https://blog.jeroenhd.nl/article/android-7-nougat-and-certificate-authorities (works also for older androids).
Donnerstag, 30. Mai 2019
Dienstag, 6. März 2018
ClassNotFoundException in webstart application with multiple extensions - trusted libraries
I've got a webstart application that depends on a third party library that I don't have control over. That library is a giant jar file which contains other third party libraries, among others log4j 1.2.17. In my own main application, I have setup log4j to use a mail appender, so I need to add javax-mail to the classpath. To make things even more difficult, the third party library ships its own jnlp file and resides on a different server than my main application.
I ended up with three jnlp files:
server-a/a.jnlp - refers to my main application jar file
server-b/b.jnlp - refers to the third party jar file
server-a/c.jnlp - refers to javax-mail jar file
All jar files are signed, all jnlp files contain a securty tag (all-permissions). A deployment rule set is setup to allow loading the web application from server-a and server-b without security prompts.
The application loads fine, but when log4j is initialized from within the main class, it throws a ClassNotFoundException for javax/mail/internet/AddressException.
I've tried the following already:
So it seems that something in that giant jar causes the Oracle version of Webstart to deny access from code that lies within that jar to any classes outside of that jar...
My thought: it must be something in the third party jar's manifest file.
Found the following item:
See: https://docs.oracle.com/javase/8/docs/technotes/guides/deploy/manifest.html#A1148631
I ended up with three jnlp files:
server-a/a.jnlp - refers to my main application jar file
server-b/b.jnlp - refers to the third party jar file
server-a/c.jnlp - refers to javax-mail jar file
All jar files are signed, all jnlp files contain a securty tag (all-permissions). A deployment rule set is setup to allow loading the web application from server-a and server-b without security prompts.
The application loads fine, but when log4j is initialized from within the main class, it throws a ClassNotFoundException for javax/mail/internet/AddressException.
I've tried the following already:
- upgraded Oracle Java to latest 1.8.x version (currently 1.8.0u161)
- no change
- tried with OpenJDK (1.8.0_151-8u151-b12-1~deb9u1-b12)
- app loads and runs fine
- replaced the giant third party jar by only a signed version of log4j
- app loads and runs fine (except I'm missing the functionality from the third party jar)
- modified and resigned the giant third party jar to not include log4j and provided log4j separately (through a.jnlp or c.jnlp)
- log4j initializes fine, but the third party code can no longer access log4j
So it seems that something in that giant jar causes the Oracle version of Webstart to deny access from code that lies within that jar to any classes outside of that jar...
My thought: it must be something in the third party jar's manifest file.
Found the following item:
Trusted-Library: true
See: https://docs.oracle.com/javase/8/docs/technotes/guides/deploy/manifest.html#A1148631
Donnerstag, 26. Juni 2008
Problems setting up a NIS Slave Server
When I first trying to start a NIS slave server in my network, it complained:
Appearantly, ypinit failed to enumerate maps using yphelper. The source of the problem turned out to be the DNS configuration. server.example.com had several DNS entries. I had to specify the name that the reverse lookup of its IP returned and then ypinit worked.
Can't enumerate maps from server.example.com. Please check that it is running.
Appearantly, ypinit failed to enumerate maps using yphelper. The source of the problem turned out to be the DNS configuration. server.example.com had several DNS entries. I had to specify the name that the reverse lookup of its IP returned and then ypinit worked.
Mittwoch, 18. Juni 2008
Cleaning up animated swing controls
In its swing library, Java provides a timer class that can be used to animate controls. For example, one could create a blinking label as follows:
The problem with this approach is that the label will continue blinking even after its parent window has been disposed. Also, the label will never be garbage collected, since the timer still maintains a reference to it.
Here's the proper way to do it.
class BlinkLabel extends JLabel {
private static final int BLINK_INTERVAL = 500;
public BlinkLabel(String text) {
super(text);
ActionListener listener =
new ActionListener() {
public void actionPerformed(ActionEvent e) {
setVisible(!isVisible());
}
};
Timer timer = new Timer(BLINK_INTERVAL, listener);
timer.start();
}
}
The problem with this approach is that the label will continue blinking even after its parent window has been disposed. Also, the label will never be garbage collected, since the timer still maintains a reference to it.
Here's the proper way to do it.
class BlinkLabel extends JLabel {
private static final int BLINK_INTERVAL = 500;
private Timer timer;
private ActionListener listener;
public BlinkLabel(String text) {
super(text);
listener =
new ActionListener() {
public void actionPerformed(ActionEvent e) {
setVisible(!isVisible());
}
};
}
public void addNotify() {
super.addNotify();
timer = new Timer(BLINK_INTERVAL, listener);
timer.start();
}
public void removeNotify() {
super.removeNotify();
timer.stop();
timer.removeActionListener(listener);
timer = null;
}
}
Donnerstag, 22. Mai 2008
openvz VE slow to terminate
Sometimes openvz VEs take very long to terminate. The process can be shortened:
"ps ax | grep -w init" shows all the init processes. One of them belongs to the VE to be terminated. Use "vzpid" to find out which one. Then kill -9 that process.
"ps ax | grep -w init" shows all the init processes. One of them belongs to the VE to be terminated. Use "vzpid
get openvz to consent to checkpointing VEs with aufs, cifs and nfs file systems
openvz currently checks all file systems mounted under the VEs root against a static list of file system types. If one of the mounted file systems is not in that list, vzctl checkpoint complains about "unsupported fs type".
This can be fixed by extending the list of file systems and recompiling the vzcpt kernel module.
Here's how to do it under Ubuntu hardy:
This can be fixed by extending the list of file systems and recompiling the vzcpt kernel module.
Here's how to do it under Ubuntu hardy:
cd /usr/local/src
apt-get -b source linux-image-2.6.24-17-openvz
cd linux-2.6.24
for a in debian/binary-custom.d/openvz/patchset/*.patch; do patch -p1 < $a; done
cd kernel/cpt
patch << EOF
--- cpt_files.h~ 2008-05-21 23:58:48.000000000 +0200
+++ cpt_files.h 2008-05-22 00:04:00.000000000 +0200
@@ -63,6 +63,9 @@
strcmp(mnt->mnt_sb->s_type->name, "ext2") != 0 && \
strcmp(mnt->mnt_sb->s_type->name, "simfs") != 0 && \
strcmp(mnt->mnt_sb->s_type->name, "unionfs") != 0 && \
+ strcmp(mnt->mnt_sb->s_type->name, "aufs") != 0 && \
+ strcmp(mnt->mnt_sb->s_type->name, "nfs") != 0 && \
+ strcmp(mnt->mnt_sb->s_type->name, "cifs") != 0 && \
strcmp(mnt->mnt_sb->s_type->name, "tmpfs") != 0 && \
strcmp(mnt->mnt_sb->s_type->name, "devpts") != 0 && \
strcmp(mnt->mnt_sb->s_type->name, "proc") != 0 && \
EOF
make -C /usr/src/linux M=/usr/local/src/linux-2.6.24/kernel/cpt modules modules_install
/lib/modules/2.6.24-17-openvz/extra
mv vz* ../kernel/kernel/cpt
depmod -a
/etc/init.d/vz stop
/etc/init.d/vz start
Montag, 19. Mai 2008
aufs with openvz and ubuntu
openvz on ubuntu currently only works with linux-image-2.6.24-17-openvz and linux-ubuntu-modules-2.6.24-17-openvz available through "deb http://ppa.launchpad.net/compbrain/ubuntu hardy main".
Thes packages don't contain the aufs module, so it has to be compiled seperately:
Apply the following patch:
Then compile:
Thes packages don't contain the aufs module, so it has to be compiled seperately:
apt-get install aufs-source
cd /usr/src
tar xjf aufs.tar.bz2
cd modules/aufs
Apply the following patch:
*** vfsub.h~ 2008-02-05 04:44:50.000000000 +0100
--- vfsub.h 2008-05-19 01:45:01.000000000 +0200
***************
*** 33,38 ****
--- 33,39 ----
#include
#endif
+ #define CONFIG_SECURITY_APPARMOR
/* ---------------------------------------------------------------------- */
struct aufs_hin_ignore;
Then compile:
/usr/bin/make -C /usr/src/linux M=/usr/src/modules/aufs modules modules_install
Abonnieren
Posts (Atom)