Skip to content

Instantly share code, notes, and snippets.

Avatar

Andrew Ayer AGWA

View GitHub Profile
@AGWA
AGWA / rpi-hdmi.sh
Last active Sep 22, 2020
Enable and disable the HDMI port on the Raspberry Pi: `rpi-hdmi on` to turn on, `rpi-hdmi off` to turn off. X is properly reinitialized when re-enabling.
View rpi-hdmi.sh
#!/bin/sh
# Enable and disable HDMI output on the Raspberry Pi
is_off ()
{
tvservice -s | grep "TV is off" >/dev/null
}
case $1 in
@AGWA
AGWA / openssl-rekey.sh
Last active Aug 29, 2015
Generate a new key and CSR for each of the SSL certificate files specified on the command line. Submit the new CSRs to your certificate authority for a free reissue. Useful for rekeying after a compromise such as Heartbleed. See https://www.agwa.name/blog/post/responding_to_heartbleed_a_script_to_regenerate_ssl_certs_en_masse
View openssl-rekey.sh
#!/bin/sh
#
# openssl-rekey -- generate a new key and CSR for each of the certificate
# files specified on the command line. Submit the new
# CSRs to your certificate authority for a free reissue.
# Useful for rekeying after a compromise such as Heartbleed.
#
# See https://www.agwa.name/blog/post/responding_to_heartbleed_a_script_to_regenerate_ssl_certs_en_masse
#
@AGWA
AGWA / readlink.cpp
Last active Oct 8, 2015
C++ readlink wrapper
View readlink.cpp
@AGWA
AGWA / migrate-revamp-key.cpp
Created Jul 5, 2014
Tool to migrate a git-crypt revamp branch key
View migrate-revamp-key.cpp
// Migrate an old-style git-crypt revamp branch key to a new-style git-crypt revamp branch key.
// Reads old key from stdin and writes new key to stdout.
// Compile with: c++ -o migrate-revamp-key migrate-revamp-key.cpp
#include <iostream>
#include <cstdlib>
#include <cstring>
static void grab (char* p, std::streamsize len)
{
@AGWA
AGWA / fork_rand.c
Last active Oct 11, 2018
Demonstrates that LibreSSL's PRNG is not fork-safe on Linux. See https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
View fork_rand.c
/*
* Demonstrates that LibreSSL's PRNG is not fork-safe on Linux.
* See https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
* This code is in the public domain.
*/
#include <openssl/rand.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@AGWA
AGWA / apt.diff
Created Sep 23, 2014
Diff between apt-0.9.7.9+deb7u4 and apt-0.9.7.9+deb7u5
View apt.diff
diff -ru _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc
--- _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc 2014-09-17 07:30:35.000000000 -0700
+++ _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc 2014-09-22 23:56:57.000000000 -0700
@@ -970,6 +970,12 @@
else
Local = true;
+ // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
+ // file when its doing the indexcopy
+ if (RealURI.substr(0,6) == "cdrom:" &&
@AGWA
AGWA / PKGBUILD
Created May 12, 2015
Fixed PKGBUILD for git-crypt
View PKGBUILD
pkgname=git-crypt
pkgver=0.4.2
pkgrel=1
pkgdesc="Transparent file encryption in Git"
arch=('i686' 'x86_64')
url="https://www.agwa.name/projects/${pkgname}/"
license=('GPL3')
depends=('git' 'openssl')
provides=("$pkgname")
conflicts=("${pkgname}-git")
@AGWA
AGWA / cook_rsa_key.go
Last active Oct 11, 2018
Demonstrates that an RSA signature does not uniquely identify a public key.
View cook_rsa_key.go
/*
* Demonstrates that an RSA signature does not uniquely identify a public key.
* Given a signature, s, and a message m, it's possible to construct a new RSA key
* pair such that s is a valid signature for m under the new key pair.
*
* Requires Go version >= 1.5. Go <= 1.4 doesn't work due to a bug in the bignum
* package: https://github.com/golang/go/issues/9826
*
* Written in 2015 by Andrew Ayer <agwa@andrewayer.name>
*
@AGWA
AGWA / isolated_openvpn_routes.md
Last active Sep 11, 2019
Isolated OpenVPN routing table on Linux
View isolated_openvpn_routes.md

Save the route script to /usr/local/lib/openvpn/route on the client. Make it executable with chmod +x.

Remove the push redirect-gateway option from the OpenVPN server config.

Add these options to the OpenVPN client config:

setenv OPENVPN_ROUTE_TABLE 94
route-noexec
route-up /usr/local/lib/openvpn/route
route 0.0.0.0 128.0.0.0
@AGWA
AGWA / name_constrain.go
Last active Dec 3, 2015
Go program to add name constraints to a certificate
View name_constrain.go
/*
* Adds name constraints to a certificate. Useful if you need to
* import your organization's private CA into your web browser, but
* you only want to trust it for your organization's domains and not
* the Internet at large.
*
* The certificate is re-signed by an ephemeral issuer with a random
* key so you don't need access to the private key. A random serial number
* is placed in the Issuer DN so browsers don't attempt to verify the
* signature when you import the certificate.
You can’t perform that action at this time.