Skip to content

Instantly share code, notes, and snippets.

Phil Pennock philpennock

Block or report user

Report or block philpennock

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@philpennock
philpennock / tflint
Created Jan 16, 2020
Bash wrapper to invoke tflint docker container
View tflint
#!/bin/bash -eu
DOCKER_IMAGE_NAME='tflint'
KeepEnvVars=( AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION )
DockerArgs=()
CmdArgs=()
PwdMountFlags='ro'
@philpennock
philpennock / aws-vault-unlock
Created Jan 13, 2020
CLI tool to unlock the XDG Secret collection used by 99designs/aws-vault
View aws-vault-unlock
#!/usr/bin/env python3
#
# Copyright © 2020 Pennock Tech, LLC
# SPDX-License-Identifier: MIT
"""
aws-vault-unlock: unlock (or lock) the awsvault libsecret collection
The XDG folks specify the Secret service available over D-Bus.
When everything works right, 99designs/aws-vault trying to access a locked
@philpennock
philpennock / perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Created Jul 24, 2018
perlgssapi GSSAPI module patch to fix compilation on macOS
View perlgssapi-code_GSSAPI_fix-macOS-heimdal.patch
Index: GSSAPI.xs
===================================================================
--- GSSAPI.xs (revision 73)
+++ GSSAPI.xs (working copy)
@@ -6,6 +6,8 @@
#define __GSS_KRB5_NT_PRINCIPAL_NAME &mygss_nt_krb5_principal
#define __gss_mech_krb5_v2 &mygss_mech_krb5_v2
+#define GSSKRB_APPLE_DEPRECATED(x) /**/
+
View loop.py
#!/usr/bin/env python3
import sys
import time
def foo():
print('ni')
time.sleep(0.1)
pass
@philpennock
philpennock / SKS Privacy
Created Jul 13, 2018
sks.spodhuis.org Privacy text, pre-termination
View SKS Privacy
Privacy
There are three categories of data relevant to privacy here: the public keys stored; the HTTP/HKP requests made to access/upload/retrieve those keys; what I as a keyserver operator might do with those requests (logs).
For the public keys: the SKS keyserver pool, run globally by disparate individuals with no formal affiliation, is currently an append-only store, designed to protect against attempts to remove data. Once a key has been uploaded, that data is part of the public record, designed to allow anyone to attempt to verify the name binding within the key, using the public attestations by others about the identity of the key (key signatures). Keys not intended for public disclosure should not be uploaded, nor shared to people who might upload the keys of others. Note that there's no protection against fraudulent keys, with bindings of any name to any email address, and there is no basis to believe any such pairing without first proceeding through evaluation of the public attestations.
The reques
@philpennock
philpennock / aws-vault__login.py
Last active Feb 28, 2018
aws-vault only runs subcommands, there's no API for other languages to use, short of running them _under_ aws-vault. Here's a workaround for Python (3.6+)
View aws-vault__login.py
def login():
if not shutil.which('aws-vault'):
return boto3.Session()
if 'AWS_SESSION_TOKEN' in os.environ:
return boto3.Session()
if 'AWS_ACCESS_KEY_ID' in os.environ and 'AWS_SECRET_ACCESS_KEY' in os.environ:
return boto3.Session()
profile=os.environ.get('AWS_PROFILE', 'default')
rc = subprocess.run(['aws-vault', 'exec', profile, '--', 'python', '-c',
'import json,os; print(json.dumps({k:os.environ[k] for k in os.environ if k.startswith("AWS_")}))'],
@philpennock
philpennock / aws
Created Feb 27, 2018
shim script for aws to use aws-vault as needed
View aws
#!/bin/sh -eu
aws=/usr/local/bin/aws
die() { printf >&2 '%s: %s\n' "$0" "$*"; exit 1; }
if ! [ -x "$aws" ]; then
case $0 in
/*) ;;
*) die "missing '${aws}' and not invoked with absolute path to skip self" ;;
@philpennock
philpennock / go-bindata.txt.asc
Created Feb 8, 2018
Public attestation of state witnessing regarding a Go repository ownership change
View go-bindata.txt.asc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I am Phil Pennock, I program in Go. I am writing this text on 2018-02-08.
It should be found PGP-signed from a key in the strong-set, so that this
public attestation can be verified by others.
To the best of my knowledge, I am in no way affiliated with whomever has
registered the new "jteeuwen" GitHub account.
@philpennock
philpennock / admin.py
Created Jan 28, 2018
Passwords/admin to manage the passwords repo. You'll need to update `DEFAULT_IDENTITY` at the very least.
View admin.py
#!/usr/bin/env python3
"""
admin: Passwords repo admin tool
Passwords repo has a bunch of actions which are common; copy/paste is
annoying. So manage the common actions.
"""
__author__ = 'phil.pennock@spodhuis.org (Phil Pennock)'
@philpennock
philpennock / freebsd-whois.patch
Created Aug 17, 2017
Fix FreeBSD's whois to handle Verisign whois referral change
View freebsd-whois.patch
--- usr.bin/whois/whois.c.orig 2017-08-17 14:00:08.917506928 -0400
+++ usr.bin/whois/whois.c 2017-08-17 14:00:28.975792449 -0400
@@ -76,7 +76,7 @@
#define GERMNICHOST "de.whois-servers.net"
#define FNICHOST "whois.afrinic.net"
#define DEFAULT_PORT "whois"
-#define WHOIS_SERVER_ID "Whois Server: "
+#define WHOIS_SERVER_ID "Registrar WHOIS Server: "
#define WHOIS_ORG_SERVER_ID "Registrant Street1:Whois Server:"
You can’t perform that action at this time.