So I decided to follow this minecraft server guide, and I'm stuck on the part linked "Automate startup and shutdown procedures". It doesn't start the server. I have tried by replacing code with a simple mkdir, which works. So I know it is being executed.
Yet I can't connect to the screen screen -list, (both when going into sudo and my own user). I checked the /run/screen/ folder and there's no other user.
It means it's safe to say that it fails, and not something I set up wrong.
The code I am using is the exact copy without the mounting nor the backup.
#!/bin/bash
sudo su
cd /home/minecraft
screen -d -m -S mc java -Xms3G -Xmx7G -d64 -jar paper.jar nogui
Shouldn't this work?
EDIT: It works and I pasted the exact code I used. NOTE: I do use PaperMC, and a upgraded machine.
I tried minecraft server guide myself and its worked properly.
At the first time, I didnt find my mcs screen with screen -list but I remembered that GCE always executes startup scripts as root after the network is available.
So my next step was simply to change my user for root with the command sudo su and from this point, my mcs screen was available with screen -list.
note that you can also use sudo screen -list
I hope that will help, if not, what is your command output when its executed on your shell?:
screen -d -m -S mc java -Xms1G -Xmx3G -d64 -jar server.jar nogui
explaining all that has been tried and double checked.
Set up on local windows machine:
Xming installed and running.
in ssh_config ForwardX11 is set to yes.
In VS code remote connection config the the Forward X11 is set to yes.
Set up on GCP compute engine with Debian / Linux 9 and 1 GPU[free tier]:
xauth is installed.
In the sshd_config file below is set:
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost no
The sshserver has be restarted to ensure below setting are read .
from local workstation I fire gcloud compute ssh --ssh-flag="-X" tensorflow-2-vm(instance name) and the response is :
/usr/bin/xauth: file /home/user/.Xauthority does not exist,
So, I attempted to perform the below on the remote compute engine with instance name - tensorflow-2-vm and user trapti_kalra:
trapti_kalra#tensorflow-2-vm:~$ xauth list
xauth: file /home/trapti_kalra/.Xauthority does not exist
trapti_kalra#tensorflow-2-vm:~$ mv .Xauthority old.Xauthority
mv: cannot stat '.Xauthority': No such file or directory
trapti_kalra#tensorflow-2-vm:~$ touch ~/.Xauthority
trapti_kalra#tensorflow-2-vm:~$ xauth generate :0 . trusted
xauth: (argv):1: unable to open display ":0".
trapti_kalra#tensorflow-2-vm:~$ sudo xauth generate :0 . trusted
xauth: file /root/.Xauthority does not exist
xauth: (argv):1: unable to open display ":0".
so, looks like something is missing, any help will be appreciated. This was working with a EC2 server before I moved to GCP.
Create n new file: touch ~/.Xauthority
Log out and back in again with your ssh session. (I'm using MobaXterm)
Then it writes the needed.
You logged into your Linux server over ssh and got the following error;
.Xauthority does not exist
Solution :
Let's go into the /etc/ssh/sshd_config file and remove the # sign at the beginning of the 3 lines below
X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
Then systemctl restart sshd
Login again and you will not get the error.
There are many solutions to this problem, it can also depend on what machine you originate from. If you come from a Linux box, enabling sshd config options like:
X11Forwarding yes
could be enough.
When you use a Macbook however the scenario is different. In that case, you need to install xQuartz with brew:
brew install xquartz
And after this start it:
xQuartz &
After this is done the xQuartz logo appears in your bar and you can right-click the icon and start the terminal from the Applications menu. After you perform this you can run the following:
echo $DISPLAY from this terminal. This should give you the output:
:0
When you have another terminal such as iTerm, you can export this value in another terminal with export DISPLAY=:0 As long as xQuartz is still running the other terminal should be able to continue to use xQuartz.
After this you can SSH into the remote machine and check if the display variable is set:
$: ssh -Y anldisr#my-remote-machine
$: echo $DISPLAY
localhost:11.0
It took me a hour to figure this out, hope it helps someone. :)
This also happened when I added a new user to remote machine without giving the user a sudo privilege during creation.
To resolve, I used the root user or a sudo privileged user to assign a sudo privilege to the new user. Exit the new user and ssh again into your server.
> $ sudo usermod -aG sudo [newUser]
I am developing a software in Qt in which I created a terminal. I run different commands through QProcess in that but when I run root commands it ask for password in terminal. I tried to run via sudo but it only accepts password in terminal. Is there any way to give password from another source like pop up widget or a text file?
I have created a QProcess with "bash" as program.
Then just write to it:
echo mypassword | sudo -S ifconfig eth0 192.168.1.123\n
You could try
Running your application as root (which is really a very bad idea, actually!)
Edit sudoers file and add the commands you want to run to this file. Then you can run these commands like sudo run_x_cmd with no password i.e, your QProcess can run these commands and you won't be asked for password.
Adding a password to a text file in order to source input for the command is a very bad idea, as it weakens security.
Version 1.8 of sudo provides a plugin architecture, which would allow you to link to it from your application and may provide a solution for you.
The SDK for the sudo plugin API can be found in the documentation .
I'm trying to come up with some sensible solution for a build written using SCons, which relies on quite a lot of applications to be accessible in a Unix-like way, using Unix-like paths etc. However, when I'm trying to use SCons plugin, or Git plugin in Jenkins, it tries to invoke the plugins using something like cmd /c git.exe - and this will certainly fail, because Git was installed using Cygwin and is only known in Cygwin shell, but not in CMD. But even if I could make git and the rest available to cmd.exe, other problems arise: the Cygwin version of Git expects paths to have forward slashes and treats backward slashes as escape characters. Idiotic Windows file-system related issues kick in too (I can't give Jenkins permissions to delete my own files!).
So, is there a way to somehow make Jenkins only use Cygwin shell, and never cmd.exe? Or should I be prepared to run some Linux in a VM to have this handled?
You could configure Jenkins to execute the cygwin command with the specific shell command, as follows:
c:\cygwin\bin\mintty --hold always --exec /cygdrive/c/path/to/bash/script.sh
Where script.sh will execute all the commands needed for the Jenkins execution.
Just for the record here's what I ended up doing:
Added a user SYSTEM to Cygwin, mkpasswd -u SYSTEM
Edited /etc/passwd by adding the newly created user's home directory to the record. Now it looks something like the below:
SYSTEM:*:18:544:,S-1-5-18:/home/SYSTEM:
Copied my own user's configuration settings such as .netrc, .ssh and so on into the SYSTEM home. Then, from Windows Explorer, through an array of popups I've claimed ownership of all of these files to SYSTEM user. One by one! I love Microsoft!
In Jenkins I now run a wrapper for my build that sets some other environment variables etc. by calling c:\cygwin\bin\bash --login -i /path/to/script/script
Gave it up because of other difficulties in configuration and made Jenkins service run under my user rather then SYSTEM. Here's a blog post on how to do it: http://antagonisticpleiotropy.blogspot.co.il/2012/08/running-jenkins-in-windows-with-regular.html but, basically, you need to open Windows services, then find Jenkins service, select it's properties, go to "Logon" tab and change the user to the "this user".
One way to do this is to start your "execute shell" build steps with
#!c:\cygwin\bin\bash --login
The trick is of course that it resets your current directory so you need to
cd `cygpath $WORKSPACE`
to get back to the workspace.
Adding to thon56's good answer: this is helpful: "set -ex"
#!c:\cygwin\bin\bash --login
cd `cygpath $WORKSPACE`
set -ex
Details:
-e to exit on error. This is important if you want your jobs to fail on error.
-x to echo command to the screen, if desired.
You can also use #!c:\cygwin\bin\bash --login -ex, but that echos a lot of login steps that you most likely don't care to see.
Because I need a Python-enabled gdb, I installed another version via
brew tap homebrew/dupes
brew install gdb
I want to use this gdb with Eclipse CDT, where I entered the path to the binary in the Debugging settings. However, launching a program for debugging fails with the following message:
Error in final launch sequence
Failed to execute MI command:
-exec-run
Error message from debugger back end:
Unable to find Mach task port for process-id 39847: (os/kern) failure (0x5).\n (please check gdb is codesigned - see taskgated(8))
Unable to find Mach task port for process-id 39847: (os/kern) failure (0x5).\n (please check gdb is codesigned - see taskgated(8))
What does "codesigned" mean in this context? How can I get this gdbrunning?
I.1 Codesigning the Debugger
The Darwin Kernel requires the debugger to have special permissions
before it is allowed to control other processes. These permissions are
granted by codesigning the GDB executable. Without these permissions,
the debugger will report error messages such as:
Starting program: /x/y/foo
Unable to find Mach task port for process-id 28885: (os/kern) failure (0x5).
(please check gdb is codesigned - see taskgated(8))
Codesigning requires a certificate. The following procedure explains how to create one:
Start the Keychain Access application (in /Applications/Utilities/Keychain Access.app)
Select the Keychain
Access -> Certificate Assistant -> Create a Certificate... menu
Then:
Choose a name for the new certificate (this procedure will use
"gdb-cert" as an example)
Set "Identity Type" to "Self Signed Root"
Set "Certificate Type" to "Code Signing"
Activate the "Let me override defaults" option
Click several times on "Continue" until the "Specify
a Location For The Certificate" screen appears, then set "Keychain" to "System"
Click on "Continue" until the certificate is created
Finally, in the view, double-click on the new certificate, and set "When using
this certificate" to "Always Trust"
Exit the Keychain Access application and restart the computer (this is unfortunately required)
Once a certificate has been created, the debugger can be codesigned as
follow. In a Terminal, run the following command...
codesign -f -s "gdb-cert" <gnat_install_prefix>/bin/gdb
... where "gdb-cert" should be replaced by the actual certificate name
chosen above, and should be replaced by the
location where you installed GNAT.
source: https://gcc.gnu.org/onlinedocs/gcc-4.8.1/gnat_ugn_unw/Codesigning-the-Debugger.html
UPDATE: High-Sierra (Certificate Assistant - Unknown Error)
https://apple.stackexchange.com/questions/309017/unknown-error-2-147-414-007-on-creating-certificate-with-certificate-assist
Check the trust of the cert, it must be trusted for code signing (on yosemite that is the third last in the trust section of the cert view in the keychain access).
At first the cert was not known for codesigning to the keychain, because there was the Extension purpose "Code Signing" missing, you can find this if you look into the keychain and double click on the certificate:
I fixed that:
Then I added the certificate to the trusted signing certificates, after I had drag&dropped the certificate from the keychain to my desktop, which created the ~/Desktop/gdb-cert.cer:
$ sudo security add-trusted-cert -d -r trustRoot -p codeSign -k /Library/Keychains/System.keychain ~/Desktop/gdb-cert.cer
This was a bit tricky because I was mislead by some internet posts and did not look at the man page. Some said you should use add-trust (https://llvm.org/svn/llvm-project/lldb/trunk/docs/code-signing.txt). The terrible bit was that the command succeeded, but did not do what it "should" (well, it was the wrong command, but it should have told me it was wrong).
After that I found the new cert in the trusted certs like so:
$ security find-identity -p codesigning
Policy: Code Signing
Matching identities
1) E7419032D4..... "Mac Developer: FirstName LastName (K2Q869SWUE)" (CSSMERR_TP_CERT_EXPIRED)
2) ACD43B6... "gdb-cert"
2 identities found
Valid identities only
1) ACD43... "gdb-cert"
1 valid identities found
In my case the apple cert is expired, but the one I was using to sign gdb was not (well, I just created it myself). Also be aware that the policy is named differently for the "security add-trusted-cert"(-p codeSign) and the "security find-identity" command (-p codesigning). I then went on to sign gdb and I also always got:
$ codesign --sign gdb-cert.cer --keychain ~/Library/Keychains/login.keychain `which gdb`
gdb-cert.cer: no identity found
because I was under the impression that I had to give the file name of the cert file to the --sign option, but that in fact was the CN of the certificate that I should have provided and should be in the trust store. You can find the CN here when double clicking on the cert in the keychain:
or in the above output of "security find-identity -p codesigning". Then I went on to sign and I had to give it the right keychain:
codesign -s gdb-cert --keychain /Library/Keychains/System.keychain `which gdb`
I had to enter the root password to allow access to the keychain.
That then gave me a working gdb and it should give you a signed application.
It would seem you need to sign the executable. See these links for more information. You should be able to get away with self signing if you don't plan on redistributing that version of gdb.
https://developer.apple.com/library/mac/#documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html
https://developer.apple.com/library/mac/#documentation/Darwin/Reference/Manpages/man1/codesign.1.html
Alternatively, you could disable code signing on your system, although this presents a security risk. To do so try running sudo spctl --master-disable in the Terminal.
I made gdb work on OSX 10.9 without codesigning this way (described here):
Install gdb with macports. (may be you can skip it)
sudo nano /System/Library/LaunchDaemons/com.apple.taskgated.plist
change option string from -s to -sp at line 22, col 27.
reboot the computer.
Use gdb
If using gdb isn't a hard requirement you can also use lldb as an alternative. It is already on your system and doesn't need to be code signed:
$ lldb stddev_bugged
(lldb) target create "stddev_bugged"
Current executable set to 'stddev_bugged' (x86_64).
(lldb) b mean_and_var
Breakpoint 1: where = stddev_bugged`mean_and_var + 17 at stddev_bugged.c:17, address = 0x0000000100000b11
(lldb) r
Process 1621 launched: '/Users/richardschneeman/Documents/projects/21stCentury/02/example-00/stddev_bugged' (x86_64)
Process 1621 stopped
* thread #1: tid = 0xc777, 0x0000000100000b11 stddev_bugged`mean_and_var(data=0x00007fff5fbff590) + 17 at stddev_bugged.c:17, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1
frame #0: 0x0000000100000b11 stddev_bugged`mean_and_var(data=0x00007fff5fbff590) + 17 at stddev_bugged.c:17
14 typedef struct meanvar {double mean, var;} meanvar;
15
16 meanvar mean_and_var(const double *data){
-> 17 long double avg = 0,
18 avg2 = 0;
19 long double ratio;
20 size_t count= 0;
(lldb)
Here's a table converting gdb to lldb commands http://lldb.llvm.org/lldb-gdb.html
I ended up having to follow these directions instead of the directions suggested by others.
I'm still not sure if it was the act of killall taskgated or the process of enabling root user that made the difference.
Some have said rebooting is necessary. I find that with the above instructions, that may not be the case.
I did also make the change recommended by #klm123, so this may also have contributed.
Note that I use homebrew, not macports.
This is an older question but none of the solutions seemed to work for me (I was using Mojave). Converting to lldb isn't the solution to the question - its just a work around.
After trying several solutions, the one I found to work was located here: https://gist.github.com/gravitylow/fb595186ce6068537a6e9da6d8b5b96d#gistcomment-2891198
Which references this site: https://sourceware.org/gdb/wiki/PermissionsDarwin#Sign_and_entitle_the_gdb_binary
The solution involves a slightly modified version of the code signing. Essentially, the main difference is when signing the certificate, an entitlements XML file must be passed when codesigning. Below I copy/pasted the contents of the sourceware website for all of the steps from beginning to end.
1.1. Create a certificate in the System Keychain
Start Keychain Access application (/Applications/Utilities/Keychain
Access.app)
Open the menu item /Keychain Access/Certificate Assistant/Create a
Certificate...
Choose a name (gdb-cert in the example), set Identity Type to Self
Signed Root, set Certificate Type to Code Signing and select the Let
me override defaults. Click several times on Continue until you get to
the Specify a Location For The Certificate screen, then set Keychain
to System.
💡 If you cannot store the certificate in the System keychain: create
it in the login keychain instead, then export it. You can then import
it into the System keychain.
Finally, quit the Keychain Access application to refresh the
certificate store.
Control: in the terminal type
security find-certificate -c gdb-cert
This should display some details about your newly minted certificate,
e.g.
keychain: "/Library/Keychains/System.keychain" version: 256 class:
0x80001000 attributes:
"alis"="gdb-cert" [...]
Make sure that keychain: is the System keychain, as shown.
Also, make sure that your certificate is not expired yet:
security find-certificate -p -c gdb-cert | openssl x509 -checkend 0
💡If you want to inspect the entire X509 data structure, you can type
security find-certificate -p -c gdb-cert |openssl x509 -noout -text
1.2. Trust the certificate for code signing
Start Keychain Access again. Using the contextual menu for the
certificate, select Get Info, open the Trust item, and set Code
Signing to Always Trust.
Finally, quit the Keychain Access application once more to refresh the
certificate store.
Control: in the terminal type
security dump-trust-settings -d
This should show the gdb-cert certificate (perhaps among others) and
its trust settings, including Code Signing.
1.3. Sign and entitle the gdb binary
(Mac OS X 10.14 and later) Create a gdb-entitlement.xml file containing the following:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.security.cs.debugger</key>
<true/>
</dict>
</plist>
If the certificate you generated in the previous section is known as gdb-cert, use:
codesign --entitlements gdb-entitlement.xml -fs gdb-cert $(which gdb)
or before Mojave (10.14), just
codesign -fs gdb-cert $(which gdb)
💡 You may have to prepend this command with sudo if the gdb binary is
located in a place that is not writable by regular users.
If you plan to build gdb frequently, this step can be automated by
passing --enable-codesign=gdb-cert (assuming, again, that gdb-cert is
the name of the certificate) to configure.
Control: in the terminal type
codesign -vv $(which gdb)
And for 10.14 (Mojave) onwards, also check the entitlements:
codesign -d --entitlements - $(which gdb)
1.4. Refresh the system's certificates and code-signing data
The most reliable way is to reboot your system.
A less invasive way is to and restart taskgated service by killing the
current running taskgated process (at any time in the process, but no
later than before trying to run gdb again):
sudo killall taskgated
However, sometimes the taskgated service will not restart successfully
after killing it, so ensure that it is alive after this step by
checking e.g. ps $(pgrep -f taskgated). Or just reboot your system, as
mentioned above.
It's a very old topic, but I am adding a response, because out of many available instructions, only one contained just the right steps to make a self-signed debugger work.
You have to create a self-signed root certificate and then sign the gdb executable with it, but many people complained that it did not work for them. Neither did it for me until I stumbled upon this link.
The key point missing in other manuals is that you have to restart your computer for the changes to take effect. Once I did that, everything worked as intended.
I hope, this will help others.
I followed the instructions with codesigning, but gdb would still give me the same error. It turned out that it did work when gdb is run as root (sudo gdb). I'm using Sierra osx.
I know this is not a direct answer to the question, but I wish someone had mentioned it before I went to the effort of getting gdb to work.
You can build and debug C++ code with Apple's free IDE called Xcode. (Xcode is similar to "Visual Studio" or "Android Studio".). I was already an Xcode user, but I had no idea that it worked with c++ -- because the option is fairly well hidden. This youtube video walks you through it:
https://www.youtube.com/watch?v=-H_EyIqBNDA