No cache data for this platform - sgx

I have installed pccs on my vm with sgx enabled, the I run sudo systemctl start pccs and curl -k -G "https://localhost:8081/sgx/certification/v4/rootcacrl" but I get error No cache data for this platform.
my kernel is :
cat /proc/version
Linux version 5.15.0-1029-azure (buildd#lcy02-amd64-076) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #36~20.04.1-Ubuntu SMP Tue Dec 6 17:00:26 UTC 2022
this is the pccs_server.log:
2022-12-27 16:25:22.885 [info]: HTTPS Server is running on: https://localhost:8081
2022-12-27 16:26:17.206 [info]: Client Request-ID : 19de7dcf832143418bd560e236a3e745
2022-12-27 16:26:17.210 [error]: Error: No cache data for this platform.
at ReqCachingMode.getRootCACrlFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingMode.js:84:11)
at CachingModeManager.getRootCACrlFromPCS (file:///opt/intel/sgx-dcap-pccs/services/caching_modes/cachingModeManager.js:73:23)
at Module.getRootCaCrl (file:///opt/intel/sgx-dcap-pccs/services/rootcacrlService.js:47:36)
at async getRootCaCrl (file:///opt/intel/sgx-dcap-pccs/controllers/rootcacrlController.js:38:21)
2022-12-27 16:26:17.217 [info]: 127.0.0.1 - - [27/Dec/2022:16:26:17 +0000] "GET /sgx/certification/v4/rootcacrl HTTP/1.1" 404 32 "-" "curl/7.68.0"
does any body knows the issue?

Related

UWSGI Works Within Network But Not Over Domain

I have a RPi running NGINX and UWSGI serving a webpage and an API via UWSGI.
Web page works fine, both locally and from the web.
API works locally, but not via web. My guess it's either the router or the NGINX configuration.
I am using cloudflare for the DNS, and all appears fine there.
I can GET / POST locally using Postman, but not via the web address. I would greatly appreciate any ideas on where to look.
Output from uwsgi is:
*** Starting uWSGI 2.0.20 (32bit) on [Sat May 14 12:35:08 2022] ***
compiled with version: 8.3.0 on 06 October 2021 05:59:48
os: Linux-5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022
nodename: xxx
machine: armv7l
clock source: unix
pcre jit disabled
detected number of CPU cores: 4
current working directory: /var/www/xxx.xxx/public
detected binary path: /home/pi/.local/bin/uwsgi
*** WARNING: you are running uWSGI without its master process manager ***
your processes number limit is 12393
your memory page size is 4096 bytes
detected max file descriptor number: 1024
lock engine: pthread robust mutexes
thunder lock: disabled (you can enable it with --thunder-lock)
uWSGI http bound on :9090 fd 4
spawned uWSGI http 1 (pid: 3176)
uwsgi socket 0 bound to TCP address 127.0.0.1:34881 (port auto-assigned) fd 3
Python version: 3.7.3 (default, Jan 22 2021, 20:04:44) [GCC 8.3.0]
*** Python threads support is disabled. You can enable it with --enable-threads ***
Python main interpreter initialized at 0xd5c950
your server socket listen backlog is limited to 100 connections
your mercy for graceful operations on workers is 60 seconds
mapped 64408 bytes (62 KB) for 1 cores
*** Operational MODE: single process ***
<<<<<<<<<<<<<<<< Loaded script >>>>>>>>>>>>>>>>
WSGI app 0 (mountpoint='') ready in 0 seconds on interpreter 0xd5c950 pid: 3175 (default app)
*** uWSGI is running in multiple interpreter mode ***
spawned uWSGI worker 1 (and the only) (pid: 3175, cores: 1)

How to fix SIGSEGV which prevents MVC application running in Mono

ASP.NET MVC application is installed in Debian server using Apache and mod_mono.
Trying to start it causes SIGSEGV exception in Mono. Apache error.log contains
[Wed Mar 06 22:07:13 2019] [notice] Apache/2.2.22 (Debian) mod_mono/3.12 configured -- resuming normal operations
Listening on: /tmp/.mod_mono_server4
Root directory: /
Stacktrace:
[Wed Mar 06 22:07:35 2019] [error] (70014)End of file found: read_data failed
[Wed Mar 06 22:07:35 2019] [error] Command stream corrupted, last command was 1
Listening on: /tmp/.mod_mono_server4
Root directory: /
Stacktrace:
Native stacktrace:
/usr/bin/mono() [0x4accca]
/usr/bin/mono() [0x5040fe]
/usr/bin/mono() [0x4275d7]
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf0a0) [0x7f47845d30a0]
/usr/bin/mono() [0x47aad9]
/usr/bin/mono() [0x50fcb8]
/usr/bin/mono() [0x510253]
/usr/bin/mono() [0x425efc]
/usr/bin/mono() [0x4af809]
/usr/bin/mono() [0x4b0117]
[0x411fe68c]
Debug info from gdb:
=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================
How to fix this so that application can run ?
Same server also contains other application created with older ASP.NET MVC which runs OK.
Mono was installed using Debian package:
mono --version
Mono JIT compiler version 4.6.2 (Stable 4.6.2.7/08fd525 Mon Nov 14 12:30:00 UTC 2016)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
TLS: __thread
SIGSEGV: altstack
Notifications: epoll
Architecture: amd64
Disabled: none
Misc: softdebug
LLVM: supported, not enabled.
GC: sgen

Impossible to access http://mvnrepository.com/

I am suddenly getting this error in Jenkins:
= Check pre-requisite
Checking global pre-requisite
- aws is reachable in PATH [ OK ]
DEBUG : wget --spider -S -qO- http://mvnrepository.com/
HTTP/1.1 308 Permanent Redirect
Content-Length: 0
Date: Tue, 02 Oct 2018 04:49:58 GMT
Location: https://mvnrepository.com/
Server: nginx/1.10.1
Connection: keep-alive
X-RBT-SCAR: 88888:59701061:1000 ADL
HTTP/1.1 308 Permanent Redirect
Content-Length: 0
Date: Tue, 02 Oct 2018 04:49:58 GMT
Location: https://mvnrepository.com/
Server: nginx/1.10.1
Connection: keep-alive
X-RBT-SCAR: 10.195.254.60:59701066:1000 ADL
- http://mvnrepository.com/ is reached [FAILED]
Impossible to access http://mvnrepository.com/ (wget error code 8 : Server issued an error response )
# Error detected
###############################################################################
End of Checks. Status =
- No warning detected
- Error detected while executing checks. Unless -ignore-checks flag is on, those will block the installation process and prevent we move further until those are solved.
########################################################################
# Error : Prerequiste check ./project_files/bin/check_prerequisite is not ok. Stopping the operation.
########################################################################
Looks like that site has stopped supporting HTTP and are telling you to use HTTPS instead. In the redirect information, you can see
Location: https://mvnrepository.com/
So, use HTTPS and you should be fine. More specifically, use
wget --spider -S -qO- https://mvnrepository.com/

Issue integrating Selenium test suite using jenkins

I am trying to integrate Jenkins with Selenium. I have prepared the following command:
java -jar "D:\CI\TWCP\Selenium plugins\selenium-server-standalone-2.32.0.jar" -htmlSuite *firefox "http://www.google.co.in" "C:\Users\....\Desktop\Test suites\GoogleTestSuite.html" "C:\Users\.....\Desktop\results.html" -firefoxProfileTemplate "C:\....\Mozilla\Firefox\Profiles\s980v5zn.default"
When I execute the command in the command line, it works Perfectly fine. Then I called the same command through Jenkins and I got the following error:
Started by user anonymous
Building in workspace D:\CI\Jenkins\jobs\Google Test\workspace
[workspace] $ cmd /c call C:\Windows\TEMP\hudson600399625489206831.bat
D:\CI\Jenkins\jobs\Google Test\workspace>java -jar "D:\CI\TWCP\Selenium plugins\selenium-server-standalone-2.32.0.jar" -htmlSuite *firefox "http://www.google.co.in" "C:\Users\N_chandanKumar\Desktop\Test suites\GoogleTestSuite.html" "C:\Users\N_chandanKumar\Desktop\results.html" -firefoxProfileTemplate "C:\Users\N_chandanKumar\AppData\Roaming\Mozilla\Firefox\Profiles\s980v5zn.default"
Apr 24, 2013 10:54:07 AM org.openqa.grid.selenium.GridLauncher main
INFO: Launching a standalone server
10:54:08.647 INFO - Java: Sun Microsystems Inc. 1.6.0-b105
10:54:08.647 INFO - OS: Windows Vista 6.1 x86
10:54:08.662 INFO - v2.32.0, with Core v2.32.0. Built from revision 6c40c18
10:54:08.756 INFO - RemoteWebDriver instances should connect to: http://127.0.0.1:4444/wd/hub
10:54:08.756 INFO - Version Jetty/5.1.x
10:54:08.756 INFO - Started HttpContext[/selenium-server/driver,/selenium-server/driver]
10:54:08.756 INFO - Started HttpContext[/selenium-server,/selenium-server]
10:54:08.756 INFO - Started HttpContext[/,/]
10:54:08.787 INFO - Started org.openqa.jetty.jetty.servlet.ServletHandler#13c1b02
10:54:08.787 INFO - Started HttpContext[/wd,/wd]
10:54:08.787 INFO - Started SocketListener on 0.0.0.0:4444
10:54:08.787 INFO - Started org.openqa.jetty.jetty.Server#7ced01
jar:file:/D:/CI/TWCP/Selenium%20plugins/selenium-server-standalone-2.32.0.jar!/customProfileDirCUSTFFCHROME
10:54:09.941 INFO - Preparing Firefox profile...
10:54:12.041 INFO - Launching Firefox...
10:54:14.242 INFO - Checking Resource aliases
10:54:37.079 INFO - Checking Resource aliases
10:54:37.079 INFO - Received posted results
GoogleTestCase.html
GoogleTestCase</td></tr>
</tbody></table>
10:54:37.297 INFO - Killing Firefox...
Tests failed, see result file for details: C:\Users\N_chandanKumar\Desktop\results.html
10:54:37.921 INFO - Shutting down...
10:54:37.921 INFO - Stopping Acceptor ServerSocket[addr=0.0.0.0/0.0.0.0,port=0,localport=4444]
D:\CI\Jenkins\jobs\Google Test\workspace>exit 1
Build step 'Execute Windows batch command' marked build as failure
Finished: FAILURE
result.html shows failure with below log
info: Starting test /selenium-server/tests/GoogleTestCase.html
info: Executing: |setTimeout | 1000000 | |
info: Executing: |openAndWait | http://www.google.co.in/ | |
info: Executing: |setTimeout | 1000000 | |
info: Executing: |pause | 20000 | |
info: Executing: |verifyTextPresent | India | |
warn: currentTest.recordFailure: false
info: Executing: |assertTitle | Google | |
error: Actual value &apos;Error Message&apos; did not match &apos;Google&apos;
warn: currentTest.recordFailure: Actual value &apos;Error Message&apos; did not match &apos;Google&apos;
If I run the same code adding debug tag i.e.
java -jar "D:\CI\TWCP\Selenium plugins\selenium-server-standalone-2.32.0.jar" -htmlSuite *firefox "http://www.google.co.in" "C:\Users\....\Desktop\Test suites\GoogleTestSuite.html" "C:\Users\....\Desktop\results.html" -firefoxProfileTemplate "C:\Users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\s980v5zn.default" -debug
I get the following logs at the end
GoogleTestCase.html
GoogleTestCase</td></tr>
</tbody></table>
10:58:56.737 DEBUG - Handled by org.openqa.selenium.server.htmlrunner.SeleniumHTMLRunnerResultsHandler#14b7453
10:58:56.737 DEBUG - RESPONSE:
HTTP/1.1 200 OK
Date: Wed, 24 Apr 2013 05:28:56 GMT
Server: Jetty/5.1.x (Windows Vista/6.1 x86 java/1.6.0
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
10:58:57.002 INFO - Killing Firefox...
10:58:57.018 DEBUG - java.net.SocketException: Connection reset
10:58:57.018 DEBUG - java.net.SocketException: Connection reset
10:58:57.018 DEBUG - java.net.SocketException: Connection reset
10:58:57.018 DEBUG - java.net.SocketException: Connection reset
10:58:57.033 DEBUG - java.net.SocketException: Connection reset
10:58:57.033 DEBUG - java.net.SocketException: Connection reset
Tests failed, see result file for details: C:\Users\N_chandanKumar\Desktop\results.html
D:\CI\Jenkins\jobs\Google Test\workspace>exit 1
Build step 'Execute Windows batch command' marked build as failure
Finished: FAILURE
I have jenkins 1.509 and seleniumHQ2.32.0
Not able to make out how I am getting "java.net.SocketException: Connection reset" Any help in this regard will be appreciated.
Thanks & Regards,
cK
To check on the issue I ran the jenkins server in Interactive mode. The setting can be seen when you go to services.msc -> Jenkins process -> properties-> click on logon tab and you can select Local system account and tick "Allow service to interact with desktop".
This made jenkins to run the selenium test interactively instead of running in background.
There I could observe browser failing to open the website. This was tackled by following settings services.msc -> Jenkins process -> properties-> click on logon tab --> Select this account and give the account using which you have logged into this system.

Passenger/mod_rails fails to initialize in Fedora 12 when starting Apache

I am in the process of setting up a server to run a Ruby on Rails application on Fedora 12, using Passenger.
I am at the stage where I've installed Passenger, set it up as prescribed, but get the following errors when I restart Apache:
[Wed Jan 13 15:41:38 2010] [notice] caught SIGTERM, shutting down
[Wed Jan 13 15:41:40 2010] [notice] SELinux policy enabled; httpd running as context unconfined_u:system_r:httpd_t:s0
[Wed Jan 13 15:41:40 2010] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [notice] Digest: generating secret for digest authentication ...
[Wed Jan 13 15:41:40 2010] [notice] Digest: done
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
[Wed Jan 13 15:41:40 2010] [error] python_init: Python version mismatch, expected '2.6', found '2.6.2'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python executable found '/usr/bin/python'.
[Wed Jan 13 15:41:40 2010] [error] python_init: Python path being used '/usr/lib/python26.zip:/usr/lib/python2.6/:/usr/lib/python2.6/plat-linux2:/usr/lib/python2.6/lib-tk:/usr/lib/python2.6/lib-old:/usr/lib/python2.6/lib-dynload'.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: Creating 4 session mutexes based on 256 max processes and 0 max threads.
[Wed Jan 13 15:41:40 2010] [notice] mod_python: using mutex_directory /tmp
[Wed Jan 13 15:41:40 2010] [notice] Apache/2.2.14 (Unix) DAV/2 Phusion_Passenger/2.2.9 PHP/5.3.0 mod_python/3.3.1 Python/2.6.2 mod_ssl/2.2.14 OpenSSL/1.0.0-fips-beta3 mod_perl/2.0.4 Perl/v5.10.0 configured -- resuming normal operations
As you can see, there is a permissions problem when Passenger is trying to initialize:
[Wed Jan 13 15:41:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /tmp/passenger.25235/.guard: Permission denied (13)
When Apache is starts, it does create a file in /tmp:
d-ws--x--x. 2 root root 4096 2010-01-13 16:04 passenger.26117
If instead I run the app by firing up mongrel directly with mongrel_rails start -e production, I see the following:
ActiveRecord::StatementInvalid (Mysql::Error: Can't create/write to file '/tmp/#sql_5d3_0.MYI' (Errcode: 13): SHOW FIELDS FROM `users`):
Again the error points to permission issues with the /tmp directory.
I am at a loss as to what the solution is. I'm not sure if it is related to simply directory permissions or Fedora's SELinux security.
Any help would be appreciated. Thanks.
I did the same as Fred, except that instead of doing it one error at a time:
Go into permissive mode by running setenforce 0
Restart apache, and hit your site and use it for a while as normal
Run grep httpd /var/log/audit/audit.log | audit2allow -M passenger
semodule -i passenger.pp
Go back to enforcing mode by running setenforce 1
Restart apache and test your site - hopefully it should all be working as before!
Note that this is basically a specific example of the procedure on the Centos SELinux help - check it out.
I'm having the same issue in CentOS 5.4, SELinux getting in the way of Passenger.
Setting PassengerTempDir to /var/run/passenger simply gives you the same permission errors in the new directory instead of /tmp :
[Mon Feb 22 11:42:40 2010] [error] *** Passenger could not be initialized because of this error: Cannot create directory '/var/run/passenger/passenger.3686'
I can then change the security context of /var/run/passenger to get past this error:
chcon -R -h -t httpd_sys_content_t /var/run/passenger/
...and that lets Passenger create the temp directory, but not files within that directory:
[Mon Feb 22 12:07:06 2010] [error] *** Passenger could not be initialized because of this error: Cannot create FIFO file /var/run/passenger/passenger.3686/.guard: Permission denied (13)
Oddly, re-running the recursive chcon again doesn't get past this error, it keeps dying at this point, and this is where my SELinux knowledge gets murky.
The Phusion Passenger guide sections 6.3.5 and 6.3.7 have some useful thoughts, but they don't seem to completely resolve the problem.
You need more than just the httpd_sys_content_t permission. I use the following technique to get things started:
start a tail on the audit log: tail -f /var/log/audit/audit.log
reload apache: apachectl restart
Go to the /tmp/directory: cd /tmp
If just 1 line is added use the command: tail -1 /var/log/audit/audit.log | audit2allow -M httpdfifo
Note that the name 'httpdfifo' is just a name chosen to reflect the kind of error that has been observed.
This will create a file named 'httpdfifo.pp'. To allow apache to create a FIFO from here on after you have to issue the command: semodule -i httpdfifo.pp
Continue to do this until all audit errors have been resolved (It took 4 different kind of permissions on my system running Centos 5.4)
Running setenforce 0 before starting will let you test if it's SELinux. Don't forget to run setenforce 1 afterwards.
I tried what Dan Sketcher and Fred Appleman suggested, i.e. repeat the following:
yum install setroubleshoot
echo > /var/log/audit/audit.log # clear irrelevant errors
cd ~
service httpd restart # try booting passenger -- audit.log now shows the relevant permission errors
tail -f /var/log/httpd/error_log # check that passenger is still failing due to permission errors
sealert -a /var/log/audit/audit.log > selinux-diag.txt # translate the permission errors
# read and check that you are happy with selinux-diag.txt
# and either follow its specific advice, or if it just wants you to grep into audit2allow, then:
cat /var/log/audit/audit.log | audit2allow -M mypol # grant everything just denied
semodule -i mypol.p # commit new permissions
But after doing this 5 or 6 times, I kept coming up against new errors, and some of the same errors came up even after I had tried to permit them with "audit2allow".
In the end I just turned off SELinux, with:
echo 0 >/selinux/enforce

Resources