Total Pageviews

Monday, August 10, 2015

VirtualBox: Running Samba inside CentOS 7 guest and expose Samba shares to running Windows host

This was a problem puzzling me a complete day. My environment is as follows:
  • Running Windows 7 (64 Bit)
  • Using VirtualBox 5 to run CentOS 7 as Linux guest
I was looking for a solution to create a Samba share inside the CentOS guest, so I am able to access folders in the running CentOS guest from my Windows 7 host system.

I configured VirtualBox to use two network adapters (NAT and Host-Only).

I installed Samba on the CentOS guest and configured it as a Standalone Server. I created a Samba share called "data". See the full smb.conf here, the Samba share is defined at the end of the file:

 [global]  
      workgroup = WORKGROUP  
      server string = Samba Server Version %v  
      dns proxy = no  
      # log files split per-machine:  
      log file = /var/log/samba/log.%m  
      # maximum size of 50KB per log file, then rotate:  
      max log size = 50  
      security = user  
      passdb backend = tdbsam  
      load printers = yes  
      cups options = raw  
      server role = standalone server  
      encrypt passwords = true  
      guest ok = yes  
      usershare allow guests = yes  
      obey pam restrictions = yes  
      unix password sync = yes  
      passwd program = /usr/bin/passwd %u  
      passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .  
      pam password change = yes  
      map to guest = bad user  
 #============================ Share Definitions ==============================  
 [homes]  
      comment = Home Directories  
      browseable = no  
      writable = yes  
 ;     valid users = %S  
 ;     valid users = MYDOMAIN\%S  
 [printers]  
      comment = All Printers  
      path = /var/spool/samba  
      browseable = no  
      guest ok = no  
      writable = no  
      printable = yes  
 [data]  
      comment = Data Folder  
      path = /data  
      guest ok = yes  
      browseable = yes  
      create mask = 0777  
      directory mask = 0777  
      writable = yes  
      force create mode = 777  
      force directory mode = 777  
      force security mode = 777  
      force directory security mode = 777  

This Samba configuration works in an Ubuntu 14.04. VirtualBox guest OS perfectly. But no matter what I did, this configuration did not work in CentOS. I always got a "Permission denied" error when I tried to access the Samba share from the Windows host using

\\centos-guest\data\

Well it turned out, that the problem was a running firewall AND SELinux (Security-Enhanced Linux). To disable both do the following steps in CentOS:
  1. systemctl stop firewalld
  2. systemctl disalbe firewalld
  3. vi /etc/selinux/config

 # This file controls the state of SELinux on the system.  
 # SELINUX= can take one of these three values:  
 #   enforcing - SELinux security policy is enforced.  
 #   permissive - SELinux prints warnings instead of enforcing.  
 #   disabled - No SELinux policy is loaded.  
 SELINUX=disabled  
 # change  
 # SELINUXTYPE= can take one of these two values:  
 #   targeted - Targeted processes are protected,  
 #   minimum - Modification of targeted policy. Only selected processes are protected.  
 #   mls - Multi Level Security protection.  
 SELINUXTYPE=targeted  

After this, reboot the guest OS and you can access the samba shares of your CentOS guest on your Windows host.

But be warned, you disabled the firewall on your Linux guest OS!
If this is not what you want, you should find an alternative approach.

Saturday, June 14, 2014

Create and import a MySQL dump

Dumping a MySQL database is that simple:

 /path/to/mysqldump -u$DBUSER -p$DBPASSWD -h$DBHOST $DBNAME > $FILENAME  

Importing the dump back into a MySQL DB looks like this:

 /path/to/mysql -u $DBUSER -p$DBPASSWD --database=$DBNAME < $FILENAME  

If the database to import is encoded with UTF8 it might be necessary to use the option
--default_character_set

 /path/to/mysql -u $DBUSER -p$DBPASSWD --default_character_set utf8 --database=$DBNAME < $FILENAME  

Tuesday, June 10, 2014

How to get module name and application name in Java EE applications

It's been a long time since my last blog post, but here is an update :-)

For those of you who always wanted to get the name of the application or the module at runtime in a Java EE application, here is a solution:

 @Resource(lookup="java:module/ModuleName")  
 private String moduleName;

 @Resource(lookup="java:app/AppName")  
 private String applicationName;  

It's been there since Java EE 6 and it's easy and portable!

There is also the opportunity to get those names via JNDI lookup

 String myModuleName = (String) initialContext.lookup("java:module/ModuleName");  
 String myApplicationName = (String) initialContext.lookup("java:app/AppName");  

If you don't need the names in a field but just in a single method this is the way to go.

The default module name is the base name of an ejb-jar or WAR archive.
The default application name is the base name of an EAR archive.

Saturday, February 01, 2014

Solution for “Certificate has expired” in log when starting Glassfish 3.1.2

Since a few weeks my GlassFish installation produces an annoying message whenever it gets started. The message looks like this one posted on stackoverflow:


   ...  
    [exec]  
    [exec] [#|2013-08-15T08:57:42.106+0200|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.services.impl|_ThreadID=39;_ThreadName=Thread-2;|Grizzly  
 Framework 1.9.50 started in: 16ms - bound to [0.0.0.0:1307 6]|#]  
    [exec]  
    [exec] [#|2013-08-15T08:57:42.262+0200|INFO|glassfish3.1.2|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=1;_ThreadName=Thread-2;|GlassFish  
 Server Open Source Edition 3.1.2.2 (5) startup time : Felix (1'1  
 23ms), startup services(609ms), total(1'732ms)|#]  
    [exec]  
    [exec] [#|2013-08-15T08:57:42.309+0200|SEVERE|glassfish3.1.2|javax.enterprise.system.ssl.security.com.sun.enterprise.security.ssl.impl|_ThreadID=40;_ThreadName=Thread-2;|SEC5054:  
 Certificate has expired: [  
    [exec] [  
    [exec]  Version: V3  
    [exec]  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US  
    [exec]  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5  
    [exec]  
    [exec]  Key: Sun RSA public key, 2048 bits  
    [exec]  modulus: 237418898293472616608124373663877543854434319738611148654904141538840503317458119685231168476255701465927369352097185652960533868421359855348631579831288127741629980536737464707822524076734022381468699944387  
 29551246768368782318393878374421033907597162218758024581735139682087126982809511479059100617027892880227587855877479432885604404402435662802390484099065871430585284534529627347717530352189612077130606642676951640071336717026459037  
 542552927905851171460589361570392199748753414855675665635003335769915908187224347232807336022456537328962095005323382940080676931822787496212635993279098588863972868266229522169377  
    [exec]  public exponent: 65537  
    [exec]  Validity: [From: Fri Aug 14 16:50:00 CEST 1998,  
    [exec]        To: Thu Aug 15 01:59:00 CEST 2013]  
    [exec]  Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US  
    [exec]  SerialNumber: [  01b6]  
    [exec]  
    [exec] Certificate Extensions: 4  
    [exec] [1]: ObjectId: 2.5.29.19 Criticality=true  
    [exec] BasicConstraints:[  
    [exec]  CA:true  
    [exec]  PathLen:5  
    [exec] ]  
    [exec]  
    [exec] [2]: ObjectId: 2.5.29.32 Criticality=false  
    [exec] CertificatePolicies [  
    [exec]  [CertificatePolicyId: [1.2.840.113763.1.2.1.3]  
    [exec] [] ]  
    [exec] ]  
    [exec]  
    [exec] [3]: ObjectId: 2.5.29.15 Criticality=true  
    [exec] KeyUsage [  
    [exec]  Key_CertSign  
    [exec]  Crl_Sign  
    [exec] ]  
    [exec]  
    [exec] [4]: ObjectId: 2.5.29.14 Criticality=false  
    [exec] SubjectKeyIdentifier [  
    [exec] KeyIdentifier [  
    [exec] 0000: 76 0A 49 21 38 4C 9F DE  F8 C4 49 C7 71 71 91 9D v.I!8L....I.qq..  
    [exec] ]  
    [exec] ]  
    [exec]  
    [exec] ]  
    [exec]  Algorithm: [SHA1withRSA]  
    [exec]  Signature:  
    [exec] 0000: 41 3A D4 18 5B DA B8 DE  21 1C E1 8E 09 E5 F1 68 A:..[...!......h  
    [exec] 0010: 34 FF DE 96 F4 07 F5 A7  3C F3 AC 4A B1 9B FA 92 4.......<..J....  
    [exec] 0020: FA 9B ED E6 32 21 AA 4A  76 C5 DC 4F 38 E5 DF D5 ....2!.Jv..O8...  
    [exec] 0030: 86 E4 D5 C8 76 7D 98 D7  B1 CD 8F 4D B5 91 23 6C ....v......M..#l  
    [exec] 0040: 8B 8A EB EA 7C EF 14 94  C4 C6 F0 1F 4A 2D 32 71 ............J-2q  
    [exec] 0050: 63 2B 63 91 26 02 09 B6  80 1D ED E2 CC B8 7F DB c+c.&...........  
    [exec] 0060: 87 63 C8 E1 D0 6C 26 B1  35 1D 40 66 10 1B CD 95 .c...l&.5.@f....  
    [exec] 0070: 54 18 33 61 EC 13 4F DA  13 F7 99 AF 3E D0 CF 8E T.3a..O.....>...  
    [exec] 0080: A6 72 A2 B3 C3 05 9A C9  27 7D 92 CC 7E 52 8D B3 .r......'....R..  
    [exec] 0090: AB 70 6D 9E 89 9F 4D EB  1A 75 C2 98 AA D5 02 16 .pm...M..u......  
    [exec] 00A0: D7 0C 8A BF 25 E4 EB 2D  BC 98 E9 58 38 19 7C B9 ....%..-...X8...  
    [exec] 00B0: 37 FE DB E2 99 08 73 06  C7 97 83 6A 7D 10 01 2F 7.....s....j.../  
    [exec] 00C0: 32 B9 17 05 4A 65 E6 2F  CE BE 5E 53 A6 82 E9 9A 2...Je./..^S....  
    [exec] 00D0: 53 0A 84 74 2D 83 CA C8  94 16 76 5F 94 61 28 F0 S..t-.....v_.a(.  
    [exec] 00E0: 85 A7 39 BB D7 8B D9 A8  B2 13 1D 54 09 34 24 7D ..9........T.4$.  
    [exec] 00F0: 20 81 7D 66 7E A2 90 74  5C 10 C6 BD EC AB 1B C2  ..f...t\.......  
    [exec]  
    [exec] ]|#] ...  

There is a simple solution for it. 

Just remove the certificate from the GlassFish keystore. Here is just a simple example used with GlassFish on my Windows developer box. It is slightly different when using a clustered GlassFish.
  1. Open a DOS command shell
  2. Go to the directory $GLASSFISH_INSTALL/glassfish/domains/domain1/config
  3. Type in the following command and execute it
  4.  keytool -delete -alias gtecybertrust5ca -keystore cacerts.jks  
    
  5. In some cases you have to provide a password for the keystore. If you did not change that, it is the default GlassFish keystore password 'changeit'.
  6. You can verify whether the alias was deleted by executing the following command in a DOS shell
  7.  keytool -list -keystore cacerts.jks > keytool.output 
    
  8. Opening the file keytool.output in an editor and doing a search for gtecybertrust5ca should yield an empty result set.

Saturday, January 25, 2014

How to install Couch DB 1.5 on Ubuntu

A recent task I had to do on my home Ubuntu Linux box running 12.04. LTS was to install CouchDB. I needed it because I wanted to use ACRA as remote error reporting tool for Android Apps. Acra is completely open source (hosted on GitHub) and an incredible cool tool started by Kevin Gaudin.

I used to try it out using Iris Couch but it turns out for me that Iris Couch using the free of charge account is painful slow. Thus I decided to host my own CouchDB at home.

The Ubuntu repositories doesn't host an up to date version of Couch DB. I tried it using apt-get and got CouchDB version 1.0.1. This was not a viable choice, because I wanted to use the replicate function of CouchDB which only is available on version higher than 1.2.

I found a pretty good step by step guide in the Apache CouchDB wiki.
To sum it up:

I installed it by compiling it from source

using the following steps.

  1. Download CouchDB 1.5 sources
  2. Create a user and a group with name 'couchdb'. This is very important. Don't compile and install it with user 'root'. If you do it with root, CouchDB will not start nor write any error messages to any log file, because CouchDB will start under user 'couchdb' but all installed files and folders don't allow read or write access for any other user than 'root'. If you have compiled and installed it with user 'root' you have to adjust the permissions and owner rights of various files and folders by yourself. I have to admit that I did it with user 'root' the first time and it took me two hours to search for the causes and correct everything. So be warned ;-)
  3. Install at least the following packages.
  4.  sudo apt-get install -y g++  
     sudo apt-get install -y erlang-dev erlang-manpages erlang-base-hipe erlang-eunit erlang-nox erlang-xmerl erlang-inets  
     sudo apt-get install -y libmozjs185-dev libicu-dev libcurl4-gnutls-dev libtool  
    
  5. Extract and compile CouchDB using default installation directory /usr/local. You can change it by using a different --prefix when calling configure. Check manual.
  6.  cd /tmp && tar xvzf apache-couchdb-1.5.0.tar.gz  
     cd apache-couchdb-*  
     ./configure && make  
    
  7. Install CouchDB. CouchDB installs into /usr/local
  8.  sudo make install  
    
  9. Sometimes it's necessary to remove old stuff from ubuntu packages. This was not necessary in my case. But you can do the following:
  10.  sudo rm /etc/logrotate.d/couchdb /etc/init.d/couchdb  
    
  11. Install init scripts and logrotate
  12.  sudo ln -s /usr/local/etc/logrotate.d/couchdb /etc/logrotate.d/couchdb  
     sudo ln -s /usr/local/etc/init.d/couchdb /etc/init.d  
     sudo update-rc.d couchdb defaults  
    
  13. Verify that CouchDB is running
  14.  curl http://127.0.0.1:5984/  
    
    It should give you an output like this:
     {"couchdb":"Welcome","uuid":"5a23983ac768251e1c8d413bb52e67b5","version":"1.5.0","vendor":{"version":"1.5.0","name":"The Apache Software Foundation"}}  
    
  15. With this setup, CouchDB only listens on localhost (127.0.0.1). If you want CouchDB to listen on all interfaces and access it externally you have to configure it in /usr/local/etc/couchdb/local.ini
    Just look for the [httpd] section and uncomment the line starting with 'bind_address' and replace 127.0.0.1 with 0.0.0.0
  16.  [httpd]  
     ;port = 5984  
     bind_address = 0.0.0.0  
    
  17. Now restart CouchDB and you are done.
  18.  /etc/init.d/couchdb restart  
    
You are also able to install a CouchDB version built by source alongside the default Ubuntu package. Check out the step by step guide mentioned above to look how this is being achieved.

Thursday, January 02, 2014

Upgrading to Maven 3.1.1 caused Jenkins Maven Job to fail

After upgrading Maven on my Jenkins CI build server to version 3.1.1 (because the android-maven-plugin version 3.8.2 needs it) I encountered  problems with my Maven build jobs in Jenkins (version 1.544).
The error message looks something like this:

 ERROR: Failed to parse POMs  
 ...  
 ...  
 ...  
 Caused by: java.lang.ClassNotFoundException: org.apache.maven.cli.MavenLoggerManager  
      at org.codehaus.plexus.classworlds.strategy.SelfFirstStrategy.loadClass(SelfFirstStrategy.java:50)  
      at org.codehaus.plexus.classworlds.realm.ClassRealm.unsynchronizedLoadClass(ClassRealm.java:259)  
      at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(ClassRealm.java:235)  
      at org.codehaus.plexus.classworlds.realm.ClassRealm.loadClass(ClassRealm.java:227)  
      ... 18 more  

Googling around it seems someone else faced the same problem already. He also mentioned Jenkins issue JENKINS-15935 referring to that exact problem.
The solution is to update the Maven Project Plugin in Jenkins because the issue is fixed in Jenkins 1.509.
As of version 2.0 of the plugin, it is released separately but still bundled with Jenkins. Though, it might be the case, that the newest version of the plugin isn't bundled always with the jenkins release.

Sunday, December 22, 2013

How to install Jira 6.0.6 on a QNAP TS-569 Pro

The QNAP TS-569 Pro is a Intel Atom based NAS system. Therefore it should be no problem to run any Java based application on it.
I managed to get JDK 7 up and running as well, so Jira should be possible too. I installed version 6.0.6, 32 bit edition, but newer versions should run as well.
Keep in mind that the QNAP TS-569 Pro is running a 32 Bit Linux, despite the fact that the underlying architecture is 64 bit.
I upgraded my RAM to 4GB because running Java server applications like Jira or Confluence need more than the stock 1GB.

Assumptions:

  1. All commands are executed using a ssh connection (admin user) to the TS-569 Pro
  2. I did not use a bash environment. Only the built in sh shell was used.
  3. In general you don't need a separate installation of Java 6 or 7, because Jira comes with a bundled JRE 7. My NAS already had a JDK 7 installation with JAVA_HOME pointing to that location. But in principle this should not be necessary.
  4. To configure the MySQL service I used the phpmyadmin QPKG installation
  5. To make things a little bit easier for me and to have more Linux feeling I installed Optware IPKG 
Brief installation instructions:
  1. Create an installation directory for Jira. I chose /share/MD0_Data/Opt/jira but this is totally free and up to you.
  2. Download the 32 Bit installer version of Jira. and save it to a folder on your NAS. It is a script which contains the complete Jira distribution. You don't have to extract anything manual. 
  3. Change into the directory where the downloaded file resides
  4. If not already done make the script executable: chmod +x atlassian-jira-6.0.6-x32.bin
  5. Start the script by executing: ./atlassian-jira-6.0.6-x32.bin
  6. You will get an error saying:
    Sorry, but I could not find gunzip in path. Aborting
  7. I found the solution for that problem in this forum post:
    The gunzip Version on the QNAP seems to be a different one than the script is expecting. The option -V is not recognized by the QNAP gunzip version.
    So just load the script into an editor of your choice (I used the ipkg emacs version) and remove these lines from the script and save it afterwards:
  8.  gunzip -V > /dev/null 2>&1  
     if [ "$?" -ne "0" ]; then  
      echo "Sorry, but I could not find gunzip in path. Aborting."  
      exit 1  
     fi  
    
  9. Start the script again and wait a couple of minutes (yes indeed, it took 2-3 minutes on my NAS)
  10. The console installer starts after the script extracted the installation files and you can continue your Jira installation just like described in the official Jira installation documentation.
  11. You may tweak the JVM settings in the setenv.sh file of your Jira installation to adjust memory settings.
  12. That's it. The next thing would be to create start/stop scripts for the runlevels to make the Jira service start whenever the NAS is starting. This is stuff for one of the next articles.

Monday, December 09, 2013

Useful Subversion pre-commit hook script for Linux servers

Looking for useful subversion pre-commit hooks? Maybe this script is for you. It's a Linux bash shell script and makes also use of python.
The script does the following:

  1. Checks whether the commit message is not empty
  2. Checks whether the commit message consists of at least 5 characters
  3. Checks if the committed files are UTF-8 compliant
  4. Checks whether the svn:eol-style property is set to LF on newly added files
  5. Checks if the committed files have no TAB characters

The UTF-8 and TAB checks are performed on the following file suffixes
  • *.java
  • *.js
  • *.xhtml
  • *.css
  • *.xml
  • *.properties (only check for TABs here, no check for UTF-8 compliance)
It should be easy to adjust those settings to your needs.

 #!/bin/bash  
   
 REPOS="$1"  
 TXN="$2"  
   
   
 # Make sure that the log message contains some text.  
 SVNLOOK=/usr/bin/svnlook  
 ICONV=/usr/bin/iconv  
   
 SVNLOOKOK=1  
 $SVNLOOK log -t "$TXN" "$REPOS" | \  
 grep "[a-zA-Z0-9]" > /dev/null || SVNLOOKOK=0  
 if [ $SVNLOOKOK = 0 ]; then  
  echo "Empty log messages are not allowed. Please provide a proper log message." >&2  
  exit 1  
 fi  
   
 # Comments should have more than 5 characters  
 LOGMSG=$($SVNLOOK log -t "$TXN" "$REPOS" | grep [a-zA-Z0-9] | wc -c)  
   
 if [ "$LOGMSG" -lt 6 ]; then  
  echo -e "Please provide a meaningful comment when committing changes." 1>&2  
  exit 1  
 fi  
   
 # Make sure that all files to be committed are encoded in UTF-8.  
 while read changeline;   
 do  
   
   # Get just the file (not the add / update / etc. status).  
   file=${changeline:4}  
   
   # Only check source files.  
   if [[ $file == *.java || $file == *.xhtml || $file == *.css || $file == *.xml || $file == *.js ]] ; then  
     $SVNLOOK cat -t "$TXN" "$REPOS" "$file" | $ICONV -f UTF-8 -t UTF-8 -o /dev/null  
     if [ "${PIPESTATUS[1]}" != 0 ] ; then  
       echo "Only UTF-8 files can be committed ("$file")" 1>&2  
       exit 1  
     fi  
   fi  
 done < <($SVNLOOK changed -t "$TXN" "$REPOS")  
   
 # Check files for svn:eol-style property  
 # Exit on all errors.  
 set -e  
 EOL_STYLE="LF"  
 echo "`$SVNLOOK changed -t "$TXN" "$REPOS"`" | while read REPOS_PATH  
 do  
  if [[ $REPOS_PATH =~ A[[:blank:]]{3}(.*)\.(java|css|properties|xhtml|xml|js) ]]  
  then  
   if [ ${#BASH_REMATCH[*]} -ge 2 ]  
     then  
   FILENAME=${BASH_REMATCH[1]}.${BASH_REMATCH[2]};  
   
   # Make sure every file has the right svn:eol-style property set  
    if [ $EOL_STYLE != "`$SVNLOOK propget -t \"$TXN\" \"$REPOS\" svn:eol-style \"$FILENAME\" 2> /dev/null`" ]  
     then  
     ERROR=1;  
       echo "svn ps svn:eol-style $EOL_STYLE \"$FILENAME\"" >&2  
    fi  
   fi  
  fi  
  test -z $ERROR || (echo "Please execute above commands to correct svn property settings. EOL Style LF must be used!" >& 2; exit 1)  
 done  
   
   
   
 # Block commits with tabs  
 # This is coded in python  
 # Exit on all errors  
 set -e  
   
 $SVNLOOK diff -t "$TXN" "$REPOS" | python /dev/fd/3 3<<'EOF'  
 import sys  
 ignore = True  
 SUFFIXES = [ ".java", ".css", ".xhtml", ".js", ".xml", ".properties" ]  
 filename = None  
   
 for ln in sys.stdin:  
   
     if ignore and ln.startswith("+++ "):  
         filename = ln[4:ln.find("\t")].strip()  
         ignore = not reduce(lambda x, y: x or y, map(lambda x: filename.endswith(x), SUFFIXES))  
   
     elif not ignore:  
         if ln.startswith("+"):  
           
            if ln.count("\t") > 0:  
               sys.stderr.write("\n*** Transaction blocked, %s contains tab character:\n\n%s" % (filename, ln))  
               sys.exit(1)  
   
         if not (ln.startswith("@") or \  
            ln.startswith("-") or \  
            ln.startswith("+") or \  
            ln.startswith(" ")):  
   
            ignore = True  
   
 sys.exit(0)  
 EOF  
   
 # All checks passed, so allow the commit.  
 exit 0  
   

Friday, November 08, 2013

Hit Ctrl+F9 in Intellij IDEA when JRebel does not work as expected

Often the solution for a problem is so damn easy when you know the cause of the problem ...
Intellij IDEA doesn't have an autocompile feature similar to Eclipse. So if you want your new code to be generated as a class file you have to hit Ctrl+F9 manually.
Well, the same is true when using JRebel. This great piece of software can only detect a change in a class file if the changed class file is generated by a compiler first.
So in case you are using IDEA in conjunction with JRebel and you wonder, why the heck this new code isn't replaced by JRebel on the fly you must hit Ctrl+F9 to generate a new class version and to trigger JRebel afterwards.

One other thing to keep in mind when working with WAR or EAR artifacts in IDEA is to deploy those artifacts as exploded ones!


Monday, October 07, 2013

Installing Android 4.3 OTA Update on rooted Nexus 7

Ok, the 4.3 OTA update is out now for a few months, but I didn't find the time to do the update on my rooted Nexus 7 device.
Another reason for the delay was the fact, that the Nexus 7 Toolkit wasn't released until a few weeks ago. My Nexus 7 already showed me the information that a new update was downloaded and ready to install.
Well, finally I decided to do the install (making a full Nandroid backup prior to the update), but when hitting the button "Reboot and Install" nothing happened.
Usually after waiting 10 seconds the device should reboot and install the update, but the reboot did not occur. My battery wasn't the problem, because it was almost fully charged.
First thing coming to my mind was to flash back the stock recovery. Unfortunately that didn't solve the problem.
The next thing I did was do hit the button "Delete data" of the app "Google Service Framework". This usually forces the system to reset the update state and check for newly available system updates.
And this did the trick. Clicking on "System Updates" the device told me that it was uptodate with a last check date of January 1st, 1970. So I manually hit the button to check for new updates and my device started to download a fresh copy of the 4.3 stock rom.
Now hitting the button "Reboot and Install" rebooted the device and installed the Android 4.3 update.