geoff-nixon

#!/bin/sh
# How to "bake in" root certs in OpenSSL libcrypto (for OS X, etc), like node.js?
#
# https://hynek.me/articles/apple-openssl-verification-surprises/
#
# https://developer.apple.com/library/mac/documentation/Security/Conceptual/cryptoservices/SecureNetworkCommunicationAPIs/SecureNetworkCommunicationAPIs.html
#
# http://daniel.haxx.se/blog/2011/11/05/apples-modified-ca-cert-handling-and-curl/
#
# https://github.com/nodejs/node/commit/3beb880716654dbb2bbb9e333758825172951775

geoff-nixon

Affected Target

Per github/github/README.md:

This is GitHub.com and GitHub Enterprise.

But note I would have selected 'Enterprise' if it were an option. It could also be said to be Gist, or API, etc.

Vulnerability Class

geoff-nixon

#!/usr/bin/sudo sh

## ruby_revealer.sh -- decrypt obfuscated GHE .rb files. 2.0.0 to 2.3.1+.

## From `strings ruby_concealer.so`:
##
## > This obfuscation is intended to discourage GitHub Enterprise customers
## > from making modifications to the VM.
##
## Well, good, as long as its not intended to discourage *me* from doing this!

geoff-nixon

#!/bin/sh -x # Bootstrap a toolchain from scratch on Chrome OS. WIP.

die(){ printf "%s\n" "$@" && exit 1  ;}
warn(){ printf "%s\n" "$@"; return 0 ;}
download(){ curl -L\# "$1" ;}
alias grep=\grep

# Some rather terse error messages.
nocrossystem(){ die "No crossystem. Are you sure you're running Chrome OS?" ;}
nox86_64arch(){ die "Sorry, x86_64 is the only supported arch at present."  ;}

geoff-nixon

class Ghc < Formula
  homepage "https://haskell.org/ghc/"
  url "https://downloads.haskell.org/~ghc/7.10.1/ghc-7.10.1-src.tar.xz"
  sha256 "92f3e3d67a637c587c49b61c704a670953509eb4b17a93c0c2ac153da4cd3aa0"

  option "with-tests", "Verify the build using the testsuite."

  if MacOS.version <= :lion
    fails_with :clang do
      cause <<-EOS.undent

geoff-nixon

#!/bin/sh -x

unset AR
unset LIBTOOL
unset LD
 
PREFIX=/cores/llvm-trunk
TMP_PREFIX=/tmp/llvm

BUILD=x86_64-apple-darwin11

geoff-nixon

diff --git a/ext/digest/md5/extconf.rb b/ext/digest/md5/extconf.rb
index dbef087..5da1cc7 100644
--- a/ext/digest/md5/extconf.rb
+++ b/ext/digest/md5/extconf.rb
@@ -17,7 +17,7 @@ if !with_config("bundled-md5") &&
     OpenSSL.check_func("MD5_Transform", "openssl/md5.h")
   $objs << "md5ossl.#{$OBJEXT}"
 else
-  $objs << "md5.#{$OBJEXT}"
+  $objs << "md5cc.#{$OBJEXT}"

geoff-nixon

#!/bin/sh ## which(1) written in pure POSIX shell.

## A `which` utility is *not* included in the POSIX standard.
## This version upports -s (silent) and -a (all), and -v (verbose).

## (c) 2015 Geoff Nixon. Public Domain; no warranty expressed or implied.

which(){
  which_try=
  which_result=

geoff-nixon

// So, this used to be a really terrible shell script I wrote years ago.
// Its was buggy in all kinds of corner cases, If you really need it, check
// out the revision history. Otherwise, if you have a functioning C compiler,
// you *really* should be using the system's realpath(3) function to do this.
// Here's a bare-bones version. To compile, just: `cc realpath.c -o realpath`

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[]) {

geoff-nixon

#!/usr/bin/env python

# Updated for compatibility with hg 3.2+.

#
# Copyright (c) 2012 Felipe Contreras
#

# Inspired by Rocco Rutte's hg-fast-export