Welcome to zewaren.net. This site presents myself and mostly archives the solutions to some problems I once had.

How to use user/password authentication with OpenVPN on FreeBSD

Not so frequently asked questions and stuff: 

ImageThe FreeBSD logo

2014-11-03.

Configure the system

To use a textfile password database, install pam_pwdfile:

make -C /usr/ports/security/pam_pwdfile install clean

Generate your password using OpenSSL or anything else.

openssl passwd -crypt superpassword

Populate /usrl/local/etc/ovpn/passwd with your user/password database.

guest1:VgocPdscg2SzY
guest2:2aRomUmF3ALJU
guest3:fW4lUmBwz56Rg
guest4:Rcf3wcHgMhPkM
guest5:9CVFYqvOjgw.Y

Configure pam in /etc/pam.d/openvpn:

auth            required        /usr/local/lib/pam_pwdfile.so pwdfile=/usr/local/etc/ovpn/passwd
account         required        pam_permit.so
session         required        pam_permit.so
password        required        pam_deny.so

To test your PAM setup, install pamtester and use it.

# make -C /usr/ports/security/pamtester install clean
[...]

# pamtester -v openvpn guest1 authenticate
pamtester: invoking pam_start(openvpn, guest1, ...)
pamtester: performing operation - authenticate
Password:
pamtester: successfully authenticated

On your server configuration file, add:

plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-pam.so openvpn
duplicate-cn   #add this if you want to have multiple connections using the same certificate. Otherwise, they'all get the same IP and you'll have problems.

On your clients, add:

auth-user-pass

LDAP Auth

Instal pam_ldap.

make -C /usr/ports/security/pam_ldap install clean

Create a configuration file, for example: /usr/local/etc/ovpn/ldap.conf, and populate it as usual.

host ldap-server.example.com
base dc=example,dc=com
ldap_version 3
binddn cn=pam,ou=services,dc=example,dc=com
bindpw DY5K82cG5avkCkz
port 389
scope sub
bind_timelimit 10
bind_policy soft
pam_filter objectclass=inetOrgPerson
pam_login_attribute uid
pam_password exop
nss_base_passwd         ou=people,dc=example,dc=com
nss_base_group          ou=group,dc=example,dc=com

To have your users be able to authenticate using both the text files and LDAP, use a configuration like this one:

auth            sufficient      /usr/local/lib/pam_ldap.so no_warn try_first_pass config=/usr/local/etc/ovpn/ldap.conf
auth            required        /usr/local/lib/pam_pwdfile.so pwdfile=/usr/local/etc/ovpn/passwd
account         required        pam_permit.so
session         required        pam_permit.so
password        required        pam_deny.so

Otherwise, create your PAM configuration as usual.

How to verify DKIM signatures manually

Posted 2014-10-31.
ImageImageImage

Situation

You're setting up DKIM on your SMTP servers. You'd like to be able to check if your emails are signed correctly.

Using perl

Use Mail::DKIM::Verifier.

As per the documentation:

use Mail::DKIM::Verifier;

# create a verifier object
my $dkim = Mail::DKIM::Verifier->new();

# read an email from a file handle
#$dkim->load(*STDIN);

# or read an email and pass it into the verifier, incrementally
while ()
{
    # remove local line terminators
    chomp;
    s/\015$//;

    # use SMTP line terminators
    $dkim->PRINT("$_\015\012");
}
$dkim->CLOSE;

# what is the result of the verify?
my $result = $dkim->result;

# there might be multiple signatures, what is the result per signature?
foreach my $signature ($dkim->signatures)
{
    print "signature identity: " . $signature->identity . "\n";
    print "verify result: " . $signature->result_detail . "\n";
}

# the alleged author of the email may specify how to handle email
foreach my $policy ($dkim->policies)
{
    die "fraudulent message" if ($policy->apply($dkim) eq "reject");
}

Usage:

perl dkim_checker.pl 

Using PHP

Download php-dkim and phpseclib into the same folder. Write a sample code to use the classes:
validate();
print_r($r);

Usage:

php dkim_checker.php  Array
        (
            [0] => Array
                (
                    [status] => pass
                    [reason] => Success!
                )

        )

)

php dkim_checker.php  Array
        (
            [0] => Array
                (
                    [status] => permfail
                    [reason] => signature did not verify (example.com key #0)
                )

        )

)

Using python

Install pydkim.

cd dkimpy-0.5.4 && python setup.py install

Usage:

/usr/local/bin/dkimverify.py 

Serve Clonezilla with PXE using TFTP on a UEFI computer

AttachmentSize
Package icon pxe-clonezilla-live-uefi.zip254.41 KB
PXE: 

Image

Fetch the required files

What you need:

  • Clonezilla's zip file: clonezilla-live-20140915-trusty-amd64.zip
  • syslinux-6.03.zip Download it on kernel.org.
  • pxelinux's config file (pxelinux.cfg/default):
    DEFAULT Clonezilla-live
    
    LABEL Clonezilla-live
     MENU LABEL Clonezilla Live (Ramdisk)
     KERNEL vmlinuz
     APPEND initrd=initrd.img boot=live config noswap nolocales edd=on nomodeset ocs_live_run="ocs-live-general" ocs_live_extra_param="" ocs_live_keymap="" ocs_live_batch="no" ocs_lang="" vga=788 nosplash noprompt fetch=tftp://[INSERT YOUR IP HERE]/filesystem.squashfs
    

Extract PXELINUX's files

Extract the following files into the current folder.

\efi64\efi\syslinux.efi
\efi64\com32\elflink\ldlinux\ldlinux.e64

Extract clonezilla's files

Extract the required files from the zipfile in the current folder.

live/vmlinuz
live/initrd.img
live/filesystem.squashfs

Check that you have all the required files

Your folder should look like this:

filesystem.squashfs
initrd.img
ldlinux.e64
pxelinux.cfg/default
syslinux.efi
vmlinuz

Configure

Edit pxelinux.cfg and insert your IP. You can also preset parameters (see http://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/99_Misc.

Boot

Set up your DHCP and TFTP servers and boot syslinux.efi.

Sources

How to allow specific IPs to connect to a lighttpd webserver, and have the others use mod_auth

Not so frequently asked questions and stuff: 

Image

Situation

You protect your web applications using lighttpd's mod_auth.

You'd like to have some users (say, your office) access the server without having to log in.

Configuration

Filter the configuration based on your users' IPs.

$HTTP["remoteip"] != "203.0.113.92" {
    auth.backend = "ldap"
    auth.backend.ldap.hostname = "10.0.10.13"
    auth.backend.ldap.base-dn  = "ou=people,dc=example,dc=com"
    auth.backend.ldap.filter   = "(&(uid=$)(memberOf=cn=some_group,ou=sgroups,dc=example,dc=com))"
    auth.backend.ldap.bind-dn  = "cn=our_lighttpd_user,ou=services_ro,dc=example,dc=com"
    auth.backend.ldap.bind-pw  = "qdkdfsgbxxcvbiuoisj"
    auth.backend.ldap.allow-empty-pw = "disable"
    auth.require = ( "" => (
            "method"  => "basic",
            "realm"   => "Our superb realm",
            "require" => "valid-user"
        )
    )
}

If you're using a reverse proxy, use mod_extforward to retrieve the correct IPs.

server.modules += ( "mod_extforward" )
extforward.forwarder = ("198.51.100.156" => "trust")

Reference:

How to apply FreeBSD10's autotools patches manually

Not so frequently asked questions and stuff: 

The FreeBSD logoImage

Situation

You're manually building something that require autotools on FreeBSD 10.

You're used to the port system patching your autotools files, and you want to apply theses patches to your current folder.

Script

Choose your poison:

/bin/tcsh

foreach f (`find . -type f \( -name config.libpath -o -name config.rpath -o -name configure -o -name libtool.m4 -o -name ltconfig -o -name libtool -o -name aclocal.m4 -o -name acinclude.m4 \)`)
    sed -i.fbsd10bak -e 's|freebsd1\*)|freebsd1.\*)|g' -e 's|freebsd\[12\]\*)|freebsd[12].*)|g' -e 's|freebsd\[123\]\*)|freebsd[123].*)|g' -e 's|freebsd\[\[12\]\]\*)|freebsd[[12]].*)|g' -e 's|freebsd\[\[123\]\]\*)|freebsd[[123]].*)|g' $f
    touch -f -mr $f.fbsd10bak $f
    rm $f.fbsd10bak
end

/bin/sh:

for f in `find . -type f \( -name config.libpath -o -name config.rpath -o -name configure -o -name libtool.m4 -o -name ltconfig -o -name libtool -o -name aclocal.m4 -o -name acinclude.m4 \)`; do
    sed -i.fbsd10bak -e 's|freebsd1\*)|freebsd1.\*)|g' -e 's|freebsd\[12\]\*)|freebsd[12].*)|g' -e 's|freebsd\[123\]\*)|freebsd[123].*)|g' -e 's|freebsd\[\[12\]\]\*)|freebsd[[12]].*)|g' -e 's|freebsd\[\[123\]\]\*)|freebsd[[123]].*)|g' $f
    touch -f -mr $f.fbsd10bak $f
    rm $f.fbsd10bak
done

How to extract the windows license key from a Lenovo T440p recovery CDs.

Not so frequently asked questions and stuff: 

ImageImage

Situation

You own a Lenovo T440p with Windows 7 preinstalled, but you have Windows 8 recovery CDs. Unfortunately, your laptop doesn't include a CD drive.

You'd like to extract the Windows License key from the CD and install your computer yourself with a custom image (I mean, who would use a preinstalled Windows image with Norton Security for anything serious).

Chapter 1: extract the key from the CD

Five CDs were provided by Lenovo:

  • (1) Windows 8 Recovery Media for Windows 8 Products (Disk 1 of 2)
  • (1) Windows 8 Recovery Media for Windows 8 Products (Disk 2 of 2)
  • (2) Operating System Recovery Disk Windows 8 Pro (OEM Activation 3.0 Required) (Disk 1 of 2)
  • (2) Operating System Recovery Disk Windows 8 Pro (OEM Activation 3.0 Required) (Disk 2 of 2)
  • (1) Windows 8 Recovery Media for Windows 8 Products (Disk 1 of 1)
  • Office pro 2013

My guess is that we'll find what we need in the largest file contained in the CDs, which should be a Windows installation image.

This file is: M8S4AUS.swm. This looks like a split WIM file.

Let's merge it and open it.

E:\RECOVERY>imagex /export /ref M8S4AUS*.swm M8S4AUS.swm 1 exported.wim "exported"

ImageX Tool for Windows
Copyright (C) Microsoft Corp. All rights reserved.
Version: 6.3.9600.16384

Exporting: [E:\RECOVERY\M8S4AUS.swm, 1] ->
           [E:\RECOVERY\exported.wim]
[ 100% ] Exporting progress

Successfully exported image #1.
Total elapsed time: 15 min 49 sec
imagex /MOUNT exported.wim 1 c:\truc

ImageX Tool for Windows
Copyright (C) Microsoft Corp. All rights reserved.
Version: 6.3.9600.16384
Mounting: [E:\RECOVERY\exported.wim, 1] -> [c:\truc]...
[ 100% ] Mounting progress
Successfully mounted image.
Total elapsed time: 42 sec

Let's see what's inside.

E:\RECOVERY>dir c:\truc

 Volume in drive C has no label.
 Volume Serial Number is 2E2F-1418

 Directory of c:\truc

2014-10-08  18:30              .
2014-10-08  18:30              ..
2012-07-26  09:33              PerfLogs
2013-03-25  23:07              Program Files
2013-03-25  23:07              Program Files (x86)
2013-03-26  15:02              SWWORK
2013-03-25  23:03              Users
2013-03-26  00:15              Windows
               0 File(s)              0 bytes
               8 Dir(s)  22,738,112,512 bytes free

Bingo! This definitely looks like a Windows image.

Download and start ProduKey. Open the Select Source window and Load the product keys from external Windows directory.

Image

Voilà, the associated Microsoft keys are extracted and displayed.

Image

Chapter 2: extract the key from the BIOS

Unfortunately, we did chapter 1 for nothing, since the key R3C2N-HT63Q-F4RKH-KPP3R-3667Q is a generic key called: Windows® 8 Default Product Keys to be used with OEM Activation 3.0.

This means that the real key is embedded inside the computer's BIOS.

Download RWEverything, click on ACPI, and go to tab MSDM.

Your key should be here.

Image

Enjoy your license.

How to install pecl-apd with PHP 5.5 on FreeBSD

Not so frequently asked questions and stuff: 

Image

This was written on 2014-10-05.

Fetch source (revision was 297236 at the time).

# svn co http://svn.php.net/repository/pecl/apd/trunk

Apply the following patch:

diff --git a/php_apd.c b/php_apd.c
index 9d7f238..3b1fe7e 100644
--- a/php_apd.c
+++ b/php_apd.c
@@ -56,11 +56,19 @@
 #undef TRACE_ZEND_COMPILE /* define to trace all calls to zend_compile_file */
 ZEND_DLEXPORT zend_op_array* apd_compile_file(zend_file_handle* TSRMLS_DC);
 ZEND_DLEXPORT zend_op_array* (*old_compile_file)(zend_file_handle* TSRMLS_DC);
+#if PHP_VERSION_ID = 20020731
 ZEND_DLEXPORT void apd_execute_internal(zend_execute_data *execute_data_ptr, int return_value_used TSRMLS_DC);
 #endif
 ZEND_DLEXPORT void (*old_execute)(zend_op_array *op_array TSRMLS_DC);
+#else
+ZEND_DLEXPORT void apd_execute_ex(zend_execute_data *execute_data TSRMLS_DC);
+#if  ZEND_EXTENSION_API_NO >= 20020731
+ZEND_DLEXPORT void apd_execute_internal(zend_execute_data *execute_data_ptr, struct _zend_fcall_info *fci, int return_value_used TSRMLS_DC);
+#endif
+ZEND_DLEXPORT void (*old_execute_ex)(zend_execute_data *execute_data TSRMLS_DC);
+#endif
 
 ZEND_DLEXPORT void onStatement(zend_op_array *op_array);
 ZEND_DECLARE_MODULE_GLOBALS(apd);
@@ -337,7 +345,7 @@ char *apd_get_active_function_name(zend_op_array *op_array TSRMLS_DC)
            }
        } 
        else {
-           switch (execd->opline->op2.u.constant.value.lval) {
+           switch (execd->opline->extended_value) {
            case ZEND_EVAL:
                funcname = estrdup("eval");
                break;
@@ -441,8 +449,8 @@ static void log_time(TSRMLS_D)
        if(utime || stime || rtime) {
             int lineno = 0;
             if(EG(active_op_array)) {
-               if(EG(active_op_array)->start_op) {
-                   lineno = EG(active_op_array)->start_op->lineno;
+               if(EG(start_op)) {
+                   lineno = EG(start_op)->lineno;
                } else if(EG(active_op_array)->opcodes) {
                    lineno = EG(active_op_array)->opcodes->lineno;
                }
@@ -510,28 +518,46 @@ PHP_MINIT_FUNCTION(apd)
 {
    ZEND_INIT_MODULE_GLOBALS(apd, php_apd_init_globals, NULL)
    REGISTER_INI_ENTRIES();
+
+#if PHP_VERSION_ID op_array;
+#endif
    char *fname = NULL;
    
    fname = apd_get_active_function_name(op_array TSRMLS_CC);
        trace_function_entry(EG(function_table), fname, ZEND_USER_FUNCTION,
                        zend_get_executed_filename(TSRMLS_C),
                        EG(in_execution)?zend_get_executed_lineno(TSRMLS_C):0);
-       old_execute(op_array TSRMLS_CC);
+#if PHP_VERSION_ID 

If you don't, you'll have the following error output:
 cc -I. -I/root/apdgit/apd2/trunk -DPHP_ATOM_INC -I/root/apdgit/apd2/trunk/include -I/root/apdgit/apd2/trunk/main -I/root/apdgit/apd2/trunk -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /root/apdgit/apd2/trunk/php_apd.c  -fPIC -DPIC -o .libs/php_apd.o
/root/apdgit/apd2/trunk/php_apd.c:206:36: warning: format string is not a string literal (potentially insecure)
      [-Wformat-security]
                fprintf(APD_GLOBALS(pprof_file), newStr);
                                                 ^~~~~~
/root/apdgit/apd2/trunk/php_apd.c:318:12: warning: assigning to 'char *' from 'const char *' discards qualifiers
      [-Wincompatible-pointer-types-discards-qualifiers]
                tmpfname = execd->function_state.function->common.function_name;
                         ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/apdgit/apd2/trunk/php_apd.c:322:15: warning: assigning to 'char *' from 'const char *' discards qualifiers
      [-Wincompatible-pointer-types-discards-qualifiers]
                                classname = Z_OBJCE(*execd->object)->name;
                                          ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/apdgit/apd2/trunk/php_apd.c:329:15: warning: assigning to 'char *' from 'const char *' discards qualifiers
      [-Wincompatible-pointer-types-discards-qualifiers]
                                classname = execd->function_state.function->common.scope->name;
                                          ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/root/apdgit/apd2/trunk/php_apd.c:340:31: error: no member named 'u' in 'union _znode_op'
                        switch (execd->opline->op2.u.constant.value.lval) {
                                ~~~~~~~~~~~~~~~~~~ ^
/root/apdgit/apd2/trunk/php_apd.c:444:29: error: no member named 'start_op' in 'struct _zend_op_array'
                                if(EG(active_op_array)->start_op) {
                                   ~~~~~~~~~~~~~~~~~~~  ^
/root/apdgit/apd2/trunk/php_apd.c:445:36: error: no member named 'start_op' in 'struct _zend_op_array'
                                        lineno = EG(active_op_array)->start_op->lineno;
                                                 ~~~~~~~~~~~~~~~~~~~  ^
/root/apdgit/apd2/trunk/php_apd.c:506:35: warning: 'memset' call operates on objects of type 'zend_apd_globals'
      (aka 'struct _zend_apd_globals') while the size is based on a different type 'zend_apd_globals *'
      (aka 'struct _zend_apd_globals *') [-Wsizeof-pointer-memaccess]
    memset(apd_globals, 0, sizeof(apd_globals));
           ~~~~~~~~~~~            ^~~~~~~~~~~
/root/apdgit/apd2/trunk/php_apd.c:506:35: note: did you mean to dereference the argument to 'sizeof' (and multiply it
      by the number of elements)?
    memset(apd_globals, 0, sizeof(apd_globals));
                                  ^~~~~~~~~~~
/root/apdgit/apd2/trunk/php_apd.c:514:15: error: non-object type 'void (zend_op_array *)' is not assignable
        zend_execute = apd_execute;
        ~~~~~~~~~~~~ ^
/root/apdgit/apd2/trunk/php_apd.c:515:24: warning: incompatible pointer types assigning to 'void
      (*)(zend_execute_data *, struct _zend_fcall_info *, int)' from 'void (zend_execute_data *, int)'
      [-Wincompatible-pointer-types]
        zend_execute_internal = apd_execute_internal;
                              ^ ~~~~~~~~~~~~~~~~~~~~
/root/apdgit/apd2/trunk/php_apd.c:544:64: error: too few arguments to function call, expected 3, have 2
        execute_internal(execute_data_ptr, return_value_used TSRMLS_CC);
        ~~~~~~~~~~~~~~~~                                              ^
/usr/local/include/php/Zend/zend_execute.h:62:1: note: 'execute_internal' declared here
ZEND_API void execute_internal(zend_execute_data *execute_data_ptr, struct _zend_fcall_info *fci, int return_...
^
/usr/local/include/php/main/../main/php_config.h:6:19: note: expanded from macro 'ZEND_API'
# define ZEND_API __attribute__ ((visibility("default")))
                  ^
/root/apdgit/apd2/trunk/php_apd.c:724:11: warning: assigning to 'char *' from 'const char *' discards qualifiers
      [-Wincompatible-pointer-types-discards-qualifiers]
        filename = zend_get_executed_filename(TSRMLS_C);
                 ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
7 warnings and 5 errors generated.
*** Error code 1

Configure and build:

# phpize
# ./configure
# make

Install:

# make install

Load:

zend_extension = "/usr/local/lib/php/20121212/apd.so"
apd.dumpdir="/var/tmp/apd"

Check:

# php -v
PHP 5.5.13 (cli) (built: Jun 11 2014 11:54:41)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2014 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2014, by Zend Technologies
    with Xdebug v2.2.5, Copyright (c) 2002-2014, by Derick Rethans
    with Advanced PHP Debugger (APD) v1.0.2-dev, , by George Schlossnagle

You'll find patched version of the project here:
Github: ZeWaren/pecl-apd (https://github.com/ZeWaren/pecl-apd).

How to create a certificate to send APNS notifications, manually using OpenSSL

Not so frequently asked questions and stuff: 

Image

Create your key.

openssl genrsa -out truc.example.org.key 2048

Create the certificate request:

openssl req -new -key truc.example.org.key -out truc.example.org.csr

Upload the CSR to Apple, and get the resultant certificate.

Optionally convert the certificate to PEM format.

openssl x509 -inform der -in truc.example.org.cer -out truc.example.org.crt.pem

Check if you can connect to APNS with your credentials:

openssl s_client -connect gateway.sandbox.push.apple.com:2195 -cert truc.example.org.crt.pem -key truc.example.org.key

Use the key and certificate files for profit.

How to add HTTP Authorization to Synology's web interface

Not so frequently asked questions and stuff: 

Image

Situation

This article is relevant to a DS412+ appliance.

You're using a small Synology server. You use the web interface for whatever purpose. (the one at http://nas.example.com:5001). You'd like to access this interface remotely, but you are afraid to open the port on your firewall since you don't trust the associated CGI scripts.

Solution

Add HTTP auth to httpd, so that any request must go through a password.

Create file /usr/syno/etc/httpd/passwd (here or in whatever location you fancy) and create your credential database.

user:$apr1$mN37yOqk$7wKJq7B710AcJSa7Y6WJD1
user2:$apr1$4zha9SDn$Vcs481LpfkUMx1Y/SybKw.
user3:$apr1$Gq/AeNY4$68DGcCVo6BdOSy1eSDjkP/
user4:$apr1$ihJ0/hfG$1MUZzj3LYKG7tU3P7S9hh/

Create file /etc/httpd/conf/extra/httpd-something.conf and configure httpd to serve on port 5002 the same content as port 5001, but with basic HTTP authentication.

Listen 5002

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authn_file_module modules/mod_authn_file.so


    ServerName *
    ServerAlias *

    SSLEngine on

    
        AuthType Basic
        AuthName "Secure Content"
        AuthBasicProvider file
        AuthUserFile /usr/syno/etc/httpd/passwd
        Require valid-user
    

Edit /etc/httpd/conf/httpd.conf-sys and include the preceding file at the end.

Include conf/extra/httpd-something.conf

Restart httpd.

/usr/syno/etc/rc.d/S97apache-sys.sh restart

Forward port 5002 in your firewall.

Image

Enjoy your (a tiny bit more) secured NAS from anywhere in the world.

Building an OTP release including Lager with rebar and reltool

Not so frequently asked questions and stuff: 

Image

Building an OTP release including Lager with rebar and reltool.

Create your app the usual way:

rebar create-app appid=testapplager

Add the following to rebar.config:

{lib_dirs,["deps"]}.
{sub_dirs, ["rel"]}.
{deps, [
    {lager, ".*", {
        git, "git://github.com/basho/lager.git", "master"}
    }
]}.
{erl_opts, [{parse_transform, lager_transform}]}.

Add some code to your app, get the dependencies and compile.

rebar get-deps
rebar compile

Create a node configuration

mkdir rel && cd rel
rebar create-node nodeid=testapplager

Set the different paths to the dependencies and your app in reltool.config:

{sys, [
       {lib_dirs, ["../deps"]},
       {erts, [{mod_cond, derived}, {app_file, strip}]},
       {app_file, strip},
       {rel, "testapplager", "1",
        [
         kernel,
         stdlib,
         sasl,
         lager,
         testapplager
        ]},
       {rel, "start_clean", "",
        [
         kernel,
         stdlib
        ]},
       {boot_rel, "testapplager"},
       {profile, embedded},
       {incl_cond, exclude},
       {excl_archive_filters, [".*"]}, %% Do not archive built libs
       {excl_sys_filters, ["^bin/.*", "^erts.*/bin/(dialyzer|typer)",
                           "^erts.*/(doc|info|include|lib|man|src)"]},
       {excl_app_filters, ["\.gitignore"]},
       {app, sasl,   [{incl_cond, include}]},
       {app, stdlib, [{incl_cond, include}]},
       {app, kernel, [{incl_cond, include}]},
       {app, lager, [{incl_cond, include}]},
       {app, testapplager, [{mod_cond, app}, {incl_cond, include}, {lib_dir, ".."}]}
      ]}.

{target_dir, "testapplager"}.

{overlay, [
           {mkdir, "log/sasl"},
           {copy, "files/erl", "\{\{erts_vsn\}\}/bin/erl"},
           {copy, "files/nodetool", "\{\{erts_vsn\}\}/bin/nodetool"},
           {copy, "files/testapplager", "bin/testapplager"},
           {copy, "files/testapplager.cmd", "bin/testapplager.cmd"},
           {copy, "files/start_erl.cmd", "bin/start_erl.cmd"},
           {copy, "files/install_upgrade.escript", "bin/install_upgrade.escript"},
           {copy, "files/sys.config", "releases/\{\{rel_vsn\}\}/sys.config"},
           {copy, "files/vm.args", "releases/\{\{rel_vsn\}\}/vm.args"}
          ]}.

Try to build the release:

rebar generate

Failure!

ERROR: generate failed while processing /root/some-sub-folder/testapplager/rel: {'EXIT',{{badmatch,{error,"Application compiler is used in release \"testapplager\" and cannot be excluded"}},
         [{rebar_reltool,generate,2,
                         [{file,"src/rebar_reltool.erl"},{line,50}]},
          {rebar_core,run_modules,4,[{file,"src/rebar_core.erl"},{line,425}]},
          {rebar_core,execute,5,[{file,"src/rebar_core.erl"},{line,359}]},
          {rebar_core,process_dir0,6,[{file,"src/rebar_core.erl"},{line,223}]},
          {rebar_core,process_dir,4,[{file,"src/rebar_core.erl"},{line,130}]},
          {rebar_core,process_each,5,[{file,"src/rebar_core.erl"},{line,296}]},
          {rebar_core,process_dir0,6,[{file,"src/rebar_core.erl"},{line,199}]},
          {rebar_core,process_dir,4,
                      [{file,"src/rebar_core.erl"},{line,130}]}]}}

The problem is that reltool won't include any package by default. This means that lager can't get its dependencies built into the release.

To solve this problem, either change the include condition to:

{incl_cond, derived},

Or manually include the dependencies:

       {app, goldrush, [{incl_cond, include}]},
       {app, syntax_tools, [{incl_cond, include}]},
       {app, compiler, [{incl_cond, include}]},

Then rebuild your release.

Pages

Subscribe to Front page feed