talkingCode

Archive for the linux category

Adobe FlexBuilder trial on Linux

posted by codders in linux

I’ve been considering playing with some Flash, and I wanted to use the FlexBuilder plugin for Eclipse on Linux to play around with some ActionScript / Flex. The install was painless enough, but on booting the thing up I noticed a status message in the bottom corner of the screen saying ‘FlexBuilder trial will expire in 14 days’.

It would be lovely if we could go ahead and fix that. Unfortunately, section 2.1.3 (b)(3) of the EULA explicitly prohibits ‘reverse engineering, decompiling, disassembling or otherwise attempting to discover the source code of the subject’, so we can’t.

Annoying trial messages plague a lot of commercial software though. It might be worth looking at some general ways to remove them on software with less restrictive EULAs.

You will need:

  • JAD – I used the statically linked version

and if you want to create Flex projects on Linux you will need:

Step 1: Finding the source of the message
The quickest way to find the source of a message like ‘This software expires in 20 days’ is to grep the provided JARs for that text:

find /usr/local/install_folder -name "*.jar" |
(while read name
do 
mkdir /tmp/jars
cd /tmp/jars
echo $name
jar xf $name
grep -r "expires in" .
cd ..
rm -r jars
done)

That’ll tell you roughly which JAR you care about.

Step 2: Extract the JAR

cd /tmp
mkdir working
cd working
jar xf /usr/local/install_folder/subfolder/interesting.jar

You can then look at the filenames of the extracted class files to see which look interesting. It stands to reason that if you were going to put an expiration date in your software you’d obfuscate it, possibly with a little ASN. (Well, stands to reason and you may already have drawn a blank fiddling the dates in any XML files you might have found).

Step 3: Decompile the class
You’ll hopefully have downloaded jad and put it somewhere in your path. Typing ‘jad Annoying.class’, for example, will generate Annoying.jad, the decompiled file. jad may complain that the version of a subclass is ’49.0′, which is more recent than it supports. We’re not too worried about that.

Step 4: Edit the code
It should be obvious, looking at the decompiled code, which lines it is that are generating the message and / or any irritating dialog boxes. If it’s not, you may have selected the wrong file. Try again.

Step 5: Recompile the code
The trickiest part of recompiling decompiled code is getting the classpath right. Fortunately:

find /usr/local/e3.3/ /usr/local/install_folder/ -name "*.jar" |
 tr /\\n/ /:/; echo . > /tmp/classpath.txt

does a pretty decent job. You can then type something like:

javac -cp `cat /tmp/classpath.txt` com/evil/corp/annoyance/Annoying.java

which will generate a fresh Annoying.class.

Step 6: Rebuild the JAR
All that remains is to reassemble the JAR:

jar cf /usr/local/install_folder/subfolder/interesting.jar *

Conclusion
There are a couple of things to conclude from all this. The first is that Java isn’t the greatest obfuscation technology in the world, but then it was never really intended to be. The second is that software wants to be free.

I wonder if they do gluten free porridge.

ERROR 2026 (HY000): SSL connection error – the joy of MySQL SSL on Debian

posted by codders in debian, linux, mysql, sysadmin

OpenSSL has some issues. It can’t be linked against GPL software, and Debian only includes free software (in its main archive). So when, in order to encrypt communications to your MySQL server, you issued the magic:

mysql> GRANT ALL PRIVILEGES ON database.* TO 'someuser'@'%' IDENTIFIED BY 'somepassword' REQUIRE SSL;

And tried to connect to the server (an empty certificate suffices for this purpose) with the rune:

# mysql -u someuser -psomepassword -h my.server.com database --ssl --ssl-ca=/dev/null

you might well have been frustrated to see the cryptic

ERROR 2026 (HY000): SSL connection error

Sucks to be you. (N.B. In order for ‘REQUIRE SSL’ to have any effect, you need to have enabled SSL on the server. See /etc/mysql/my.cnf) There are at least two possible causes. One is that the certificates you’ve generated for the server are in some way broken, and that can be true on any system. The other, which plagues the current Debain packages (5.0.32-7etch1 at time of writing) is the OpenSSL linking issue in the client. So what’s to be done? Well the long and the short of it is that if you’re on Debian, you’re at least going to have to recompile the mysql-server package with OpenSSL support, depressing as that undoubtedly is. For reasons of hygiene in linking, we’ll need to do this in a chroot. Don’t worry – it won’t hurt a bit:

cd /usr/local
mkdir chroot
debootstrap etch chroot
# Make yourself a drink.
mount -t proc none chroot/proc/
chroot chroot
# If you've not already got a 'src' URL:
echo deb-src http://ftp.uk.debian.org/debian etch main >> /etc/apt/sources.list
apt-get update
apt-get install devscripts
# At this point, you may start to see
# 'perl: warning: Setting locale failed.'
# If so...
apt-get install locales
dpkg-reconfigure locales
# ... and select the missing locale.
# Doesn't really hurt if you don't do that though.
cd /usr/src
apt-get build-dep mysql-server
apt-get source mysql-server
cd mysql-dfsg-5.0-5.0.32/
# either ...
wget http://talkingcode.co.uk/wp-content/2007/11/patch.txt
patch -p0 < patch.txt
# ... or change the line 'without-openssl' in debian/rules to 'with-openssl'
# and 'with-yassl' to 'without-yassl'
apt-get install libssl-dev
# Change the version:
debchange -v 5.0.32-7etch1+ssl-1 "Added SSL"
dpkg-buildpackage
# Time to go get another drink. Consider getting a biscuit too.
cd ..
ls *ssl*.deb
echo "That's handy"
exit

So now you have your SSL enabled packages, it's a simple matter of installing them on the target machine:

dpkg -i *.deb

(though you could reasonably skip installing the server if you don't need it).

And there you have it - you should now be able to connect over SSL to your server (if your certificates are okay).

If you want to connect from a Python or Perl script using SSL, you're going to need to install the fresh .debs inside the chroot and recompile the appropriate Python and Perl MySQL binding packages in the same chroot so as to make them link the modified libmysqlclient.

New Laptop

posted by codders in debian, linux, sysadmin

What I _actually_ wanted to write about was installing Debian on my new laptop, in a geeky kind of way.

It’s been about 2 years since I did anything other than a clean install on a machine, and in that time it seems things have come along a little. The new machine is a Thinkpad, so all the dull hardware compatibility stuff is up on ThinkWiki as per. They also have some handy instructions on how not to destroy all your data.

Good news!!! QtParted is now able to resize NTFS, which has been a long time coming and means I no longer have to blitz the XP install that came with the laptop. It’s supported on the most recent Knoppix CD and, being determined and stubborn as is my wont, I decided I’d try and do the install manually from there instead of trying something more conventional like a Netinst CD.

Step 1: Burn the Knoppix CD. Straightforward enough

Step 2: QtParted. The Thinkpad comes with an NTFS partition at the start of the drive and a recovery partition at the end, so the rest is yours to play with. My first thought was just to make the rest LVM, but I couldn’t for the life of me make grub install to an LVM partition. Second attempt involved a little boot partition and an LVM root, which seems to work better.

Step 3: debootstap debian into the LVM partition. Something like…

mke2fs /dev/sda2 # The boot partition
tune2fs -j /dev/sda2
pvcreate /dev/sda3 # The LVM partition
vgcreate vg /dev/sda3
lvcreate -L10G -n slash vg
mke2fs /dev/vg/slash
tune2fs -j /dev/vg/slash
mkdir /tmp/bootstrap
mount /dev/vg/slash /tmp/bootstrap
mkdir /tmp/bootstrap/boot
mount /dev/sda2 /tmp/bootstrap/boot
debootstrap etch /tmp/bootstrap http://ftp.uk.debian.org/debian
chroot /tmp/bootstrap
apt-get update
apt-get install linux-image-2.6.18-5-686
exit
grub install --directory=/tmp/bootstrap/boot /dev/sda

et voila, as ze French would ‘ave it. Well, ish. Turns out that doesn’t work. Even if you persuade grub to do the right thing it is, it seems, the devil’s own job to create an initrd that’ll boot with an LVM rootfs (can’t find a good link to explain rootfs). I’m sure there are people that can make that happen. I didn’t really have the patience or the knowhow.

Step 4: Give up, install from the Netinst CD. It just works, and supports all the LVM goodness you could ever wish for.

Step 5: Copy /home from your old machine. One of the really lovely things about Linux is that once you’ve copied your home directory to your new machine, the place really does feel like Home (fsvo ‘once’. You still need to make sure you have roughly the same packages installed).
What most impressed me, though, was that having allocated only 10GB as the initial rootfs I was able, while everything was mounted and running, to resize things. Turns out that lvextend and resize2fs can both be run on the mounted filesystem, which makes having to choose the ‘right’ size for the initial partitions completely redundant. I now have nice /home, /var, /, and /var/warez partitions and needn’t worry about any of them running out and time soon since I still have 30GB unused in the LVM. Should also prevent the ol’ “/var/cache/apt/archives ate my entire disk and I didn’t realise” problem that I often have with Debian. It ought to be as simple as just removing the files in there from time to time, but I never seem to realise until the disk is full. Limiting /home also has the advantage that I’ll know when it becomes un-backup-able in advance of my disk filling up.

So there was that. I’m a happy bunny now with my new lappy. In other news, alsaconf autodetects soundcards and s2disk suspends to disk first time (and resumes!). I could bitch about having to compile my own kernel because of cutting-edge wireless ipw3945 stupidity, but I won’t. I’ve entertained you long enough.

That was me writing about Linux. Because we’re still in a ‘getting to know you’ phase, I’ve been heavy on the hyperlinks. I don’t know who you are or how much you know, and I wouldn’t want anyone to feel excluded by the use of jargon, idiom and turn of phrase. I’ll stop extending that courtesy just as soon as it gets boring (in about 10 minutes). If in doubt, Wikipedia, then Google, then Urban Dictionary. Can’t lose.

Recent Posts
Recent Comments
About Us
jp: works like a charm! thanks!...
Blake: Check this out: http://bugs.adobe.com/jira/browse/SDK-28016...
Boydell: Wow. That was it. You are the only one that had it figured out, and I looked at many...
mark van schaik: thanks! was using a beta SDK version for a production app, which stopped working over...
Sebastian: Steve, I find most asynchronous programming to be incredibly painful. Haskell's appro...

This is the personal blog of a professional software engineer. This site and the views expressed on it are in no way endorsed by the RIAA.