HowTo - Mirror NetKernel 4 Apposite Repository

Poster Content
nk4um Moderator
Posts: 901
May 14, 2018 12:13

Excellent! Glad you got this sorted. Hopefully this discussion will help anyone else with the same requirement.

Let us know if you need anything else from us.

P.

Like · Post Reply
nk4um User
Posts: 3
May 14, 2018 10:09

Hi Peter, Thanks for the certificate. Using the 'trust' checkbox was already enough to pass the 'test connection', but OK I've installed the certificate.

Now I'm getting a "Sync Failure HTTP Request Error :404" using the 'Synchronize' button in Admin.

How can I share the Visualizer stacktrace? It's a ZIP of 4.7MB

Solved:

Spitting the Online Visualizer I've found the culprit: I had downloaded a copy from ftp-nyc.osuosl.org and this missed some needed XML (in particular: http://10.127.147.41:8192/repos/1060.org/repo/netkernel/1060-NetKernel-SE/5.2.1/base/main/repository.xml want there, only a index.html).

The rsync download from apposite.netkernel.org was OK, so I'm now using that and only that.

Like · Post Reply
nk4um Moderator
Posts: 901
May 13, 2018 12:20

Hi John - sorry for slow response I've been travelling and only just landed back in the UK.

Here's the public key...

-----BEGIN CERTIFICATE-----
MIIDgjCCAmqgAwIBAgIESblwATANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UEBhMCVUsxEDAOBgNV
BAgTB0JyaXN0b2wxGTAXBgNVBAcTEENoaXBwaW5nIFNvZGJ1cnkxFjAUBgNVBAoTDTEwNjAgUmVz
ZWFyY2gxFjAUBgNVBAsTDTEwNjAgUmVzZWFyY2gxFjAUBgNVBAMTDVBldGVyIFJvZGdlcnMwHhcN
MDkwMzEyMjAyNjQxWhcNMTkwMzEwMjAyNjQxWjCBgjELMAkGA1UEBhMCVUsxEDAOBgNVBAgTB0Jy
aXN0b2wxGTAXBgNVBAcTEENoaXBwaW5nIFNvZGJ1cnkxFjAUBgNVBAoTDTEwNjAgUmVzZWFyY2gx
FjAUBgNVBAsTDTEwNjAgUmVzZWFyY2gxFjAUBgNVBAMTDVBldGVyIFJvZGdlcnMwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4ITm5ZlDc8ow5zHGKv+tlmxAHVUU6PAWCqs0t1tQLAXIg
O0k9dafOIdnpn7fEcfcyybAVFxxrecxN0bq02fNCRtKDZOLnmGfvPimONIcLIEnNaFMmN/m8sQtM
/liEXbKvlfeJFrDFPIsVlhcJHMxuyK0c9FEoBQzkU1u/W/+dmtaHlAfWLzUo+Bqh1RhlCWm4OLZS
2DP9CiGsXxIF971xyGzClOPkK4AwmvvExYzRmVThbYq0jwXpO/GhaKZWYoq3R+GbhFpdObawz+H3
vdVlFBSHJsMOc/RZsxlGS6ZowWL3awft+uqBssyvQMRp6Xt3YZ655+0Q7tGFe2yxlPvHAgMBAAEw
DQYJKoZIhvcNAQEFBQADggEBAB07W2lKXwm3PGo+PjL7Z+GSHgY6eVZ95VjSQ+7+g3V/bd0SWU52
qUOm+w8pNK7JSCy38GqQ+vewZ8/A1vimEEnOgeHxABE5QlJwf/p+LpKlJvMnGh0sBC7UuaHKvMic
63MUS56qCpzx1HpBcIPde/QkupFk8vzWyCnASthNoVHlrmMzreWGy25YQZf3GxCl/g1VFbKPWrVS
tOjBFRgeqwS4IKbBLclt/6rGxDk0gMoFwvuF5RRCmUsxlT90ZG18GtlKVAp6TnCLjCzLtUCfqk9G
mkRdfV0TrVeM9Otk7OseyJpRB03MLaQtqRGQDHOfZVtFR5i/XZR0hGtCRKihYhQ=
-----END CERTIFICATE-----

It's easy to find if you run the visualizer while doing the connection test. Please try this and if it still is causing you trouble please provide a full visualizer trace so we can see the full picture.

Peter

Like · Post Reply
nk4um User
Posts: 3

Hi, I've managed to duplicate a 1060.org repo from ftp-nyc.osuosl.org. It lives now on (internal) URL http://10.127.147.41:8192/repos/1060.org/repo/ When I use the 'test connection' button from my Apposite (http://localhost:1060/tools/apposite/admin/), I'm seeing the stacktrace (below). Your documentation only states to "download a copy of the repository's public key". Where can I find this key?

See: http://docs.netkernel.org/book/view/book:apposite:core/doc:apposite:repository

Note: In above manual page is a dead link to: http://docs.netkernel.org/tools/apposite/admin/repo/manageTrust

Stacktrace with NPE:

([ View])

> /opt/netkernel-5.2.1/log/apposite-client-0.log <

<record>

 <date>2018-05-11T09:44:05</date>
 <millis>1526024645337</millis>
 <sequence>2894</sequence>
 <logger>Apposite-Client</logger>
 <level>INFO</level>
 <class>repoTestConnection.gy</class>
 <thread>28924</thread>
 <message>Testing connection http://10.127.147.41:8192/repos/1060.org/repo/netkernel/1060-NetKernel-SE/5.2.1/</message>

</record>

> /opt/netkernel-5.2.1/log/netkernel.out <

I 09:44:05 repoTestConn~ Testing connection http://10.127.147.41:8192/repos/1060.org/repo/netkernel/1060-NetKernel-SE/5.2.1/ <ex>

<ex>
 <id>org.netkernel.layer0.nkf.NKFException</id>
</ex>
<ex>
 <id>RequestFrameException</id>
 <request>SOURCE active:pkiVerifyStandard+operand@pbv%3Aoperand+publicKeyCertificate@active%3AappositeRepoPublicKey%2Bid%4033+signature@pbv%3Asignature as Object</request>
</ex>
<ex>
 <id>SubrequestException</id>
 <space>Security Utilities  (private)</space>
 <endpointId>PKIVerifyCertStandard</endpointId>
 <endpoint>SignVerifyStandardAccessor</endpoint>
 <ex>
  <id>java.lang.NullPointerException</id>
  <stack>
   <level>org.ten60.netkernel.security.endpoint.SignVerifyStandardAccessor.onSource() line:50</level>
   <level>org.netkernel.module.standard.endpoint.StandardAccessorImpl.onRequest() line:222</level>
   <level>org.netkernel.layer0.nkf.impl.NKFEndpointImpl.onAsyncRequest() line:94</level>
   <level>... 104 more</level>
  </stack>
 </ex>
</ex>

</ex>

       at org.netkernel.layer0.nkf.impl.NKFContextImpl.issueKernelRequest(NKFContextImpl.java:507)
       at org.netkernel.layer0.nkf.impl.NKFContextImpl.issueRequest(NKFContextImpl.java:424)
       at org.netkernel.layer0.nkf.INKFBasicContext$issueRequest.call(Unknown Source)
       at script15258736183671398104284.run(script15258736183671398104284.groovy:38)
       at org.netkernel.lang.groovy.endpoint.GroovyRuntime.onRequest(GroovyRuntime.java:37)
       at org.netkernel.layer0.nkf.impl.NKFEndpointImpl.onAsyncRequest(NKFEndpointImpl.java:94)
       at org.netkernel.scheduler.RequestState.processRequest(RequestState.java:404)
       at org.netkernel.scheduler.Scheduler.synchronousRequest(Scheduler.java:246)
       at org.netkernel.container.impl.Kernel.synchronousRequest(Kernel.java:309)
       at org.netkernel.layer0.nkf.impl.NKFContextImpl.issueKernelRequest(NKFContextImpl.java:501)
       at org.netkernel.layer0.nkf.impl.NKFContextImpl.issueRequestForResponse(NKFContextImpl.java:406)
       at org.netkernel.module.standard.builtin.mapper.MapperConfig$Mapping.onRequest(MapperConfig.java:489)
       at org.netkernel.module.standard.builtin.mapper.MapperConfig.onRequest(MapperConfig.java:228)
       at org.netkernel.module.standard.endpoint.ConfiguredOverlayImpl.onRequest(ConfiguredOverlayImpl.java:227)
       at org.netkernel.layer0.nkf.impl.NKFEndpointImpl.onAsyncRequest(NKFEndpointImpl.java:94)
       at org.netkernel.scheduler.RequestState.processRequest(RequestState.java:404)

Like · Post Reply
nk4um Administrator
Posts: 606
May 1, 2018 14:10

I just tried that exact command line now and it appears to work fine. Maybe a local network issue?

Like · Post Reply
nk4um User
Posts: 3
May 1, 2018 14:04

Is this still working for NetKernel 5.2.1 and 6.2.1 ? We can't get a working connection, it gives me a:

rsync -rv rsync://apposite.netkernel.org/download/repo/ repo/
rsync: failed to connect to apposite.netkernel.org (*inet_ntop failed*): Connection refused (111)
rsync error: error in socket IO (code 10) at /usr/src/rsync/rsync-3.0.8/clientserver.c(122) [Receiver=3.0.8]

Please advice, -John-

Like · Post Reply
nk4um Moderator
Posts: 901
October 23, 2009 12:27HowTo - Mirror NetKernel 4 Apposite Repository
Some people have reported that they are unable to access the apposite repository since they are behind an authenticating corporate firewall.  We''re working on a general solution to this in the HTTP client infrastructure but in the mean time this FAQ explains how you can use rsync to bring a local mirror inside your firewall.  This FAQ also applies if you just want to be a good community citizen and offer a regional mirror for the NetKernel community.

1. First step is to get a copy of rsync (http://samba.anu.edu.au/rsync/) or talk to your friendly neighbourhood *nix sysadmin.

2. Run the following command to mirror the apposite repository to a local directory...

rsync -rv rsync://apposite.netkernel.org/download/repo/ repo/


This will create a directory called "repo" containing two sub-directories "packages" and "netkernel".  You now have a full mirror of the apposite repository.

3. You now need to decide how you want to access it locally with NKSE''s apposite client.  You can keep the mirror directory on your local machine or you could put it on an internal corporate web server.  You could even put it on a SAMBA share and mount that.  Wherever you place it you need to tell your development copy of NKSE apposite client to use this repository instead of the public server.  To do that follow these steps:

a) Go to the apposite admin panel:  http://localhost:1060/apposite/admin/
b) Click the "Edit" button for the "NetKernel.org Base URI" (by default it will be http://apposite.netkernel.org/repo/).  Change this to the base URI of your mirror''s repo/ directory (don''t forget the trailing slash - its has to be an absolute URI to the directory path).

For example:

If you have a copy on your local hard drive at location C:\\1060mirror\\repo you''d enter "file:///C:/1060mirror/repo/"  (sorry but Windows file URI''s need triple slashes and care with drive letters etc - if in doubt try the URI in your browser address bar first)

If you have it on an internal corporate web server http://ourmirror.bigcorp.com/repo/ then just enter that http URL.

If you have it mounted SAMBA share then use a file: URI to point to that mount point.

At any time you can make sure you''ve got the correct base URI by clicking "Test Connection".

That''s it - all you need to do is to arrange to run rsync every couple of days to keep it in sync (or talk with/bribe your sysadmin to set that up as a cron job on a utility server).

Security Notes

The public apposite repository only has signed official releases of 1060 authorized packages.  Both the individual packages and the complete repository metadata are signed.  When you have a local copy inside your firewall the NKSE apposite client still performs full repository and package authentication and verification before permitting anything from the the mirror to be installed.  So even though the library is local you can still treat it as the authentic trustworthy source of NKSE libraries and updates.
Like · Post Reply