avoidik

#!/usr/bin/env bash

CREDS_PROFILE="test"
THIS_ROLE="arn:aws:iam::123456789012:role/role-to-assume"
THIS_PROFILE="test-assumed"

rm -rf ~/.aws/cli/cache

# Variant A
source <(aws --profile "${CREDS_PROFILE}" sts assume-role \

avoidik

r#!/usr/bin/env bash
# -*- coding: utf-8 -*-

###############################################################################################
##
##  This script should be run manually and will authenticate a user to Vault via the OIDC
##  workflow.
##
###############################################################################################

avoidik

name: Release
on:
  release:
    types:
      - published

jobs:
  release:
    name: Release
    runs-on: ubuntu-latest

avoidik

Our goal is to save sensitive data in a MySQL database in a responsible way, and be able to read/write it programmatically in a PHP web application. Asymmetric encryption would be best, but is not practical here. Symmetric encryption with a strong algorithm and hard-to-guess cipher is acceptable, but not if we store the cipher in plain text on the same server where the database credentials also live in plain text!

This work-in-progress is subject to change if/when I come up with a better scheme, but for now, the plan is to:

• store the cipher as a vault secret;
• configure TLS authentication so that our PHP application can log in, and then
• create a token that allows its bearer to read the secret (our cipher);
• use a PHP component and our cipher to encrypt/decrypt our sensitive data.

avoidik

FROM golang:stretch

ENV USER root

RUN DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
    apt-get install -y gcc-multilib gcc-mingw-w64 git-core

ARG TARGET_OS="windows"
ARG TARGET_ARCH="amd64"

avoidik

#!/bin/bash

PROMPT_DIRTRIM=2

         RED="\[\033[0;31m\]"
      YELLOW="\[\033[1;33m\]"
       GREEN="\[\033[0;32m\]"
        BLUE="\[\033[0;34m\]"
  LIGHT_BLUE="\[\033[1;34m\]"
   LIGHT_RED="\[\033[1;31m\]"

avoidik

#!/usr/bin/env bash

# using cifs
sudo apt install cifs-utils
sudo mount -t cifs -o user=aaa,password=bbb,uid=ubuntu,gid=ubuntu //share/folder /home/ubuntu/folder
umount /home/ubuntu/folder
docker volume create --driver local --opt type=cifs --opt device='//share/folder' --opt o='username=aaa,password=bbb,iocharset=utf8,sec=ntlmssp,file_mode=0777,dir_mode=0777' folder
docker run --name cifs -it -v folder:/data ubuntu bash

# using temp container

avoidik

CFG_BOX      = 'bento/ubuntu-18.04'
CFG_IP       = '192.168.33.199'
CFG_HOSTNAME = 'chef-automate.test'
CFG_DC_TOKEN = 'KGN0YhXlXhQwhFxTnXLTPhfObKs='

$deployscript = <<-SCRIPT
export DEBIAN_FRONTEND='noninteractive'
apt-get -qq update
apt-get install -y --no-install-recommends apt-transport-https ca-certificates curl gnupg-agent software-properties-common unzip
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -

avoidik

--- a/misc/create_inode.c	2016-09-02 04:17:32.000000000 +0000
+++ b/misc/create_inode.c	2020-01-04 20:56:26.150590109 +0000
@@ -392,7 +392,7 @@
 }
 #endif /* !defined HAVE_PREAD64 && !defined HAVE_PREAD */
 
-static errcode_t copy_file_range(ext2_filsys fs, int fd, ext2_file_t e2_file,
+static errcode_t copy_file_chunk(ext2_filsys fs, int fd, ext2_file_t e2_file,
 				 off_t start, off_t end, char *buf,
 				 char *zerobuf)

avoidik

#!/usr/bin/env bash

docker-machine create --driver virtualbox --virtualbox-boot2docker-url file://${HOME}/.docker/machine/cache/boot2docker.iso test