Skip to content

Instantly share code, notes, and snippets.

View pjbgf's full-sized avatar
🦎

Paulo Gomes pjbgf

🦎
View GitHub Profile

Problems & Solutions for Interaction Between C and Go

At Vimeo, on the transcoding team, we work a lot with Go, and a lot with C, for various tasks such as media ingest. This means we use CGO quite extensively, and consequently, have run into bits that are perhaps not very well documented, if at all. Below is my effort to document some of the problems we've run into, and how we fixed or worked around them.

Many of these are obviously wrong in retrospect, but hindsight is 20/20, and these problems do exist in many codebases currently.

Some are definitely ugly, and I much welcome better solutions! Tweet me at @daemon404 if you have any, or have your own CGO story/tips, please! I'd love to learn of them.

Table of Contents

@cyphar
cyphar / how-to-pgp-release.md
Last active September 2, 2023 02:44
Document describing how to create PGP-signed releases of projects.

Creating Releases with PGP Signatures

Aleksa Sarai

Creating a release of a free software project with PGP signatures is quite simple, especially if you have everything set up already. This guide uses GnuPG, but it should be roughly applicable to OpenPGP or other implementations. For completeness, I've included a (very) short introduction to how to create a PGP key and how PGP works.

Introduction

@wbowling
wbowling / Dockerfile
Last active April 16, 2019 18:04
POC for CVE-2019-5736
FROM ubuntu
RUN apt-get update -y && apt-get install -y gcc
RUN ( \
echo '#define _GNU_SOURCE'; \
echo '#include <fcntl.h>'; \
echo '#include <stdio.h>'; \
echo '#include <unistd.h>'; \
\
echo 'char *getenv(const char *__name) {'; \
@garethr
garethr / kubernetes.rego
Last active September 30, 2024 22:38
Collecting together Kubernetes rego examples, including porting the https://kubesec.io rules to rego
package kubernetes
name = input.metadata.name
kind = input.kind
is_service {
kind = "Service"
}
@warpfork
warpfork / performance-measuring.md
Last active August 29, 2024 09:05
golang performance & benchmarking notes
@umbernhard
umbernhard / arch-secure-install.md
Last active June 20, 2024 11:27
Building a Secure Arch Linux Device

Building a Secure Arch Linux Device

Locking down a linux machine is getting easier by the day. Recent advancements in systemd-boot have enabled a host of features to help users ensure that their machines have not been tampered with. This guide provides a walkthrough of how to turn on many of these features during installation, as well as reasoning for why certain features help improve security.

The steps laid out below draw on a wide variety of existing resources, and in places I'll point to them rather than attempt to regurgitate full explanations of the various security components. The most significant one, which I highly encourage everyone to read, is Rod Smith's site about secure boot, which is the most comprehensive and cogent explanation of UEFI, boot managers and boot loaders, and secure boot. Another incredibly useful resources is Safeboot, which encapsulates many of the setup steps below in a Debian application.

kstatus conditions

The [kstatus document][kstatus_doc] describes a few concepts related to the status conditions and a few standard conditions that controllers can implement. This document tries to provide more details about the status conditions with various examples to describe the mechanics of how the conditions work, what they mean and what we can expected from them.

Starting with an example of status conditions:

kstatus - conditions and generations check

This document describes how the checker tool (CLI and library) can perform Kubernetes object status conditions and generations check as per [kstatus][kstatus_doc].

Before running the tests, the checker is provided with some context about the controller:

  • The status conditions it supports with their polarity and priority of the conditions.
@darkowlzz
darkowlzz / controller-patterns.md
Last active March 24, 2023 20:19
controller-patterns (flux)

Controller Patterns

This document describes some controller patterns built on top of the controller-runtime/kubebuilder tooling to help simplify how the controller code is written and organized. It does that by creating some abstractions and patterns to reduce the cognitive load while reading and writing controller code. Some of these are inspired by the ideas from the cluster API (CAPI) controllers, modified to fit the needs of flux controllers because of the differences in the domain of operations. Familiarity with controller code structure created by the kubebuilder scaffold is assumed.