I feel your pain.
I have rebooted so many tmes in the last 24 hours it is driving my family nuts. I have tried CRLF and LF
It almost seems like if you change the EOL while OH is working it stops reporting it, but if you then reboot it starts again.
This needs sorting with some clear instructions as to what is supposed to work as trying to reverse engineer what it wants is not going well.
Regards
Paul.
What do I do with dynamically created exec commands, for example:
executeCommandLine("/home/mythtv/openHAB/fritzbox.sh mark " + receivedCommand.toString)
I also have curl commands with dynamically created URLs.
There needs to be support for patterns.
You mean Actions?
The whitelist process is prevent bad actor using REST API to create exec Things that can then execute arbitrary code.
REST API cannot be used to run Actions like executeCommandLine() so the whitelist doesn’t apply.
In short, have you tried it?
This is a reasonable possibility. Not sure how this would affect the watcher that monitors the file for changes.
No, I did not. I wanted to ask before I upgrade. So, if it is only creating exec Things, then I have no problem. Thanks!
maybe I’m late to the party. Openhab2 got very angry at me when I started it again after clearing /var/lib/openhab2/cache/* and /var/lib/openhab2/tmp/*, it literally threw 17MB/minute of java errors. Those things hurt me physically.
Like I see it reported here by many others, creating a whitelist and paste the needed lines into it did not suffice. It is unclear to me, why: I made an error with the permissions for the misc folder at first and promptly saw a line in openhab.log that reading the whitelist was skipped cause of permission problems. So the file gets accessed.
I fixed the permissions and tested it in the openhab user context like
$ sudo -u openhab grep '/local/scripts/steckdosen.sh 3 %2$s' /etc/openhab2/misc/exec.whitelist
/local/scripts/steckdosen.sh 3 %2$s
so could be sure that it was readable, but exec still did not work, same error message about not contained in whitelist…
I did a
$ sudo -u openhab touch /etc/openhab2/misc/exec.whitelist
then and suddenly the binding started to cooperate.
Hm, I have a cron job restarting openhab2 every second day (to keep those ‘event took longer than 5000 ms’ messages away), it will need a companion cron job to touch that whitelist. Not exactly elegant, is it?
For me, this kind of communication is difficult. I am a Windows 10 standard user and no software expert. Solved the issue like following, and hope that this can help other users like me:
Created a misc folder and the exec.whitelist file C:\openHAB2\conf\misc\exec.whitelist
Have many Curl commands driving an Arduino as infrared transmitter for multiple automations as below (example). The complete strings as shown need to be in the exec.whitelist, separated using LF (not CRLF). With CRLF it doesn’t work out. Used notepad++ and replaced \r\n by \n to assure this.
If the exec binding is running, a new command is working out immediately.
C:\Curl\curl -i “http://192.168.1.101/messages” -H “X-Requested-With: curl” -d “{“freq”:38,“format”:“raw”,“data”:[6648,3228,904,735,904,735,904,735,904,735,904,735,904,735,904,2368,904,761,904,761,904,761,904,761,904,761,904,761,904,761,904,761,904,761,904,761,904,761,904,2368,904,735,904,2368,904,735,904,735,904,735,904,2368,904,735,904,735,904,735,904,735,904,735,904,735,904,2451,904,2451,904,735,904,2368,904,735,904,735,904,2368,904,735,904,735,904,735,904,2368,904,2368,904,735,904,735,904,735,904,2368,904,2368,904,735,904,735,904,2368,904,2368,904,2368,904,735,904,735,904,735,904,2368,904,735,904,2368,904,735,904,735,904,2368,904,2368,904,2368,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,2368,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,735,904,2368,904,735,904,735,904,735,904,2368,904,735,904]}”
A workarround as Windows equivalent to the Linux “touch” command (after an openhab restart) is “copy exec.whitelist+”. This generates a new file with a new timestamp and without any changed content. Can be used until the bug is fixed.
Same here…I’ve to “touch” the file after every restart. Then the binding works as expexted.
Olli
what about adding the touch command to the startup procedure of the service or using the at command if the touch command has to be started a few minutes after openhab is up and running ?
It’s actually perfectly understandable. It’s moronic, but it’s perfectly understandable.
But the whole whitelist “feature” is not user-friendly.
You must include the full text of every command in the whitelist file. If you modify the whitelist file while the binding is running, the change should be available immediately.
Thanks for your reply. Lets say: i don’t understand it, am not a maintainer, okay? But i also am not a very beginner in openHAB. Please advise where the file needs to be stored within in a Windows installation. Have no misc folder yet, but i have a conf folder. The full text then means the complete string as in my post above? How do the various strings have to be separated? Thanks in advance.
Sorry, but this doesn’t help me because i do not understand it. My Windows 10 install is under:
C:\openHAB2\conf…but there i have no misc folder. Do i have to create such folder and to store the file there? Linux pathes seem to be different.
You are right. According to https://www.openhab.org/docs/installation/windows.html the windows directory that is equivalent to OPENHAB_CONF is c:\openhab2\conf. Create the misc folder in this directory and the exec.whitelist in the misc folder.
I use the following little workaround:
/etc/openhab2/rules/exec.rules:
rule "exec whitelist workaround"
when
System started
then
executeCommandLine("/bin/touch /etc/openhab2/misc/exec.whitelist")
end
It’s important, that misc/exec.whitelist is owned by user openhab (not root), otherwise openhab isn’t allowed to touch the file and this doesn’t work.
No idea, whether there is an equivalent to the touch command on a Windows system.
Maybe this is useful for someone else…
The need to touch the file is a bug. A fix is already on the way: https://github.com/openhab/openhab-addons/pull/7049
Regarding the debug-log: if anything throws, the whitelist will not be available. So why should one print a parts of a non-working whitelist instead of an error-message?
So that one can see what was read. Otherwise there’s no way to know.
The exception is thrown by Files.lines. Splitting file-reading and parsing would not help, you would either get nothing or everything, like it is now: if the file cannot be read nothing, if it can be read, everything.