Warning: crypttab contains a literal encryption key
Message during boot:
Unlocking encrypted volumes: [BUSY] ^[[udisk1..crypttab contains a literal encryption key. This
^[[uok ^[[udisk2..crypttab contains a literal encryption key. This will stop working in the future.
What should I do? I use several literal encryption keys to unlock several partitions during booting including root.
The problem is in that I use remote unlocking of the root partition with literal key I enter manually from keyboard. I replaces the encrypt hook with dropbear encryptssh in /etc/mkinitcpio.conf.
What can I do if in the future it will be replaced with key-file instead of literal one. It is inconvenient to use key-file for remote computer file encryption?
ZeroLinux wrote:[...]Encrypted root partition is decrypting during boot after entering literal password over ssh through network. I don't see anything wrong with that. I can't be asked for passwords, because I boot computer remotely.
Actually, that's a may be a security hole.
You sshd keys are unencrypted, therefore, someone with physical access to you computer, can copy them, and then do a MITM attack to get your passphrase when you unlock it remotely.
ZeroLinux wrote:If I do it how I will decrypt my root partition during boot remotely?
You can configure a single partition so that it can be unlocked both with a keyfile and a passphrase.
Similar Messages
-
Cryptsetup: "cryptab contains a literal encryption key..."
I'm using full disk encrpytion (minus /boot) using luks. After a recent update I now get the following message on boot-up, when my data and home partions are decrytped:
"cryptab contains a literal encryption key. This will stop working in the future"
What exactly does this mean? And what changes, if any, will I have to make to my setup.
A search only brings up one result which doesn't explain much.
Thanks.It is self-explanantory. The wiki has been updated: https://wiki.archlinux.org/index.php/LU … Passphrase
-
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
[APP: soa-infra] . Unable to fetch/generate encryption key.
Hello;
I am installing Fusion Middleware 11.1.1.7 on a Windows 2008 R2 64 bit server that is running in Oracle VM.
Components installed:
Oracle SE database Enterprise
RCU
WLS - 10.3.6
OSB
SOA
BAM
Web Center.
I am not sure why I am getiting this message but when I start the SOA server I get the following message:
[APP: soa-infra] <.> Unable to fetch/generate encryption key.[[Unable to fetch/generate encryption key.
Check installation/post-installation steps for errors. Check for errors during SOA server startup. ORABPEL-35012 Unable to fetch/generate encryption key.
Unable to fetch/generate encryption key.
Check installation/post-installation steps for errors. Check for errors during SOA server startup.
at oracle.bpel.services.common.util.EncryptionService.<clinit>(EncryptionService.java:82)
at oracle.bpel.services.workflow.verification.impl.VerificationService$1.run(VerificationService.java:2803)
at oracle.bpel.services.workflow.verification.impl.VerificationService.encryptString(VerificationService.java:2801)
at oracle.bpel.services.workflow.verification.impl.VerificationService.createTokenFromMap(VerificationService.java:2544)
at oracle.bpel.services.workflow.verification.impl.VerificationService.getInternalContextToken(VerificationService.java:465)
at oracle.bpel.services.workflow.verification.impl.VerificationService.getInternalContext(VerificationService.java:492)
at oracle.bpel.services.workflow.verification.impl.VerificationService.<clinit>(VerificationService.java:425)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:61)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:877)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:423)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:93)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:248)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:168)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:884)
at org.springframework.beans.factory.access.SingletonBeanFactoryLocator.useBeanFactory(SingletonBeanFactoryLocator.java:397)
at org.springframework.ejb.support.AbstractEnterpriseBean.loadBeanFactory(AbstractEnterpriseBean.java:118)
at org.springframework.ejb.support.AbstractStatelessSessionBean.ejbCreate(AbstractStatelessSessionBean.java:66)
at oracle.bpm.bpmn.engine.instancemanagement.ejb.InternalInstanceManagementServiceBean_c6peyo_Impl.ejbCreate(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.oracle.pitchfork.inject.Jsr250Metadata.invokeLifecycleMethod(Jsr250Metadata.java:331)
at com.oracle.pitchfork.inject.Jsr250Metadata.invokeLifecycleMethod(Jsr250Metadata.java:325)
at com.oracle.pitchfork.inject.Jsr250Metadata.invokeLifecycleMethods(Jsr250Metadata.java:319)
at com.oracle.pitchfork.intercept.InterceptionMetadata.invokeLifecycleMethods(InterceptionMetadata.java:468)
at com.oracle.pitchfork.intercept.InterceptionMetadata$AdvisorChainProxyControl.invokeLifecycleMethod(InterceptionMetadata.java:416)
at sun.reflect.GeneratedMethodAccessor946.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:106)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy241.invokeLifecycleMethod(Unknown Source)
at weblogic.ejb.container.pool.StatelessSessionPool.createBean(StatelessSessionPool.java:212)
at weblogic.ejb.container.pool.Pool.createInitialBeans(Pool.java:299)
at weblogic.ejb.container.manager.StatelessManager.initializePool(StatelessManager.java:448)
at weblogic.ejb.container.deployer.EJBDeployer.initializePools(EJBDeployer.java:1649)
at weblogic.ejb.container.deployer.EJBDeployer.start(EJBDeployer.java:1477)
at weblogic.ejb.container.deployer.EJBModule.start(EJBModule.java:616)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:247)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:425)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:27)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:671)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:51)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:30)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:169)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:123)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:545)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
Caused by: java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=BPM-CRYPTO,keyName=BPM-CRYPTO read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:374)
at java.security.AccessController.checkPermission(AccessController.java:549)
at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:463)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:523)
at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:549)
at oracle.security.jps.internal.credstore.util.CsfUtil.checkPermission(CsfUtil.java:684)
at oracle.security.jps.internal.credstore.ssp.SspCredentialStore.getCredential(SspCredentialStore.java:562)
at oracle.bpel.services.common.util.EncryptionService$1.run(EncryptionService.java:72)
at oracle.bpel.services.common.util.EncryptionService.<clinit>(EncryptionService.java:61)
at oracle.bpel.services.workflow.verification.impl.VerificationService$1.run(VerificationService.java:2803)
at oracle.bpel.services.workflow.verification.impl.VerificationService.encryptString(VerificationService.java:2801)
at oracle.bpel.services.workflow.verification.impl.VerificationService.createTokenFromMap(VerificationService.java:2544)
at oracle.bpel.services.workflow.verification.impl.VerificationService.getInternalContextToken(VerificationService.java:465)
at oracle.bpel.services.workflow.verification.impl.VerificationService.getInternalContext(VerificationService.java:492)
at oracle.bpel.services.workflow.verification.impl.VerificationService.<clinit>(VerificationService.java:425)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:61)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:877)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:839)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1011)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1011)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1011)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:423)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:729)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)
at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:94)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:100)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:87)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:248)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:925)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:835)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:440)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:168)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:884)
at org.springframework.beans.factory.access.SingletonBeanFactoryLocator.useBeanFactory(SingletonBeanFactoryLocator.java:397)
at org.springframework.ejb.support.AbstractEnterpriseBean.loadBeanFactory(AbstractEnterpriseBean.java:118)
at org.springframework.ejb.support.AbstractStatelessSessionBean.ejbCreate(AbstractStatelessSessionBean.java:66)
at oracle.bpm.bpmn.engine.instancemanagement.ejb.InternalInstanceManagementServiceBean_c6peyo_Impl.ejbCreate(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.oracle.pitchfork.inject.Jsr250Metadata.invokeLifecycleMethod(Jsr250Metadata.java:331)
at com.oracle.pitchfork.inject.Jsr250Metadata.invokeLifecycleMethod(Jsr250Metadata.java:325)
at com.oracle.pitchfork.inject.Jsr250Metadata.invokeLifecycleMethods(Jsr250Metadata.java:319)
at com.oracle.pitchfork.intercept.InterceptionMetadata.invokeLifecycleMethods(InterceptionMetadata.java:469)
at com.oracle.pitchfork.intercept.InterceptionMetadata$AdvisorChainProxyControl.invokeLifecycleMethod(InterceptionMetadata.java:417)
at sun.reflect.GeneratedMethodAccessor946.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:310)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:106)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at com.sun.proxy.$Proxy241.invokeLifecycleMethod(Unknown Source)
at weblogic.ejb.container.pool.StatelessSessionPool.createBean(StatelessSessionPool.java:212)
at weblogic.ejb.container.pool.Pool.createInitialBeans(Pool.java:299)
at weblogic.ejb.container.manager.StatelessManager.initializePool(StatelessManager.java:449)
at weblogic.ejb.container.deployer.EJBDeployer.initializePools(EJBDeployer.java:1649)
at weblogic.ejb.container.deployer.EJBDeployer.start(EJBDeployer.java:1479)
at weblogic.ejb.container.deployer.EJBModule.start(EJBModule.java:616)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:249)
at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:427)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:119)
at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:28)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:672)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:59)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:161)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.BasicDeployment.activate(BasicDeployment.java:184)
at weblogic.deploy.internal.targetserver.BasicDeployment.activateFromServerLifecycle(BasicDeployment.java:361)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doActivate(DeploymentAdapter.java:52)
at weblogic.management.deploy.internal.DeploymentAdapter.activate(DeploymentAdapter.java:200)
at weblogic.management.deploy.internal.AppTransition$2.transitionApp(AppTransition.java:31)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.activate(ConfiguredDeployments.java:170)
at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:124)
at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:181)
at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:97)
Any help would be apprreciated.
JI was able to resolve it myself. I started the SOA managed server via the command scripts and it came up with no errors. Issue is more than likely with the server arguments I added in the Admin console. I will try this and it it does not work I will add further updates to ths thread.
J -
Messages cannot create Encryption Keys
Hi guys,
I am dealing with a very annoying issue here. OS X 10.8.2 on several devices, trying to get iMesages set up and running.
As soon as Messages tries to connect, it just fails. Console says constantly:
22.09.12 13:51:22.412 imagent[899]: [Warning] Error from SecKeychainItemDelete: -61
If I look into login.keychain, I can see that two items are constantly being created and removed (!!) from the keychain:
iMessage Encryption Key
iMessage Signing Key
This goes on and on until it fails. What I've tried so far:
resetting Messages and Facetime (btw: facetime works with that AppleID on the same device)
set up Messages in a new user account (same issue)
creating a blank login.keychain
The Apple ID works for iMessages on iPhones and iPads. So I thought the issue must be caused by Apple. BUT:
Setting up Messages with a totally different Apple ID causes the exact same issue. So it must be related to my device?!
Really weird, don't know what else to try.
Thanks for any suggestions.
Best
GoofyHi
in addition to the bcos table entry, please check the valid authoraisation and
Follow the SAP note [Note 1011376 - Problems when you create a message after importing SP 9|https://websmp230.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1011376]
This could fix the issue
Thanks,
Jansi -
While Creating the backup encryption key in the Configuration server setting it will show you the below error
so can U resolve this issue
Microsoft.ReportingServices.WmiProvider.WMIProviderException: The profile for the user is a temporary profile. (Exception from HRESULT: 0x80090024)
at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.BackupEncryptionKey(Byte[]& encryptedBytes, String password)
at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.BackupEncryptionKey(Byte[]& encryptedBytes, String password)
above is the error msg thrown in the console.It sounds like when you logged into the server or computer, something happened where your profile wasn't used or created, and thus a temporary profile was used. To resolve this you can try logging out and logging back in again, logging in with a
different user and hoping it doesn't happen to them, or restarting the computer. You probably got a warning when you logged into the computer about it using a temporary profile. To me, it look like and operating system problem resulting in an application
problem. -
Best practices to protect encryption key.
I'm writing a software that uses AES256, what are some good ways to protect the AES key?
This is an unattended software running locked away in a datacenter.There are many different approaches to this problem; a lot depends on your business, operational, technical and security requirements (what I refer to as BOTS). Given that you have only specified one operational requirement - unattended operations in a data-center - I will assume the rest based on past project experience, regulatory requirements, etc. The approach that we have taken is as follows:
1) After an AES key is generated, we generate a message-digest of it (to store for later verifications);
2) The AES key is encrypted with a 2048-bit RSA Public Key that is specific to an "encryption domain" (a logical grouping of keys, policies, users and authorizations);
3) The PrivateKey of the encryption-domain is encrypted with another 2048-bit RSA PublicKey (called Migration and Storage Key or MASK) for the purpose of migrating RSA keys from one system to another; each MASK is unique to a system;
4) The PrivateKey of the MASK is finally encrypted with a third 2048-bit RSA PublicKey whose PrivateKey is generated and stored inside a cryptographic hardware module - the Trusted Platform Module (TPM) or a Hardware Security Module (HSM);
5) The TPM/HSM require activation by three (3) Key Custodians (KC) before the hardware module will release the PrivateKey to decrypt the MASK's PrivateKey, which will decrypt the encryption-domain's PrivateKey, which decrypts the AES key, which finally decrypts the ciphertext;
6) The PINs of the three Key Custodians are never stored on the system; they are provided by the individuals using a tool - which can be running locally or remotely - over SSL.
7) The PIN is accepted by the system only if it accompanies a digitally-signed random nonce (number-used-once) sent by the system before the PIN is sent by the KC; if the signature fails or it takes longer than the time-out period, the PIN is not accepted;
8) Only after all three PINs are accepted and verified by the system, does the hardware module get activated and the PrivateKey is released to decrypt the chain of keys;
9) A reboot of the system erases all such authentications/authorizations from the system and requires the KCs to activate the hardware module again; however, the KCs can set their PINs on the system from home/hotel/on-the-road as long as they have VPN access to the system and their KC-token (containing their unique RSA keys/certificate for digitally signing the nonce).
While this might seem elaborate, this is necessary to meet PCI-DSS "dual-control, split-knowledge" requirements. The ability to allow KCs to set their PINs remotely is necessary because of unattended data-centers; the hardware module is necessary so that the chain is controlled by a key-pair that cannot be copied or extracted off the machine; all other keys are stored on disk as encrypted ciphertext.
All crypto-systems - SSH, SSL, IPSec, etc. - use a variation of this scheme; we developed this based on the BOTS we heard over the years. If you think that such a complex scheme has got to be awfully expensive, you'll may be in for a shock .
Hope that helps. -
Mac would not reply to Handoff encryption key request
I have this handoff one way problem between 2 Macs and another iOS devices, a Macbook Pro can get see others handing off, but none of others can see anything from the Macbook Pro. After monitoring the logs and keychain, I discovered that the Macbook Pro simply won't reply to any Handoff encryption key request.
I have cleared all the handoff related keychains off both Macs, and reproduced the problem. After rebooting both Macs, and an iPad. I got the following logs and keys.
From a Mac Pro:
Own encryption key
iPad's key
Log
26/3/15 7:08:56.443 am sharingd[329]: 07:08:56.442 : Requesting Handoff encryption key from "McB iPad Retina"
26/3/15 7:08:57.341 am sharingd[329]: 07:08:57.341 : Requesting Handoff encryption key from "Macbrush’s MBP Retina"
26/3/15 7:09:17.945 am sharingd[329]: 07:09:17.944 : Requesting Handoff encryption key from "McB iPad Retina"
26/3/15 7:09:17.946 am sharingd[329]: 07:09:17.945 : Requesting Handoff encryption key from "Macbrush’s MBP Retina"
26/3/15 7:09:19.351 am sharingd[329]: 07:09:19.351 : Received a new Handoff encryption key from "McB iPad Retina"
26/3/15 7:09:27.788 am sharingd[329]: 07:09:27.787 : Replying to Handoff encryption key request from "McB iPad Retina"
26/3/15 7:10:28.947 am sharingd[329]: 07:10:28.946 : Requesting Handoff encryption key from "Macbrush’s MBP Retina"
From the Macbook Pro:
Own encryption key
iPad's key
Mac Pro's key
Log
26/3/15 7:03:31.157 am sharingd[310]: 07:03:31.156 : Requesting Handoff encryption key from "McB Mac Pro"
26/3/15 7:03:51.661 am sharingd[310]: 07:03:51.661 : Requesting Handoff encryption key from "McB Mac Pro"
26/3/15 7:03:52.561 am sharingd[310]: 07:03:52.560 : Received a new Handoff encryption key from "McB Mac Pro"
26/3/15 7:08:56.544 am sharingd[310]: 07:08:56.543 : Requesting Handoff encryption key from "McB iPad Retina"
26/3/15 7:09:18.040 am sharingd[310]: 07:09:18.040 : Requesting Handoff encryption key from "McB iPad Retina"
26/3/15 7:09:19.227 am sharingd[310]: 07:09:19.227 : Received a new Handoff encryption key from "McB iPad Retina"
From the look of it, either the Macbook Pro didn't receive any encryption key request, or was ignoring them for some reason. So the Macbook got everyone's key hence can see others' Handoff payload, but since none of others had the Macbook Pro's key, its payload could not be seen by any other devices.
Now I know the cause, but I have no idea how to fix it. Any recommendation and suggestions would be very much appreciated.
Cheers
KennethHere is the results. BTW, that's the longest, messiest script I have ever seen! :-P
Start time: 01:23:08 03/27/15
Revision: 1307
Model Identifier: MacBookPro11,3
System Version: OS X 10.10.2 (14C1514)
Kernel Version: Darwin 14.1.0
Time since boot: 1:27
UID: 501
USB
v240b (Hewlett Packard)
Activity
en0: in 7, out 82 (KiB/s)
Energy (lifetime)
WindowServer (UID 88): 11.81
kernel_task (UID 0): 6.52
Memory (MB)
kernel_task (UID 0): 1417
Font issues: 6
Listeners
kdc: kerberos
launchd: afpovertcp
launchd: microsoft-ds
launchd: ssh
Diagnostic reports
2015-03-26 Google Drive crash x2
2015-03-26 discoveryd crash
2015-03-26 sharingd crash
HID errors: 10
Kernel log
Mar 26 21:20:33 key_getsastat: Error finding SAs.
Mar 26 21:21:03 key_getsastat: Error finding SAs.
Mar 26 21:24:20 SATA WARNING: IDENTIFY DEVICE checksum not implemented.
Mar 26 21:24:28 SIOCPROTODETACH_IN6: utun0 error=6
Mar 26 21:25:22 utun_start: ifnet_disable_output returned error 12
Mar 26 21:53:29 [IOBluetoothHostControllerUSBTransport][ReceiveInterruptData] -- kIOReturnAborted, data size is 0, but data in buffer -- (data Length = 39, packet length = 41) Data Content:
Mar 26 21:53:31 [IOBluetoothHostControllerUSBTransport][ReceiveInterruptData] -- previous data from kIOReturnAborted -- before combine the data (39)
Mar 26 21:53:31 [IOBluetoothHostControllerUSBTransport][ReceiveInterruptData] -- previous data from kIOReturnAborted -- after combine the data (39)
Mar 26 22:03:04 TLV Error:
Mar 26 22:03:04 IO80211AWDLPeerManager::updateLocalRequests can't allocate service descriptor for add len 30 type 2 Tlv Error
Mar 26 22:41:42 SATA WARNING: IDENTIFY DEVICE checksum not implemented.
Mar 26 22:41:51 SIOCPROTODETACH_IN6: utun0 error=6
Mar 26 22:43:03 utun_start: ifnet_disable_output returned error 12
Mar 26 23:24:32 SATA WARNING: IDENTIFY DEVICE checksum not implemented.
Mar 26 23:24:41 SIOCPROTODETACH_IN6: utun0 error=6
Mar 26 23:25:04 SATA WARNING: IDENTIFY DEVICE checksum not implemented.
Mar 26 23:25:13 SIOCPROTODETACH_IN6: utun0 error=6
Mar 26 23:25:18 utun_start: ifnet_disable_output returned error 12
Mar 26 23:27:56 SATA WARNING: IDENTIFY DEVICE checksum not implemented.
Mar 26 23:28:04 SIOCPROTODETACH_IN6: utun0 error=6
Mar 26 23:47:21 TLV Error:
Mar 26 23:47:21 IO80211AWDLPeerManager::updateLocalRequests can't allocate service descriptor for add len 30 type 2 Tlv Error
Mar 26 23:56:10 SATA WARNING: IDENTIFY DEVICE checksum not implemented.
Mar 26 23:56:19 SIOCPROTODETACH_IN6: utun0 error=6
Mar 26 23:57:45 utun_start: ifnet_disable_output returned error 12
System log
Mar 27 00:51:20 WindowServer: window b4 is already attached to window a9
Mar 27 00:51:20 WindowServer: window b4 is already attached to window a9
Mar 27 00:51:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:51:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:51:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:51:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:51:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:00 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:00 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:00 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:00 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:00 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:21 WindowServer: window b4 is already attached to window a9
Mar 27 00:52:23 WindowServer: _CGXGetWindowOrderingGroup: Operation on a window 0xb4 requiring rights 0x5 by caller System Preferences
Mar 27 00:52:58 WindowServer: WSGetSurfaceInWindow : Invalid surface 1117615552 for window 105
Mar 27 00:54:14 CalendarAgent: Stream 0x7f9b13a613d0 is sending an event before being opened
Mar 27 00:54:17 secd: SOSCoderUnwrap dpZjh3pDb8IzCtdhnahlx6AVHS Decode OTR Protected Packet: The operation couldn’t be completed. (OSStatus error -25293 - dpZjh3pDb8IzCtdhnahlx6AVHS Cannot expose message: -25293)
Mar 27 01:12:02 CalendarAgent: Stream 0x7f9b13b8a810 is sending an event before being opened
Mar 27 01:18:33 Notes: Stream 0x60000010c570 is sending an event before being opened
Mar 27 01:19:59 Notes: Stream 0x60000010a830 is sending an event before being opened
Mar 27 01:22:48 Notes: Stream 0x60800010dc80 is sending an event before being opened
launchd log
Mar 26 23:25:15 com.apple.xpc.launchd.user.501.100007.Aqua: Could not import service from caller: caller = otherbsd.227, service = com.linebreak.CloudLoginHelper, error = 119: Service is disabled
Mar 26 23:25:15 com.apple.xpc.launchd.user.501.100007.Aqua: Could not import service from caller: caller = otherbsd.227, service = com.radiantlabs.Living-Earth-Launcher, error = 119: Service is disabled
Mar 26 23:25:15 com.apple.xpc.launchd.user.501.100007.Aqua: Could not import service from caller: caller = otherbsd.227, service = com.tencent.localserver, error = 119: Service is disabled
Mar 26 23:25:15 com.apple.xpc.launchd.user.501.100007.Aqua: Could not import service from caller: caller = otherbsd.227, service = com.tencent.ScreenCapture, error = 119: Service is disabled
Mar 26 23:25:15 com.apple.xpc.launchd.user.501.100007.Aqua: Could not import service from caller: caller = otherbsd.227, service = com.whoisonmywifi.helperagent, error = 119: Service is disabled
Mar 26 23:25:15 com.apple.xpc.launchd.user.501.100007.Aqua: Could not import service from caller: caller = otherbsd.227, service = com.xlogteam.xloghelper, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = J8RPQ294UB.com.skitch.SkitchHelper, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.vladalexa.diskfailurehelper, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.linebreak.CloudLoginHelper, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.radiantlabs.Living-Earth-Launcher, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.tencent.localserver, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.tencent.ScreenCapture, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.whoisonmywifi.helperagent, error = 119: Service is disabled
Mar 26 23:28:14 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.xlogteam.xloghelper, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = J8RPQ294UB.com.skitch.SkitchHelper, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.vladalexa.diskfailurehelper, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.linebreak.CloudLoginHelper, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.radiantlabs.Living-Earth-Launcher, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.tencent.localserver, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.tencent.ScreenCapture, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.whoisonmywifi.helperagent, error = 119: Service is disabled
Mar 26 23:56:25 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.224, service = com.xlogteam.xloghelper, error = 119: Service is disabled
Mar 27 00:43:49 com.apple.xpc.launchd.domain.pid.iBooks.598: Failed to bootstrap path: path = /Applications/iBooks.app/Contents/XPCServices/com.apple.iBooksX-SecureUserDefau lts.xpc, error = 128: The specified path is not a bundle
Loaded kernel extensions
at.obdev.nke.LittleSnitch (4234)
com.Cycling74.driver.Soundflower (1.5.1)
com.squirrels.airparrot.framebuffer (3)
com.squirrels.driver.AirParrotSpeakers (1.7)
com.symantec.kext.internetSecurity (5.2.1f2)
com.symantec.kext.ips (3.5.1f2)
com.symantec.kext.ndcengine (1.0f2)
System services loaded
at.obdev.littlesnitchd
com.DuetUSBDaemon.plist
com.adobe.fpsaud
com.apple.watchdogd
com.cisco.anyconnect.vpnagentd
com.microsoft.office.licensing.helper
com.oracle.java.Helper-Tool
com.oracle.java.JavaUpdateHelper
com.symantec.liveupdate.daemon
- status: 1
com.symantec.liveupdate.daemon.ondemand
com.symantec.sharedsettings
com.symantec.symdaemon
org.macosforge.xquartz.privileged_startx
System services disabled
org.openldap.slapd
com.apple.mrt
com.apple.PasswordService
Login services loaded
2BUA8C4S2C.com.agilebits.onepassword-osx-helper
at.obdev.LittleSnitchUIAgent
com.ApogeePopup.plist
com.apple.mrt.uiagent
com.cisco.anyconnect.gui
com.google.keystone.user.agent
com.oracle.java.Java-Updater
com.symantec.uiagent.application
org.macosforge.xquartz.startx
Login services disabled
com.apple.photostream-agent
User services disabled
com.apple.photostream-agent
Startup items
/Library/StartupItems/HWNetMgr/HWNetCfg
/Library/StartupItems/HWNetMgr/HWNetMgr
/Library/StartupItems/HWNetMgr/StartupParameters.plist
/Library/StartupItems/HWPortDetect/HWPortCfg
/Library/StartupItems/HWPortDetect/HWPortDetect
/Library/StartupItems/HWPortDetect/StartupParameters.plist
User login items
Quicksilver
- /Applications/Quicksilver.app
Dropbox
- /Applications/Dropbox.app
Google Drive
- /Applications/Google Drive.app
iCloud errors
bird 219
cloudd 91
comapple.InputMethodKit.UserDictionary 5
storedownloadd 2
Continuity errors
lsuseractivityd 6
Safari 1
Contacts 1
Calendar 1
Restricted files: 106
Data packages
/Users/USER/Dropbox/apps/macjournal/MacJournal Data.mjdoc
Contents of /Library/LaunchAgents/at.obdev.LittleSnitchUIAgent.plist
- mod date: Jan 9 15:56:02 2015
- size (B): 464
- checksum: 2014742307
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>at.obdev.LittleSnitchUIAgent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Little Snitch/Little Snitch Agent.app/Contents/MacOS/Little Snitch Agent</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.ApogeePopup.plist
- mod date: Mar 10 09:46:31 2015
- size (B): 640
- checksum: 2520660496
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.ApogeePopup.plist </string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/unloadApogeePopupTemp</key>
<false/>
</dict>
</dict>
<key>RunAtLoad</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Apogee/ApogeePopup.bundle/Contents/ApogeePopup.app/Contents/MacOS/Apoge ePopup</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.cisco.anyconnect.gui.plist
- mod date: Dec 20 23:50:41 2010
- size (B): 734
- checksum: 993854663
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN
http://www.apple.com/DTDs/PropertyList-1.0.dtd >
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.cisco.anyconnect.gui</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>--wait-apps</string>
<string>/Applications/Cisco/Cisco AnyConnect VPN Client.app</string>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/opt/cisco/vpn/gui_keepalive</key>
<true/>
</dict>
</dict>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- mod date: Oct 10 10:33:34 2014
- size (B): 104
- checksum: 2293328306
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
<string>-bgcheck</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>17</integer>
<key>Minute</key>
<integer>5</integer>
<key>Weekday</key>
<integer>1</integer>
</dict>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchAgents/com.symantec.uiagent.application.plist
- mod date: Sep 13 11:59:24 2014
- size (B): 476
- checksum: 2715641560
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.symantec.uiagent.application</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Symantec/SymUIAgent/SymUIAgent.app/Contents/MacOS/SymUIAgent</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.teamviewer.teamviewer.plist
- mod date: Aug 8 14:34:37 2014
- size (B): 668
- checksum: 1602219417
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.teamviewer.teamviewer</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/TeamViewer.app/Contents/MacOS/TeamViewer</string>
<string>-RunAsAgent</string>
<string>YES</string>
</array>
<key>WorkingDirectory</key>
<string>/Applications/TeamViewer.app/Contents/MacOS/</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>Disabled</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
- mod date: Aug 22 22:48:52 2014
- size (B): 779
- checksum: 2466887275
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.teamviewer.desktop</string>
<key>LimitLoadToSessionType</key>
<array>
<string>LoginWindow</string>
<string>Aqua</string>
</array>
<key>ProgramArguments</key>
<array>
<string>/Applications/TeamViewer.app/Contents/Helpers/TeamViewer_Desktop</strin g>
<string>-RunAsAgent</string>
<string>YES</string>
<string>-Module</string>
<string>Full</string>
</array>
<key>WorkingDirectory</key>
<string>/Applications/TeamViewer.app/Contents/Helpers/</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
...and 4 more line(s)
Contents of /Library/LaunchDaemons/at.obdev.littlesnitchd.plist
- mod date: Jan 9 15:56:02 2015
- size (B): 631
- checksum: 4174275850
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>at.obdev.littlesnitchd</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Little Snitch/Little Snitch Daemon.bundle/Contents/MacOS/Little Snitch Daemon</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Library/Logs/LittleSnitchDaemon.log</string>
<key>StandardOutPath</key>
<string>/Library/Logs/LittleSnitchDaemon.log</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.DuetUSBDaemon.plist
- mod date: Mar 10 09:46:31 2015
- size (B): 697
- checksum: 1799602859
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>WorkingDirectory</key>
<string>/Library/Audio/Plug-Ins/HAL/Apogee/DuetUSB/DuetUSBPlugIn.bundle/Content s/MacOS</string>
<key>Label</key>
<string>com.DuetUSBDaemon.plist</string>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/unloadDuetUSBDaemonTemp</key>
<false/>
</dict>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/Audio/Plug-Ins/HAL/Apogee/DuetUSB/DuetUSBPlugIn.bundle/Content s/MacOS/duetUSBDaemon</string>
</array> -
Installation with LVM and gpg-encrypted key, what to tell Grub
Hi,
after years of using Gentoo Linux I grew tired of the compilation effort, so I decided to give Arch Linux a shot. I like the idea of a basic system which I can fit to my needs instead of a bloated distribution.
I want to encrypt my disk and did this with the following tutorials:
Official Arch Linux Install Guide
DM Crypt with LUKS
Basic Cryptsetup
Gentoo DM-Crypt with LUKS
So far, the installation worked well, but I'm stuck with this problem:
I have a gpg encrypted key stored on a SD-Card.
My mkinitcpio.conf has the hook line:
HOOKS="base udev autodetect pata scsi sata mmc usbinput fsck keymap encrypt lvm2 filesystems
/etc/default/grub contains:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda6:vg root=/dev-mapper/vg-root ro cryptkey=/dev/mmcblk0p1:jfs:/Key.gpg"
However, if I am booting, there are the following outputs:
No key available with this passphrase.
Invalid keyfile. Reverting to passphrase.
A password is required to access the vg volume:
Enter passphrase for /dev/sda6:
So, obviously, he isn't able to gpg-decrypt the key, or am I missing something?
I do really need some help at this point.On my gentoo installation, I had to tell cryptsetup to use the decrypted key as password for the new key. In fact
gpg -q -d <GPG-Keyfile> | cryptsetup luksOpen /dev/<encryptedPartition> <cryptContainer>
did exactly what I wanted.
I wanted to have my system highly secured, so a password-protected keyfile on an extern medium was the best choice.
Edit: There has been another tutorial: System encryption with gpg encrypted keys, but it's out of date.
Last edited by iarumas (2012-12-05 22:50:34) -
WLS70 SSL encrypted keys and Certificate Request Generator
Hi,
we are trying to certificate our WLS 7.0. We use the Certificate Request Generator
webapp for generating the request. The generator forces the user to give in a
private key password. But in the server's SSL config tab the field "Use encrypted
Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Is this a bug
in WLS7.0?Hi Alain,
thanks for your workaround. We will check it out ... although I've been instructed
on the BEA admin trainee to never change config.xml manually :)
"Alain Hsiung" <[email protected]> wrote:
Hi Joern
consider it a bug or not, you can go to the file config.xml and edit
the
XML attribute "KeyEncrypted" of the XML element "SSL" to "true".
Hope this helps.
Regards
Alain Hsiung, Ideartis Inc.
"Joern Wohlrab" <[email protected]> wrote in message
news:[email protected]..
Hi,
we are trying to certificate our WLS 7.0. We use the Certificate RequestGenerator
webapp for generating the request. The generator forces the user togive
in a
private key password. But in the server's SSL config tab the field"Use
encrypted
Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Isthis a
bug
in WLS7.0? -
Managing Server Encryption Keys in IDM 8.1
I am trying to import the server encryption key from my local machine to the development environment. However, I get the error "java.lang.IllegalStateException: Error attempting to decrypt: Given final block not properly padded".
I am attempting to import the keys with the lh import command like I would with the other custom configuration objects. I have checked the JDK on my machine vs the development machine and they are both running JDK's from Sun.
Any ideas?Hi,
Some more information would be helpful. What versions of IDM, what vendor and version of JDK, what server encryption type is configured for each IDM server, how was the key exported, have you tried importing a key from any other IDM instance, etc. The more info, the better.
Thanks,
Mike -
MIGO error 'Purchase Order does not contain a confirmation control key'
Hi,
while posting GR to a PO i am getting an error ' Purchase order XXXXXXXXX does not contain a confirmation control key'
it is true that i have not defined any confirmation control key in PO, Aknowled rerd checkbox is also not ticked
Still why this message coming, what setting would be bringing this message
Please clarityHi,
Until the installation of Note 589422 (with SP SAPKH46C43) you could due to a program error - create a delivery even though the purchase order did not contain any confirmation control key.
This is now prevented through error message M7394. The transfer of this check (Confirmation control key existing in the purchase order, see Note 589422) was necessary as otherwise you could post a purchase order as desired. (Refer to also Note 616944 -> SAPKH46C44)
589422 Several inbound deliveries can be created with MIGO :
"Implement the program correction.
With Transaction SE91 create message M7394 with the message text:
Purchase order & & does not contain a confirmation control key".
After you implemented this correction, when you want to create an
inbound delivery with Transaction MB01 or MIGO or with
BAPI_GOODSMVT_CREATE and if the purchase order does not contain a
confirmation control key the system displays error message M7394
"Purchase order & & does not contain a confirmation control key".
Hope this can explain the error you met.
Regards,
Mauro -
WRT54G v6 -- PCs' not able to enter encryption key?
Just bought a WRT54G, replacing an older Linksys wireless router (BEF.... something)...
I set up the new router with an encryption key (128-bit key using WEP).
My work PC, which for security reasons has the encryption key already built in, finds the network and works fine.
My home PCs (new HP notebook running XP pro) which do not already have that key set up, detect the network, says it's secured, but when I click on connect, it never prompts me for a network key to enter, just gives an error message saying it can't connect. Nowhere can I find anywhere to manually bring up properties, etc.
Same problem on a 2-year old Toshiba laptop with XP pro, and an Apple iBook with Mac OS X.
I've connected many times to other wireless networks with encryption keys, this is the first time I've experienced this.
Any help would be appreciated -- is there some router setting I'm missing that will enable this to work?
Thank you.sharkbyte, even if you do not delete the entry of your preferred wireless network, it should prompt with a network key...
what you can do is to do this
click START
go to RUN
type in services.msc
under the service local window, look for wireless zero configuration, right click on it then click on restart.
then try to connect wirelessly again.. It should prompt you with a network key already
"a helping hand in a community makes the world a universe" -
Need Help on How to Change The Encryption Key and or Change security settings
Hello, i just installed the wireless router and i would like to know how i can change the encryption key or change the security settings (i want it so you do not have to answer it with a password). Thank you in advance.
Message Edited by DARK_MARIO on 01-06-200706:10 PMHi…
In order to change the wireless settings of your router you need to login into the router configuration page. Open your internet explorer browser…in the address bar type http://192.168.1.1 ( Default IP address). Leave the username field balnk……type admin as password (If you have not changed the router password). When the setup page loads fully…..click on the tab that says wireless. Just below the main tab wireless ….click on the sub tab that says wireless security. You can Change the wireless security settings here. After the changes are made click on save settings. -
Safari Doesnot work when encryption key is enabled!
Hello!
I'm running a wireless homenetwork with my Ibook and two other Windows computers that run on ethernet LAN. All three get their connection from a 2-wire router.
The Problem:
Whenever i open safari with my ibook i get a msg that sates "safari cant connect/find server blahblahblh" (or something like that)
So, i called my ISP tech support. We found out that if i disable my encryption key Safari will work correctly.
But, i would rather prefer using an encryption key so that my neighbor doesnt steal my bandwidth.
Somebody help me! please
ISP:yahooDSL
ROUTER:2wire2700Which wireless encryption are you using: WEP-Open, WEP-Shared, or WPA-PSK on the 2Wire gateway? WPA-PSK would be the most secure and preferable over either WEP.
If you must use WEP, especially in a mixed (PC/Mac) environment, always use Hex characters:
- 10 Hex characters (for 40-bit WEP)
- 26 Hex characters (for 128-bit WEP)
(ref: http://docs.info.apple.com/article.html?artnum=106424)
Maybe you are looking for
-
How to make the iPad open a link (from a website, from an email, from another app, from anywhere) in the correct app? i.e. open in Etsy, Pinterest, Instagram...
-
I am wondering, what is the best way to import text into an InDesign document? I usually just drag a word doc onto the InDesign document - but i sometimes get issues where hard returns are placed in the middle of paragraphs and other annoying glitche
-
File Upload field in livecycle designer
Hi Am trying to create a form which allow user to add an attachment and want to display the size of the attached field.And also i wnt to save the form in the local system .Could anyone help me to come out of this.
-
Search files which filename contains a speicific string
Hi I'm lookng for a way to find all files in a directory which part of filename contains a specific string. e.g.: string = hello files; - 1hello2.txt - 22he45.txt - gehello42353.txt, .... The result should be either an index or the complete filename
-
Linksys SRW 2048 constant blinking and slow
Hi all. I tried to search but was not very successful with finding my answer but my problem is that all of the ports are constantly blinking fast. Is this normal? I have the 2048 switch connected to a linksys wrvs440n router on port 48. Even the non