DNSSEC Validation Failed

Looking at my virtual dev system I noticed the time is off. I checked the timesyncd.conf and restarted timesyncd and saw lots of similar errors to this in my syslog:

Jul 25 23:18:59 buster systemd[1]: Started Network Time Synchronization.
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question org IN DS: signature-expired
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question org IN DNSKEY: signature-expired
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question ntp.org IN DS: signature-expired
Jul 25 23:18:59 buster systemd-resolved[357]: DNSSEC validation failed for question ntp.org IN SOA: signature-expired

Initially I thought something is wrong with my DNS resolver. I then edited /etc/systemd/resolved.conf to change the DNSSEC setting by uncommenting it:

[Resolve]
#DNS=
#FallbackDNS=
#Domains=
#LLMNR=yes
#MulticastDNS=yes
DNSSEC=allow-downgrade
#DNSOverTLS=no
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes

Then a restart and my time is all synced.

But then I thought about it some more. The DNSSEC was probably failing because my system time was significantly wrong by several hours. So the signature probably isn’t valid. Probably all I needed to do was set the time manually before it would sync. But a reboot sorted it and I have reset my DNSSEC back to being commented out.

Ignore Comments in Files

A very handy grep that you can use to cat your files without the hash (#) comments:

$ grep '^[^#]' /etc/systemd/timesyncd.conf

Produces only the lines that aren’t comments, eg:

[Time]
NTP=192.168.1.55 192.168.1.108
FallbackNTP=0.debian.pool.ntp.org 1.debian.pool.ntp.org 2.debian.pool.ntp.org 3.debian.pool.ntp.org

Extending this to exclude lines where the hash isn’t the first character and have blanks before a comment, eg.

$ grep '^[[:blank:]]*[^[:blank:]#;]' /usr/share/postgresql/postgresql.conf

Shows only the active parts of the config, which in the case of postreSQL may not be many lines from a highly commented file.

SQL Format

We’ve all got SQL that needs tidying up.

https://poorsql.com/ or https://sqlformat.org/ or http://sqlformat.darold.net/

It wont fix your syntax but it will make it look nice.

Gitlab: When an Upgrade Goes Bad!

Today is not a lot of fun.

I’ve been seeing some issues with apt not being able to upgrade Gitlab due to a proxy error. This morning I fixed it and the upgrade from 11.11.2 to 12.1.1 began – and failed miserably!

It complained with all kinds of problems not being able to carry out migrations:

Exception: Your database is missing the 'cache_invalidation_event_id' column from the 'geo_event_log' table that is present for GitLab EE.
 Even though it looks like you're running a CE installation, it appears
 you may have installed GitLab EE at some point. To migrate to GitLab 12.0:
 Install GitLab 11.11.3 EE
 Install GitLab 12.0.x CE 

This was just the start of my problems.

Continue reading →

MySQL CSV Import

A little while ago I wrote a php routine to import CSV files that contain a lot of data into a MySQL table. It works, but it takes it’s time doing so.

I was originally reading each line using a CSV parser and then writing each line into the table. I have 28+ files each containing 200MB of data in a million rows in each file.

Now for a change.

Continue reading →

VSCode rest-client

Now Postman is awesome, but I came across this really good rest-client plugin for VSCode.

What makes it so good is that I can save the .rest or .http files all in one place with my VSCode project and have them form part of my Git version tracking.

So when someone pulls my code they also get the sample REST commands.

Continue reading →

Adding a Gnome Favourite

I was trying to add the Postman app to my Gnome favourite bar, but right clicking it doesn’t give me the option to add it as a favourite.

Apparently if your application is not seen as an Activity then it can’t be added. Usually I’d just create a .desktop file and use that with a launcher. But Gnome doesn’t really work like that.

I found the answer was to create my .desktop file and then copy/move it to /usr/share/applications or if it is a user specific application ~/.local/share/applications.

$ gnome-desktop-item-edit ~/Desktop/ --create-new
$ sudo mv ~/Desktop/Postman.desktop /usr/share/applications 

Then I can use the “Activities” to search for the app and can now add it as a favourite.

[unixODBC][Driver Manager]Can’t open lib : file not found

I have no idea how we came up against this issue on one of the development images. I’d prepared it all up to the point of delivering php. After following my instructions to install the MS SQL drivers everything looked to go well, but when serving up our Laravel project in artisan PHP came up with this error message.

[unixODBC][Driver Manager]Can’t open lib ‘/opt/microsoft/msodbcsql17/lib64/libmsodbcsql-17.3.so.1.1’ : file not found

Now we have seen this before and it related to locale’s so we tried that fix and still didn’t get it to work.

Trawling the internet I came across something pointed us to use ldd to look at the .so file and check out it’s dependencies.

Continue reading →

Wired 802.1X on Linux

For a while I’ve been meaning to fix my workstation. When it comes to remote accessing it from home I find I can’t because I’ve followed the green guidance and turned it off when I went home. Even if I get someone to turn it on for me I still can’t get to it.

This is because in the office we use RADIUS for network authentication, even on wired connections. What happens is that my network interfaces don’t go online until my desktop session has logged in and then authenticates with the RADIUS server using 802.1X.

Read more

PHP 7.1 and MSSQL Compile Issue

When trying to get PHP v7.1 running on a Debian Buster development box I ran into an issue where pecl would compile the sqlsrv.so and pdo_sqlsrv.so files for the wrong version of PHP.

It didn’t seem obvious what was going on at first. I went through the very good Microsoft ODBC for Linux installer guide and things went well up until pecl delivered the drivers.

Continue reading →

I Want to Kill the Proxy

Working behind a non-transparent corporate proxy and firewall is enough to make you psychotic! You’ll find enough posts on here about setting up environment variables and handling proxies, but there’s always room for one more.

When you’re working on a portable device, like a laptop, that you then remote into the office over a VPN you need to be flexible and turn on and off the proxy at will. This lead me to chain together a number of my proxy related articles into the way I currently handle the proxy on the move.

Continue reading →

Headless Development Server

After building a development environment in Linux as per a previous article – https://warlord0blog.wordpress.com/2018/07/13/building-a-debian-development-server/ I decided I wanted something a bit more portable in terms of development tools.

I could go install VSCode/Atom etc. onto the local OS and point at a shared folder on the dev machine to edit files. But the problem with that is running terminals from VSCode/Atom and trying to have the IDE handle filesystem changes on the remote host without breaking my Git commits and causing mayhem.

Q. What tools do I have in my toolbox that will make me best able to handle remote development without resorting to VNC?

A. SmarTTY and a Linux X Windows server should do nicely.

Continue reading →