24. July 2014

couriertls: /etc/courier/esmtpd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

After upgrade of Linux distribution Courier stopped to accept emails delivered over TLS or SSL.

There was just nice error message in the log file:

couriertls: /etc/courier/esmtpd.pem: error:0906D06C:PEM routines:PEM_read_bio:no start line

Long story short. The problem was in pem file.

Previous versions of Courier-SSL were able to read files with Windows EOL. The new version is failing with this nice error.

Solution is simple: get rid of Windos EOL.

You can use e.g. dos2unix

dos2unix esmptd.pem

Restart services and everything will work šŸ™‚

10. April 2014

Debian Heartbleed openssl bug remains even after upgrade of openssl package

If you’re using Debian and you want to get rid of Hearbleed bug then it’s not sufficient to upgrade openssl package.

The really important package isĀ libssl1.0.0:

apt-get installĀ libssl1.0.0

It will restart all services which depends on this package.

4. April 2014

Debian – Tomcat 7 is not serving https after upgrade

I made upgrade of Tomcat7 server on Linux Debian.

Tomcat stopped serving https. Port was open, no strange message in log, but it was not possible to connect from browser.

Here is configuration of https connector:

Connector port="8443" SSLEnabled="true" 
 maxThreads="150" scheme="https" secure="true"
 clientAuth="false" sslProtocol="TLSv1"

Long story short. Old version of Tomcat7 was using keystore from file /etc/tomcat7/keystore, but new version expects /etc/tomcat7/keystore.jks.

Simple fix:

cd /etc/tomcat7
ln -s keystore keystore.jks

Restart Tomcat. šŸ™‚

22. March 2014

Kivy – buildozer android debug failed with libstdc++.so.6: cannot open shared object file

Kivy is awesome library for developing GUI applications in Python.

It’s possible to build same application for desktop, Android or iOS. It’s something like Cordova/PhoneGap for JavaScript.

I was following Kivy crash course 2: Building an android apk tutorial recorded by Alexander Taylor.

I was trying to build application on Linux Debian for Android:

buildozer android debug

Build failed with quite strange message:

[mergemanifest] Manifest merger disabled. Using project manifest only.
     [echo] Handling aidl files...
     [aidl] Found 1 AIDL files.
     [aidl] Compiling 1 AIDL files.
     [aidl] /home/georgik/.buildozer/android/platform/android-sdk-21/platform-tools/aidl: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory


assets/private.mp3: /home/georgik/idea/kivytest/.buildozer/android/app/sitecustomize.pyo
Traceback (most recent call last):
  File "build.py", line 431, in 
  File "build.py", line 346, in make_package
    subprocess.check_call([ANT, arg])
  File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['ant', 'debug']' returned non-zero exit status 1

The reason of this problem is not so obvious.

My operating system is 64bit, but Android build system requires 32 bit version of stdc++ library.

Fix is very easy. Just install lib32stdc++6 package šŸ™‚

apt-get install lib32stdc++6

If build is still failing, because of other missing libraries, then you can use online Debian package search to find missing dependencies: https://www.debian.org/distrib/packages

Other missing 32bit libraries are often libz, libncurses5:

apt-get install lib32z1 lib32ncurses5

17. December 2013

Debian – upgrade from Apache 2.2 to 2.4 – Starting web server: apache2 failed!

Debian maintainers changed default Apache from version 2.2 to 2.4. Not a big deal?

I was just upgrading one package and it had dependency on whole new Apache. I said yes to upgrade, because I had no bigger issues with Apache upgrade in past.

Wohoo. This upgrade was very funny, because Apache 2.4 was not able to start due to conflicting configurations. The coolest part was that Subversion stopped working, but that’s different story.

The problematic part was that Apache failed to start with nice message:

[FAIL] Starting web server: apache2 failed!
[warn] The apache2 instance did not start within 20 seconds. Please read the log files to discover problems ... (warning)

I checked the log file /var/log/apache2/error.log, but there was no hint what went wrong.

Apache was working even though startup script reported error. šŸ™‚

After a while I found that there were some important changes in /etc/apache2/apache2.conf. I compared this file with /etc/apache2/apache2.conf.dpkg.dist.

It was necessary to update following lines in apache2.conf:

Mutex file:${APACHE_LOCK_DIR} default
#LockFile /var/lock/apache2/accept.lock - disable this, old value

Then it was possible to start Apache without problem:

[ ok ] Restarting web server: apache2.

11. May 2013

Plone Error: There is a version conflict. We already have: distribute 0.6.38

I was trying to update one very old instance of Plone configured by buildout. Result of running ./bin/buildout was this error message:

Ā  Installing.
Ā  Loading extensions.
Error: There is a version conflict.
We already have: distribute 0.6.38

There was distribute package installed on system which caused conflict. The solution was to remove the package:

apt-get remove --purge python-zc.buildout

That leads to another error message that buildout script is outdated. Correction:

curl -O http://downloads.buildout.org/2/bootstrap.py
python bootstrap.py

There was another error after using latest version of buildout:

Ā  Installing.
 Ā Getting section instance.
 Ā Initializing section instance.
 Ā Installing recipe plone.recipe.zope2instance.
Error: There is a version conflict.
We already have: zope.interface 3.6.1

Solution was same as before. Just remove zope.interface package from system:

apt-get remove --purge python-zope.interface

After this small fix it was possible to run buildout without any problem.

Update: I encountered this issue again. This time it was necessary to delete develop-eggs directory and restart buildout again.

31. January 2013

Redmine installation on Debian with Passenger

It’s quite easy to install Redmine on Debian Testing (Wheezy) with Passenger support in Apache, but there are some gotchas.

Install Redmine and Passenger module to Apache

apt-get install redmineĀ libapache2-mod-passenger

It will automatically turn on Passenger module in Apache.

Configure virtual host:

DocumentRoot /usr/share/redmine/public

<Directory /usr/share/redmine/public>
 AllowOverride all
 RailsBaseURI /
 #RailsEnv development
 RailsEnv production
 Options -MultiViews
<IfModule mod_passenger.c>
 PassengerRuby /usr/bin/ruby1.8
 PassengerEnabled On
 PassengerLogLevel 0
 PassengerUserSwitching off
 PassengerUseGlobalQueue on
 PassengerResolveSymlinksInDocumentRoot on

Important note: Use Ruby 1.8 in case of Redmine with version =<1.4.4. Otherwise you’ll get 500 Error at some pages, like XML export:

/usr/lib/ruby/vendor_ruby/active_support/dependencies.rb:131:in `rescue in const_missing'
/usr/lib/ruby/vendor_ruby/active_support/dependencies.rb:120:in `const_missing'

If you have newer version of Redmine, then you can set PassengerRuby to new version. šŸ˜‰

21. December 2012

Debian – mdadm upgrade – dev: unbound variable

New version of mdadm for RAID management requires newer version of bash (4.2-4).

If you have older bash then you may encounter following fancy error during upgrade of mdadm and kernel:

/usr/share/initramfs-tools/hooks/mdadm: line 187: dev: unbound variable
E: /usr/share/initramfs-tools/hooks/mdadm failed with return 1.

Solution: just upgrade bash

apt-get install bash

4. November 2012

Unable to build CouchDB-XO_Auth – solution

CouchDB-XO_Auth is using make and rebar to build extension for CouchDB.

If you’re using debian package for CouchDB, then you’ll probably see following error after typing make:

==> meck (get-deps)
==> CouchDB-XO_Auth (get-deps)
==> meck (compile)
==> CouchDB-XO_Auth (compile)
src/xo_auth_fb.erl:4: can't find include lib "couch/include/couch_db.hrl"
src/xo_auth.erl:11: can't find include lib "couch/include/couch_db.hrl"

The problem is in rebar configuration. It trying to locate CouchDB Erlang files inĀ /usr/local/lib/couchdb/erlang/lib/.

Default location of these files for Debian is: /usr/lib/couchdb/erlang/lib/
Solution: fix path rebar.config.

It should look like this:

%%-*- mode: erlang -*-
{deps, [
 {meck, "0.7.1", {git, "https://github.com/eproxus/meck.git", {tag, "0.7.1"}}}

Windows version how-to (manual steps):

git clone https://github.com/ocastalabs/CouchDB-XO_Auth.git
cd CouchDB-XO_Auth
mkdir deps
cd deps
git clone https://github.com/eproxus/meck.git
cd meck
git branch 0.7.1
cd ..
cd ..
escript rebar compile

10. March 2012

Tomcat 7 listen on port 80 – Linux Debian

The default installation of Tomcat 7 for Linux Debian is listening on port 8080.

When you want to change the port to 80 then you have several options.

You can use iptables and redirect communication from port 8080 to port 80.

iptables -t nat -P PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080

The more straight forward approach is to bind Tomcat directly to port 80. First of all change port 8080 to 80 in file /etc/tomcat7/server.xml.

You’ll see error messages in /var/log/tomcat7/catalina.out when you try to restart Tomcat:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
Caused by: java.net.BindException: Permission denied

The problem is that default installation of Tomcat 7 for Linux Debian allows to bind only ports higher than 1023. You need to allow binding to privileged ports.

Open file /etc/defaults/tomcat7 and change option from:




Restart Tomcat and it will listen on port 80.

  • Where’s the fish?

  • Translations

  • Further info

  • Twitter

    Follow @jurajmichalek on twitter.

  • Comments

  • Tags

  • Topics