Snawoot

## linuxefi_disable_sb_fallback.patch
From 3627951693d3e40b5d263ca567ef990edf7b7c2f Mon Sep 17 00:00:00 2001
From: Linn Crosetto <linn@hpe.com>
Date: Tue, 5 Apr 2016 11:49:05 -0600
Subject: Disallow unsigned kernels if UEFI Secure Boot is enabled

If UEFI Secure Boot is enabled and kernel signature verification fails, do not
boot the kernel. Before this change, if kernel signature verification failed
then GRUB would fall back to calling ExitBootServices() and continuing the
boot.

## pmsr-0.2.9-parsing.patch
diff --git a/postfix_mta_sts_resolver/responder.py b/postfix_mta_sts_resolver/responder.py
index 841210d..80e79b9 100644
--- a/postfix_mta_sts_resolver/responder.py
+++ b/postfix_mta_sts_resolver/responder.py
@@ -158,7 +158,7 @@ class STSSocketmapResponder(object):

     async def handler(self, reader, writer):
         # Construct netstring parser
-        self._decoder = pynetstring.Decoder()
+        decoder = pynetstring.Decoder()

## ptime.py
#!/usr/bin/env python3

import ctypes
import datetime
import time
import multiprocessing
import itertools

libc = ctypes.CDLL('libc.so.6')

## sbsigntools-0.9.2-static.tar.xz

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              0 stars
            
          
                Snawoot
                / sbsigntools-0.9.2-static.tar.xz
            
            
              Last active
              May 16, 2019 12:48
            
              
                sbsigntools-0.9.2 static build. Source: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git/
              
          
      This file has been truncated, but you can view the full file.
    

            View raw
        
    
## efitools-1.9.2-static.tar.xz

      
              1 file
            
          
              0 forks
            
          
              1 comment
            
          
              0 stars
            
          
                Snawoot
                / efitools-1.9.2-static.tar.xz
            
            
              Last active
              May 22, 2019 17:49
            
              
                efitools-1.9.2 static build. Source code: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git
              
          
      This file has been truncated, but you can view the full file.
    

            View raw
        
    
## build-efitools-1.9.2.sh
#!/bin/sh
make CRTOBJ=crt0-efi-x64.o \
  LDSCRIPT=elf_x64_efi.lds \
  LDFLAGS='-nostdlib -L /usr/lib64/gnuefi -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -L /usr/lib/gnuefi -L /usr/lib64/gnuefi -T $(LDSCRIPT)' \
  INCDIR='-I$(TOPDIR)include -I/usr/include/efi -I/usr/include/efi/x64 -I/usr/include/efi/protocol' && \
sudo make install

## fedora_clean_kernels.sh
#!/bin/sh
dnf remove $(dnf repoquery --installonly --latest-limit=-1 -q)

## gc_test.py
#!/usr/bin/env python3

import gc
import time

class MyClass:
    pass


class GCProfiler:

## gist:a3a92c310381a5cab4d7b6a0756db936

moreentropy 20 hours ago [-]

This was exactly my experience from two years ago. But to my surprise with recent gpg2 versions most of those issues are gone (plus EC ssh key files are supported, older gpg-agent could only do RSA)

scdaemon used to crash all the time, that doesn't happen anymore. GPG doesn't lock the card so I have to stop scdaemon to use it w/ other apps.

So for the last half year I've happily used gpg-agent/scdaemon also as SSH agent and it works really well without any issues.

But setting this up (w/ Ubuntu+Gnome) is still a ridiculous task:

## lualib.conf
# located at /etc/nginx/conf.d/lualib.conf
lua_package_path "/etc/nginx/lualib/?.lua;;";
	From 3627951693d3e40b5d263ca567ef990edf7b7c2f Mon Sep 17 00:00:00 2001
	From: Linn Crosetto <linn@hpe.com>
	Date: Tue, 5 Apr 2016 11:49:05 -0600
	Subject: Disallow unsigned kernels if UEFI Secure Boot is enabled

	If UEFI Secure Boot is enabled and kernel signature verification fails, do not
	boot the kernel. Before this change, if kernel signature verification failed
	then GRUB would fall back to calling ExitBootServices() and continuing the
	boot.
	diff --git a/postfix_mta_sts_resolver/responder.py b/postfix_mta_sts_resolver/responder.py
	index 841210d..80e79b9 100644
	--- a/postfix_mta_sts_resolver/responder.py
	+++ b/postfix_mta_sts_resolver/responder.py
	@@ -158,7 +158,7 @@ class STSSocketmapResponder(object):

	async def handler(self, reader, writer):
	# Construct netstring parser
	- self._decoder = pynetstring.Decoder()
	+ decoder = pynetstring.Decoder()
	#!/usr/bin/env python3

	import ctypes
	import datetime
	import time
	import multiprocessing
	import itertools

	libc = ctypes.CDLL('libc.so.6')
	#!/bin/sh
	make CRTOBJ=crt0-efi-x64.o \
	LDSCRIPT=elf_x64_efi.lds \
	LDFLAGS='-nostdlib -L /usr/lib64/gnuefi -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -L /usr/lib/gnuefi -L /usr/lib64/gnuefi -T $(LDSCRIPT)' \
	INCDIR='-I$(TOPDIR)include -I/usr/include/efi -I/usr/include/efi/x64 -I/usr/include/efi/protocol' && \
	sudo make install
	#!/bin/sh
	dnf remove $(dnf repoquery --installonly --latest-limit=-1 -q)
	#!/usr/bin/env python3

	import gc
	import time

	class MyClass:
	pass


	class GCProfiler:

	moreentropy 20 hours ago [-]

	This was exactly my experience from two years ago. But to my surprise with recent gpg2 versions most of those issues are gone (plus EC ssh key files are supported, older gpg-agent could only do RSA)

	scdaemon used to crash all the time, that doesn't happen anymore. GPG doesn't lock the card so I have to stop scdaemon to use it w/ other apps.

	So for the last half year I've happily used gpg-agent/scdaemon also as SSH agent and it works really well without any issues.

	But setting this up (w/ Ubuntu+Gnome) is still a ridiculous task:
	# located at /etc/nginx/conf.d/lualib.conf
	lua_package_path "/etc/nginx/lualib/?.lua;;";