突突唧之家

我的疑问 & 我的解决方案

发表于 更新于 分类于 文章标准 暂无

问题

在 Ubuntu 22.04 LTS 的容器里面运行 apt update 的时候出现了以下报错:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
[root@VM-16-9-centos docker-kubuntu]# docker run --rm -it ubuntu:22.04 bash
root@8ac245b487e6:/# apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:2 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]                    
Err:1 http://security.ubuntu.com/ubuntu jammy-security InRelease                   
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Err:2 http://archive.ubuntu.com/ubuntu jammy InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease [109 kB]
Err:3 http://archive.ubuntu.com/ubuntu jammy-updates InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Get:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease [90.7 kB]
Err:4 http://archive.ubuntu.com/ubuntu jammy-backports InRelease
  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
Reading package lists... Done
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://security.ubuntu.com/ubuntu/dists/jammy-security/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://security.ubuntu.com/ubuntu jammy-security InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://security.ubuntu.com/ubuntu jammy-security InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-updates/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-updates InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: http://archive.ubuntu.com/ubuntu/dists/jammy-backports/InRelease: The key(s) in the keyring /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg are ignored as the file is not readable by user '_apt' executing apt-key.
W: GPG error: http://archive.ubuntu.com/ubuntu jammy-backports InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
E: The repository 'http://archive.ubuntu.com/ubuntu jammy-backports InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
E: Problem executing scripts APT::Update::Post-Invoke 'rm -f /var/cache/apt/archives/*.deb /var/cache/apt/archives/partial/*.deb /var/cache/apt/*.bin || true'
E: Sub-process returned an error code

原因

经过查询,发现是 Ubuntu 21.10 和 Fedora 35 开始使用 glibc>=2.34 甚至更高的版本。在 glibc 新版本里面,开始使用一个名为 clone3 的系统调用。通常情况下,容器里面所有的系统调用都会被 Docker 捕获,然后 Docker 决定如何处理它们。如果 Docker 中没有为特定系统调用指定策略,则默认的策略会通知容器这边"Permission Denied"。但是,如果 glibc 收到此错误,它不会回退。它仅在收到响应“此系统调用不可用”时才执行此操作。

解决

办法一:

运行容器的时候,加上这个参数来绕过 Docker 系统调用限制

--security-opt seccomp=unconfined

不过这会有很大的问题,一个是你的容器将变得不安全,另一个是这些参数在构建镜像的时候是不可用的。所以,请参考办法二。

办法二:

将 Docker 升级到 20.10.8 以上的版本。

发表于 更新于 分类于 文章标准 暂无

During the installation of a few packages, Ubuntu usually installs the tzdata package. It's usually included in some PHP or Python packages dependencies. The issue with it is that it hangs and waits for user input to continue the installation. It's ok until we are using Docker and trying to build images (it's hanging or even throwing errors in newer versions of Ubuntu). We will try to reproduce the situation and try to fix it.

To reproduce the hanging situation, we can use this Docker image:

FROM ubuntu:20.04
RUN apt update
RUN apt install -y tzdata

Here is the logs that we see in terminal:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Step 1/3 : FROM ubuntu:20.04
 ---> 1e4467b07108
Step 2/3 : RUN apt update
 ---> Using cache
 ---> 174ce3e1bb84
Step 3/3 : RUN apt install -y tzdata
...
Configuring tzdata
------------------

Please select the geographic area in which you live. Subsequent configuration
questions will narrow this down by presenting a list of cities, representing
the time zones in which they are located.

  1. Africa      4. Australia  7. Atlantic  10. Pacific  13. Etc
  2. America     5. Arctic     8. Europe    11. SystemV
  3. Antarctica  6. Asia       9. Indian    12. US
Geographic area:

And here it hangs waiting for us enter data, and even after you'll enter a region — the process will not resume.

To fix this situation we need to add lines 3 and 4 to our Dockerfile. We will create a variable called $TZ which will hold our timezone, and the create a /etc/timezone file:

1
2
3
4
5
6
7
FROM ubuntu:20.04

ENV TZ=Asia/Dubai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone

RUN apt update
RUN apt install -y tzdata

And after building image we will see this output:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Step 1/5 : FROM ubuntu:20.04
 ---> 1e4467b07108
Step 2/5 : ENV TZ=Asia/Dubai
 ---> Using cache
 ---> 7f4c85bd0d3e
Step 3/5 : RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
 ---> Using cache
 ---> f6f784dfbad5
Step 4/5 : RUN apt update
 ---> Using cache
 ---> 5b1b5617eaa5
Step 5/5 : RUN apt install -y tzdata
 ---> Running in e71a917a9b6b
Current default time zone: 'Asia/Dubai'
Local time is now:      Tue Aug  4 12:14:55 +04 2020.
Universal Time is now:  Tue Aug  4 08:14:55 UTC 2020.
Run 'dpkg-reconfigure tzdata' if you wish to change it.

Removing intermediate container e71a917a9b6b
 ---> 3d29f4e8f7eb
Successfully built 3d29f4e8f7eb
Successfully tagged tzdata:latest

So it's used the timezone that we provide and nothing hangs.

发表于 更新于 分类于 文章标准 暂无

从 Windows 10开始,微软在操作系统中设置了一个 HDR 模式。如果用户的显示器支持 HDR,打开系统中的 HDR 开关就能让整个 Windows 处于 HDR 的画面状态下。但是几乎所有人都发现,无论 HDR 的显示器亮度有多高,打开 HDR 模式后整个画面都会显得发灰,同时亮度似乎也低了一些。这个现象在亮度低色域差的显示器上会更为明显。但哪怕是 LG 的 OLED 显示器,同样会出现类似的问题,只是情况会稍微好一些。

关于这个问题网友的争论已久,也想出各种办法进行调试,但都没得到一个很好的结果。那么这个问题到底是怎么产生的呢?又有没有什么办法让显示器在 Windows 的 HDR 模式下显示出正常的颜色呢?

先看看微软怎么说

因为这个问题牵涉太多,而且现在的显示器几乎全部无解,所以很多人也希望不管是啥原因,微软最好给一个好的解决方案出来。而在微软的官方页面中,的确也有 HDR 相关的说法。其实无非是两方面,一个是开启 HDR 后画面亮度降低,一个就是开启 HDR 后颜色显示不准确,这两种问题加起来就是我们常说的画面发灰。针对亮度变化的情况,微软也有自己的说法,微软表示如果遇到所有 SDR 内容和应用,在支持 HDR 的显示器上出现显示亮度过高或过低的情况时,可以在 HDR 的选项中,在“HDR/SDR 亮度平衡”下面,拖动滑块以在 HDR 和 SDR 内容之间获得正确的亮度平衡。这个方法的确有效,可以调整桌面的亮度,但很明显会让整个画面呈现过曝或者曝光不足的状态,而且实际上桌面整体发灰颜色暗淡的问题并没有解决,只是可以让视觉上得到一些观感的改善。而在颜色部分,微软也单独说明了,如果遇到支持 HDR 的外部显示器上无法正确显示颜色时,应该如何做。当然微软说的都是废话,微软表示支持 HDR 的显示器支持比 sRGB 更宽的色域,所以在打开“使用 HDR”后,HDR 显示器应该会正确再现桌面应用中使用的 sRGB 颜色。如果某些支持 HDR 的显示器未正确再现这些颜色,那么用户要考虑购买经过 VESA DisplayHDR 认证的显示器……

但这显然并不正确,因为我们在使用经过 VESA 认证的 HDR 显示器上,同样会遇到颜色不准确的情况,色彩暗淡即使调整亮度也无法解决,无论是 HDR400 还是 HDR1000 的显示器上都是如此。LCD也好,Mini LED 也好,OLED 也好,各种类型的显示器我们都试过了,全部都会在 Windows 的 HDR 模式下,无法显示出精准的色彩,特别是颜色亮度会明显下降,而这和实际显示器的亮度关系已经不大了。

那么要如何解决这个问题呢?

阅读全文 »

发表于 更新于 分类于 文章标准 暂无

Windows 安全中心基于声誉的保护如果提示有威胁,但是点开发现什么都没有,这是因为该威胁已经由于手动或者其他原因(杀毒/清理类软件)被删除了,而 Windows 安全中心的的提醒里并没有把这个威胁删掉。所以需要我们手动清理一下这个历史记录。

  1. 首先打开 C:\ProgramData\Microsoft\Windows Defender\Scans
  2. 这个时候提示需要系统权限,授权后,继续打开 History\Service\DetectionHistory
  3. 最终路径:C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\DetectionHistory
  4. 把里面的文件全部删除,即可解决问题。

不能直接复制最终路径,系统会提示无权限打开。

发表于 更新于 分类于 文章标准 暂无

You can check the width of the character using unicodedata.east_asian_width(unichr):

1
2
3
4
5
6
7
8
import unicodedata

for char in string:
    status = unicodedata.east_asian_width(char)
    if status == 'F':
        print('{0} is full-width.'.format(char))
    elif status == 'H':
        print('{0} is half-width.'.format(char))

It has the following returned values:

1
2
3
4
5
6
7
8
# East_Asian_Width (ea)

ea ; A         ; Ambiguous
ea ; F         ; Fullwidth
ea ; H         ; Halfwidth
ea ; N         ; Neutral
ea ; Na        ; Narrow
ea ; W         ; Wide

Returned values of 'W', 'F' and 'A' should be considered as full-width on Windows.

Reference: http://www.unicode.org/reports/tr44/tr44-4.html#Validation_of_Enumerated

On POSIX platform, the quote characters (u'“' and u'”') are considered as ambiguous, which are actually 1 character width in console. For console usage, you may try a 3rd-party library urwid:

1
2
3
4
5
6
7
>>> from urwid.util import str_util
>>> str_util.get_width(ord(u'x'))
1
>>> str_util.get_width(ord(u'“'))
1
>>> str_util.get_width(ord(u'你'))
2

发表于 更新于 分类于 文章标准 暂无

Just add --web.listen-address=:9100 behind ExecStart=/usr/local/bin/node_exporter in the config file.

It looks like

ExecStart=/usr/local/bin/node_exporter --web.listen-address=:[custum port]

发表于 更新于 分类于 文章标准 暂无

NVIDIA is providing a user-space daemon on Linux to support persistence of driver state across CUDA job runs. The daemon approach provides a more elegant and robust solution to this problem than persistence mode.

NVIDIA will support both solutions for the near future (likely through CUDA 8.0), but will focus all future development and bug fixes on the daemon.

The daemon is installed in /usr/bin, while sample installation and init scripts are included with the driver in the documentation directory. The scripts are provided as a guide for installing the daemon to run on system startup for some common init systems; they may require some changes for certain distributions, due to the wide variety of init system configurations.

NVIDIA encourages customers to shift to this daemon approach at their earliest availability.

Supported Environments

  • Drivers: R319 and higher
  • OSes: All standard driver-supported Linux platforms
  • GPUs: All shipping Tesla, Quadro and GRID products

Implementation Details

On Linux systems running the NVIDIA GPU driver, clients attach a GPU by opening its device file. Conversely, the GPU is detached by closing the device file. The GPU state remains loaded in the driver whenever one or more clients have the device file open. Once all clients have closed the device file, the GPU state will be unloaded unless persistence mode is enabled.

阅读全文 »

发表于 更新于 分类于 文章标准 暂无

这是由于 systemd-timesyncd 被误认为是一个用户 ID 而不是进程名。 使用 ps -ef 命令可以发现该问题。例如:

root     20366   779  0 21:05 ?        00:00:00 [autocleanStatus] <defunct>
root     20385   757  0 21:05 ?        00:00:00 sshd: git [priv]
<long hang>
62583    20396     1  2 21:06 ?        00:00:00 /lib/systemd/systemd-timesyncd

要解决该问题,一般重启即可。 也可以禁用 systemd-timesyncd 服务。

sudo systemctl stop systemd-timesyncd
sudo systemctl disable systemd-timesyncd

要想恢复被禁用的服务,可以使用:

sudo systemctl enable systemd-timesyncd
sudo systemctl start systemd-timesyncd

发表于 更新于 分类于 文章标准 暂无

在使用 Dell 服务器的过程中,如果可以进入系统,但是忘记 iDRAC 卡的地址,可以使用 ipmitool 这个工具来获取一下硬件信息,从而获得 iDRAC 地址。

IPMI(Intelligent Platform Management Interface)即智能平台管理接口,是使硬件管理具备“智能化”的新一代通用接口标准。 用户可以利用 IPMI 监视服务器的物理特征,如温度、电压、电扇工作状态、电源供应以及机箱入侵等。

安装 impitool

sudo apt install impitool

配置启用:

sudo modprobe ipmi_msghandler
sudo modprobe ipmi_devintf
sudo modprobe ipmi_si

接着,使用如下命令查看 iDRAC 地址:

ipmitool lan print