Skip to content

Instantly share code, notes, and snippets.

View benjaminblack's full-sized avatar

Benjamin Black benjaminblack

2 followers · 1 following
View GitHub Profile
@benjaminblack
benjaminblack / booting-debian-linux-directly-from-the-uefi-boot-manager.md
Last active February 26, 2025 04:10
Booting (Debian) Linux directly from the UEFI boot manager

With a modern UEFI motherboard, it is possible to boot Linux directly from the UEFI boot manager, without relying on a boot loader like GRUB.

First, the kernel has to be compiled with the "EFI boot stub" option enabled, which modifies the kernel so that it can be directly executed by the UEFI boot manager.

Debian enables this flag: grep CONFIG_EFI_STUB /boot/config-*

Second, the EFI System Partition (ESP) must be large enough to hold the kernel and the initrd image. The UEFI boot manager executable files must be on the ESP; therefore, the kernel and initrd must be on the ESP, since the kernel is the EFI executable, and the kernel requires the initrd to be somewhere it can find it.

The ESP in Debian is usually 100-250 MB, which is fine.

@benjaminblack
benjaminblack / initramfs-hook-script-to-copy-kernel-and-initrd-to-esp.md
Last active January 28, 2025 12:25
Initramfs hook script to copy kernel and initrd.img to EFI System Partition

If the Linux kernel is compiled with the EFI stub loader (grep CONFIG_EFI_STUB /boot/config-*), then an EFI BIOS can boot the kernel directly, without the need for a bootloader like GRUB. This only requires that the kernel and the initrd exist on the EFI partition. The EFI boot menu and boot order can be managed with the command-line utility efibootmgr.

Copying the kernel image and initrd onto the EFI partition the first time is simple; the problem is keeping them up-to-date as the system is updated. In particular, lots of software packages can trigger the initrd to be rebuilt. The most recent kernel image and initrd need to be copied to the EFI partition every time they are updated.

The Debian Linux Kernel Handbook documents initramfs hooks, stating that "Packages for boot loaders that need to be updated whenever the files they load are modified must also install hook scripts in /etc/initramfs/post-update.d

@benjaminblack
benjaminblack / install-a-custom-tls-certificate-on-an-asus-router-running-asuswrt-merlin.md
Last active August 14, 2017 16:22
Install a custom TLS certificate on an Asus router running AsusWRT-Merlin

Edit: Deprecated as of 380.67 - see documentation

If https_crt_save variable is turned off, turn it on:

# nvram get https_crt_save
0

# nvram set https_crt_save=1
# nvram get https_crt_save
@benjaminblack
benjaminblack / nginx-location-block-proxy-s3-static-websites.md
Last active June 8, 2017 21:18
Nginx location block regular expression to proxy S3 static websites

Nginx server configuration location block which will match //host/s3/{bucket}/{path/to/resource} and transform it into a reverse proxy for an S3 bucket configured with static website hosting and named with a conventional prefix (adjust region accordingly), like //{s3prefix}-{bucket}.s3-website-us-east-1.amazonaws.com/{path/to/resource}.

E.g. assuming I prefix all of my S3 buckets with bb, like s3://bb-mybucket, and create my buckets in the us-east-1 region, then:

http://example.com/s3/mybucket/img/header.jpg

will be transformed into a proxied request to

http://bb-mybucket.s3-website-us-east-1.amazonaws.com/img/header.jpg

@benjaminblack
benjaminblack / rules-for-xml-prolog-dtd-and-xmlns-and-version-attributes-in-svg.md
Last active November 16, 2017 23:03
Rules for XML prolog, DTD, and xmlns and version attributes in SVG

From two articles on stackoverflow and an MDN article:

In external SVG files (which should be served as image/svg+xml):

Include the prolog:

<?xml version="1.0" encoding="utf-8"?>

Include a DTD:

@benjaminblack
benjaminblack / homebrew-nginx-sets-log-configuration-and-pid-file-locations-at-compile-time.md
Last active September 6, 2017 20:52
Homebrew Nginx sets log, configuration, and pid file locations at compile time

After much head-scratching trying to figure out from where by default Nginx decides to read its main configuration file, and where it decides to write its log files, it turns out that they are all set at compile time (configuration options broken onto separate lines for clarity):

$ nginx -V
nginx version: nginx/1.12.1
built by clang 8.1.0 (clang-802.0.42)
built with OpenSSL 1.1.0f  25 May 2017
TLS SNI support enabled
configure arguments: 
--prefix=/usr/local/Cellar/nginx/1.12.1
@benjaminblack
benjaminblack / interpolating-values-with-greensock.js
Last active October 7, 2017 18:48
Interpolating values with GreenSock
TweenLite.to({val: 1}, 1.0, {
val: 100,
onUpdateParams: ['{self}'],
onUpdate: ({target: {val}}) => console.log(val),
});
@benjaminblack
benjaminblack / keybase.md
Created November 13, 2017 22:28
Keybase proof

Keybase proof

I hereby claim:

  • I am benjaminblack on github.
  • I am benjaminblack (https://keybase.io/benjaminblack) on keybase.
  • I have a public key whose fingerprint is C3E6 79C4 C079 03C0 6C1C 8746 C27D 77E6 FAF4 E2DB

To claim this, I am signing this object:

@benjaminblack
benjaminblack / using-https-in-local-development.md
Last active September 4, 2018 21:40
Using HTTPS in local development

Using HTTPS in local development

Beginning June 2018, Chrome 68 will begin marking HTTP as "Not Secure". Other browsers may swiftly follow Chrome's lead.

The push for Secure Contexts Everywhere and enforcement of HTTPS for all new features is also motivation to secure local development environments, to reduce the delta between development and production environments.

In short, the Web is rapidly moving all traffic to HTTPS, and local development environments should be no different.

The Problem

Easing the use of HTTPS in local environments, where each project gets a domain like ${project_name}.localhost, means automating the process of creating a self-signed certificate for each project, configuring the web server to use it, and locally trusting the certificates. (A new certificate for each project is required in this configuration, because a cer

@benjaminblack
benjaminblack / show-hidden-files-in-macos-file-dialogs.md
Last active January 23, 2018 22:05
Show hidden files in macOS file dialogs

⌘-⇧-. (Command-Shift-Period)