Some of my Python shell scripts are newly throwing security errors under Apple OSX 10.11, El Capitan. It seems the new App Transport Security doesn't like how the scripts are calling HTTP resources in plain text, rather than using HTTPS.
Fetching http://blahblah.com
Python[5553:5648168] App Transport Security has blocked a cleartext HTTP (http://)
resource load since it is insecure. Temporary exceptions can be configured
via your app's Info.plist file.
How might I go about fixing this? There is no HTTPS resource I can call, so I'm stuck with HTTP. The advice from Apple is to make an exception in the app's info.plist file, but this is a Python script invoked from a shell script, so there is no info.plist file to be edited.
Ideas? The root problem seems to be with webkit2png, which is in Python. Its non-HTTPS requests are being blocked by ATS, and there is no info.plist to modify.
I found a solution here that worked for me: https://apple.stackexchange.com/questions/210588/how-does-one-configure-a-temporary-exception-to-ats-on-el-capitan-and-fix-webkit
First make sure you have a version of webkit2png that is new enough to have the --ignore-ssl-check option. Version 0.5 does NOT have this option.
Second, you need to edit the source file and add a couple lines of code as shown here: https://github.com/bendalton/webkit2png/commit/9a96ac8977c386a84edb674ca1518e90452cee88
Finally use option as indicated in the solution linked above (copied here for convenience):
webkit2png --ignore-ssl-check [options] [http://example/]
Thanks for Arthur Hebert
At first I'm confused for the code then I figure it out
so I summarise the steps as follows for reference
import AppKit
Add the following code in your py script
AppKit.NSBundle.mainBundle().infoDictionary()['NSAppTransportSecurity'] = dict(NSAllowsArbitraryLoads = True)
Assume you are sure to use no HTTPS resource in MAC OSX higher than 10.11
The installation of webkit2png is not necessary in my case
Related
According to this answer I created a smallest Windows service in Python.
Then I ran successfully:
python.exe smallest_service.py install
and
python.exe smallest_service.py start
with error message
Starting service SmallestPythonService
Error starting service: The
service did not respond to the start or control request in a timely
fashion.
My Python version is Python 3.9.6
pip freeze
pypiwin32==223
pywin32 # file:///C:/Users/me/Downloads/pywin32-301-cp39-cp39-win_amd64.whl
How can I fix it?
Here are the list of scenarios one may see -> Error starting service: The service did not respond to the start or control request in a timely fashion.
Missing DLL file: Another instance of the error occurs when you have a missing DLL file on your computer which is used by numerous other applications as well. If this DLL file is in conflict or isn’t present at all, you will experience the error message.
Corrupt/missing system files: Another instance of why this issue occurs is because there are corrupt or missing system files on your computer. If the very installation of Windows is not proper and has issues, you will experience numerous problems including the error message under discussion.
Outdated Windows: Microsoft officially recognized this error message on their official website and even released a temporary hotfix to solve the problem. However, recently they removed the hotfix and instructed users to upgrade to the latest iteration of Windows.
Solutions
The very first thing which we should try is changing the timeout settings of your services through your registry editor. Whenever a service is requested to launch, a timer is started with a predefined value. If the service doesn’t start within this time frame, the error message comes forward reporting so. Here in this solution, we will navigate to your computer’s registry and change the value. If it isn’t present, we will create a new key for it.
-> Press Windows + R, type “regedit” in the dialogue box and press Enter.
Once in the registry editor, navigate to the following file path:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
-> search for the key of ‘ServicesPipeTimeout’. If you find it already there, you can move to directly edit. However, if you don’t find the entry, select Control, right-click on any space present at the right side of the screen and select New > DWORD
-> Name the key as ‘ServicesPipeTimeout’ and set the value as 180000 (You can also right-click the value and click Modify if the option to set the value didn’t come in your case.
-> Save changes and exit. Restart your computer completely and then try launching the service. Check if the issue is resolved.
Solution 2: Getting Ownership of the Application
Another rare case that we came across was not having the ownership of the application caused the application not to execute the service properly. This makes sense as if the application doesn’t have enough elevated access, it will not be able to send/read the response to/from a service (especially if it is a system service). In this article, we will navigate to the executable of the application and then change the ownership to our username. If successful, this will solve the problem of getting the error 1053.
Bonus Tip
Making sure .NET Frameworks are in sync: If the application/service which you are trying to launch is on another Framework than that of the hosting machine, you will experience issues. Make sure that the frameworks are in sync.
If that doesn't work for you. It might be interesting to use NSSM. It is an easy piece of code that makes any py file into a windows service.
I've also found that most service creators only work with 32bit Python, so that might also be interesting to look at.
I have developed a Python web server using Flask, and some of the endpoints make use of the subprocess module to call different executables. On development, using the Flask debug server, everything works fine. However, when running the server along with nginx+WSGI (on the exact same machine), some subprocess calls fail.
For example, one of the tools I'm using is Microsoft's dotnet, which I installed from my user as sudo apt-get install -y aspnetcore-runtime-5.0 and is then called from Python with the subprocess module. When I run the server with python3 server.py, it works like a charm. However, when using nginx and WSGI, the subprocess call fails with an exception that says: /bin/sh: 1: dotnet: not found.
I suspect this is due to the command not being accessible to the user and group running the server. I have used this guide as a reference to deploy the app, and on the wsgi .ini file, I have set uid = javierd and gid = www-data, while on the systemd .service file I have User=javierd, Group=www-data.
I have tried to add the executables' paths to /etc/profile, but it didn't work, and I don't know any other way to fix it. I find also very surprising that this happens to some executables, but not to all, and that it happes to dotnet, for example, which is located at /usr/bin/dotnet and therefore should be accessible to every user. Any idea on how to solve this problem? Furthermore, if somebody could explain me why this is happening, I would really appreciate the effort.
Thanks a lot!
Ok, finally after having a big headache, I noticed the error, and it was really simple.
On the tutorial I linked, when creating the system service file, the following line was included: Environment="PATH=/home/myuser/myfolder/enviroment/bin".
Of course, as this was overriding the path, there was no way of executing the commands. Once I notices it I just removed that line, restarted the service, and it was fixed.
I'm working with a simple website (a few html files and one Python script) that's running on my LAN. In Chrome I can pull up the HTML files and Python scripts through port 80, as normal and I am using WSGIScriptAlias commands in /Library/Server/Web/Config/apache2/httpd_wsgi.conf that are working and I've set up the site and specified for it to be allowed to use Python apps through the Server GUI application.
For several reasons, I'm using a different port number for this site. If I go to http://mycomputer.lan:1234/myfile.html, I can see the HTML file. But if I go to http://mycomputer.lan:1234/MyWSGIApplicationScript, the server (the latest version, got it installed today) reports:
Not Found
The requested URL /LandSearch was not found on this server.
I've seen this work before, on other servers and I remember setting it up and getting it working on another system running OS X so the wsgi scripts worked fine on a non-standard port, but I don't have access to the notes and information I had at that time. That makes me suspect it's probably a simple configuration option I need to change for the server to find and use the Python scripts from a different port.
What do I need to reconfigure to get it to use wsgi scripts on a non-standard port?
Even AppleCare didn't have an answer for this one.
When I first set up the site, I enabled the 'Python "Hello World" app at /wsgi'. This is in the advanced settings:
I did that just for testing, so when I set up the site again, I didn't bother with it. It turns out that this one setting does more than enable one wsgi application. It turns out that, by default, the file /Library/Server/Web/Config/apache2/httpd_wsgi.conf is not read by Apache while setting up a virtual host. But checking the box to enable this one wsgi webapp means that the following line:
Include /Library/Server/Web/Config/apache2/httpd_wsgi.conf
will be included in the configuration file for this particular virtual host. Any scripts aliases defined with the WSGIScriptAlias command in that file will now be available to your website, no matter what port your website is on.
Hello a client of mine bought a pretty bad web host and i don't even have ssh access, their ticket suport only answered with "yes we support python in our servers" but i can't run any .cgi .py or application.wsgi files. is there a sure way to tell if the server supports python?
I only have access to the ftp and the directadmin interface, i would like to know more before i can complaing again to their support system otherwise they will not pay attention.
The host is neubox.net this is what i already tried.
This tutorial http://www.howtoforge.com/embedding-python-in-apache2-with-mod_python-debian-etch worked on my dev machine, it says that i need to add a webhost in the apache2 /available-sites dir but obviously i don't have access to that folder in the hosting.
I also tried putting this script on the root of my host, called application.wsgi it didnt work
import os
import sys
os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'
import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()
I also tried this file application.py on the root
#!/usr/bin/env python
# -*- coding: UTF-8 -*-
# enable debugging
import cgitb
cgitb.enable()
print "Content-Type: text/plain;charset=utf-8"
print
print "Hello World!"
Those files were shown as plain text, i tried that exact same code but named application.cgi and oddly enough it returned a 404 error, the file of course its there.
I saw at the directadmin interface in site summary that
CGI-Bin OFF
So i guess thats the reason for the 404.
In the same page i see that the name servers are
http://ns115.neubox.net/
http://ns116.neubox.net
The first one says
Apache is functioning normally
This is their services comparison site (spanish) http://neubox.net/comparativo-hosting.php
I wish i could know what OS are they running i'm almost sure is linux because on my root there is a folder .htpasswd and those .folders are linux for hidden, but i'm not sure if thats a sure way to tell.
They gave me this url http://72.249.55.33/info.php its for phpinfo() i see fast-cgi but all the tuts about it talk about doing things like changing Apache configuration wich i obviously can't do, this is the end of my search right? they do not support python.
In your server thay sais that they have php, so maybe you can use this php function. to retrive more info, executing a python script:
# hacking.py
import sys
print sys.version_info
and after you make something like this
<?php
// echo $path = exec('pwd');
// exec python script
echo exec('python hacking.py');
?>
dont forget the file permissions
sacabuche has the correct answer. That script is a very simple way to test for Python support. It works on pretty much every flavor of linux and Berkely UNIX (BSD), a version of which is underlying OSX on a Mac Pro. If that script is not working for you, chances are it's a permissions issue.
I would continue working through the support staff on the host to get this resolved. If they can't help, you've got the wrong host. I've changed hosts several time due to lack of support, or misrepresented features, such as separate folder hierarchies per domain... something that's getting increasingly hard to find.
Currently I am on MochaHost, which I do recommend, since they seem to have it all together so far.
-Jack
I'm trying to convert a django / cPython app to run as a Tomcat WAR using Jython. We are using a mysql database (MySQLdb in cPython / mysql-connector-java-5.1.15-bin.jar in jython). I have changed the DATABASE_ENGINE between the two configurations. The app runs great with cPython (after I disabled SELinux limitations on http connections to a database). The front page, images, and static content work in the jython. However, when I request a page that hits the database, it seems to hang for a while, then returns with:
Communications link failure
The last packet sent successfully to
the server was 0 milliseconds ago. The
driver has not received any packets
from the server. [SQLCode: 0],
[SQLState: 08S01]
Has anyone seen this before? I don't see any recent discussions of this type or problem. I'm using django 1.2.5, jython 2.5.2. I've tried running the Java app under Fedora (jre-1.6.0-openjdk.x86_64) and Windows (Java(TM) SE Runtime Environment (build 1.6.0_23-b05)). Same behavior. I've also tried both mysql-connector-java-5.1.15-bin.jar (the latest version) and mysql-connector-java-5.1.10-bin.jar ("extensively tested" according to http://packages.python.org/django-jython/database-backends.html). None of the various configurations affect the behavior.
How can I solve it or where should I look next?
I found the mistake. In hindsight, it's obvious. I made a type-o in the IP address of the database server, but only in the configuration file on the jython branch. As a result, the Jython instance hung while the cPython instance didn't. Found the error when I merged the two into a single settings.py (using "if os.name=='java'" to make the necessary jython changes.
So . . . What's the correct protocol here? Should I delete the question or leave it up in case someone else makes the same type of mistake I did?