Skip to content

Instantly share code, notes, and snippets.

View build-exec-monitors.sh
#!/bin/bash
# Also see: https://gist.github.com/bureado/16df777c1f9883ef919a5cc0c30eaba3
case "$1" in
init)
# Install dependencies
sudo apt update && sudo apt install jq auditd -y
# Start auditd
sudo systemctl start auditd.service
View hash-to-buildinfo.sh
#!/bin/sh
# Usage: ./hash-to-buildinfo.sh <.deb package>
# Works with deb packages obtained from a Debian archive
# Assumes rekor CLI is in ./
# This all exists because https://unix.stackexchange.com/a/612931
# https://unix.stackexchange.com/a/673157
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=763822
View build-input-monitors.sh
#!/bin/sh
# See: https://hackmd.io/@aeva/draft-gitbom-spec
# Also see: https://gist.github.com/bureado/0e4b53e90ac1263b7c5ed908dbe2cb50
# Today I would look at witness, tracee, and many others.
# TODO: make sure $BUILDDIR is a --git-dir
BUILDDIR=$1
TIMEOUT=5
View apt-sbom.md

Conceptual SBOM model for an APT-based Linux distribution

This is a draft of an entirely exploratory learning exercise to generate SBOMs from first principles that can accompany an APT-based Linux distribution, which in this context is either a disk or a container image obtained from any source including runtime instances, packaged images, debootstraps, etc. Input and comments welcome: Twitter and also on the CNCF, CycloneDX, CDF, Sigstore and other Slacks.

Status

Here's the current version of the output (SPDX) which features:

  • Identifying information for the primary component (at this time, the debian:latest container image)
  • purl identifiers for each binary package in the image
@bureado
bureado / fosdem-2020.md
Created Jan 20, 2020
JMP - FOSDEM 2020 Tracking Gist
View fosdem-2020.md
View simple-apache-way.md

The Apache Way

Adapted from Briefing: The Apache Way

The Apache Way is not One Way. Every Apache project is unique and every member describes their experience with their own words. But here are some attributes that everyone in Apache embraces.

People

Apache is made of people, not organizations. Contributions are voluntary and all votes weigh the same. A strong community can always make good code better.

@bureado
bureado / k-docs-es-tips.md
Last active May 28, 2019
Tips & tricks #kubernetes-docs-es
View k-docs-es-tips.md

Tips & tricks para contribuir a #kubernetes-docs-es

¿Por dónde empiezo?

Este documento no sustituye los lineamientos de estilo y procedimientos formales del proyecto. Te sugerimos las siguientes lecturas previas:

@bureado
bureado / sustainability-elsewhere-resources.md
Last active Mar 14, 2019
Resources for the "Open Source Sustainability Elsewhere" exercise
View sustainability-elsewhere-resources.md

Here are the accompanying resources for The Future of Open Source Sustainability, as Seen Elsewhere, a talk presented at the Open Source Leadership Summit 2019.

It's my hope that communities can bring these questions to a broader sample, focusing on more equal gender representation and detecting significant differences across native languages and community of affinity (e.g., CNCF, Python, JS, etc.)

See the slides for additional commentary and my key takeaways and insights for the sample below or subscribe to RSS for new developments on this topic.

Feedback, questions and comments are very welcome! Get in touch.

Questions asked

@bureado
bureado / photon-azure.sh
Last active Mar 10, 2019
Deploys Photon OS 3.0 GA in Azure
View photon-azure.sh
#!/bin/sh
#
# This script deploys a custom Photon 3.0 GA VHD to Azure and starts a VM
# See https://dev.to/bureado/getting-started-with-photon-os-on-azure-32h8 for more.
#
# Usage: ./script.sh photon.vhd
#
set -x