Blog

Blog

Apply filter to STDERR in Linux

Apply filter to STDERR in Linux

STDOUT ────────────────┐
                       ├─────> terminal/file/whatever
STDERR ── [ filter ] ──┘

Method

If ./a.out outputs as below

In STDERR:

stderr output

In STDOUT:

more regular

Then the following command will output as below.

# ./a.out 3>&1 1>&2 2>&3 3>&- | sed 's/e/E/g'
more regular
stdErr output

Explanation

    First save stdout as &3 (&1 is duped into 3)
    Next send stdout to stderr (&2 is duped into 1)
    Send stderr to &3 (stdout) (&3 is duped into 2)
    close &3 (&- is duped into 3)

References

Pipe only STDERR through a filter

Fix Spice Certificate Issue in Proxmox

Fix Spice Certificate Issue in Proxmox

After changed the display to Spice and added Spice USB device, following error appeared.

swtpm_setup: Not overwriting existing state file.
kvm: warning: Spice: reds.c:2893:reds_init_ssl: Could not load certificates from /etc/pve/local/pve-ssl.pem
kvm: warning: Spice: error:0909006C:PEM routines:get_name:no start line
kvm: warning: Spice: error:140DC009:SSL routines:use_certificate_chain_file:PEM lib
kvm: failed to initialize spice server
stopping swtpm instance (pid 55260) due to QEMU startup error
TASK ERROR: start failed: QEMU exited with code 1

Update certificate also got following errors

root@pve01:~# pvecm updatecerts --force
(re)generate node files
generate new node certificate
Signature ok
subject=OU = PVE Cluster Node, O = Proxmox Virtual Environment, CN = pve01.xxx.net
Getting CA Private Key
CA certificate and CA private key do not match
139954545105792:error:06067099:digital envelope routines:EVP_PKEY_copy_parameters:different parameters:../crypto/evp/p_lib.c:93:
139954545105792:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:../crypto/x509/x509_cmp.c:303:
unable to generate pve ssl certificate:
command 'faketime yesterday openssl x509 -req -in /tmp/pvecertreq-56235.tmp -days 161 -out /etc/pve/nodes/pve01/pve-ssl.pem -CAkey /etc/pve/priv/pve-root-ca.key -CA /etc/pve/pve-root-ca.pem -CAserial /etc/pve/priv/pve-root-ca.srl -extfile /tmp/pvesslconf-56235.tmp' failed: exit code 1

In this case, remove keys and regenerate.

root@pve01:~# rm -f /etc/pve/pve-root-ca.pem /etc/pve/priv/pve-root-ca.* /etc/pve/local/pve-ssl.*
root@pve01:~# pvecm updatecerts -f
(re)generate node files
generate new node certificate
merge authorized SSH keys and known hosts
root@pve01:~# pvecm updatecerts -f
(re)generate node files
generate new node certificate
merge authorized SSH keys and known hosts
root@pve01:~# 

Now, problem fixed.

References

pveproxy fails to load local certificate chain after upgrade to pve 6

Error encountered during `apt install` indicated that the file couldn’t be accessed by user `_apt`

Error encountered during apt install indicated that the file couldn't be accessed by user _apt

When installing package from local file (.deb file), following error might be occurred.

Processing triggers for dbus (1.14.0-2ubuntu3) ...
N: Download is performed unsandboxed as root as file 'full_path_of_deb_file_name' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

Usually apt tries to run the process that fetches packages as a different user called _apt to increase security. That's no problem if it has to download packages from the internet. But if you tell it to install a .deb file that's already on your system, it needs to have permission to access that file by _apt user. Otherwise, above error will be shown.

References

Download performed unsandboxed