Skip to content

Instantly share code, notes, and snippets.

View smoser's full-sized avatar

Scott Moser smoser

103 followers · 1 following
  • Chainguard
  • US
View GitHub Profile
@smoser
smoser / README.md
Last active October 28, 2025 20:07
wolfi get file list and apk info

Random wolfi and tools.

  • get-archive-info - get a tar tvf output and the .APKINFO for every file in the archive.

  • build-stage - throw a bunch of files and see which build. they do not depend on each other (each only builds with the wolfi repo)

    I used this to help create batches of things when changing lots of files.

  • test-installable - its like the c-i test that checks that all packages

@smoser
smoser / README.md
Created June 28, 2024 21:40
find shell deps in a file or filesystem tree

find shell deps

The idea here is just to "parse" files to

  1. see if they are shell
  2. find the external commands/utilities that they use

A more advanced version of this would help identify dependencies.

there are bugs in the fs traversal and I'm not finding everything :-(.

example

@smoser
smoser / README.md
Last active October 7, 2025 16:08
get-sbom and sbom-to-manifest get-pkglist

get-sbom and sbom-to-manifest

Just a friendly wrapper for getting the sbom for an image.

$ ./get-sbom cgr.dev/chainguard/busybox:latest | ./sbom-to-manifest
alpine-baselayout-data	3.6.5-r0
alpine-keys	2.4-r1
alpine-release	3.20.0-r0
busybox	1.36.1-r29
ca-certificates-bundle	20240226-r0
@smoser
smoser / README.md
Created May 20, 2024 21:09
boot a tarball or oci image ref

boot a tarball or oci imag ref

Get yourself a kernel

# kernel from vmlinuz on ubuntu
kdist=/boot/$(uname -r)
# https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725
sudo cat "$kdist" > kernel

Now convert a oci or local tarball to kernel flavor cpio. this script adds a very basic 'init'

@smoser
smoser / README.md
Created May 16, 2024 13:46
hello world simple melange yaml

This is a simple melange package file. It builds really quickly.

Build it in wolfi-dev/os with:

make hello-busybox

Build it directly with melange as:

melange build ./hello-busybox.yaml \

@smoser
smoser / README.md
Last active February 14, 2024 15:36
catch-fail - trap failure and sleep so as to enter a melange build for dbug

catch-fail - trap and sleep to enter a melange build for debug

Usage: catch-fail op

   catch-fail is used to help debug a melange build.  In a 'run' section
   you can add at the top:

      eval $(/home/build/catch-fail eval-trap 1h)
@smoser
smoser / README.md
Last active January 12, 2024 20:07
stubby talk at All Systems Go conference September 2023.

All Systems Go 2023: Kernel command line and UKI; systemd-stub and the ‘stubby’ alternative

This talk is was given 2023-09-14 in Berlin at the All Systems Go 2023 conference. It is available online from all-systems-go conference here.

Abstract

Modification of the kernel command line has historically been one of the easiest ways to customize system behavior. Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.

System behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications from installers to init systems and beyond also take input from /proc/cmdline.

It is clear that some kernel command line options are desirable (console=ttyS0 verbose) and possibly even necessary. Others, such as the cromulent 'init=/bin/sh', can allow circumvention of benefits that Secureboot and TPM provide.

@smoser
smoser / README.md
Last active January 12, 2024 14:31
yubikey / gpg

Yubikey and GPG setup

A change in process at work meant that internal IT would be managing my work-provided laptop. While I do not expect management to leak any personal sensitive data that was on the machine, it does represent an increase in the potential for such a thing to happen.

I bought a Yubikey (5c). The goal was to store "personal" GPG and SSH credentials on the yubikey so that they would not be available to a compromised system, or inadvertantly get backed up.

The setup seems to work pretty well. Here is what I did.

@smoser
smoser / README.md
Last active October 6, 2023 13:47
backup or truncate deleted files

Find open files that have been deleted.

I ran into a problem where deleted files were taking up a considerable amount of space, and ultimately leading to filesystem full problems.

stack-overflow provided me with a way to get a list of open filehandles on deleted files here.

The key response there covers lsof -a +L1 which filters output to files that have less than 1 name (link count) in the filesystem.

fixup

The tool 'fixup' provided here allows you to easily 'show', 'truncate', or 'backup' the files.

@smoser
smoser / README.md
Last active September 8, 2023 20:33
attempt to recreate squashfs / overlay / inode / curl issue

attempt to recreate curl issue

this was an attempt to recreate an issue where curl inside a container was acting as if it had missing libraries. The error seen would be:

$ lxc-attach -nran curl
   /usr/bin/curl: /lib/x86_64-linux-gnu/libcrypto.so.1.1: \
      version `HEIMDAL_ASN1_1.0' not found (required by /lib/x86_64-linux-gnu/libgssapi.so.3)
   /usr/bin/curl: /lib/x86_64-linux-gnu/libcrypto.so.1.1: \
 version `HEIMDAL_ASN1_1.0' not found (required by /lib/x86_64-linux-gnu/libkrb5.so.26)