Multiple SSH keys configuration

ssh-keys
If you are using, for example GIT, it may be needed to use different ssh keys for different servers. By default git client uses “~/.ssh/id_rsa” private key.
And you’ll get the error like:

Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.

If you want to use another ssh key, you should load it before with ssh-add command each time.

To avoid the issue you can specify the ssh key for certain server.
Just create (or update) file “~/.ssh/config” with content:

Host  someserver.com
  HostName                  someserver.com
  Port                      22
  PreferredAuthentications  publickey
  IdentityFile              "C:\Users\user42\.ssh\private-ssh-key-file"

Thanx to
https://confluence.atlassian.com/bitbucket/configure-multiple-ssh-identities-for-gitbash-mac-osx-linux-271943168.html
and https://gist.github.com/jexchan/2351996

Apache and SVN configuration with user permissions

apache-svn
This tutorial shows how to configure Apache+SVN couple.

1. First of all you should install Apache Httpd server (version 2.4 in this case) with DAV_SVN module and subversion client:

yum -y install httpd mod_dav_svn subversion

2. Check installed modules are turned on:

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_user_module modules/mod_authz_user.so

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so

LoadModule dav_svn_module     modules/mod_dav_svn.so
LoadModule authz_svn_module   modules/mod_authz_svn.so
LoadModule dontdothat_module  modules/mod_dontdothat.so

3. Configure repository folder in http.conf:

<Directory "/srv/svn/repos">
    Options None
    AllowOverride None
    Require all granted
</Directory>

4. Add virtual host:

<VirtualHost *:80>
    ServerName svn.domain.com
    DocumentRoot "/srv/svn"
    ErrorLog "/srv/svn/log/svn.domain.com_error_log"
    CustomLog "/srv/svn/log/svn.domain.com_access_log" common
    TransferLog "/srv/svn/log/svn.domain.com_transfer_log"

    LimitXMLRequestBody 0
    LimitRequestBody 0

    <Location />
        DAV svn
        SVNParentPath "/srv/svn/repos"
        SVNListParentPath on
        AuthType Basic
        AuthName "Subversion repository"
        AuthUserFile "/srv/svn/svn.passwd"
        AuthzSVNAccessFile "/srv/svn/svn.access"
        Require valid-user
    </Location>
</VirtualHost>

5. Create passwd file “/srv/svn/svn.passwd”:

htpasswd -c -b /srv/svn/svn.passwd tom tomPasswordHere
htpasswd -b /srv/svn/svn.passwd jerry jerryPasswordHere
htpasswd -b /srv/svn/svn.passwd spike spikePasswordHere

6. Create access file “/srv/svn/svn.access”:

[groups]
adminGroup = tom
otherGroup = jerry,spike

[/]
* =
@adminGroup = rw

[php:/project42]
@otherGroup = rw

[php:/projectGood]
@otherGroup = r

So, as you see adminGroup has full access to php repository.
But otherGroup has write access to project42 and only read permissions on projectGood.

Also see http://stackoverflow.com/questions/81361/how-to-setup-access-control-in-svn

Subversion (SVN) tricks

subversion_logo-384x332
When you use Subversion as a source control management system it is useful to know some magic commands.

The next command cleans, updates, adds and shows status of local repository:

  svn cleanup \
    && echo "-UPDATE-" && svn up \
    && echo "-ADD-" && svn add * --force \
    && echo "-STATUS-" && svn st

After you can commit changes with:

  svn ci -m "your comment..."

More info on https://subversion.apache.org/ and http://svnbook.red-bean.com/

Remove kernel in CentOS

kernel
After unsuccessful upgrade of kernel you have to fix linux OS.
To delete invalid kernel in case of CentOS do next steps.

1. Show kernel list:

  rpm -q kernel

And you’ll see output:

  kernel-3.10.0-229.14.1.el7.x86_64
  kernel-3.10.0-229.20.1.el7.x86_64
  kernel-3.10.0-327.3.1.el7.x86_64
  kernel-3.10.0-327.4.4.el7.x86_64
  kernel-3.10.0-327.22.2.el7.x86_64

2. Delete corrupted kernel:

  rpm -e kernel-3.10.0-327.22.2.el7.x86_64

3. Reboot.
So, you system downgraded!

Thanx to http://blog.zwiegnet.com/linux-server/delete-oldcorrupt-linux-kernel-centos/

Adding manifest attributes to existing JAR file

jar
To modify manifest in external existing JAR file in JAVA do:

<build>
    <plugins>
    ...
    
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-antrun-plugin</artifactId>
            <version>1.6</version>
            <executions>
                <execution>
                    <id>repack</id>
                    <phase>package</phase>
                    <goals>
                        <goal>run</goal>
                    </goals>
                    <configuration>
                        <target>
                            <jar update="true" 
                                 file="${project.basedir}/some.jar">
                                <manifest>
                                    <attribute name="Class-Path" 
                                               value="jackson.jar"/>
                                </manifest>
                            </jar>
                        </target>
                    </configuration>
                </execution>
            </executions>
        </plugin>    
    
    </plugins>
</build>

Thanx to http://stackoverflow.com/a/20634999

Docs:
https://docs.oracle.com/javase/tutorial/deployment/jar/manifestindex.html
http://www.softlab.ntua.gr/facilities/documentation/unix/java/tutorial/jar/basics/mod.html
http://introcs.cs.princeton.edu/java/85application/jar/jar.html

The bad idea is to compress JAR file with ZIP: http://stackoverflow.com/a/7085511

Using keystore in JAVA for Self-Signed SSL certificates

screenshot.2016-03-12
You may observe the next error when working with domains with self-signed certificate:

sun.security.provider.certpath.SunCertPathBuilderException: 
unable to find valid certification path to requested target

In this case you have to do next steps to allow java program trust to the given domain:

1. Get SSL certiicate for domain:

openssl s_client -connect somedomain.com:443 > cert1.cert

2. Generate java keystore:

D:\runtime\jdk8u45x64\bin\keytool -import -v -trustcacerts 
-file cert1.cert -keystore cacerts1.jks 
-alias somealias -keypass "changeit" -storepass "changeit"

Type “yes” when promts to accept certificate.

3. Add JVM arguments to your program:

-Djavax.net.ssl.trustStore="D:\projects\my\cacerts3.jks"
-Djavax.net.ssl.trustStorePassword="changeit"

4. (Optional) debug arguments:

-Djava.security.debug=certpath
-Djavax.net.debug=trustmanager

Also available java arguments (in case of self signed certificates not useful):

-Djavax.net.ssl.keyStore="D:\projects\my\cacerts3.jks"
-Djavax.net.ssl.keyStorePassword="changeit"

Thanx to:
https://www.javacodegeeks.com/2014/07/java-keystore-tutorial.html
https://docs.oracle.com/cd/E29585_01/PlatformServices.61x/security/src/csec_ssl_jsp_start_server.html
http://stackoverflow.com/a/20190493
https://github.com/denimgroup/threadfix/wiki/Importing-Self-Signed-Certificates

Execute command from other user in Linux

linux-sudo
Linux OS is fluent to run commands under different user if you are logged as root.
Here are two ways to do it:

1. Using “SUDO” command:

  sudo -u <username> "<commands>"

Example: sudo -u www-data php occ

2. Using “SU” command:

  su - <username> -c "<commands>"

Example: su – www-data -c ‘php /var/www/html/console.php files:scan –all’

Thanx to http://askubuntu.com/a/606149