Skip to content

Instantly share code, notes, and snippets.

View HacKanCuBa's full-sized avatar
⛷️
Also in gitlab.com/hackancuba

Iván || HacKan HacKanCuBa

⛷️
Also in gitlab.com/hackancuba
60 followers · 50 following
View GitHub Profile
@HacKanCuBa
HacKanCuBa / settings.py
Last active March 20, 2020 00:29
Django 2 + REST Framework 3 generic settings: it uses env vars with mostly safe defaults (replace PROJNAME for the name of your project; read through the settings and change what you need)
"""
Django settings for PROJNAME project.
Generated by 'django-admin startproject' using Django 2.1.5.
For more information on this file, see
https://docs.djangoproject.com/en/2.1/topics/settings/
For the full list of settings and their values, see
https://docs.djangoproject.com/en/2.1/ref/settings/
@HacKanCuBa
HacKanCuBa / hashlib_timing.py
Created March 30, 2020 19:49
Measure execution time of hashing functions from hashlib in Python3
"""Time hashlib hashing functions.
Useful to help decide which one to use if time is of the escence. I still recommend
blake2 or sha384.
Copyright © 2020 HacKan <@hackancuba>
This program is free software. It comes without any warranty, to
the extent permitted by applicable law. You can redistribute it
and/or modify it under the terms of the Do What The Fuck You Want
@HacKanCuBa
HacKanCuBa / time_calc.py
Last active August 19, 2020 20:30
Calculate and sum time differences easily
# Copyright © 2020 HacKan
# This work is free. You can redistribute it and/or modify it under the
# terms of the Do What The Fuck You Want To Public License, Version 2,
# as published by Sam Hocevar. See http://www.wtfpl.net/ for more details.
#
# This software is provided as-is. You are free to use, share, modify
# and share modifications under the terms of that license. Attribution
# is not required to share but is appreciated.
"""Calculate and sum time differences easily.
@HacKanCuBa
HacKanCuBa / minisign.pub
Last active September 20, 2020 22:51
My minisign public key (cross posted as a snippet https://gitlab.com/-/snippets/2017082 )
untrusted comment: HacKan minisign public key 8FE49E3814424F5C
RWRcT0IUOJ7kj6AFLyI3pHmT6dhr+WN8C2FR6HguMmEK0MnsSImqSmjg
@HacKanCuBa
HacKanCuBa / properly-signing-gh-release-packages.md
Last active September 21, 2020 16:17
Properly signing Github releases

Github automatically generates .tar.gz and .zip packages of the repository when a release or pre-release is created under releases. However, these packages are not signed! The tag might be signed but if a user downloads one of those, there's no true certification of its content, rather than pure trust on Github.

However, you can edit a release after it's generated to upload files, and this is how you upload signature files for those packages (as I usually do). But, to sign them, you need to first download them and, of course, verify them! Otherwise, you'll be signing your trust to Github without checking!

I will be using a tool I created to do recursive blake2 checksums called b2rsum. You can use any other tool that does the same if you want.

To properly verify those packages, do the following:

  1. Create a temporal directory to store all files, lets call it /tmp/github.
  2. Copy your source code to a subdirectory there: cp -r ~/code/myproject /tmp/github/orig.
@HacKanCuBa
HacKanCuBa / cached.py
Last active February 9, 2021 16:08
Django Cached: simple cache abstract classes to create and use cached objects.
"""Handle object caching and data retrieval from API endpoints.
These abstract classes makes it easy to use Django's cache with a custom
object, and are very flexible. It support slots natively, and logs cache
hits/misses.
:Requirements:
- Django 2.0+
- Python 3.6+
@HacKanCuBa
HacKanCuBa / encoder.py
Last active January 20, 2022 15:01
Encode with custom alphabet
def encode_int(number: int, *, alphabet: bytes) -> bytes:
"""Encode given number using the characters from the alphabet."""
if number < 0:
raise ValueError('number must be positive')
if len(alphabet) != len(set(alphabet)):
raise ValueError('characters in the alphabet must be unique')
if number == 0:
return alphabet[0:1]
@HacKanCuBa
HacKanCuBa / sshd_config
Last active May 16, 2022 22:33
Modern secure SSH daemon config
# Modern secure (OpenSSH Server 7+) SSHd config by HacKan
# Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)
# Server fingerprint
# Regenerate with: ssh-keygen -o -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
HostKey /etc/ssh/ssh_host_rsa_key
# Regerate with: ssh-keygen -o -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
HostKey /etc/ssh/ssh_host_ed25519_key
# Log for audit, even users' key fingerprint
@HacKanCuBa
HacKanCuBa / blake2signer.py
Last active December 6, 2022 00:04
Blake2Signer: use BLAKE2 in keyed hashing mode to sign and verify data. DEPRECATED BY https://blake2signer.hackan.net | https://gitlab.com/hackancuba/blake2signer | https://pypi.org/project/blake2signer
# ---
# DEPRECATED BY: https://gitlab.com/hackancuba/blake2signer
# ---
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
#
# by HacKan (https://hackan.net), 2020.
# This software is provided as-is. You are free to use, share, modify
# and share modifications under the terms of that license, even with
@HacKanCuBa
HacKanCuBa / encrypted_swap_hibernation_debian9.md
Last active January 21, 2023 21:15
Encrypted SWAP hibernation in Debian 9+

Encrypted SWAP hibernation in Debian 9+

It took me about 6 hours to find out all of this, but after reading a ton of man pages, initram scripts, and bug reports, I got a working result that takes about 2' to set up...

The point is to have a SWAP partition encrypted with LUKS, and it should be decypted during boot.

When using SysV, initram hooks and scripts in Debian worked like a charm but then, Systemd came and it's not yet fully implemented so this kind of crap happens. Systemd's cryptsetup doesn't support parameters in /etc/crypttab so using a script there is ignored:

/* Options Debian's crypttab knows we don't: