Failed to download image

[iantearle]

Just tried the latest release, all was fine, but it failed to download the image

This line appears to be incorrect: $(dirname "$0")/../ht"

Logs are as follows:

Partial screen refresh
eips: paint_image> cannot open "./dash.png":can't fopen
Going to suspend, next wakeup in s
Wed May 25 12:06:42 UTC 2022 Battery level: 97%.
./dash.sh: line 111: ./next-wakeup: Permission denied
sh: 3600: unknown operand
Refreshing dashboard
Wi-Fi connected
./local/fetch-dashboard.sh: line 4: ./local/../ht: not found
Partial screen refresh
eips: paint_image> cannot open "./dash.png":can't fopen```

[iantearle]

Equally, if I move ht folder to some other place in the directory structure I get line 4: local/../ht: Permission denied

[floftus-at-csm]

Hi, I'm having a similar issue - my logs look like this: Wed Jul 20 12:05:11 GMT-03:15 2022 Battery level: 96%. ./dash.sh: line 122: ./next-wakeup: Permission denied Refreshing dashboard Wi-Fi connected ./local/fetch-dashboard.sh: line 4: ./local/../ht: not found Not updating screen, fetch-dashboard returned 127 Going to suspend, next wakeup in s

Did you manage to fix this issue?

[iantearle]

Ensure the images is coming from http a non secure location. HTTPS isn't available on the Linux build of kindle 4

[pascalw]

Hi sorry for my late reply. I'll try to look into this later this week. It seems to be a file permissions issue.

Btw HTTPS should work. The HTTP client (ht) uses rusttls with bundled root certificates.

[floftus-at-csm]

cool, this is now working perfectly with a github pages HTTPS page - I think my error was because I had failed to make one of my files executable Thanks so much for your code @pascalw !!

[pascalw]

@iantearle @floftus-at-csm I've looked into this and indeed it seems this must be related to (some of the files) somehow missing the executable bit in your case. I've checked the last release however and the tarball does have the right permissions set on the files. Do you remember how you've extracted the tarball and copied it to the Kindle?

[penguin86]

Btw HTTPS should work. The HTTP client (ht) uses rusttls with bundled root certificates.

In my case the image download doesn't fail for permission issues, but for xh somehow not being able to parse the system certificates file. I found curl working very well on my Kindle PW Touch for https links, and it should be a pretty standard utility, present almost everywhere, so I filed a pull request with this and another fix to make it work on PW Touch.

Thank you for this great piece of software!

[floftus-at-csm]

Hi there, I've come back to this and am attempting to run kindle-dash via KUAL. I am consistently getting this error in my logs xh: error: builder error: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt" Caused by: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt" Not updating screen, fetch-dashboard returned 1 I am on a Kindle 4 Do you know how to get around this? The url I am attempting to get is an HTTPS url, the same as I was using before

[penguin86]

Yes, it's exactly the problem I was talking about. You should try to use curl. You may want to try my fork or wait for it to be merged. https://github.com/penguin86/kindle-dash Sorry for the lack of details, but I'm currently away from my computer.

[pascalw]

@floftus-at-csm which Kindle model are you using? On my kindle 4 NT I do have a system certificate bundle at /etc/ssl/certs/ca-certificates.crt. I guess that other models might not have this?

The reason that I provide the xh http client is that curl and wget on the kindle 4 NT are too old to communicate with modern HTTPS endpoints. If you have a newer kindle then the built-in curl might work for you. In that case you can just modify fetch-dashboard.sh to use curl instead of xh.

Thinking about this now it might make sense for kindle-dash to include a recent set of root certificates. xh can be compiled with root certificates built into the binary. That's pretty useful given that most kindles that are used for this purpose are old and don't receive updates anymore.

[floftus-at-csm]

hey, thanks both for your response - I have tried to use the CURL solution but this gives me the error you predicted @pascalw curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Not updating screen, fetch-dashboard returned 35 This is on a Kindle 4 (version 4.1.2) If you could compile xh with root certificates at some point that would be amazing :)

[penguin86]

I can confirm my kindle is slightly newer, it's a Paperwhite Touch. I've seen it referred also as "Kindle 5" somewhere. On mine, unfortunately xh does fail with error Could not load PEM file "/etc/ssl/certs/ca-certificates.crt". The file exists and, as long as I can see, is readable.

[pascalw]

@floftus-at-csm or @penguin86 could you try if the attached xh build works for you?

xh.zip

[floftus-at-csm]

Unfortunately I still get the same error with this build

`xh: error: builder error: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Caused by: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"`

However! I went back to the ht method from kindle-dash-1.0.0-beta.3 and it worked - images downloaded from an HTTPS url no problem

[pascalw]

Humm that's interesting. I guess it might be a bug in xh then. I don't have much time to dive into it now unfortunately, maybe I'll have another look later. It's a bit difficult since I can't reproduce this myself on my kindles.

[qadzek]

Hi @pascalw, thanks a lot for creating this dashboard. Your Kindle firmware might be the reason why you couldn't reproduce this error.

Kindle-dash was working without issues for my K4 on firmware 4.1.4, but since I downgraded to 4.1.1 using the Kubrick tool, I also receive the error Could not load PEM file "/etc/ssl/certs/ca-certificates.crt".

As @floftus-at-csm mentioned, reverting to kindle-dash-1.0.0-beta.3 does indeed seem to solve this problem.

[pascalw]

@infinitewhileloop my devices are on 4.1.3 and 4.1.4, so indeed that might explain why I can't reproduce the issue.

I might downgrade one of my devices later if I have some time, to debug this issue.

Can I ask why you would downgrade to 4.1.1?

[qadzek]

I downgraded the firmware because I was unable to install KUAL, due to the This device is not authorized as a test Kindle by the developer of this item. error. A MobileRead user suggested to downgrade the firmware using Kubrick. Getting Kubrick to work was quite complicated, I needed an ancient laptop to boot from their live USB.

[tobire]

I found a workaround for the error

xh: error: builder error: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Caused by:
Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Upload the file /etc/ssl/certs/ca-certificates.crt from a more up-to-date linux to the kindle and use the --verify option in xh. For example: "$(dirname "$0")/../xh" --verify "$(dirname "$0")/../ca-certificates.crt" -d -q -o "$1" get https://raw.githubusercontent.com/pascalw/kindle-dash/master/example/example.png

[jonwinstanley]

I found a workaround for the error

xh: error: builder error: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Caused by:
Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Upload the file /etc/ssl/certs/ca-certificates.crt from a more up-to-date linux to the kindle and use the --verify option in xh. For example: "$(dirname "$0")/../xh" --verify "$(dirname "$0")/../ca-certificates.crt" -d -q -o "$1" get https://raw.githubusercontent.com/pascalw/kindle-dash/master/example/example.png

Hi - where did you get a working crt file from? Could you paste a link? Thanks!

[jonwinstanley]

I found a newer crt file, but how do you overwrite it?

mv: overwrite './ca-certificates.crt'? y
mv: cannot remove './ca-certificates.crt': Read-only file system

[qadzek]

I found a newer crt file, but how do you overwrite it?

mv: overwrite './ca-certificates.crt'? y
mv: cannot remove './ca-certificates.crt': Read-only file system

Try mntroot rw. To return to read-only mntroot ro.

[jonwinstanley]

Actually, I realised that even when you specify http github is forcing https (maybe a redirect?)

I downloaded your image and hosted it on server where http is permitted and dashboard works fine

[tobire]

I got the file from another up-to-date Linux system. You don't have to overwrite the file /etc/ssl/certs/ca-certificates.crt. Just save the new certificate file wherever possible and link it in the xh-command as shown in my example.

[qadzek]

I found a workaround for the error

xh: error: builder error: Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Caused by:
Could not load PEM file "/etc/ssl/certs/ca-certificates.crt"

Upload the file /etc/ssl/certs/ca-certificates.crt from a more up-to-date linux to the kindle and use the --verify option in xh. For example: "$(dirname "$0")/../xh" --verify "$(dirname "$0")/../ca-certificates.crt" -d -q -o "$1" get https://raw.githubusercontent.com/pascalw/kindle-dash/master/example/example.png

Thanks for your workaround. At first, it looked like the new certificates weren't picked up, but after a reboot it seems to work fine. Now I am able to use the latest kindle-dash release on my Kindle K4 NT on firmware 4.1.1.

[pascalw]

Hey sorry for my lack of participation in this thread. Good that we have a workaround available for older FW versions.

I think a nice solution could be to include certificates in the xh binary. This seems to be supported by reqwest which is the underlying http client used in xh. It's however not directly supported by xh it seems, but should be quite simple to do. I don't have time currently to look into this, so if anyone else would be willing to look into that, that would be awesome!