Skip to content

Instantly share code, notes, and snippets.

Andrew Ayer AGWA

Block or report user

Report or block AGWA

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@AGWA
AGWA / rpi-hdmi.sh
Last active Dec 4, 2019
Enable and disable the HDMI port on the Raspberry Pi: `rpi-hdmi on` to turn on, `rpi-hdmi off` to turn off. X is properly reinitialized when re-enabling.
View rpi-hdmi.sh
#!/bin/sh
# Enable and disable HDMI output on the Raspberry Pi
is_off ()
{
tvservice -s | grep "TV is off" >/dev/null
}
case $1 in
@AGWA
AGWA / openssl-rekey.sh
Last active Aug 29, 2015
Generate a new key and CSR for each of the SSL certificate files specified on the command line. Submit the new CSRs to your certificate authority for a free reissue. Useful for rekeying after a compromise such as Heartbleed. See https://www.agwa.name/blog/post/responding_to_heartbleed_a_script_to_regenerate_ssl_certs_en_masse
View openssl-rekey.sh
#!/bin/sh
#
# openssl-rekey -- generate a new key and CSR for each of the certificate
# files specified on the command line. Submit the new
# CSRs to your certificate authority for a free reissue.
# Useful for rekeying after a compromise such as Heartbleed.
#
# See https://www.agwa.name/blog/post/responding_to_heartbleed_a_script_to_regenerate_ssl_certs_en_masse
#
@AGWA
AGWA / readlink.cpp
Last active Oct 8, 2015
C++ readlink wrapper
View readlink.cpp
@AGWA
AGWA / migrate-revamp-key.cpp
Created Jul 5, 2014
Tool to migrate a git-crypt revamp branch key
View migrate-revamp-key.cpp
// Migrate an old-style git-crypt revamp branch key to a new-style git-crypt revamp branch key.
// Reads old key from stdin and writes new key to stdout.
// Compile with: c++ -o migrate-revamp-key migrate-revamp-key.cpp
#include <iostream>
#include <cstdlib>
#include <cstring>
static void grab (char* p, std::streamsize len)
{
@AGWA
AGWA / fork_rand.c
Last active Oct 11, 2018
Demonstrates that LibreSSL's PRNG is not fork-safe on Linux. See https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
View fork_rand.c
/*
* Demonstrates that LibreSSL's PRNG is not fork-safe on Linux.
* See https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux
* This code is in the public domain.
*/
#include <openssl/rand.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@AGWA
AGWA / apt.diff
Created Sep 23, 2014
Diff between apt-0.9.7.9+deb7u4 and apt-0.9.7.9+deb7u5
View apt.diff
diff -ru _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc
--- _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc 2014-09-17 07:30:35.000000000 -0700
+++ _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc 2014-09-22 23:56:57.000000000 -0700
@@ -970,6 +970,12 @@
else
Local = true;
+ // do not reverify cdrom sources as apt-cdrom may rewrite the Packages
+ // file when its doing the indexcopy
+ if (RealURI.substr(0,6) == "cdrom:" &&
@AGWA
AGWA / PKGBUILD
Created May 12, 2015
Fixed PKGBUILD for git-crypt
View PKGBUILD
pkgname=git-crypt
pkgver=0.4.2
pkgrel=1
pkgdesc="Transparent file encryption in Git"
arch=('i686' 'x86_64')
url="https://www.agwa.name/projects/${pkgname}/"
license=('GPL3')
depends=('git' 'openssl')
provides=("$pkgname")
conflicts=("${pkgname}-git")
@AGWA
AGWA / cook_rsa_key.go
Last active Oct 11, 2018
Demonstrates that an RSA signature does not uniquely identify a public key.
View cook_rsa_key.go
/*
* Demonstrates that an RSA signature does not uniquely identify a public key.
* Given a signature, s, and a message m, it's possible to construct a new RSA key
* pair such that s is a valid signature for m under the new key pair.
*
* Requires Go version >= 1.5. Go <= 1.4 doesn't work due to a bug in the bignum
* package: https://github.com/golang/go/issues/9826
*
* Written in 2015 by Andrew Ayer <agwa@andrewayer.name>
*
@AGWA
AGWA / isolated_openvpn_routes.md
Last active Sep 11, 2019
Isolated OpenVPN routing table on Linux
View isolated_openvpn_routes.md

Save the route script to /usr/local/lib/openvpn/route on the client. Make it executable with chmod +x.

Remove the push redirect-gateway option from the OpenVPN server config.

Add these options to the OpenVPN client config:

setenv OPENVPN_ROUTE_TABLE 94
route-noexec
route-up /usr/local/lib/openvpn/route
route 0.0.0.0 128.0.0.0
@AGWA
AGWA / name_constrain.go
Last active Dec 3, 2015
Go program to add name constraints to a certificate
View name_constrain.go
/*
* Adds name constraints to a certificate. Useful if you need to
* import your organization's private CA into your web browser, but
* you only want to trust it for your organization's domains and not
* the Internet at large.
*
* The certificate is re-signed by an ephemeral issuer with a random
* key so you don't need access to the private key. A random serial number
* is placed in the Issuer DN so browsers don't attempt to verify the
* signature when you import the certificate.
You can’t perform that action at this time.