Skip to content

Instantly share code, notes, and snippets.

View dlorenc's full-sized avatar

dlorenc

277 followers · 1 following
View GitHub Profile
@dlorenc
dlorenc / gist:623d473b0de1ce76786dea0de28bd1a4
Created March 30, 2021 15:25
$ ./cosign sign -key cosign.key bundle.bar/u/danlorenc/test:v1
Enter password for private key:
Pushing signature to: bundle.bar/u/danlorenc/test:sha256-b423a188fced3b57b330289f60f2317bd947a3f77d823c4fee209dbd58bc2f1f.cosign
error: PUT https://bundle.bar/v2/u/danlorenc/test/manifests/sha256-b423a188fced3b57b330289f60f2317bd947a3f77d823c4fee209dbd58bc2f1f.cosign: unexpected status code 500 Internal Server Error: {"error":"Something has gone terribly wrong."}
@dlorenc
dlorenc / signed-artifacts.sh
Created March 27, 2021 02:24
## It Works!
## I signed cosign itself!
$ oras push us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact ./cosign
Uploading f53604826795 cosign
Pushed us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact
Digest: sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
$ cosign sign -key cosign.key us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact@sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
Enter password for private key:
Pushing signature to: us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact:sha256-551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef.cosign
$ cosign verify -key cosign.pub us-central1-docker.pkg.dev/dlorenc-vmtest2/test/artifact@sha256:551e6cce7ed2e5c914998f931b277bc879e675b74843e6f29bc17f3b5f692bef
@dlorenc
dlorenc / docker-cache.sh
Created December 29, 2020 13:54
# First try, we get edb8f4a65586 as our hash
$ cat << EOF | docker build --no-cache -
> FROM alpine
> RUN touch foo
> EOF
Sending build context to Docker daemon 2.048kB
Step 1/2 : FROM alpine
---> a24bb4013296
Step 2/2 : RUN touch foo
---> Running in 9687f21f4edb
@dlorenc
dlorenc / grafana 7.2.1 snyk yarn
Created December 28, 2020 16:47
$ snyk test
Testing /Users/dlorenc/go/src/github.com/grafana/grafana...
Tested 461 dependencies for known issues, found 12 issues, 22 vulnerable paths.
Issues to fix by upgrading:
Upgrade angular@1.6.9 to angular@1.8.0 to fix
@dlorenc
dlorenc / archived
Last active December 23, 2020 00:17
#!/bin/bash
# This doesn't handle vanity imports.
repos=$(go list -mod=readonly -u -m all | cut -d' ' -f1 | grep github)
# Should probably use the API, but rate-limiting...
for r in $repos; do
if curl -L https://$r 2>/dev/null | grep "This repository has been archived";then
echo "$r is archived";
fi;
@dlorenc
dlorenc / kubernetes snyk
Last active December 19, 2020 14:00
✗ Low severity vulnerability found in k8s.io/kubernetes
Description: Denial of Service (DoS)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETESSTAGINGSRCK8SIOCLIENTGOUTILJSONPATH-597671
Introduced through: k8s.io/kubernetes@0.0.0
From: k8s.io/kubernetes@0.0.0
Fixed in: 1.19.0-rc.4
✗ Medium severity vulnerability found in k8s.io/kubernetes
Description: Man-in-the-Middle (MitM)
Info: https://snyk.io/vuln/SNYK-GOLANG-K8SIOKUBERNETES-1048855
@dlorenc
dlorenc / gist:fd1a5ebcb0665ba77b25c84006359d24
Created November 27, 2020 14:07
type RemoteRef struct {
Url string
Sha string
}
type InlineData []byte
type Content struct {
// oneOf RemoteRef|Data
RemoteRef RemoteRef
@dlorenc
dlorenc / libyear.go
Created November 6, 2020 21:27
package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"log"
"os"
"os/exec"
@dlorenc
dlorenc / medium-macstadium.yaml
Created December 22, 2019 20:26
apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
name: orka-script
spec:
inputs:
# This also requires a secret called "macstadium" to exist with the following keys:
# token: the orka API auth token. Can be obtained from the $HOME/./.config/configstore/orka-cli.json file
# after an `orka login`
# license: the orka API license. Can be obtained from your IP plan.
@dlorenc
dlorenc / ip-masquerade.yaml
Created December 22, 2019 20:24
apiVersion: v1
kind: ConfigMap
metadata:
name: ip-masq-agent
namespace: kube-system
data:
config: |+
nonMasqueradeCIDRs:
- 10.40.0.0/14
resyncInterval: 60s