Skip to content

Instantly share code, notes, and snippets.

View conorsch's full-sized avatar

Conor Schaefer conorsch

104 followers · 14 following
  • San Francisco
View GitHub Profile
@conorsch
conorsch / Containerfile
Created January 26, 2023 18:01
container spec for building Penumbra under Ubuntu 20.04
FROM ubuntu:focal as builder
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y \
build-essential \
clang \
libssl-dev \
pkg-config \
git \
curl
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
@conorsch
conorsch / gist:b9ba5da6bfb8d9f6607989cf7e7c1818
Last active December 5, 2022 22:47
pd logs from testnet
root@testnet2:~# docker logs 9ca2f2534fea | grep WARN
2022-12-05T22:43:55.208874Z WARN unexpected content-length found, canceling
root@testnet2:~# docker logs 9ca2f2534fea | tail
2022-12-05T22:41:30.866346Z DEBUG grpc{remote_addr=149.102.146.79:40176}:compact_block_range{start_height=388 end_height=0 keep_alive=true}: finished request, client requested keep-alive, continuing to stream blocks cur_height=700
2022-12-05T22:41:38.891292Z DEBUG grpc{remote_addr=216.243.44.102:63613}:compact_block_range{start_height=388 end_height=0 keep_alive=true}: catching up from start height to current end height end_height=700
2022-12-05T22:41:38.895547Z DEBUG grpc{remote_addr=216.243.44.102:63613}:compact_block_range{start_height=388 end_height=0 keep_alive=true}: finished request, client requested keep-alive, continuing to stream blocks cur_height=700
2022-12-05T22:41:47.677073Z DEBUG grpc{remote_addr=216.243.44.102:63615}:compact_block_range{start_height=388 end_height=0 keep_alive=true}: catching up from start height to
@conorsch
conorsch / securedrop-client-toxiproxy.md
Created November 24, 2021 00:17

Faking a slow network in Client dev

The SecureDrop Client is designed to connect over an Onion service. Tor can be slow: several-second latency is not uncommon. When working on the Client UI, it's easy to overlook how rendering will happen on a production install, if you're connecting to services on your location workstation (e.g. via make dev in the SecureDrop repo).

Enter toxiproxy. That tool will allow you to inject latency between the client and the server sockets on your workstation.

git clone https://github.com/shopify/toxiproxy
cd toxiproxy
make build # requires golang, otherwise fetch the artifacts from release page
@conorsch
conorsch / vidchat.sh
Created November 2, 2021 22:09
Utility script for Qubes OS, to prepare vidchat VMs.
#!/bin/bash
# Utility script for Qubes OS, to prepare vidchat VMs.
# Handles attaching web & mic, also raises scheduling priority
# to ensure that the vidchat VM stays snappy (reduces jitter).
set -eu -o pipefail
# Default to vidchat, but support overriding
default_vm="${VIDCHAT_VM=vidchat}"
target_vm="${1:-$default_vm}"
@conorsch
conorsch / Dockerfile
Created October 4, 2021 21:27
docker STR to observe LE failure on FPF apt-test repo
# Intentionally using an old tag, to test old Focal packages
# See here for options: https://quay.io/repository/freedomofpress/sd-docker-builder-focal?tab=tags
# See related expiry info for LE HTTPS certs here:
# https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
FROM quay.io/freedomofpress/sd-docker-builder-focal:2021_04_14
RUN apt-get update && apt-get install -y curl apt-transport-https gnupg2
# Uncomment the upgrade task below to see a working build!
# RUN apt-get upgrade -y
@conorsch
conorsch / copy-sd-staging-creds-to-sdw.py
Created September 24, 2021 17:14
#!/usr/bin/env python3
# Utility script to copy SecureDrop staging VM connection info
# from a "securedrop" repo to a "securedrop-workstation" repo,
# formatted for use in securedrop-workstation provisioning.
# The CWD where this script is run should contain:
#
# * config.json - which will has its "hidserv.hostname" and "hidserv.key" overridden
# * sd-journalist.sec - containing the private key whose pubkey is on SD Application Server
#
# Also make sure the fingerprint is correct (staging by default is
@conorsch
conorsch / qubes-480-wifi-debug.md
Last active April 22, 2021 22:52
Debugging loss of wifi functionality on Qubes, on a Lenovo Thinkpad T480

First, add the following to sys-net:/rw/config/suspend-module-blacklist:

iwlmvm
iwlwifi

Order is important. Then, copy this patch to sys-net, saving it as /home/user/prepare-suspend.patch:

@conorsch
conorsch / gist:261d71988744d6cab91ed0c502df8e11
Created March 17, 2021 22:27
def test_spectre_meltdown_checker(host):
"""
Runs the "spectre-meltdown-checker" script to evaluate
vulnerability for CPU side-channel attacks.
"""
if not host.exists("/usr/bin/spectre-meltdown-checker"):
warnings.warn("Installing spectre-meltdown-checker to run CPU tests")
with host.sudo():
host.run("apt-get install -y spectre-meltdown-checker")
try:
@conorsch
conorsch / gist:f70854ed62a63efeeb3eefd8c959fb35
Last active March 17, 2021 20:50
diff --git a/scripts/build-debianpackage b/scripts/build-debianpackage
index 3b7e521..e697eeb 100755
--- a/scripts/build-debianpackage
+++ b/scripts/build-debianpackage
@@ -83,7 +83,7 @@ function build_source_tarball() {
rm -rf "$build_dir"
git clone "$repo_url" "$build_dir"
- if [[ -n "$PKG_GITREF" ]]; then
+ if [[ -n "${PKG_GITREF:-}" ]]; then
@conorsch
conorsch / repo-channel-test.log
Created January 21, 2021 01:56
demonstrates broken focal channel for apt-test.freedom.press
$ cat Dockerfile
ARG DISTRO
FROM ubuntu:$DISTRO
ARG DISTRO
RUN apt-get update && apt-get install -y curl apt-transport-https gnupg2
RUN printf 'deb [arch=amd64] https://apt-test.freedom.press %s main\n' ${DISTRO} > /etc/apt/sources.list.d/apt-test.list
RUN curl -sL -o /tmp/apt-test.asc https://raw.githubusercontent.com/freedomofpress/securedrop/develop/install_files/ansible-base/roles/install-fpf-repo/files/apt-test-signing-key.pub
RUN apt-key add /tmp/apt-test.asc
RUN apt-get update
RUN apt-get download securedrop-config