search

chrisss404 / check-mk-arm

Checkmk for Raspberry Pi.
183 stars 23 forks source link

Update build_gcc.sh #8

Closed WojRep closed 5 years ago

WojRep commented 5 years ago

wget with --no-check-certificate

chrisss404 commented 5 years ago

Wouldn't it be better to install the missing CA certificates instead of disabling the certificate check?

A simple apt-get install ca-certificates should be sufficient.

Let me know what you think.

BR Christian

WojRep commented 5 years ago

Hello

In principle, at least this should display the appropriate message, nothing happened in your script. The simplest solution is to avoid the problem.

In the world of your ideal, your script should check the appropriate time on the device, check whether the certificates are installed and probably more checks done ...

it's all the fault that on these small devices everything is trimmed to a minimum.

Currently trying to use it on NanoPi ... your package is not installed due to lack of dependence, and it can not be installed in such a form that it would be perfect. I've been trying to compile gcc for 3 days now, but it's my fault that it takes me so long ... I forgot that Macbook waking up from sleep makes a USB port reset, so he resets NanoPi ... and I understood it today. ----- Oryginalna wiadomość -----

Od: "Christian Hofer" notifications@github.com Do: "chrisss404/check-mk-arm" check-mk-arm@noreply.github.com DW: "WojRep" wrepinski@gmail.com, "Author" author@noreply.github.com Wysłane: poniedziałek, 28 styczeń 2019 19:51:16 Temat: Re: [chrisss404/check-mk-arm] Update build_gcc.sh (#8)

Wouldn't it be better to install the missing root certificates instead of disabling the certificate check? A simple apt-get install ca-certificates should be sufficient. Let me know what you think. BR Christian — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

chrisss404 commented 5 years ago

Hi,

if you can give me the list of missing dependencies I will happily add them.

Additionally, can you check if installing the ca-certifcate package removes the need of disabling the certificate check? You may need to run update-ca-certificate before, please tell me if it was necessary.

Thanks & BR Christian

WojRep commented 5 years ago

Hello ...

I know what certificates you need, since 1993 amdinsmituje servers on linux. In contrast, life has taught me that certain things should be for non-advanced end users, not just specialists. You can assume that check_mk should be for specialists, but my experiences are different ... especially as the script does not return the corrected error correctly.

Returning to check-mk-arm ... Besides, I could use the gcc-7.3.0 package, compiling it fails me, and I do not have time to analyze it ...

NanoPi has one difference ... a great difference, the dedicated system is based on ubuntu, so there are minor differences.

below, you have a list of packages that are reported as missing, apt-get install -f can not solve the problem.

Dependency is not satisfiable: libperl5.24

gdebi reports that other dependencies can be solved. ----- Oryginalna wiadomość -----

Od: "Christian Hofer" notifications@github.com Do: "chrisss404/check-mk-arm" check-mk-arm@noreply.github.com DW: "WojRep" wrepinski@gmail.com, "Author" author@noreply.github.com Wysłane: wtorek, 29 styczeń 2019 21:00:04 Temat: Re: [chrisss404/check-mk-arm] Update build_gcc.sh (#8)

Hi, if you can give me the list of missing dependencies I will happily add them. Additionally, can you check if installing the ca-certifcate package removes the need of disabling the certificate check? You may need to run update-ca-certificate before, please tell me if it was necessary. Thanks & BR Christian — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

chrisss404 commented 5 years ago

Hi, I think we have a X-Y problem here.

Please correct me if my understanding is wrong. I think that you are trying to install this check_mk deb package, which was packaged for Debian (more specifically for Raspbian) on some flavor of Ubunutu and it is not working for you because of missing dependencies. Therefore you want to build the package yourself?

When you started the build_check_mk.sh script you got the recommended compiler not found warning and went ahead to compile gcc-7.3.0. Then you encountered the missing ca-certificate issue that led to this PR.

Firstly, if your distribution has already the recommended gcc version, just use it - don't compile it yourself. In the current version of Raspbian it was not available at the time I needed it.

Secondly, if you only want to install Check_MK, you can modify the dependencies in the deb archive before installing it. If you open the deb archive you can find another archive called control.tar.gz and this archive contains the file control/control. In this file you can find the following line:

Depends: debconf (>= 0.5) | debconf-2.0, cron, time, traceroute, curl, dialog, dnsutils, fping, graphviz, apache2, libdbi1, libevent-2.0-5, libgd3, libltdl7, libnet-snmp-perl, libpango1.0-0, libperl5.24, libreadline7, libsnmp-perl, libuuid1, binutils, rpm, php, php-cgi, php-cli, php-gd, php-mcrypt, php-sqlite3, php-pear, rsync, smbclient, rpcbind, lcab, snmp, unzip, xinetd, libfreeradius3, libpcap0.8, libgsf-1-114, libglib2.0-0, cpio, poppler-utils, libffi6, libssl1.0.2

Just replace libperl5.24 with whatever version your distribution provides (most likely libperl5.26) and install your modified package.

This approach might work, but I don't recommend it. You could encounter more dependency issues.

In conclusion, I still don't think that it is a good idea to disable the certificate check for wget and I would rather install the missing certificates. Maybe you can answer my questions regarding the installation of ca-certificate package so that I am able to improve the script? Or even provide adaptations required to build Check_MK on a NanoPi?

Do you feel that the description needs to be improved that this package is meant for Raspbian?

Thanks & BR Christian

WojRep commented 5 years ago

Hello

I do not know English very well, I use Google translator, and this is not perfect ... sometimes it is difficult to convey thoughts so that in a cross translation the same sentence would come out.

Yes, I confirm ... I have NanoPi (1GB ram: D) and only ubuntu clone is dedicated (I have not installed other linux files yet), and that's why I want to compile myself.

Ubuntu has gcc 5 .... and there probably is not all the improvements for this family of processors, and I want to get the max hardware out of it. It wants to put NanoPi as monitoring probes and testing the network in the telecommunications network (it is geographically extensive, various types of transmissions, etc., several exits in the Internet).

I also do not think that disabling certificate checking is a valid policy, however in your script there is no error handling, if the SSL connection fails (it is empty), the less advanced user will say "it does not work".

There is perl 5.22 in ubuntu, I'll check if it's the right level.

Checking if the certificates are installed with the appropriate message or even forcing them to install is really a good idea.

And why limit yourself only to Raspbian?

All in all, I would like to build my own specialized system image with check_mk.

----- Oryginalna wiadomość -----

Od: "Christian Hofer" notifications@github.com Do: "chrisss404/check-mk-arm" check-mk-arm@noreply.github.com DW: "WojRep" wrepinski@gmail.com, "Author" author@noreply.github.com Wysłane: środa, 30 styczeń 2019 20:08:53 Temat: Re: [chrisss404/check-mk-arm] Update build_gcc.sh (#8)

Hi, I think we have a X-Y problem here. Please correct me if my understanding is wrong. I think that you are trying to install this check_mk deb package, which was compiled for Debian (more specifically for Raspbian) on some falvor of Ubunutu and it is not working for you because of missing dependencies. Therefore you want to compile the package yourself? When you started the build_check_mk.sh script you got the recommended compiler not found warning and went ahead to compile gcc-7.3.0. Then you encountered the missing ca-certificate issue that led to this PR. Firstly, if your distribution has already the recommended gcc version, just use it - don't compile it yourself. In the current version of Raspbian it was not available at the time I needed it. Secondly, if you only want to install Check_MK, you can modify the dependencies in the deb archive before installing it. If you open the deb archive you can find another archive called control.tar.gz and this archive contains the file control/control . In this file you can find the following line: Depends: debconf (>= 0.5) | debconf-2.0, cron, time, traceroute, curl, dialog, dnsutils, fping, graphviz, apache2, libdbi1, libevent-2.0-5, libgd3, libltdl7, libnet-snmp-perl, libpango1.0-0, libperl5.24, libreadline7, libsnmp-perl, libuuid1, binutils, rpm, php, php-cgi, php-cli, php-gd, php-mcrypt, php-sqlite3, php-pear, rsync, smbclient, rpcbind, lcab, snmp, unzip, xinetd, libfreeradius3, libpcap0.8, libgsf-1-114, libglib2.0-0, cpio, poppler-utils, libffi6, libssl1.0.2 Just replace libperl5.24 with whatever version your distribution provides (most likely libperl5.26 ) and install your modified package. This approach might work, but I don't recommend it. You could encounter more dependency issues. In conclusion, I still don't think that it is a good idea to disable the certificate check for wget and I would rather install the missing certificates. Maybe you can answer my questions regarding the installation of ca-certificate package so that I am able to improve the script? Or even provide adaptations required to build Check_MK on a NanoPi? Do you feel that the description needs to be improved that this package is meant for Raspbian? Thanks & BR Christian — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

chrisss404 commented 5 years ago

Hi.

If you only have gcc-5 then you should go ahead and build version 7.3.0, otherwise you will encounter problems running the check_mk build script.

Once you can confirm that installing the package ca-certificate resolves your wget download issue, I will add it to the apt-get install line right before the wget command.

I don't limit myself to Raspbian, it's just a lack of resources: time and hardware...

Please keep me updated.

Thanks & BR Christian

WojRep commented 5 years ago

Hello

Just for information ... that update-ca-certificates does not solve the problem ...

It's easier to add to curl --insecure, I know it should not be like that, but it is a reality.

Fresh armbian-stretch with NanoPi M1 :

root@nanopim1:~# update-ca-certificates --fresh Clearing symlinks in /etc/ssl/certs... done. Updating certificates in /etc/ssl/certs... 151 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. root@nanopim1:~# curl -LO $(curl -s https://api.github.com/repos/chrisss404/check-mk-arm/releases/latest | grep browser_download_url | cut -d '"' -f 4) % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 632 0 632 0 0 1210 0 --:--:-- --:--:-- --:--:-- 1210 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (60) SSL certificate problem: certificate is not yet valid More details here: https://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

----- Oryginalna wiadomość -----

Od: "Christian Hofer" notifications@github.com Do: "chrisss404/check-mk-arm" check-mk-arm@noreply.github.com DW: "WojRep" wrepinski@gmail.com, "Author" author@noreply.github.com Wysłane: czwartek, 31 styczeń 2019 19:50:33 Temat: Re: [chrisss404/check-mk-arm] Update build_gcc.sh (#8)

Hi. If you only have gcc-5 then you should go ahead and build version 7.3.0, otherwise you will encounter problems running the check_mk build script. Once you can confirm that installing the package ca-certificate resolves your wget download issue, I will add it to the apt-get install line right before the wget command. I don't limit myself to Raspbian, it's just a lack of resources, time and hardware... Please keep me updated. Thanks & BR Christian — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub , or mute the thread .

chrisss404 commented 5 years ago

Hi.

It sounds like your system clock is set in the past which makes it reject the certificate?

Please check your system time:

$ date
Sat  2 Feb 20:00:40 CET 2019

BR Christian

chrisss404 commented 5 years ago

Not needed. Closing.