bbb-install icon indicating copy to clipboard operation
bbb-install copied to clipboard
verified publisher icon bigbluebutton

Install script not proxy compatible part 1: Use of gpg.1.sh

Open motsiw opened this issue 3 years ago • 9 comments

Issue: If you're behind a proxy server and have no direct internet connection, bbb won't be set up correctly by bbb-install. Installation fails.

Workaround: Currently, administrators have to download bbb-install.sh, go to line 567 and add [trusted=yes] to line echo "deb https://$PACKAGE_REPOSITORY/$VERSION bigbluebutton-$DISTRO main" > /etc/apt/sources.list.d/bigbluebutton.list to make the installation work. From a security perspective, this isn't a good solution.

Reason afaik: During installation, a mechanism is used that isn't proxy comatible. The following line times out after a minute without a direct internet connection. Consequently the installation fails: Executing: /tmp/apt-key-gpghome.bLLhRq4MaG/gpg.1.sh --keyserver keyserver.ubuntu.com --recv-keys 5AFA7A83

Please fix. Thanks!

motsiw avatar Feb 19 '22 11:02 motsiw

The bbb-install.sh script uses apt-key, which in turn creates a temporary shell script and finally executes gpg to retrieve the key. At the end it is gpg fighting with (missing) proxy configuration. To fix this issue, we need to replace apt-key by a better solution. See issue #134 and issue #414 for further details.

Apropos: Do you plan to communicate with participiants in the Internet? How do you do this without any direct communication channel to them?

michi-80337 avatar Feb 22 '22 14:02 michi-80337

Thank you for your reply.

I use BBB as an internal platform in a company where people use direct acess (MS automatic VPN solution) to connect their computers to the company network. So there's no need to place the BBB server outside of this intranet (and it's great to integrate greenlight with the Active Directory BTW).

Any internet access for clients and servers is done via proxy server for security reasons.

Seems as if apt-key's behaviour was changed, so any proxy setting is ignored now. I'm not the only person with a problem like this...

I was able to set up 2.2 (Ubuntu 16) in a few minutes behind the internet proxy. 2.4 (Ubuntu 18) took me several days to understand what's happening with this and the other issue and finding installation workarounds. BBB works perfectly, but currently is a pain to install without direct internet connection.

motsiw avatar Feb 22 '22 15:02 motsiw

I think the line sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 5AFA7A83 should be replaced by wget -qO- "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xfc8a16625afa7a83" | sudo apt-key add - This would fix the issue.

motsiw avatar Feb 24 '22 10:02 motsiw

Hit:1 http://ppa.launchpad.net/bigbluebutton/support/ubuntu focal InRelease Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Hit:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease
Hit:4 http://archive.ubuntu.com/ubuntu focal-security InRelease Get:5 https://ubuntu.bigbluebutton.org/focal-250 bigbluebutton-focal InRelease [2529 B] Err:5 https://ubuntu.bigbluebutton.org/focal-250 bigbluebutton-focal InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 37B5DD5EFAB46452 Reading package lists... Done W: GPG error: https://ubuntu.bigbluebutton.org/focal-250 bigbluebutton-focal InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 37B5DD5EFAB46452 E: The repository 'https://ubuntu.bigbluebutton.org/focal-250 bigbluebutton-focal InRelease' is not signed. N: Updating from such a repository can't be done securely, and is therefore disabled by default. N: See apt-secure(8) manpage for repository creation and user configuration details.

similar problem in proxmox container

DDQW avatar Jun 25 '22 11:06 DDQW

Hi @DDQW, what happens when you run the command

wget -qO- "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0xfc8a16625afa7a83" | sudo apt-key add -

to explicitly add the key?

ffdixon avatar Jun 26 '22 19:06 ffdixon

it adds the key and i can install afterwards.

sadly greenlight shouts 502 bad gateway when i try to start a room. Even though bbb-conf check finds no errors.

DDQW avatar Jun 27 '22 08:06 DDQW

Running bbb-conf will check BigBlueButton, but not the connection with GreenLight. See

https://docs.bigbluebutton.org/greenlight/gl-install.html#verifying-configuration

ffdixon avatar Jun 27 '22 11:06 ffdixon 

Date: Mon, 27 Jun 2022 21:27:01 +0000 (UTC)

/etc/cron.hourly/bbb-restart-kms:
/etc/cron.hourly/bbb-restart-kms: line 19: [: uncaught exception: Error: count failed: {
        "topologyVersion" : {
                "processId" : ObjectId("62b758592a9fa181b68d6554"),
                "counter" : NumberLong(0)
        },
        "ok" : 0,
        "errmsg" : "not master and slaveOk=false",
        "code" : 13435,
        "codeName" : "NotPrimaryNoSecondaryOk"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBCollection.prototype.count@src/mongo/shell/collection.js:1401:15
@(shell eval):1:1
exiting with code -4: integer expression expected

I found this in my root mail.

and this from greenlight check

Warning: parser/current is loading parser/ruby27, which recognizes2.7.6-compliant syntax, but you are running 2.7.5.
Please see https://github.com/whitequark/parser#compatibility-with-ruby-mri.

Checking environment: Passed
Checking Connection: Passed
Checking Secret: Passed

DDQW avatar Jun 27 '22 21:06 DDQW

With a proxy, the good command is : sudo apt-key adv --keyserver hkps://keyserver.ubuntu.com:443 --keyserver-options http-proxy=http://PROXY_IP:PROXY_PORT --recv-keys 5AFA7A83

Enjoy it

prbond avatar Nov 04 '22 10:11 prbond