Output:

16397: Unable to open socket file: target process not responding or HotSpot VM not loaded
The -F option can be used when the target process is not responding
sudo jstack -F 16397 > stacktrace.dmp

If that is also not working you can try quitting the process.

sudo -u tomcat kill -QUIT 16397

You will need to check the logs to see the stacktrace.

You can then check out the running threads and their state. I found that some threads were in a blocking state due to a few java.lang.OutOfMEmoryError errors.

To get more detailed information we can also use the jmap command to do a little deeper digging.

sudo jmap -dump:file=thread_dump.16379.dmp -F 16397
Categories: Linux Tags:

Java import certificate from website

April 9th, 2015 No comments

Making calls to a server with a self signed certificate might give you the following error:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To fix this we need to import the certificate of this website into our local keystore.

Default pw for the keystore is ‘changeit’.

openssl s_client -showcerts -connect www.example.com:443 < /dev/null | openssl x509 -outform DER > www.example.com.der
keytool -importcert -trustcacerts -alias www.example.com -file www.example.com.der -keystore <path_to_keystore>
Categories: Uncategorized Tags:

Maven 3, deploy file with scp

March 7th, 2014 No comments

By default maven 3 will only allow you to upload files by means of http.

This mean that deploying through scp will not work. My settings.xml contains the servers to which I want to upload through scp.

Settings.xml

<settings>
    <servers>
        <server>
            <id>sample-server-id</id>
            <username>myUsername</username>
            <password>myPassword</password>
        </server>
    </servers>
    <profiles>
	<profile>
            <id>default-profile</id>
            <activation>
                <activeByDefault>true</activeByDefault>
            </activation>
	    <repositories>
		<repository>
			<id>sample-server-id</id>
			<name>A sample repository</name>
			<url>scp://builds.example.org/maven</url>
		</repository>
	    </repositories>
	</profile>
    </profiles>
</settings>

Deploying the file with mvn deploy:deploy-file will give an error when using scp as the protocol.

mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven
No connector available to access repository

To fix this we need to create a dummy pom.xml. The most important part is to add the ssh wagon to enable scp.

<project> 
	<modelVersion>4.0.0</modelVersion> 
	<groupId>com.oracle</groupId> 
	<artifactId>jdbc-driver</artifactId> 
	<version>11.2.0.4</version> 
	<build>
		<extensions>
			<extension>
				<groupId>org.apache.maven.wagon</groupId>
				<artifactId>wagon-ssh</artifactId>
				<version>2.6</version>
			</extension>
		</extensions>
	</build>
</project>

Now rerun the command:

mvn deploy:deploy-file -DgroupId=com.oracle -DartifactId=ojdbc6 -Dversion=11.2.0.4 -DrepositoryId=sample-server-id -Dfile=ojdbc6.jar -Durl=scp://builds.example.org/maven

Hopefully it will now show:

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
Categories: Uncategorized Tags: