Skip to content

Instantly share code, notes, and snippets.

Avatar

Lance R. Vick lrvick

View GitHub Profile
@lrvick
lrvick / production_engineering.md
Created Nov 13, 2019
Production engineering recommendations
View production_engineering.md

Production Engineering

Overview

The goal of this document is to outline strict processes those that have access to PRODUCTION systems MUST follow.

It is intended to mitigate most classes of known threats while still allowing for high productivity via compartmentalization.

@lrvick
lrvick / security.md
Created Nov 12, 2019
security preferences for #!
View security.md

Security Policy

At #! we have some clear preferences when it comes to managing sevices to maximize flexibility, reliability, and security.

This document aims to be an explicit policy of things to do and not do as well as the rationale for these rules so as to inform decisions not yet explicitly covered by this document.

Principles

View gist:746c97a65dd4cf2fa9223215c3dcc7fe
[*] Setting output base to '/home/build/build/external/vendor/out/crosshatch/qp1a.190711.020.c3'
[*] Using debugfs for image mounts
[*] Extracting '/home/build/build/external/vendor/crosshatch/qp1a.190711.020.c3/crosshatch-qp1a.190711.020.c3-factory-59b11ce9.zip'
[*] Unzipping 'image-crosshatch-qp1a.190711.020.c3.zip'
[*] Extracting '/home/build/build/external/vendor/crosshatch/qp1a.190711.020.c3/crosshatch-qp1a.190711.020.c3-factory-59b11ce9.zip'
Traceback (most recent call last):
File "/home/build/build/base/vendor/android-prepare-vendor/scripts/extract_android_ota_payload/extract_android_ota_payload.py", line 161, in <module>
main(filename, output_dir, partition)
File "/home/build/build/base/vendor/android-prepare-vendor/scripts/extract_android_ota_payload/extract_android_ota_payload.py", line 113, in main
payload_file = file(filename)
@lrvick
lrvick / wtf.txt
Created Sep 23, 2019
Higgs files. They don't exist when you look at them
View wtf.txt
root@aosp-build-aosp-local:/usr/local/bin# ls -lah .
total 334M
drwxr-xr-x 1 root root 178 Sep 22 23:02 .drwxr-xr-x 1 root root 72 Jul 19 02:03 ..
-rwsr-xr-x 1 root root 4.2M Sep 22 04:13 fixuid
-rwxr-xr-x 1 root root 13M Sep 22 04:13 glide
-rwxr-xr-x 1 root root 37M Sep 22 04:17 helm
-rwxr-xr-x 1 root root 56M Sep 22 04:14 kubectl-rwxr-xr-x 1 root root 62M Sep 22 04:21 terraform
-rwxr-xr-x 1 root root 68M Sep 22 04:24 terraform-provider-helm
-rwxr-xr-x 1 root root 59M Sep 22 04:22 terraform-provider-kubernetes
-rwxr-xr-x 1 root root 38M Sep 22 04:17 tiller
@lrvick
lrvick / whattimeisit.sh
Created Sep 17, 2019
Lost in time and space
View whattimeisit.sh
docker@virtualbox:~$ date --help
BusyBox v1.27.2 (2017-10-30 14:58:40 UTC) multi-call binary.
...
docker@aosp-virtualbox:~$ date
Mon Sep 16 04:49:55 UTC 2222
docker@virtualbox:~$ sudo date -s "2019-09-16 04:50"
date: can't set date: Invalid argument
Mon Sep 16 04:50:00 UTC 2019
View gist:8b49f8b40955387bfb7d45da9912e3ba
$ cat Dockerfile
FROM ubuntu:cosmic
ENV HOME=/home/build
ARG UID=1000
ARG GID=50
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && \
@lrvick
lrvick / hashbang-todo.md
Last active Dec 18, 2019
Hashbang Todo
View hashbang-todo.md

#! Todo List

Things we want to get done for the community along with bounties for each.

Notes

A project is done when a helm chart is submitted to the infra repo, and is in a state where it can be deployed and upgraded/downgraded seamlessly with well defined health checks.

@lrvick
lrvick / Makefile
Last active Aug 16, 2019
make minikube wrapper for helm chart development
View Makefile
mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
current_dir := $(notdir $(patsubst %/,%,$(dir $(mkfile_path))))
userid = $(shell id -u)
groupid = $(shell id -g)
image = "local/$(current_dir):latest"
default: build
lint: helm-lint
fetch: submodule-update
latest: submodule-latest build
View Makefile
mkfile_path := $(abspath $(lastword $(MAKEFILE_LIST)))
current_dir := $(notdir $(patsubst %/,%,$(dir $(mkfile_path))))
userid = $(shell id -u)
groupid = $(shell id -g)
image = "bitgo/$(current_dir):latest"
default: build
lint: helm-lint
fetch: submodule-update
latest: submodule-latest build
You can’t perform that action at this time.