Skip to content

Instantly share code, notes, and snippets.

View alexlarsson's full-sized avatar

Alexander Larsson alexlarsson

View GitHub Profile
package main
import (
"archive/tar"
"compress/gzip"
"fmt"
"io"
"os"
)
@alexlarsson
alexlarsson / gist:c8e3277d2678c1061319
Last active June 2, 2020 00:41
Private files in docker container

Private files in docker container

It is sometimes necessary to have files in a container that shouldn't ever end up in an image. These files are generally some form of private key or password that aren't allowed to be distributed. This document details a few usecases for such files and their requirements.

Use Cases

Private keys for packages

Keybase proof

I hereby claim:

  • I am alexlarsson on github.
  • I am alexl (https://keybase.io/alexl) on keybase.
  • I have a public key whose fingerprint is 6A2B 067F B5E1 7A1A 3FC8 A0DA EB62 16DD B76C 70E9

To claim this, I am signing this object:

{
"app-id": "net.supertuxkart.SuperTuxKart",
"runtime": "org.freedesktop.Platform",
"runtime-version": "1.4",
"sdk": "org.freedesktop.Sdk",
"rename-desktop-file": "supertuxkart.desktop",
"rename-icon": "supertuxkart",
"command": "supertuxkart",
"finish-args": ["--share=ipc", "--socket=x11", "--socket=pulseaudio", "--share=network", "--device=dri"],
"build-options" : {
{
"id": "org.freedesktop.Sdk.Extension.gfortran-62",
"branch": "1.6",
"runtime": "org.freedesktop.Sdk",
"build-extension": true,
"sdk": "org.freedesktop.Sdk",
"runtime-version": "1.6",
"sdk-extensions": [],
"separate-locales": false,
"cleanup": [ "/share/info", "/share/man" ],
{
"id": "org.freedesktop.Platform.Icontheme.Paper",
"branch": "1.0",
"runtime": "org.freedesktop.Sdk",
"build-extension": true,
"sdk": "org.freedesktop.Sdk",
"runtime-version": "1.6",
"sdk-extensions": [],
"separate-locales": false,
"cleanup": [ "/share/info", "/share/man" ],
/*
* Copyright © 2017 Red Hat, Inc
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
@alexlarsson
alexlarsson / test_seccomp.c
Last active May 30, 2017 14:02
seccomp test
/* Build with:
gcc -o test_seccomp `pkg-config --cflags --libs glib-2.0 libseccomp` test_seccomp.c
*/
#define _GNU_SOURCE
#include <string.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/utsname.h>
{
"app-id": "org.test.MultiArch",
"runtime": "org.freedesktop.Platform",
"runtime-version": "1.6",
"sdk": "org.freedesktop.Sdk",
"command": "glxgears",
"finish-args": [
"--device=dri",
"--socket=x11",
"--allow=multiarch",
{
"app-id": "org.test.IBus",
"runtime": "org.gnome.Platform",
"runtime-version": "3.24",
"sdk": "org.gnome.Sdk",
"command": "/usr/bin/zenity",
"finish-args": [
/* X11 + XShm access */
"--share=ipc", "--socket=x11",
/* Wayland access */