| #!/bin/sh | |
| # Enable and disable HDMI output on the Raspberry Pi | |
| is_off () | |
| { | |
| tvservice -s | grep "TV is off" >/dev/null | |
| } | |
| case $1 in |
| #!/bin/sh | |
| # | |
| # openssl-rekey -- generate a new key and CSR for each of the certificate | |
| # files specified on the command line. Submit the new | |
| # CSRs to your certificate authority for a free reissue. | |
| # Useful for rekeying after a compromise such as Heartbleed. | |
| # | |
| # See https://www.agwa.name/blog/post/responding_to_heartbleed_a_script_to_regenerate_ssl_certs_en_masse | |
| # |
| // This is C++11-only because it assumes that std::strings can | |
| // be accessed and mutated as a contiguous sequence of chars. | |
| std::string sys::readlink (const char* pathname) | |
| { | |
| std::string buffer(64, '\0'); | |
| ssize_t len; | |
| while ((len = ::readlink(pathname, &buffer[0], buffer.size())) == static_cast<ssize_t>(buffer.size())) { | |
| // buffer may have been truncated - grow and try again | |
| buffer.resize(buffer.size() * 2); |
| // Migrate an old-style git-crypt revamp branch key to a new-style git-crypt revamp branch key. | |
| // Reads old key from stdin and writes new key to stdout. | |
| // Compile with: c++ -o migrate-revamp-key migrate-revamp-key.cpp | |
| #include <iostream> | |
| #include <cstdlib> | |
| #include <cstring> | |
| static void grab (char* p, std::streamsize len) | |
| { |
| /* | |
| * Demonstrates that LibreSSL's PRNG is not fork-safe on Linux. | |
| * See https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux | |
| * This code is in the public domain. | |
| */ | |
| #include <openssl/rand.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <unistd.h> |
| diff -ru _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc | |
| --- _1/apt-0.9.7.9+deb7u4/apt-pkg/acquire-item.cc 2014-09-17 07:30:35.000000000 -0700 | |
| +++ _2/apt-0.9.7.9+deb7u5/apt-pkg/acquire-item.cc 2014-09-22 23:56:57.000000000 -0700 | |
| @@ -970,6 +970,12 @@ | |
| else | |
| Local = true; | |
| + // do not reverify cdrom sources as apt-cdrom may rewrite the Packages | |
| + // file when its doing the indexcopy | |
| + if (RealURI.substr(0,6) == "cdrom:" && |
| pkgname=git-crypt | |
| pkgver=0.4.2 | |
| pkgrel=1 | |
| pkgdesc="Transparent file encryption in Git" | |
| arch=('i686' 'x86_64') | |
| url="https://www.agwa.name/projects/${pkgname}/" | |
| license=('GPL3') | |
| depends=('git' 'openssl') | |
| provides=("$pkgname") | |
| conflicts=("${pkgname}-git") |
| /* | |
| * Demonstrates that an RSA signature does not uniquely identify a public key. | |
| * Given a signature, s, and a message m, it's possible to construct a new RSA key | |
| * pair such that s is a valid signature for m under the new key pair. | |
| * | |
| * Requires Go version >= 1.5. Go <= 1.4 doesn't work due to a bug in the bignum | |
| * package: https://github.com/golang/go/issues/9826 | |
| * | |
| * Written in 2015 by Andrew Ayer <agwa@andrewayer.name> | |
| * |
Save the route script to /usr/local/lib/openvpn/route on the client. Make it executable with chmod +x.
Remove the push redirect-gateway option from the OpenVPN server config.
Add these options to the OpenVPN client config:
setenv OPENVPN_ROUTE_TABLE 94
route-noexec
route-up /usr/local/lib/openvpn/route
route 0.0.0.0 128.0.0.0
| /* | |
| * Adds name constraints to a certificate. Useful if you need to | |
| * import your organization's private CA into your web browser, but | |
| * you only want to trust it for your organization's domains and not | |
| * the Internet at large. | |
| * | |
| * The certificate is re-signed by an ephemeral issuer with a random | |
| * key so you don't need access to the private key. A random serial number | |
| * is placed in the Issuer DN so browsers don't attempt to verify the | |
| * signature when you import the certificate. |