Skip to content

Instantly share code, notes, and snippets.

smoser /
Created May 20, 2024 21:09
boot a tarball or oci image ref

boot a tarball or oci imag ref

Get yourself a kernel

# kernel from vmlinuz on ubuntu
kdist=/boot/$(uname -r)
sudo cat "$kdist" > kernel

Now convert a oci or local tarball to kernel flavor cpio. this script adds a very basic 'init'

smoser /
Created May 16, 2024 13:46
hello world simple melange yaml

This is a simple melange package file. It builds really quickly.

Build it in wolfi-dev/os with:

make hello-busybox

Build it directly with melange as:

melange build ./hello-busybox.yaml \

smoser /
Last active February 14, 2024 15:36
catch-fail - trap failure and sleep so as to enter a melange build for dbug

catch-fail - trap and sleep to enter a melange build for debug

Usage: catch-fail op

   catch-fail is used to help debug a melange build.  In a 'run' section
   you can add at the top:

      eval $(/home/build/catch-fail eval-trap 1h)
smoser /
Last active January 12, 2024 20:07
stubby talk at All Systems Go conference September 2023.

All Systems Go 2023: Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative

This talk is was given 2023-09-14 in Berlin at the All Systems Go 2023 conference. It is available online from all-systems-go conference here.


Modification of the kernel command line has historically been one of the easiest ways to customize system behavior. Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.

System behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications from installers to init systems and beyond also take input from /proc/cmdline.

It is clear that some kernel command line options are desirable (console=ttyS0 verbose) and possibly even necessary. Others, such as the cromulent 'init=/bin/sh', can allow circumvention of benefits that Secureboot and TPM provide.

smoser /
Last active January 12, 2024 14:31
yubikey / gpg

Yubikey and GPG setup

A change in process at work meant that internal IT would be managing my work-provided laptop. While I do not expect management to leak any personal sensitive data that was on the machine, it does represent an increase in the potential for such a thing to happen.

I bought a Yubikey (5c). The goal was to store "personal" GPG and SSH credentials on the yubikey so that they would not be available to a compromised system, or inadvertantly get backed up.

The setup seems to work pretty well. Here is what I did.

smoser /
Last active October 6, 2023 13:47
backup or truncate deleted files

Find open files that have been deleted.

I ran into a problem where deleted files were taking up a considerable amount of space, and ultimately leading to filesystem full problems.

stack-overflow provided me with a way to get a list of open filehandles on deleted files here.

The key response there covers lsof -a +L1 which filters output to files that have less than 1 name (link count) in the filesystem.


The tool 'fixup' provided here allows you to easily 'show', 'truncate', or 'backup' the files.

smoser /
Last active September 8, 2023 20:33
attempt to recreate squashfs / overlay / inode / curl issue

attempt to recreate curl issue

this was an attempt to recreate an issue where curl inside a container was acting as if it had missing libraries. The error seen would be:

$ lxc-attach -nran curl
   /usr/bin/curl: /lib/x86_64-linux-gnu/ \
      version `HEIMDAL_ASN1_1.0' not found (required by /lib/x86_64-linux-gnu/
   /usr/bin/curl: /lib/x86_64-linux-gnu/ \
 version `HEIMDAL_ASN1_1.0' not found (required by /lib/x86_64-linux-gnu/
smoser /
Last active June 19, 2023 17:08
building and testing lvm2 package with autopkgtest

building and testing lvm2 package

I'm working with lvm2 package in order to get some autopkgtest tests run on ubuntu before merging.

I've submitted a pull request to debian at lvm2/#6.

My post to the linux-lvm2 mailing list asking about stability of the tests can be seen here.

building lvm2

lvm2 in debian uses gbp to build. Changes are made directly to the source and a debian delta patch is generated (debian/source/format shows 3.0 (gitarchive)).

smoser /
Last active February 21, 2023 18:08
[fosdem 2023 talk] oci images in squashfs format with dm-verity

Fosdem 2023 Talk on use of squashfs in oci images

smoser /
Last active January 18, 2023 14:53
raspberry pi in qemu / Romi emulation

Raspberry pi / Romi in qemu

When working with photonvision and without a romi in front of me, I decided to give qemu a try.

It works, but it is very slow.

See the 'boot' script provided for booting.

Getting Romi 2023 image going.

Romi notes

  • system reboots twice before staying up