Skip to content

Instantly share code, notes, and snippets.

View salrashid123's full-sized avatar

salrashid123

223 followers · 1 following
View GitHub Profile
@salrashid123
salrashid123 / tinkrsa.go
Created April 17, 2024 00:17
tink-golang sign/verify and extract rsa.PublicKey
package main
import (
"bytes"
"crypto"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/json"
"encoding/pem"
@salrashid123
salrashid123 / os-inventory.md
Created April 2, 2024 13:41
Parsing GCP OSInventory packages from metadata server

parsing the os-inventory metadata server struct

if you have os-inventory enabled, you can get the values on the VM itself by running

curl -s -H 'Metadata-Flavor: Google'  http://metadata.google.internal/computeMetadata/v1/instance/guest-attributes/guestInventory/InstalledPackages

parse the values using
(you can ofcourse otherwise get the packages via api

@salrashid123
salrashid123 / sa_import.md
Last active April 1, 2024 15:02
Importing ServiceAccount Credentials to TPMs

sample procdure to encrypt a service account rsa key GCP such that it is loadable on specific TPMs

this procedure will save the key reference to non-volatile memory which will persist through powercycles.

however, there are limited nv slots avaiable (7 per tpm i think).

long term is to allow is to allow full persitence via go-tpm-tools Allow persistence client.Key() and move away from nvram slots

also see

@salrashid123
salrashid123 / container.go
Created August 4, 2023 16:04
containerd nginx in golang
package main
import (
"context"
"fmt"
"log"
"syscall"
"time"
// "github.com/containerd/cgroups/v3"
@salrashid123
salrashid123 / bazel_protobuf_1.33.0.md
Created March 18, 2024 18:45
Bazel rules_go error after upgrading google.golang.org/protobuf from 1.32.0 to 1.33.0

Bazel build issue after upgrading

to repro, copy all the files below to a folder, then:

go get cloud.google.com/go/iam/credentials/apiv1@latest

bazel run :gazelle -- update-repos -from_file=go.mod -prune=true -to_macro=repositories.bzl%go_repositories
@salrashid123
salrashid123 / cosign_annotations.md
Last active March 7, 2024 12:58
Cosign sign and verify with annotations
@salrashid123
salrashid123 / bazel_py.md
Last active March 7, 2024 12:40
bazel_python 
$ bazel run :main

$ bazel run :server_image

$ docker run -ti localhost:4000/harness:server_image
Traceback (most recent call last):
  File "/app//py_image.binary.runfiles/qs/main.py", line 8, in <module>
    import tink
@salrashid123
salrashid123 / threshold.go
Last active February 22, 2024 23:38
Threshold Signatures in Golang
package main
import (
"encoding/base64"
"fmt"
"go.dedis.ch/kyber/v3/pairing/bn256"
"go.dedis.ch/kyber/v3/share"
"go.dedis.ch/kyber/v3/sign/bls"
"go.dedis.ch/kyber/v3/sign/tbls"
@salrashid123
salrashid123 / migrate.md
Last active January 31, 2024 13:03
Migrate non-org gcp project into org wihout console

this will migrate a project (your-project-to-migrate) that sits outside of an cloud org (yourdomain.com)

  1. its owned by alice@domain

  2. admin@domain is a cloud org domain owner who can migrate a project over

  3. enable domain wide delegation on a service account with scopes

    "https://www.googleapis.com/auth/cloud-platform"

    see ref

@salrashid123
salrashid123 / amd-snp.md
Last active January 29, 2024 16:10
GCP AMD SNP client

scratchpad on starting up a GCP AMD-SEV instance

using go-sev-guest and virtee

# create instance

gcloud beta compute instances create snp-instance \
  --machine-type=n2d-standard-4 \
  --min-cpu-platform="AMD Milan" \