Skip to content

Instantly share code, notes, and snippets.

View smoser's full-sized avatar

Scott Moser smoser

View GitHub Profile
@smoser
smoser / README.md
Last active October 9, 2024 06:45
python editing melange yaml

editing melange yaml with python

Sometimes its helpful to edit lots of melange files quickly.

This is something that I used to do that.

notes

  • uses ruamel.yaml this is pretty good. I have seen one case where messed up roundtrip (py3-botocore.yaml)
  • running 'yam' afterwards fixed up more of the small differences with indentation.

chainctl token helper

This little helper just wraps calls to chainctl auth and reads token ttls.

On my workstation, I call it from ~/.profile like this:

is_interactive() {
    [ -t 0 ] && [ -t 1 ]
}
@smoser
smoser / README.md
Last active October 1, 2024 16:01
wolfi get file list and apk info

Random wolfi and tools.

  • get-archive-info - get a tar tvf output and the .APKINFO for every file in the archive.

  • build-stage - throw a bunch of files and see which build. they do not depend on each other (each only builds with the wolfi repo)

    I used this to help create batches of things when changing lots of files.

  • test-installable - its like the c-i test that checks that all packages

@smoser
smoser / README.md
Created June 28, 2024 21:40
find shell deps in a file or filesystem tree

find shell deps

The idea here is just to "parse" files to

  1. see if they are shell
  2. find the external commands/utilities that they use

A more advanced version of this would help identify dependencies.

there are bugs in the fs traversal and I'm not finding everything :-(.

example

@smoser
smoser / README.md
Last active September 13, 2024 14:10
get-sbom and sbom-to-manifest get-pkglist

get-sbom and sbom-to-manifest

Just a friendly wrapper for getting the sbom for an image.

$ ./get-sbom cgr.dev/chainguard/busybox:latest | ./sbom-to-manifest
alpine-baselayout-data	3.6.5-r0
alpine-keys	2.4-r1
alpine-release	3.20.0-r0
busybox	1.36.1-r29
ca-certificates-bundle	20240226-r0
@smoser
smoser / README.md
Created May 20, 2024 21:09
boot a tarball or oci image ref

boot a tarball or oci imag ref

Get yourself a kernel

# kernel from vmlinuz on ubuntu
kdist=/boot/$(uname -r)
# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725
sudo cat "$kdist" > kernel

Now convert a oci or local tarball to kernel flavor cpio. this script adds a very basic 'init'

@smoser
smoser / README.md
Created May 16, 2024 13:46
hello world simple melange yaml

This is a simple melange package file. It builds really quickly.

Build it in wolfi-dev/os with:

make hello-busybox

Build it directly with melange as:

melange build ./hello-busybox.yaml \

@smoser
smoser / README.md
Last active February 14, 2024 15:36
catch-fail - trap failure and sleep so as to enter a melange build for dbug

catch-fail - trap and sleep to enter a melange build for debug

Usage: catch-fail op

   catch-fail is used to help debug a melange build.  In a 'run' section
   you can add at the top:

      eval $(/home/build/catch-fail eval-trap 1h)
@smoser
smoser / README.md
Last active January 12, 2024 20:07
stubby talk at All Systems Go conference September 2023.

All Systems Go 2023: Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative

This talk is was given 2023-09-14 in Berlin at the All Systems Go 2023 conference. It is available online from all-systems-go conference here.

Abstract

Modification of the kernel command line has historically been one of the easiest ways to customize system behavior. Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.

System behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications from installers to init systems and beyond also take input from /proc/cmdline.

It is clear that some kernel command line options are desirable (console=ttyS0 verbose) and possibly even necessary. Others, such as the cromulent 'init=/bin/sh', can allow circumvention of benefits that Secureboot and TPM provide.

@smoser
smoser / README.md
Last active January 12, 2024 14:31
yubikey / gpg

Yubikey and GPG setup

A change in process at work meant that internal IT would be managing my work-provided laptop. While I do not expect management to leak any personal sensitive data that was on the machine, it does represent an increase in the potential for such a thing to happen.

I bought a Yubikey (5c). The goal was to store "personal" GPG and SSH credentials on the yubikey so that they would not be available to a compromised system, or inadvertantly get backed up.

The setup seems to work pretty well. Here is what I did.