Mthtv-backend fails after upgrade in Debian Bullyseye

My mythtv settings are not saved or being read after upgrading mythtv-common. My mythtv server is Linux server 5.3.0-3-amd64 #1 SMP Debian 5.3.15-1 (2019-12-07) x86_64 GNU/Linux. All commands are done through the terminal. Last update is 2020-0106.

view the version of Debian

lsb_release -a

No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux bullseye/sid
Release: testing
Codename: bullseye

I am having to reconfigure mythtv-common and mythtv-backend after every upgrade. The steps to reconfigure the packages are listed below.

Reconfiguring mythtv-common

# dpkg-reconfigure --force mythtv-common

Reconfiguring mythtv-database

# dpkg-reconfigure --force mythtv-database

restart the mythtv-backend and check that it is running

# systemctl restart mythtv-backend

# systemctl status mythtv-backend

The following line shows success.

Active: active (running) since Mon 2020-01-06 21:15:15 CST; 2s ago

Anbox on Debian 11 Bullseye

Installation

Installation instructions from https://docs.anbox.io/userguide/install.html.

Install snap on computer. I already had it installed.

Kernel modules have to be installed. https://docs.anbox.io/userguide/install_kernel_modules.html and https://github.com/Anbox/Anbox-modules

I followed the the github website for installing kernel modules.

Install the anbox snap or use the debian package. I used the debian package.

apt install anbox

Install Applications

https://docs.anbox.io/userguide/install_apps.html

Android applications for downloading https://www.apkmirror.com/uploads/

Android on qemu

I would like to try this. QEMU has been around longer and hopefully more stable. https://fosspost.org/tutorials/install-android-8-1-oreo-on-linux

Last updated on 2020-0102

Renewing a Certbot Letsencrypt Webserver Certificate

Situation: 2019-0417: I run my own webserver and my SSL/TLS encryption certificates expired.

Background: I like to use certbot to create and manage my SSL/TLS certificates and the certificates expire every 90 days. Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your web server. https://certbot.eff.org/about/

My server is running:
Linux server 4.17.0-1-amd64 #1 SMP Debian 4.17.8-1 (2018-07-20) x86_64 GNU/Linux
Distributor ID: Debian
Description:    Debian GNU/Linux testing (buster)
Release:        testing
Codename:       buster

Assessment: I will outline the steps I took for renewing my certificate.

Implementation: All commands are run in a terminal.

1. stop the apache web server

systemctl stop apache2

2. View the certificates installed and see their expiration date

certbot certificates 

3. certbot command to renew certificate

certbot certonly --cert-name [name-of-your-certificate-here] --force-renewal 

You get the following output

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

my selection:

choose option 2 "Spin up a temporary webserver (standalone)"   

3. restart apache2

 systemctl start apache2  

4. View certificate and check new date

 certbot certificates  

5. Check certificate at ssl labs

https://www.ssllabs.com/ssltest

Finished 2019-0417

Mythtv fails on update setting up mythtv and mythtv-database (29.1+fixes20180603.git1777cc4425-dmo1)

Situation: I was getting the following error message on updating the mythtv package from https://www.deb-multimedia.org testing/main amd6.

Setting up mythtv-database (29.1+fixes20180603.git1777cc4425-dmo1) …
Failed to connect to database: Access denied for user
‘root’@’chadchenault.com’ (using password: NO) at -e line 5, <> line 1.

dpkg: dependency problems prevent configuration of mythtv:
mythtv depends on mythtv-database (>= 29.1+fixes20180821.gite5fc66e822-dmo1); however:
Package mythtv-database is not configured yet.

dpkg: error processing package mythtv (–configure):
dependency problems – leaving unconfigured

Background: Updates started to fail in June 2018 and after several months of internet searching, I could not find a solution. My system isSystem:
Linux server 4.17.0-1-amd64 #1 SMP Debian 4.17.8-1 (2018-07-20) x86_64 GNU/Linux
Distributor ID: Debian
Description:    Debian GNU/Linux testing (buster)
Release:        testing
Codename:       buster

Assessment: Contacted the package maintainer Christian Marillat at deb-multimedia.org for help after internet searches yielded no results.

Recommendation: Christian Marillat was kind enough to reply the next day with the suggestion to reconfigure the mythtv-database package. This will allow you to put in your database settings in the package before the software update. My update was failing because my mythtv database setting for the root user did not have a password. I entered the following command:

dpkg-reconfigure --force mythtv-database

You get the following question asking for the password for the root user of mysql/mariadb:

"This information will be used to create a database and user for MythTV. Unless you have explicitly changed the password on the MySQL server, leave this blank.

The password for the MySQL administrator account 'root':

 

It is very important to enter the password despite what prompt telling you to leave it blank. This is because if you do not store your password in plain text configuration files for security, dpkg will not find your root password. Possible places to store the root password are:

/etc/mysql/[debian.cnf, my.cnf, mariadb.cnf]

I prefer not store the password in plain text configuration files and thus will always have to enter the root mysql password when dpkg configures mythtv-database.

After configuration, you can run the upgrade:

apt upgrade

The mythtv-backend server usually crashes and does not restart when the upgrade fails with no password. You will have to restart the mythtv-backend server with the following commands:

systemctl restart mythtv-backend
systemctl status mythtv-backend

I would like to aknowledge Christian Marillat from http://deb-multimedia.org/ for his assistance and providing the mythtv package. He is doing a wonderful service.

keywords: debian, mythtv, mythtv-common, mythtv-database, mysql, mariadb

Linux Evolution Email broken/fails with Dovecot upgrade to Version 2.3

2019-0320. My Evolution email client stopped stopped working after my server upgraded Dovecot was from version 2.2 to 2.3. I was getting TLS errors in Evolution. The error was “The reported error was “Failed to get capabilities: Error performing TLS handshake: An unexpected TLS packet was received.” I also have Roundcube webmail based email and it continued to work. The fix to the problem was not hard (Thank you Linux Community) however there is not much information on the internet now on solving this problem and thus the reason I felt motivated to write this post and give back to the Linux community.

My server is Debian Sid (Buster/Debian 10). My email is setup using the guide from https://workaround.org/ispmail/stretch.

The solution to the problem is change the ssl configuration in the dovecot file “/etc/dovecot/conf.d/10-ssl.conf”. I also increased the security of the SSL/TLS protocols used. References are: https://wiki2.dovecot.org/Upgrading/2.3 and https://wiki2.dovecot.org/SSL/DovecotConfiguration.

I first needed to create a new Diffie Hellman parameters file that is involved in the TLS key exchange. This file collects entropy from the computer and took roughly an hour on my slow server computer. Enter these commands in the terminal. https://wiki2.dovecot.org/SSL/DovecotConfiguration#SSL_security_settings

cd /etc/dovecot
openssl dhparam 4096 > dh.pem

I removed the following lines in file “/etc/dovecot/conf.d/10-ssl.conf”.

ssl_protocols = !SSLv2 !SSLv3

I added and modified the following lines in file “/etc/dovecot/conf.d/10-ssl.conf”.

ssl_dh =</etc/dovecot/dh.pem
ssl_min_protocol = TLSv1.2
ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_prefer_server_ciphers = yes

Restart the dovecot service

sudo systemctl restart dovecot

Check that the dovecot service is running

sudo systemctl status dovecot

All done and Evolution email is working.

Nextcloud 14.04 broken with upgrade to php7.3 in Debian testing/sid

Nextcloud 14.04 stopped working on me. I was getting a blank page on my nextcloud website. I found the following error message in my nextcloud logfile:

"Error: Call to undefined function OC\\App\\simplexml_load_file() at \/var\/www\/cc.com\/nextcloud\/lib\/private\/App\/InfoParser.php#64".

It appears the problem was when php was updated from 7.2 to 7.3 however the apache2 webserver was trying to use the older php7.2 module and php7.3 module was not enabled. The solution is to disable the php7.2 and enable php7.3 module for apache2. The following commands are entered into the terminal.

Disable the apache2 module php7.2

sudo a2dismod php7.2

Enable the apache2 module php7.3

sudo a2enmod php7.3

Restart the Apache webserver and show it’s running status

sudo systemctl restart apache2 & sudo systemctl status apache2

I found the following site helpful: https://tecadmin.net/switch-between-multiple-php-version-on-debian/

The server was Debian testing/sid. 2019-0110


Mythtv update trouble shooting for database username, hostname, and password

My mythtv was failing on an update for “no password” for “root” user. I needed to find out what values the update script was using for the database username, hostname, and password. This link had a script listed to show these values. I will repeat the script below.

Put the following in a file, mark it as executable and run it.  This will print the variables the mythtv-database upgrade script is using.

#!/bin/sh -e
/usr/share/debconf/confmodule
db_get mythtv/mysql_admin_user
admin_username=”$RET”
db_get mythtv/mysql_admin_password
admin_password=”$RET”
db_get mythtv/mysql_host
hostname=”$RET”
if test -z “$hostname”; then
hostname=localhost
fi
db_get mythtv/mysql_mythtv_dbname
database=”$RET”
echo “MythTV database upgrade variables (Debian):”
echo ” Username: $admin_username”
echo ” Password: $admin_password”
echo ” Hostname: $hostname”
echo ” Database: $database”

 

Certbot and Let’s Encrypt errors on creating a certificate

I was having failures creating new certificates in certbot due to a change in their code. I previously ran the following command to create a website certificate for an apache server running on Debian 8 Jessie.

# certbot run --verbose --text --apache --rsa-key-size 4096 --email your-email.com --agree-tos -d your-domain-name.com,alternative-domain-name.org,third-domain-name.com

This used to work but now (2018-0226) it doesn’t. Here is the output of error:

Performing the following challenges: 
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
Exiting abnormally:
Traceback (most recent call last):
 File "/usr/bin/certbot", line 11, in <module>
 load_entry_point('certbot==0.10.2', 'console_scripts', 'certbot')()

I found the answer here: https://github.com/certbot/certbot/issues/5405

The following command worked, substitute working values for “your-email.com” and “your-domain-name.com”.

# certbot certonly --standalone --verbose --text --rsa-key-size 4096 --email your-email.com --agree-tos -d your-domain-name.com --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"

This is for the following version of certbot.

# certbot --version
certbot 0.10.2

The end 🙂

Add SSL Certificate to Postfix and Dovecot with Let’s Encrypt

I am running a Debian 8 Jessie email server with postfix and dovecot. I wanted to change from self signed certificates to certificates from Let’s Encrypt. It was easy to do and I wish had not waited so long to change. This blog post, https://www.shivering-isles.com/lets-encrypt-free-trusted-certificates-for-postfix-and-dovecot/ explained it perfectly for me, so there is no need for me to document the commands.

https://letsencrypt.org/