Bazarr error – externally-managed-environment

ERROR (init:97) – BAZARR requirements.txt installation result: b’error: externally-managed-environment\n\n\xc3\x97 This environment is externally managed\n\xe2\x95\xb0\xe2\x94\x80> To install Python packages system-wide, try apt install\n python3-xyz, where xyz is the package you are trying to\n install.\n \n If you wish to install a non-Debian-packaged Python package,\n create a virtual environment using python3 -m venv path/to/venv.\n Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make\n sure you have python3-full installed.\n \n If you wish to install a non-Debian packaged Python application,\n it may be easiest to use pipx install xyz, which will manage a\n virtual environment for you. Make sure you have pipx installed.\n \n See /usr/share/doc/python3.11/README.venv for more information.\n\nnote: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing –break-system-packages.\nhint: See PEP 668 for the detailed specification.\n’

After upgrading from Debian 11 to Debian 12, my Bazarr service would not start. Initially, I was thrown off by messaging that indicated that Bazarr does not work with Python versions above 3.10.x – but I soon learned that to be false. I’m running version 1.2.4 of Bazarr, the latest general release at the time of this writing. Trying to solve this problem led me down a rabbit hole of various issues and potential solutions, all centered around creating a Python venv and obtaining Setuptools in a version different than what system-wide Debian provides. None of it quite worked.

Here is what fixed my problem:

  1. Install python3-full: sudo apt install python3-full
  2. Rename the EXTERNALLY-MANAGED file: sudo mv /usr/lib/python3.11/EXTERNALLY-MANAGED /usr/lib/python3.11/EXTERNALLY-MANAGED.old
  3. Download the latest Bazarr zip and expand it over my existing directory
    • wget https://github.com/morpheus65535/bazarr/releases/download/v1.2.4/bazarr.zip
    • unzip /opt/bazarr/ bazarr.zip (or wherever you have bazarr located)
  4. Install unrar: sudo apt install unrar
  5. Create a venv in my bazarr directory
    • cd /opt/bazarr (or wherever you have bazarr located)
    • python3 -m venv .venv
    • source .venv/bin/activate
  6. Install the requirements in the venv: python3 -m pip install --break-system-packages -r requirements.txt
  7. Finally, start Bazarr: python3 /opt/bazarr/bazarr.py
  8. Check to see if it starts successfully, if so, CTRL+C to stop it, and start the service version: sudo systemctl start bazarr

Possible missing firmware for module tg3

When recently updating my Debian 9 Stretch’s boot image, it produced the following warning:

W: Possible missing firmware /lib/firmware/tigon/tg3_tso5.bin for module tg3
W: Possible missing firmware /lib/firmware/tigon/tg3_tso.bin for module tg3
W: Possible missing firmware /lib/firmware/tigon/tg3.bin for module tg3

That doesn’t look good! Without this module, I suspect my network card will not work after reboot. What’s needed is the package firmware-linux-nonfree but it’s not available in the standard Debian free repos – you need the nonfree repo.

Edit your /etc/apt/sources.list and add the following:

deb http://ftp.de.debian.org/debian stretch main non-free

You can install firmware-linux-nonfree with apt-get, which will allow your adapter requiring the tg3 module to continue working.

Postfix: TLS is required, but our TLS engine is unavailable

Recently, emails sent from my Postfix mail server to my Gmail account were getting tagged as ‘insecure’. Come to find out, they were no longer sending with TLS. They were defaulting back to open SMTP over port 25. Why? Because Debian’s ca-certificates.crt had updated and that removed the CA needed to make my site’s certificate valid – and I use that same certificate to encrypt my TLS SMTP traffic.

First, to diagnose the problem, I forced TLS in my main.cf and turned on TLS logging with the following settings:

smtp_enforce_tls=yes
smtp_tls_loglevel=1

I then restarted Postfix with:

sudo service postfix restart

After restarting, Postfix provides the following error in its logs when attempting to send email:

TLS is required, but our TLS engine is unavailable

Earlier in the log file, it indicates a failure to load the CA file that validates the cert and key files. So, here’s the solution:

  1. Make sure your cert and CA files are located in /etc/ssl/certs
  2. Run the following command: sudo update-ca-certificates –fresh
  3. Then go to your Postfix main.cf and verify the following lines are there (and comment out any conflicting lines):
     smtpd_use_tls=yes
     smtp_use_tls=yes
     smtpd_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
     smtpd_tls_cert_file=/etc/ssl/certs/YOUR_CERT.crt
     smtpd_tls_key_file=/etc/ssl/YOUR_PRIVATE_KEY.key
     smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
     smtp_tls_key_file=/etc/ssl/YOUR_PRIVATE_KEY.key
     smtp_tls_cert_file=/etc/ssl/certs/YOUR_CERT.crt
     smtpd_tls_security_level=encrypt
     smtp_tls_security_level=encrypt
  4. Restart the Postfix service again.
  5. Send an email to an @gmail.com address – you should no longer see the unlocked icon under the sender information.