Skip to content

Instantly share code, notes, and snippets.

View sethmlarson's full-sized avatar
Keeping the Python ecosystem safe!

Seth Michael Larson sethmlarson

Keeping the Python ecosystem safe!
View GitHub Profile
Package Version Ecosystem
python 3.10.12 binary
adduser 3.118ubuntu5 deb
apt 2.4.11 deb
asymptote 2.78+ds-2 deb
base-files 12ubuntu4.4 deb
base-passwd 3.5.52build1 deb
bash 5.1-6ubuntu1 deb
biber 2.17-2 deb
bsdutils 1:2.37.2-4ubuntu3 deb
sethmlarson /
Created January 29, 2024 17:09
Simple script for constructing small XAR files (License: CC0-1.0)
Simple script for constructing small XAR files.
License: CC0-1.0
import datetime
import gzip
import hashlib
import io
import struct
sethmlarson /
Created November 13, 2023 18:08
Simple module for querying data from
# MIT License
# Copyright (c) 2023 Seth Michael Larson
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
sethmlarson /
Created August 2, 2023 20:23
PSF CNA onboarding materials
sethmlarson / schema.json
Last active November 18, 2022 16:43
OpenAPI 3.1 JSON schema with $schema
"$id": "",
"$schema": "",
"description": "The description of OpenAPI v3.1.x documents without schema validation, as defined by",
"type": "object",
"properties": {
"$schema": {
"type": "string"
"openapi": {

SLSA + Python Notes

Created example project:

Python doesn't have a specific builder yet. Only have source attestation using the generic builder. Used: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml

Attestation "" is taken as input from sha256sum, so check the output of that to ensure it's what you want (ie package.tar.gz vs dist/package.tar.gz) For this I had to include a cd dist/ && before the sha256sum * call. Not sure where this matters though?


import ssl
import requests
from requests.adapters import HTTPAdapter
import truststore
class TruststoreAdapter(HTTPAdapter):
def init_poolmanager(
self, *args, **kwargs
ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
sethmlarson /
Last active February 14, 2022 14:00
HTTP client on a business card
import asyncio as A,urllib.parse as U,re;B,C,I,S=b"",b"\r\n",int,lambda*A:re.match(*A,24).groups()
async def request(m,u,h,b):
s,_,a,_,q,_=z=U.urlparse(u);T,E,d,N=s!=b"http",0,B,z.hostname;r,w=await A.open_connection(N,I(z.port or 80+363*T),ssl=T,server_hostname=[None,N][T]);w.write(m+b" "+(a or b"/")+[b"?"+q,B][q==B]+b" HTTP/1.0"+C+C.join([b"%b:%b"%W for W in h]+[B,b]));await w.drain()
while c:=await
if C*2in(d:=d+c)*(E==0):E,d=d.split(C*2,1);t,o=S(b"HTTP/.+? (\d+).*?%b(.*)"%C,E);o=[S(rb"([^\s]+):\s*(.+?)\s*$",x)for x in o.split(C)]
w.close();return I(t),o,d
sethmlarson / brotlipy-0.7.0-abi3.diff
Created September 2, 2021 17:51
Diff between brotlipy 0.7.0 tag and the source for building the abi3 compatible wheels
diff --git a/ b/
index f804932..12ae724 100644
--- a/
+++ b/
@@ -1,11 +1,43 @@
#!/usr/bin/env python
+import platform
+import sys
from setuptools import find_packages, setup
+from setuptools.command.build_ext import build_ext
sethmlarson /
Last active February 11, 2022 14:20
Dynamically determine stacklevel for use with warnings.warn(..., stacklevel=X)
import inspect
import sys
from pathlib import Path
def warn_stacklevel() -> int:
"""Dynamically determine stacklevel for warnings based on the call stack"""
# Grab the root module from the current module '__name__'
module_name = __name__.partition(".")[0]