26 June 2016

Updating from deprecated PHP 5.6 PPA

I'm running an Ubuntu 14.04.4 LTS server with Apache2 and phpMyAdmin running several Drupal 7 and 8 sites. I saw this message when getting updates and this is how I updated my system to the new PHP5.6 PPA:

Following the instructions from root I ran these commands:
LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php5
apt-get dist-upgrade

This got PHP 7.0 on my system. To get PHP 5.6 I ran this:
apt-get install php5.6
I later found that I needed these extensions:
apt-get install php5.6-mysql
apt-get install php5.6-xml
apt-get install php5.6-gd

apt-get install php5.6-mbstring
apt-get install php5.6-mcrypt
apt-get install php5.6-zip

Apache was still running the old version, I disabled the php5 module, enabled php5.6 and restarted:
a2dismod php5
a2enmod php5.6
service apache2 restart

I had changed my PHP.INI file - which was in /etc/php5/apache2/php.ini
So I did similar changes in here /etc/php/5.6/apache2/php.ini
and restarted: service apache2 restart

The command line php was now running 7.0 so I changed it using this command:
update-alternatives --config php

Thanks to Ondřej Surý at https://launchpad.net/~ondrej/+archive/ubuntu/php

04 June 2016

Microsoft SQL Server Express copying tables using Identity Insert

I recently needed to copy some tables from one SQL Server Express database to another - as part of a server move on a CMS where I wanted a fresh install to clean things up. I needed to copy several tables across, keeping the primary keys the same so as to ensure the data integrity. Here's what I had to do to do the transfer:
  1. Ensure that SQL Server Management Studio and Import and Export Data tools are installed.
  2. Ensure that the SQL Server (SQLEXPRESS) and SQL Server Browser services are started.
  3. You probably need to make sure that your login has admin access to SQL Server Express.
  4. I started by copying the MDF and LDF files (for both databases) to a new location so I can work with a clean copy that won't be used by something else
  5. Open Management Studio and connect to (local)\SQLEXPRESS
  6. Click right on Databases then select Attach, then click Add and choose your MDF
  7. Amend "Attach as" if desired and check the MDF and LDF file paths below, then click OK
  8. Do the same for the other database
  9. Open the Import and Export Wizard
  10. Select the SQL Server Native Client
  11. Enter (local)\SQLEXPRESS in the Server name box
  12. Choose the required source database below, then click Next
  13. Do the same to choose the destination database
  14. Select "Copy data from one or more tables and views"
  15. Select which tables you wish to copy
  16. For each table, click Edit Mappings.
  17. Ensure that "Enable identity insert" is ticked
  18. Choose the appropriate action on the left, eg "Delete rows in destination table", then click OK
  19. Remember: do this for each table
  20. Click Next, then Next then Finish
  21. Open up the destination database in Management Studio to confirm that the tables have got the correct data.
  22. You had probably best use Tasks+Detach in Management Studio to make sure that all connections are dropped before copy the destination database files into the desired location
Not so bad after all. To celebrate, here's a photo of some nicely padded swallow eggs:

02 February 2013

Code signing jar and exe files

It is possible to buy a single code signing certificate that can be used to sign both Java jar files and Windows executable exe files.

A cheap source for a certificate is Tucows with one year currently costing US$75. Tucows are a reseller for Comodo, but the certificates are more expensive from Comodo direct.

Along the way, I'm going to create P12, 2 x PFX, PEM, PVK, CERT and SPC files. You'll need one of the PFX files to sign JARs and the SPC/PVK files to sign EXEs.

Getting the certificates

Working in Windows, I bought the certificate in Firefox. Within a couple of days I was phoned by Comodo to confirm my identity and the certificate issued. I collected the certificate in the same browser, ie it was installed in Firefox.

Using these instructions, I saved the certificate from Firefox into a .P12 file.

The next task is to import the certificate into Windows Internet Explorer. In Windows Explorer, double-click on the P12 file to start the Certificate Import Wizard. Choose your .p12 file. Tick (a) Enable strong private key encryption (b) Mark this key as exportable and (c) Include all extended properties. Click through until you can set the security level to High with a password of your choice.

The certificate should now be installed in Internet Explorer. Find it in Tools, Internet Options, Content, Certificates. Follow these instructions to create a PFX file suitable for signing JAR files. As per the instructions, tick the "Include all certificates" option. I saved the eventual file with a name like mycert.jar.pfx

To get the SPC/PVK files to sign EXEs, you need to run the Internet Explorer certificate export wizard again. This time do not tick "Include all certificates". I saved the eventual file with a name like mycert.exe.pfx

Now continue with these instructions to create the PVK and SPC files. You will need to install openssl if you don't have it already. I ran these from the openssl bin directory:

openssl pkcs12 -in \certs\mycert.exe.pfx -nocerts -nodes -out \certs\mycert.pem
openssl rsa -in \certs\mycert.pem -outform PVK -pvk-strong -out \certs\mycert.pvk
openssl pkcs12 -in \certs\mycert.exe.pfx -nokeys -out \certs\mycert.cert
openssl crl2pkcs7 -nocrl -certfile \certs\mycert.cert -outform DER -out \certs\mycert.spc

I ignored the warning "WARNING: can't open config file: /usr/local/ssl/openssl.cnf"

Backup all the created files carefully.

Signing JAR files

Follow these instructions to find the alias you have been given - before the first comma which is followed by a date. This can either be a friendly name or a {GUID}. Make a note of the alias.

keytool -list -storetype pkcs12 -keystore \certs\mycert.jar.pfx

You can then sign JAR files like this:

jarsigner -storetype pkcs12 -keystore \certs\mycert.jar.pfx myfile.jar "myalias"
jarsigner.exe -verify -certs myfile.jar

Signing EXE files

Sign EXE files like this, replacing the Description and the website with something appropriate:

signcode -spc \certs\mycert.spc -v \certs\mycert.pvk -n "Description" -i "http://www.example.com/" -t http://timestamp.verisign.com/scripts/timstamp.dll myfile.exe