ERROR for site owner: Invalid key type

I just found out that this blog was being used to send spam email to accounts over at qq.com, a Chinese instant messaging software service and web portal.

Apparently, this is due to a bug on Jetpack’s Sharing feature that despite being known for at least three years, still hasn’t been fixed.

The link above points to a support thread over at WordPress.org describing the issue in more detail and contains a handful of workarounds for mitigating it.

Of the workarounds, I find two are worth mentioning here.

  1. Disable the email Sharing Button. Although a little extreme, it may be justified if you don’t have the inclination to mess around with configuration files or if the usage volume of the feature by legitimate users is low enough;
  2. Adding reCaptcha to the Email Sharing Button. This one involves adding a couple of lines to wp-config.php;

The thing is, the instructions for adding reCaptcha were written before the release of reCAPTCHA v3 and JetPack (version 7.8 as of this writing) isn’t currently compatible with it, so when setting up reCAPTCHA, you should choose reCAPTCHA v2 or else you will receive the message bellow:

ERROR for site owner: Invalid key type
ERROR for site owner: Invalid key type

I’ll be monitoring the logs for a couple of days to see if enabling reCAPTCHA will suffice. If not, I’ll just disable the email sharing button altogether.

It’s kind of lame that the default settings of an email sharing button would open up a website for being used to send spam. But even lamer is seeing people telling others to not complain about it on the basis of the plugin being free.

Please remember that if you using this plugin for free, all requests future need to be in reasonable manners, as nobody paying for it. Consider that, they are doing very good job for users who are using this plugin for free and there is solution for it already.

Freemium ain’t free. It’s a marketing gimmick and has been working very well for Automattic, makers of JetPack and WordPress – the latter of which by some accounts powers over 1/3 of the top 10 million web sites on the internet.

CentOS 8.0 installation boots into a blank screen

CentOS 8.0 was released earlier today with a bug inherited from RHEL 8.0 upstream.

The bug manifests itself when Server with Gui is selected as the Base Environment when installing on a Hyper-V virtual machine. After copying all the files needed into the hard drive Anaconda will boot into a blank screen.

The problem is made a little worse because Server with Gui is the default selection.

In yesterday’s post, I’ve shown how the solution proposed in RHEL 8.0’s release notes didn’t quite work when the system wasn’t (yet) registered with Red Hat Subscription Management.

Since CentOS has no such thing, the solution described in the release notes can be applied as is. That is, as long as you have internet connectivity.

But what if the system at hand is isolated from the internet? Then again we have to resort to installing from the installation media.

This time though, we can take advantage of the repo configuration files installed with the operating system that point to the installation media.

yum repolist --all
yum repolist --all
yum repolist –all

From yesterday, we already know that base-x is contained in AppStream, so from the list above we probably want to take a better look at c8-media-AppStream.

[[email protected] ~]# yum repoinfo --all c8-media-AppStream
 Last metadata expiration check: 0:24:40 ago on Tue 24 Sep 2019 09:24:39 PM -03.
 Repo-id      : c8-media-AppStream
 Repo-name    : CentOS-AppStream-8 - Media
 Repo-status  : disabled
 Repo-baseurl : file:///media/CentOS/AppStream, file:///media/cdrom/AppStream, file:///media/cdrecorder/AppStream
 Repo-expire  : 172,800 second(s) (last: unknown)
 Repo-filename: /etc/yum.repos.d/CentOS-Media.repo
 [[email protected] ~]#

As can be seen the repo is configured to search for its files at one of the URLs defined by the Repo-baseurl property. Let’s mount the installation media into /media/CentOS.

[[email protected] ~]# mkdir /media/CentOS
[[email protected] ~]# mount /dev/sr0 /media/CentOS/
 mount: /media/CentOS: WARNING: device write-protected, mounted read-only.
 

Now we can invoke yum groupinstall specifying c8-media-AppStream as the source repository.

[[email protected] ~]# yum --repo=c8-media-AppStream -y groupinstall base-x  
yum --repo=c8-media-AppStream -y groupinstall base-x
yum –repo=c8-media-AppStream -y groupinstall base-x

As yesterday, rebooting now should load the graphical user interface for the final steps of the installation process.

Error: There are no enabled repos.

I was installing Red Hat Enterprise Linux 8.0 on a Hyper-V virtual machine. After copying all the packages from the installation media and installing them onto the virtual hard drive, Anaconda booted RHEL into a blank screen.

After some research I found that the problem was a known issue listed in RHEL 8.0’s release notes as well as on Red Hat’s knowledge base:

The xorg-x11-drv-fbdev, xorg-x11-drv-vesa, and xorg-x11-drv-vmware video drivers are not installed by default

In addition, virtual machines relying on EFI for graphics support, such as Hyper-V, are also affected. If you selected the Server with GUI base environment on Hyper-V, you might be unable to log in due to a black screen displayed on reboot. To work around this problem on Hyper-v, enable multi- or single-user mode using the following steps:
Reboot the virtual machine.
During the booting process, select the required kernel using the up and down arrow keys on your keyboard.
Press the e key on your keyboard to edit the kernel command line.
Add systemd.unit=multi-user.target to the kernel command line in GRUB.
Press Ctrl-X to start the virtual machine.
After logging in, run the yum -y groupinstall base-x command.
Reboot the virtual machine to access the graphical mode.
(BZ#1687489)

So I started following the instructions, but on step #6 something unexpected happens:

[[email protected] ~]# yum -y groupinstall base-x
 Updating Subscription Management repositories.
 Unable to read consumer identity
 This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
 Error: There are no enabled repos.

Well… Thing is this is a short lived disposable virtual machine and I have no plans on registering it with Red Hat Subscription Management.

Luckily, the installation media contains the two repositories introduced with RHEL 8.0: BaseOS and AppStream.

Base-x is contained in the AppStream repo. We just have to:

  1. Make sure the repositories from the installation media are accessible from the file system;
  2. Import the public keys used to sign the packages into RPM;
  3. Direct yum to install the packages from the AppStream repository.
[[email protected] ~]# mount /dev/sr0 /mnt
 mount: /mnt: WARNING: device write-protected, mounted read-only.
 [[email protected] ~]# rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 [[email protected] ~]# yum --repofrompath AppStream,file:///mnt/AppStream -y groupinstall base-x  
Results of the package installation
base-x installed successfully

Please note the command importing Red Hat’s public keys into RPM before installing the package, otherwise the package wouldn’t have been installed and an error message would have been displayed as seen below.

[[email protected] ~]# mount /dev/sr0 /mnt
 mount: /mnt: WARNING: device write-protected, mounted read-only.
 [[email protected] ~]# yum --repofrompath AppStream,file:///mnt/AppStream -y groupinstall base-x
 Updating Subscription Management repositories.
 Unable to read consumer identity
 This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
 Added AppStream repo from file:///mnt/AppStream
 You have enabled checking of packages via GPG keys. This is a good thing.
 However, you do not have any GPG public keys installed. You need to download
 the keys for packages you wish to install and install them.
 You can do that by running the command:
     rpm --import public.gpg.key
 Alternatively you can specify the url to the key you would like to use
 for a repository in the 'gpgkey' option in a repository section and DNF
 will install it for you.

Once the package is installed, rebooting the system should load the graphical user interface for the final steps of the installation process.

RHEL 8.0 Initial Setup graphical user interface
Initial Setup

Automating my way out of ancillary tasks with PowerShell

After creating a handful of virtual machines for ramping up on the different Linux distros, certain configuration patterns started to emerge. Repeating those same settings over and over again in Hyper-V Manager or even PowerShell’s command line interface is kind of tedious. Good thing is scripts are a great way to automate those repetitive configuration tasks away.

In my case, the settings I kept copying over and over again were:

  • Two cores;
  • Network adapter bound to a virtual switch with external connectivity;
  • Automatic Checkpoints turned off;

And then there were other settings that although varied between distros and installation options within those distros, had to be configured each and every time:

  • Virtual machine name;
  • RAM size;
  • Hard drive size;
  • Path to installation ISO;
  • Secure Boot;

So after learning and getting comfortable with the different PowerShell cmdlets, I started prototyping a few scripts. At first, the scripts were kind of lame and buggy, but as I learned more about the features of Hyper-V and how those features are exposed through PowerShell, the scripts were improved little by little much in the spirit of Kaizen – continuous improvement.

The important thing here is realizing this as a learning tool and as such starting small and improving as you go and as new requirements make themselves known.

Important as well is knowing when to stop. The purpose of this exercise isn’t creating a production-ready script, but to create a script that will allow me to get back as soon as possible to what I settled out to do in the first place: Create virtual machines so I could learn something else.

If you are curious enough, you can find the source code for one of the early versions of the scripts as a gist over on GitHub. If you are even more curious, you can see the entire history of how the code evolved also on GitHub.

Since that early prototype, the code has evolved quite a bit from a collection of discrete scripts to the current version which is implemented as a PowerShell module and incorporates all the learnings of the last few weeks – including a best practice for creating virtual hard disks for use with Linux file systems. Good luck trying remember that one every time you create a new VM for Linux!

Certainly there are a lot of opportunities for improvement (documentation, error handling and resilience in general just to name a few), but those are left as an exercise for future self. Meanwhile, let me get back to playing with those VMs.

My first steps on managing Hyper-V through PowerShell

I’ve dodged Linux for way too long, but let’s face it: Linux’s kernel and it’s derivatives have won the war over Windows everywhere but the desktop (and laptop).

And while I have been dabbling with Ubuntu over WSL for over a year now, the reality is the current version of WSL has some serious limitations. Good thing is WSL 2 is on it’s way with support for a “real” Linux kernel in it.

Unfortunately, WSL 2 is still in preview so a couple of months ago when I’ve decided to up my game on Linux and it’s different distros, I choose to do so running VMs on top of Windows 10 1809’s Hyper-V.

So I’m back to fiddling with virtual machines after several years of basically ignoring them. Back then, I had a quite elaborate setup that allowed me to spin up multiple VMs at once on a laptop. I remember using differential disks heavily to conserve disk space on the host’s hard drive. For some reason I really don’t recall now, the VM’s configuration files and VHDs where stored at non-default locations. Maybe they were being copied to different hosts, which had different defaults.

Well, my current usage of virtual machines doesn’t justify the use of differential disks and I’m not moving those VMs around so, as a long time K.I.S.S. proponent, I’m sticking to the defaults for the time being.

During the first couple of days playing around, I had setup a handful of VMs using Hyper-V Manager, but that is kind of tedious and error-prone, so again, in the spirit of “Always Be Automating”, I started using PowerShell where possible so I could learn the commands and eventually codify the tasks involved in a script.

So here are the guest virtual machines I had setup:

PS C:\WINDOWS\system32> Get-VM | Select-Object Name
 Name
 CentoOS20190725
 CentOS
 Suse
 Ubuntu
 Ubuntu1804
 Windows 10 dev environment

Unfortunately, all those virtual machines came at the cost of helping to exhaust the free space on the host’s local hard drive.

PS C:\Users> Get-PSDrive -PSProvider FileSystem
 Name           Used (GB)     Free (GB) Provider      Root
 ----           ---------     --------- --------      ----
 C                 879.83         36.93 FileSystem    C:\
 D                                      FileSystem    D:\
 E                                      FileSystem    E:\

To get a sense of how much space those VMs are taking, let’s take a look at the disks being used by them.

Just so I can save some typing, I’m going to be using some variables here and there.

First, I get the path to the directory where the virtual hard drives are located.

$vhdPath = (Get-VMHost).VirtualHardDiskPath

Then I get a collection of objects representing the files contained in there. Since I’m only interested in the files names and their sizes, I’ll be leaving out the other properties.

$files = Get-ChildItem $vhdPath | Select-Object Name, Length | Sort-Object Length -Descending
Contents of the files variable
Get-ChildItem $vhdPath | Select-Object Name, Length | Sort-Object Length -Descending

There are a handful of relatively smaller files containing GUIDs in their names. Those files are Hyper-V checkpoints and enable us to go back to the point in time when those snapshots were made.

Here’s how we list the checkpoints available on the current host.

Get-VM | Get-VMSnapshot | Select-Object VMName, Name
List of checkpoints for the virtual machines contained on current Hyper-V host
Get-VM | Get-VMSnapshot | Select-Object VMName, Name

Since I really don’t need those checkpoints right now, and they are making it hard to see what’s going on, I’ll be removing and merging them into their main VHDs.

But before that, let’s take note of the total number of files and how much disk space they consume.

PS C:\WINDOWS\system32> $baseline = $files | Measure-Object -Sum Length | Select-Object Count, Sum
 PS C:\WINDOWS\system32> $baseline
 Count         Sum
 -----         ---
    13 86536880128

To remove and merge the checkpoints of each VM:

Get-VM | Remove-VMSnapshot

An important note: Remove-VMSnapshot seems to be executed asynchronously and will return before removing the file so you want to be careful if you’re immediately subsequently issuing commands that depend on those files being deleted.

To check out the result of removing those checkpoints, we basically repeat the commands issued previously.

PS C:\WINDOWS\system32> $files = Get-ChildItem $vhdPath | Select-Object Name, Length | Sort-Object Length -Descending
 PS C:\WINDOWS\system32> $files
 Name                                 Length
 ----                                 ------
 Windows 10 dev environment.vhdx 39195770880
 Ubuntu 18.04.1 LTS (1).vhdx     10661920768
 New Virtual Machine (2).vhdx     8728346624
 New Virtual Machine.vhdx         5943328768
 CentoOS20190725.vhdx             5540675584
 Ubuntu 18.04.1 LTS.vhdx          4756340736
 Ubuntu Server 18.04.vhdx         3762290688
 New Virtual Machine (1).vhdx        4194304
 PS C:\WINDOWS\system32> $current = $files | Measure-Object -Sum Length | Select-Object Count, Sum
 PS C:\WINDOWS\system32> $current
 Count         Sum
 -----         ---
     8 78592868352
PS C:\WINDOWS\system32> $baseline.Count - $current.Count
 5
PS C:\WINDOWS\system32> $baseline.Sum - $current.Sum
 7944011776

As can be seen, five checkpoints were removed resulting in saving a little over 7GB. It isn’t that much, but at least looking at the remaining files, it’s easier to see that there are two more virtual disks than virtual machines. Given those virtual machines are configured with only one virtual hard disk each, there are two orphaned virtual hard drives that should probably be deleted.

As I’m sticking to Hyper-V’s defaults and checkpoints already have been removed, deleting those orphaned virtual disks is quite easy: First you get a list containing each virtual disk attached to a virtual machine. Then you enumerate the files in the host’s default virtual hard disk directory and remove those that aren’t on the list.

 PS C:\WINDOWS\system32> $rootedVHDs = (Get-VM).HardDrives.Path

 PS C:\WINDOWS\system32> (Get-VMHost).VirtualHardDiskPath | Where-Object { $_.FullName -notin $rootedVHDs } | Remove-Item

gpg: keyserver receive failed: No dirmngr

As part of verifying the signature for a downloaded file using GnuPG running on Ubuntu 18.04 on WSL on Windows 10 1809, I tried to import the publisher’s signing key…

gpg --receive-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284

… for which I received the following error message:

gpg: connecting dirmngr at '/home/foo/.gnupg/S.dirmngr' failed: IPC connect call failed
 gpg: keyserver receive failed: No dirmngr

According to Ben Hillis, a developer on the Windows Subsystem for Linux team, there was a bug in the version of GPG packaged into Ubuntu 18.04 that only manifests itself when running over WSL:

… this is a timing-related issue that is exposed because of a difference in how Windows and Linux handles connection attempts to localhost sockets. On Linux an attempt to connect to a localhost tcp socket on a port that is not active will return a failure immediately. On Windows there appears to be a 1 second timeout. This causes the following sequence to occur.
1. gpg spawns dirmngr
2. dirmngr attempt to connect to localhost port 9050 (this is attempted twice).
3. gpg attempts to connect to a unix socket that dirmngr creates after the localhost socket connection fails.
This one second timeout in step 2 is enough to cause gpg to think that dirmngr is not responding. There appears to be a retry loop in gpg, but it is not waiting long enough to account for the 1 second connect timeout (the connect is actually attempted twice).

His series of comments for the issue over at GitHub really seems to be an accurate description of the problem as I was able import the GPG key in Ubuntu 18.04 running in a Hyper-V VM without any problems whatsoever.

Back to WSL, note that although the command failed due to the timing issue described above, dirmngr is now running, so if you issue the command once again, it should work.

[email protected]:~$ gpg --receive-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
 gpg: connecting dirmngr at '/home/foo/.gnupg/S.dirmngr' failed: IPC connect call failed
 gpg: keyserver receive failed: No dirmngr

 [email protected]:~$ !!
 gpg --receive-keys 0x22C07BA534178CD02EFE22AAB88B2FD43DBDC284
 gpg: key B88B2FD43DBDC284: 22 signatures not checked due to missing keys
 gpg: key B88B2FD43DBDC284: public key "openSUSE Project Signing Key [email protected]" imported
 gpg: marginals needed: 3  completes needed: 1  trust model: pgp
 gpg: depth: 0  valid:   1  signed:   3  trust: 0-, 0q, 0n, 0m, 0f, 1u
 gpg: depth: 1  valid:   3  signed:   0  trust: 3-, 0q, 0n, 0m, 0f, 0u
 gpg: Total number processed: 1
 gpg:               imported: 1

Since I’m banging commands interactively against the shell, I’m OK with this workaround. On the other hand, if these commands were part of a script, I’d make sure dirmngr is running before issuing any commands that depend on it. In that case, you may want to take a look at the man pages.

How to copy Visual Code extensions to another machine

Earlier this month I was setting up an Ubuntu VM on Windows 10 for development and after installing Visual Studio Code it was time to install the extensions I’m used to having around.

There were 30 of them installed on my main development box. I probably don’t use most these of extensions, but I wasn’t in the mood to sort them out, so I searched for a way to export the settings so I could import them into Code running in the VM.

I wasn’t able to find what I was hoping for, the closest thing being the answers to “How can you export VS Code extension list” on StackOverflow.

The answers were a step in the right direction but not quite where I ultimately wanted the solution to be:

  1. Having the list of extensions checked into source control with the rest of the project. For instance, if the team agreed on using ESLint as a build step, having a script to automate installing the corresponding extension (possibly one of many) could help in ramping up new project members.
  2. Having a way to sync extensions between machines or a way to export a list of extensions (not tied to any specific project) I could easily import to anywhere needed, such as disposable VMs, a new machine provided by an employer, etc.

I didn’t have time to figure out how to implement any of those ideas to the full extent of how I think they should work, but in the spirit of “Always Be Automating” I did the next best thing which was hacking a couple of one-liners, a step closer to the solution I want it to eventually be.

First I created a file containing the list of extensions:

I think for most people the easiest way to access the list from other machines is putting the file somewhere online. I’m of the opinion that the best place to store anything development related is on GitHub, so I uploaded the list to a gist over there:

Then all I had to do to install those extensions was to CURL that file and pipe it into code:

That did the trick and I was able to continue working on whatever I was working on, although I wasn’t quite happy with the gist’s URL. See, I don’t know of anyway of getting rid of that automatically generated GUID which would make the URL more memorable.

Earlier today after watching Amanda Sliver and John Papa on Five Things, where she mentioned how to list Visual Studio Code extensions from the command-line, I decided to fix that URL problem putting the list on a GitHub repo with GitHub Pages turned on so instead of a cryptic URL I have something more memorable.

I decided to call the repo Codex, for Code Extensions. That gives me an easy to remember base URL: https://alfredmyers.github.io/codex/

For now, I only have a single list in “all.txt”, but there’s nothing stopping me from creating other lists containing extensions for specific purposes or projects. For instance:

  • https://alfredmyers.github.io/codex/dotnet.txt
  • https://alfredmyers.github.io/codex/nojejs.txt

Oh… And by the way, once you CURL that list, you can pipe it into any command you’d like. For instance, to uninstall all those extensions we got from all.txt:

Just make sure you have a list of the extensions you really need hanging around so you can use it to reset everything to a desired state.

I you find the idea interesting, feel free to fork the project (https://github.com/alfredmyers/codex) and hack it to your needs. And don’t forget to turn on GitHub pages so you can access the lists using an easy to remember base URL such as https://{your-user-name}.github.io/codex/.

error: gpg failed to sign the data

A couple of months ago I noticed that commits I’ve done through the GitHub web interface were receiving a “Verified” badge while commits done through the Git command line in WSL (Windows Subsystem for Linux) at my local dev machine weren’t.

I’m all for badges so I followed the steps found at About commit signature verification to setup GPG signing. The thing is, there was something still missing and as a result, when trying to commit I was getting an error message as follows:

error: gpg failed to sign the data
fatal: failed to write commit object

Fortunately, the solution is simple. Export a variable named GPG_TTY as follows:

export GPG_TTY=$(tty)

I ended appending it to ~/.bashrc so as to persist it between terminal sessions.

Cannot find runtime ‘node’ on PATH. Is ‘node’ installed?

On my current Windows box, I have Node.js installed only in WSL – not on Windows itself.

When debugging a Node.js application from within a Visual Studio Code instance started from WSL, you may receive the following message:

Cannot find runtime 'node' on PATH. Is 'node' installed?
Cannot find runtime ‘node’ on PATH. Is ‘node’ installed?

While the dev experience certainly could be better, the solution is quite simple: Click on the “Open launch.json” button and add a configuration for “useWSL” with the value set to “true”.

The system does not support local kernel debugging

If you’re trying to do some local kernel debugging with one of Windows Debugging Tools’ debuggers and Windows isn’t booted into debug mode you’ll get a message like one of the following (all commands run from an elevated command prompt):

kd -kl

Microsoft (R) Windows Debugger Version 10.0.15063.400 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

The system does not support local kernel debugging.
Local kernel debugging requires Administrative privileges.
Only a single local kernel debugging session can run at a time.
Local kernel debugging is disabled by default. You must run “bcdedit -debug on” and reboot to enable it.
Debuggee initialization failed, HRESULT 0x80004001
Not implemented

windbg -kl

—————————
WinDbg:10.0.15063.400 AMD64
—————————
The system does not support local kernel debugging.

Local kernel debugging requires Administrative
privileges, and is not supported by WOW64.
Only a single local kernel debugging session can run at a time.
Local kernel debugging is disabled by default. You must run ‘bcdedit -debug on’ and reboot to enable it.
—————————
OK
—————————

You can enable Windows debug mode by using…

bcdedit.exe -debug on

 or msconfig.exe, but if you have BitLocker enabled for your OS drive, you’ll have to have to enter the recovery key or recovery password.

Here’s the message from msconfig.exe:

—————————
System Configuration
—————————
BitLocker Drive Encryption is enabled on your OS drive. Because these changes modify the machine’s boot settings, the machine will enter recovery mode at next boot and you will need to provide a BitLocker recovery key or recovery password. Are you sure you want to proceed?
—————————
Yes No
—————————

Depending on what you’re up to, that’s just too much of a hassle. Fortunately there’s a tool from Sysinternals that removes the need of booting Windows into debug mode: livekd.

By default, livekd will run kd.exe, but you can tell it to run WinDbg by passing the -w option:

livekd -w

Several other options can be set when running livekd (see the link above for details). The ones it doesn’t understand are passed on to the chosen debugger.

Important to note that the feature set of the debugger when running through livekd is not the same as when running without it. See the docs for more information.