Riot Posted July 20, 2015 Share Posted July 20, 2015 I don't know the entire story but I do believe the change in python was to plug a security issue. However, without the edits both SB & SAB are very secure because they don't work. I'm not sure how it could be a problem at the other end but I'll do some more asking around to see what I can find. I'm a little surprised that no one else is reporting this problem on either plugin. all this was covered earlier http://lime-technology.com/forum/index.php?topic=33341.msg391044#msg391044 See a couple of posts down for fixes. Easiest thing is to change your indexers in Sickbeard or wherever they're used to use http instead of https or downgrade until SAB 8 comes out. /usr/local/Sickbeard/sickbeard.py /usr/local/Sabnzbd/sabnzbd.py Are both files for those programs not for PhAzE's plugins. If he codes something to automatically make the changes you want he's changing how actual SAB and SB operate. Aside from the obivous need of the main programs to remain untouched it could break something later when they update. Quote Link to comment
PhAzE Posted July 20, 2015 Author Share Posted July 20, 2015 I think if you set the install directory to somewhere on your cache drive, it will persist after a reboot. Then you can edit those files once, every time the app updates instead of once per boot. Quote Link to comment
Riot Posted July 20, 2015 Share Posted July 20, 2015 I think if you set the install directory to somewhere on your cache drive, it will persist after a reboot. Then you can edit those files once, every time the app updates instead of once per boot. Oh yeah that too. Forgot you could do that also. That's why PhAzE gets paid the big bucks. Quote Link to comment
PhAzE Posted July 20, 2015 Author Share Posted July 20, 2015 Yea... Except I think the checks are going to the wrong address. It says "to the bank" but it should read "to PhAzE" Quote Link to comment
DaveHavok Posted July 21, 2015 Share Posted July 21, 2015 Got a big chunk of Ubooquity plugin done, seems to work well for a comic / ebook streaming app. Definitely looking forward to this plugin by you! I've been wanting a streaming solution for my digital ecomic/ebook collection for some time now! Quote Link to comment
PhAzE Posted July 21, 2015 Author Share Posted July 21, 2015 Does anyone have cache pools setup? When its set, what is the path to the cache drive? Still /mnt/cache ? Quote Link to comment
trurl Posted July 21, 2015 Share Posted July 21, 2015 Does anyone have cache pools setup? When its set, what is the path to the cache drive? Still /mnt/cache ? Yes it is still /mnt/cache. The pool appears as raid1. Quote Link to comment
PhAzE Posted July 21, 2015 Author Share Posted July 21, 2015 OK perfect, thanks. Quote Link to comment
PhAzE Posted July 21, 2015 Author Share Posted July 21, 2015 Got a big chunk of Ubooquity plugin done, seems to work well for a comic / ebook streaming app. Definitely looking forward to this plugin by you! I've been wanting a streaming solution for my digital ecomic/ebook collection for some time now! If you wouldn't mind, go to the ubooquity forum post I made and +1 the request to see if we can boost the dev to complete that change sooner rather than later. http://ubooquity.userecho.com/topic/794934-when-using-duserdir-switch-a-few-oddities/ Quote Link to comment
benyaki Posted July 22, 2015 Share Posted July 22, 2015 I don't know the entire story but I do believe the change in python was to plug a security issue. However, without the edits both SB & SAB are very secure because they don't work. I'm not sure how it could be a problem at the other end but I'll do some more asking around to see what I can find. I'm a little surprised that no one else is reporting this problem on either plugin. all this was covered earlier http://lime-technology.com/forum/index.php?topic=33341.msg391044#msg391044 See a couple of posts down for fixes. Easiest thing is to change your indexers in Sickbeard or wherever they're used to use http instead of https or downgrade until SAB 8 comes out. /usr/local/Sickbeard/sickbeard.py /usr/local/Sabnzbd/sabnzbd.py Are both files for those programs not for PhAzE's plugins. If he codes something to automatically make the changes you want he's changing how actual SAB and SB operate. Aside from the obivous need of the main programs to remain untouched it could break something later when they update. I seem to still be having the same problem. I am using both SAB and SB (newest plugins) and have added the required lines in /usr/local/Sickbeard/sickbeard.py and /usr/local/Sabnzbd/sabnzbd.py Any other suggestions? Is it possible to just install an older version of python (which one would still be compatible, and does anyone have a link, have had a hard time finding them). Any help would be greatly appreciated. Quote Link to comment
PhAzE Posted July 22, 2015 Author Share Posted July 22, 2015 I've been looking into this, here's what I found. Python had a large flaw where it would not validate certificates by default leaving everyone open to man in the middle attacks. Once discovered, they turned it on by default from python 2.7.9 and on. If you revert to python version less than 2.7.9 you are wide open for a hack. If you add those lines to sickbeard you are wide open to a hack because those lines disable verification. If you don't want to use verification any ways then disable ssl on your program or use the URLs without HTTPS instead of disabling then at the application level with added code. That being said, I believe the problem comes down to the fact that unraid did not come with a default certificate store or root cert files which python now requires to authenticate certificates against. I'm checking to see if adding it in manually can fix the problem. Anyone having this issue, could you please post some log files so I can see which sites are having the problem, then I can set them up on my server to replicate the problem. Once I can replicate the issue I can work on a proper fix. But I won't be updating the plugins to turn off verification for the apps by default because that puts everybody at risk. Edit: sorry for the rant, hopefully that can shed some light on the issue for those wondering. Quote Link to comment
benyaki Posted July 22, 2015 Share Posted July 22, 2015 I've been looking into this, here's what I found. Python had a large flaw where it would not validate certificates by default leaving everyone open to man in the middle attacks. Once discovered, they turned it on by default from python 2.7.9 and on. If you revert to python version less than 2.7.9 you are wide open for a hack. If you add those lines to sickbeard you are wide open to a hack because those lines disable verification. If you don't want to use verification any ways then disable ssl on your program or use the URLs without HTTPS instead of disabling then at the application level with added code. That being said, I believe the problem comes down to the fact that unraid did not come with a default certificate store or root cert files which python now requires to authenticate certificates against. I'm checking to see if adding it in manually can fix the problem. Anyone having this issue, could you please post some log files so I can see which sites are having the problem, then I can set them up on my server to replicate the problem. Once I can replicate the issue I can work on a proper fix. But I won't be updating the plugins to turn off verification for the apps by default because that puts everybody at risk. Edit: sorry for the rant, hopefully that can shed some light on the issue for those wondering. Thanks for the quick reply. I completely agree about not opening up the plugin to a problem by disabling it as a dirty workaround. I have tried changing the URL in the settings in SB for usenet-crawler, however it will NOT save the change from https:// to http://. I have tried editing the URL in /mnt/cache/appdata/sickbeard/config.ini as well, with no luck - changes back to https:// Is there anything else I could try that I am not thinking of? EDIT: I have SB working by just adding a custom search provider for usenet crawler with the proper URL. Just digging into SAB right now, can't seem to find what I am looking for (ie SB will successfully find and send the link the SAB, but SAB won't take it - WAIT 60 seconds etc). I'd be glad to post some logs for any program, is there anything that needs to be removed from them before posting? Quote Link to comment
PhAzE Posted July 22, 2015 Author Share Posted July 22, 2015 OK, Usenet crawler. I believe I have an anoint with them, so I can test them out. Which app are you seeing the errors on? Could you post a log or pm it to me? Quote Link to comment
PhAzE Posted July 22, 2015 Author Share Posted July 22, 2015 Possible breakthrough! I'm going to test out a few more things, but I believe the issue falls down to unraid 5 not having CA root certificates installed, so all HTTPS sites are failing with the new python, even valid sites. After tests show it's working, i'll update all plugins that use openssl with this fix and hopefully solve the issues people were having. Anyone seeing SSL verify issues on unraid 6 or is it just unraid 5 users? Quote Link to comment
PhAzE Posted July 23, 2015 Author Share Posted July 23, 2015 Update for all plugins using openssl is live: - CA Root Certificates are now added for Unraid 5 users - This fixes SSL errors while keeping all validation for Python on - Without Root Certs, not even valid sites would validate, these do not ship with Unraid 5 by default but do on Unraid 6 Otherwise nothing else has changed, so update, let me know of any new issues, and also post here if it solves your SSL issues (or if it doesn't more specifically). -=PhAzE=- Quote Link to comment
benyaki Posted July 24, 2015 Share Posted July 24, 2015 Update for all plugins using openssl is live: - CA Root Certificates are now added for Unraid 5 users - This fixes SSL errors while keeping all validation for Python on - Without Root Certs, not even valid sites would validate, these do not ship with Unraid 5 by default but do on Unraid 6 Otherwise nothing else has changed, so update, let me know of any new issues, and also post here if it solves your SSL issues (or if it doesn't more specifically). -=PhAzE=- Thanks PhAzE. Updated everything, following the test script from yesterday that worked well. Everything is still working. For some reason though, I had to start from scratch configuring SAB again - got the Wizard screen... Oh, and it was Lupus (SLE). Once. Quote Link to comment
Skrumpy Posted July 24, 2015 Share Posted July 24, 2015 I am having an issue on Unraid 6.0.1 with the V2 SickBeard_alt. I have it setup appropriately and installed via the custom repo https://github.com/SiCKRAGETV/SickRage/ to install SickRage. Initially I can access SickRage (by hitting running) or going to https://user-nas:8082/ and everything works perfectly, that is until I restart my NAS. Then I am no longer able to access the SickRage home page (by clicking RUNNING). I get unable to connect (in Firefox) and connection refused (in Chrome). I've tried using just http using a different port and just the actual static IP instead of the local hostname and switching SSL on/off all with the same result. All directories (config, custom logs, custom cache) are in a persistent location (/mnt/cache/.appdata/Sickrage_alt/). I can "fix" everything by reinstalling, but this is a pain (obviously) if it happens whenever I restart my box. This happened before the plugin update btw and persists after the update. Any ideas? Quote Link to comment
PhAzE Posted July 24, 2015 Author Share Posted July 24, 2015 Off hand, I've had that once or twice myself but never find any reason for why it was happening. As a test, make sure your directories do not have the trailing slash at the end including the repo. Sometimes the web pages won't load if they have that slash too (where as emby needs it for example). Quote Link to comment
bobbyblade Posted July 24, 2015 Share Posted July 24, 2015 I just upgraded my sickbeard plugin last night, and I noticed it stopped snatching from BTN, here is an example error message: 2015-07-24 09:12:13 ERROR SEARCHQUEUE-MANUAL-SEARCH :: Error loading BTN URL: https://broadcasthe.net/torrents.php?action=download&id=xxxxx&authkey=xxxxxxxxxxx&torrent_pass=xxxxxxxxx 2015-07-24 09:12:13 WARNING SEARCHQUEUE-MANUAL-SEARCH :: URL error [Errno 1] _ssl.c:504: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error while loading URL https://broadcasthe.net/torrents.php?action=download&id=xxxxx&authkey=xxxxxxxxxxx&torrent_pass=xxxxxxxxx If I open up the the link in a browser it downloads the torrent file like normal, I looked around at the error and found this post: https://github.com/SiCKRAGETV/sickrage-issues/issues/1231 I'm assuming its related somehow but I believe you are running 2.7.9 which should be unaffected. Quote Link to comment
bobbyblade Posted July 24, 2015 Share Posted July 24, 2015 Sorry should've put in version info. Sickbeard Plugin: 2015.07.23.1 Unraid: 6.0.1 Quote Link to comment
PhAzE Posted July 24, 2015 Author Share Posted July 24, 2015 Oh unraid 6... Hmm the changes I made on the last update only affected unraid 5, so no certs wetter installed on unraid 6 since they are already included. No other dependencies changed either. Very strange Quote Link to comment
PhAzE Posted July 24, 2015 Author Share Posted July 24, 2015 If you downgrade the plugin (assuming you updated from within the plugin itself) does the problem go away? Quote Link to comment
bobbyblade Posted July 24, 2015 Share Posted July 24, 2015 I actually upgraded from /Plugins I don't see a downgrade option. Quote Link to comment
bobbyblade Posted July 24, 2015 Share Posted July 24, 2015 After starting/stopping trying to hunt down the downgrade option, its working now. I thought I restarted it earlier to retry to see if I got the error, but I'm assuming I did not. Sorry about that. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.