smoser

Random wolfi and tools.

• get-archive-info - get a tar tvf output and the .APKINFO for every file in the archive.

• build-stage - throw a bunch of files and see which build. they do not depend on each other (each only builds with the wolfi repo)

  I used this to help create batches of things when changing lots of files.

• test-installable - its like the c-i test that checks that all packages

smoser

chainctl token helper

This little helper just wraps calls to chainctl auth and reads token ttls.

On my workstation, I call it from ~/.profile like this:

is_interactive() {
    [ -t 0 ] && [ -t 1 ]
}

smoser

Set up a ssh tunnel only user

In order to give someone access to hosts that are available only by ssh "bouncing" (ProxyJump), add a user for this specific purpose.

We have an internal openstack where instances get IPs on per-tenant networks. Each tenant has a 'bastion' host that has a "public" ip (floating ip). You can access other instances by bouncing through the bastion. From time to time I want to let someone else into an instance. This could be done either with:

a.) just give them shell access to the bastion and let them hop through. Sharing an unrestricted shell account on my bastion is less than ideal. b.) assign a floating/"public" IP to the instance so they could go directly in. Floating IPs are limited, so this is less than ideal.

So instead, I have set up a single user as described here that can only be used for ProxyJump. It allows others proxied access to my instances but without granting them full shell access.

smoser

vsock-shell

A lightweight tool for executing commands over VM sockets (AF_VSOCK), providing SSH-like functionality for virtual machine communication. It supports both interactive shell sessions and non-interactive command execution, similar to SSH.

It may be useful for host->guest use cases where ssh is not needed.

Note, there is exactly zero security here.

• No authentication - any connection will get a prompt.
• No encryption - data is plaintext

smoser

get-sbom and sbom-to-manifest

Just a friendly wrapper for getting the sbom for an image.

$ ./get-sbom cgr.dev/chainguard/busybox:latest | ./sbom-to-manifest
alpine-baselayout-data	3.6.5-r0
alpine-keys	2.4-r1
alpine-release	3.20.0-r0
busybox	1.36.1-r29
ca-certificates-bundle	20240226-r0

smoser

Mappings for DMI/SMBIOS to Linux and dmidecode

Information can be put into dmi tables via some qemu-system hosts (x86_64 and aarch64). That information is exposed in Linux under /sys/class/dmi/id and can be read with dmidecode. The names are very annoyingly inconsistent. The point of this doc is to map them.

See qemu-system-x86_64 --help for the fields that qemu will accept. qemu smbios flags vary with qemu version.

Mappings

Example qemu cmdline:

qemu-system-x86_64 -smbios type=,field=value[,...]

smoser

nerd-font installer

Install nerd-fonts from https://www.nerdfonts.com/font-downloads. Credit to this gist and comments there for inspiration

Edit 'myfonts' function to install more fonts.

Usage

$ ../nerd-font  -h
nerd-font subcmd [options]

smoser

MAAS and curtin and installing with Ubuntu proposed

The installer used in MAAS is curtin

The Stable Release Updates is the process which controls new packages being accepted into Ubuntu stable releases. In order to test these packages before they are made available to all users, enable the proposed 'pocket' in ubuntu.

To affect configuration of curtin in MAAS the user currently has to

smoser

git bisect with melange package build

I spent some time debugging a change in melange behavior and put together a reproduce script. I wanted to save that knowledge off.

After putting together repro.sh, I was able to let git bisect tell me where the change came in.

In this gist there is some general knowledge on how to call melange with everything in place (as of today) and how to call git bisect.

smoser

apksql - populate sql database with apk data