[PhAzE] Plugins for Unraid 5/6


Recommended Posts

 

I don't know the entire story but I do believe the change in python was to plug a security issue.  However, without the edits both SB & SAB are very secure because they don't work.  ;)

 

I'm not sure how it could be a problem at the other end but I'll do some more asking around to see what I can find. 

 

I'm a little surprised that no one else is reporting this problem on either plugin.

 

all this was covered earlier

 

http://lime-technology.com/forum/index.php?topic=33341.msg391044#msg391044

 

See a couple of posts down for fixes. Easiest thing is to change your indexers in Sickbeard or wherever they're used to use http instead of https or downgrade until SAB 8 comes out.

 

/usr/local/Sickbeard/sickbeard.py

     

/usr/local/Sabnzbd/sabnzbd.py

 

Are both files for those programs not for PhAzE's plugins. If he codes something to automatically make the changes you want he's changing how actual SAB and SB operate. Aside from the obivous need of the main programs to remain untouched it could break something later when they update.

Link to comment

I think if you set the install directory to somewhere on your cache drive, it will persist after a reboot. Then you can edit those files once, every time the app updates instead of once per boot.

 

Oh yeah that too. Forgot you could do that also.

That's why PhAzE gets paid the big bucks. :)

Link to comment

Got a big chunk of Ubooquity plugin done, seems to work well for a comic / ebook streaming app.

 

Definitely looking forward to this plugin by you! I've been wanting a streaming solution for my digital ecomic/ebook collection for some time now!

If you wouldn't mind, go to the ubooquity forum post I made and +1 the request to see if we can boost the dev to complete that change sooner rather than later.

 

http://ubooquity.userecho.com/topic/794934-when-using-duserdir-switch-a-few-oddities/

Link to comment

 

I don't know the entire story but I do believe the change in python was to plug a security issue.  However, without the edits both SB & SAB are very secure because they don't work.  ;)

 

I'm not sure how it could be a problem at the other end but I'll do some more asking around to see what I can find. 

 

I'm a little surprised that no one else is reporting this problem on either plugin.

 

all this was covered earlier

 

http://lime-technology.com/forum/index.php?topic=33341.msg391044#msg391044

 

See a couple of posts down for fixes. Easiest thing is to change your indexers in Sickbeard or wherever they're used to use http instead of https or downgrade until SAB 8 comes out.

 

/usr/local/Sickbeard/sickbeard.py

     

/usr/local/Sabnzbd/sabnzbd.py

 

Are both files for those programs not for PhAzE's plugins. If he codes something to automatically make the changes you want he's changing how actual SAB and SB operate. Aside from the obivous need of the main programs to remain untouched it could break something later when they update.

 

I seem to still be having the same problem. I am using both SAB and SB (newest plugins) and have added the required lines in /usr/local/Sickbeard/sickbeard.py and /usr/local/Sabnzbd/sabnzbd.py

 

Any other suggestions? Is it possible to just install an older version of python (which one would still be compatible, and does anyone have a link, have had a hard time finding them). Any help would be greatly appreciated.

Link to comment

I've been looking into this, here's what I found. Python had a large flaw where it would not validate certificates by default leaving everyone open to man in the middle attacks. Once discovered, they turned it on by default from python 2.7.9 and on.

 

If you revert to python version less than 2.7.9 you are wide open for a hack. If you add those lines to sickbeard you are wide open to a hack because those lines disable verification. If you don't want to use verification any ways then disable ssl on your program or use the URLs without HTTPS instead of disabling then at the application level with added code.

 

That being said, I believe the problem comes down to the fact that unraid did not come with a default certificate store or root cert files which python now requires to authenticate certificates against.  I'm checking to see if adding it in manually can fix the problem. 

 

Anyone having this issue, could you please post some log files so I can see which sites are having the problem, then I can set them up on my server to replicate the problem.  Once I can replicate the issue I can work on a proper fix.

 

But I won't be updating the plugins to turn off verification for the apps by default because that puts everybody at risk.

 

Edit: sorry for the rant, hopefully that can shed some light on the issue for those wondering.

Link to comment

I've been looking into this, here's what I found. Python had a large flaw where it would not validate certificates by default leaving everyone open to man in the middle attacks. Once discovered, they turned it on by default from python 2.7.9 and on.

 

If you revert to python version less than 2.7.9 you are wide open for a hack. If you add those lines to sickbeard you are wide open to a hack because those lines disable verification. If you don't want to use verification any ways then disable ssl on your program or use the URLs without HTTPS instead of disabling then at the application level with added code.

 

That being said, I believe the problem comes down to the fact that unraid did not come with a default certificate store or root cert files which python now requires to authenticate certificates against.  I'm checking to see if adding it in manually can fix the problem. 

 

Anyone having this issue, could you please post some log files so I can see which sites are having the problem, then I can set them up on my server to replicate the problem.  Once I can replicate the issue I can work on a proper fix.

 

But I won't be updating the plugins to turn off verification for the apps by default because that puts everybody at risk.

 

Edit: sorry for the rant, hopefully that can shed some light on the issue for those wondering.

 

Thanks for the quick reply. I completely agree about not opening up the plugin to a problem by disabling it as a dirty workaround.

I have tried changing the URL in the settings in SB for usenet-crawler, however it will NOT save the change from https:// to http://.

I have tried editing the URL in /mnt/cache/appdata/sickbeard/config.ini as well, with no luck - changes back to https://

Is there anything else I could try that I am not thinking of?

 

EDIT: I have SB working by just adding a custom search provider for usenet crawler with the proper URL. Just digging into SAB right now, can't seem to find what I am looking for (ie SB will successfully find and send the link the SAB, but SAB won't take it - WAIT 60 seconds etc).

 

I'd be glad to post some logs for any program, is there anything that needs to be removed from them before posting?

Link to comment

Possible breakthrough! I'm going to test out a few more things, but I believe the issue falls down to unraid 5 not having CA root certificates installed, so all HTTPS sites are failing with the new python, even valid sites.  After tests show it's working, i'll update all plugins that use openssl with this fix and hopefully solve the issues people were having.

 

Anyone seeing SSL verify issues on unraid 6 or is it just unraid 5 users?

Link to comment

Update for all plugins using openssl is live:

 

- CA Root Certificates are now added for Unraid 5 users

- This fixes SSL errors while keeping all validation for Python on

- Without Root Certs, not even valid sites would validate, these do not ship with Unraid 5 by default but do on Unraid 6

 

Otherwise nothing else has changed, so update, let me know of any new issues, and also post here if it solves your SSL issues (or if it doesn't more specifically).

 

-=PhAzE=-

Link to comment

Update for all plugins using openssl is live:

 

- CA Root Certificates are now added for Unraid 5 users

- This fixes SSL errors while keeping all validation for Python on

- Without Root Certs, not even valid sites would validate, these do not ship with Unraid 5 by default but do on Unraid 6

 

Otherwise nothing else has changed, so update, let me know of any new issues, and also post here if it solves your SSL issues (or if it doesn't more specifically).

 

-=PhAzE=-

 

Thanks PhAzE. Updated everything, following the test script from yesterday that worked well. Everything is still working.

For some reason though, I had to start from scratch configuring SAB again - got the Wizard screen...

 

Oh, and it was Lupus (SLE). Once.

Link to comment

I am having an issue on Unraid 6.0.1 with the V2 SickBeard_alt. I have it setup appropriately and installed via the custom repo https://github.com/SiCKRAGETV/SickRage/ to install SickRage. Initially I can access SickRage (by hitting running) or going to https://user-nas:8082/ and everything works perfectly, that is until I restart my NAS. Then I am no longer able to access the SickRage home page (by clicking RUNNING). I get unable to connect (in Firefox) and connection refused (in Chrome). I've tried using just http using a different port and just the actual static IP instead of the local hostname and switching SSL on/off all with the same result. All directories (config, custom logs, custom cache) are in a persistent location (/mnt/cache/.appdata/Sickrage_alt/).

 

I can "fix" everything by reinstalling, but this is a pain (obviously) if it happens whenever I restart my box. This happened before the plugin update btw and persists after the update. Any ideas?

Link to comment

Off hand, I've had that once or twice myself but never find any reason for why it was happening.

 

As a test, make sure your directories do not have the trailing slash at the end including the repo. Sometimes the web pages won't load if they have that slash too (where as emby needs it for example).

Link to comment

I just upgraded my sickbeard plugin last night, and I noticed it stopped snatching from BTN, here is an example error message:

2015-07-24 09:12:13 ERROR    SEARCHQUEUE-MANUAL-SEARCH :: Error loading BTN URL: https://broadcasthe.net/torrents.php?action=download&id=xxxxx&authkey=xxxxxxxxxxx&torrent_pass=xxxxxxxxx

2015-07-24 09:12:13 WARNING  SEARCHQUEUE-MANUAL-SEARCH :: URL error [Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error while loading URL https://broadcasthe.net/torrents.php?action=download&id=xxxxx&authkey=xxxxxxxxxxx&torrent_pass=xxxxxxxxx

 

If I open up the the link in a browser it downloads the torrent file like normal, I looked around at the error and found this post: https://github.com/SiCKRAGETV/sickrage-issues/issues/1231 I'm assuming its related somehow but I believe you are running 2.7.9 which should be unaffected.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.