This is a simple melange package file. It builds really quickly.
Build it in wolfi-dev/os with:
make hello-busybox
Build it directly with melange as:
melange build ./hello-busybox.yaml \
Scott Moser smoser
This talk is was given 2023-09-14 in Berlin at the All Systems Go 2023 conference. It is available online from all-systems-go conference here.
Modification of the kernel command line has historically been one of the easiest ways to customize system behavior. Bootloaders allow for persistent changes via config-files and on-the-fly changes interactively during system boot.
System behavior changes made via the kernel command line are not limited to the kernel itself. Userspace applications from installers to init systems and beyond also take input from /proc/cmdline.
It is clear that some kernel command line options are desirable (console=ttyS0 verbose) and possibly even necessary. Others, such as the cromulent 'init=/bin/sh', can allow circumvention of benefits that Secureboot and TPM provide.
A change in process at work meant that internal IT would be managing my work-provided laptop. While I do not expect management to leak any personal sensitive data that was on the machine, it does represent an increase in the potential for such a thing to happen.
I bought a Yubikey (5c). The goal was to store "personal" GPG and SSH credentials on the yubikey so that they would not be available to a compromised system, or inadvertantly get backed up.
The setup seems to work pretty well. Here is what I did.
I ran into a problem where deleted files were taking up a considerable amount of space, and ultimately leading to filesystem full problems.
stack-overflow provided me with a way to get a list of open filehandles on deleted files here.
The key response there covers lsof -a +L1 which filters output to files that have less than 1 name (link count) in the filesystem.
The tool 'fixup' provided here allows you to easily 'show', 'truncate', or 'backup' the files.
this was an attempt to recreate an issue where curl inside a container was acting as if it had missing libraries. The error seen would be:
$ lxc-attach -nran curl
/usr/bin/curl: /lib/x86_64-linux-gnu/libcrypto.so.1.1: \
version `HEIMDAL_ASN1_1.0' not found (required by /lib/x86_64-linux-gnu/libgssapi.so.3)
/usr/bin/curl: /lib/x86_64-linux-gnu/libcrypto.so.1.1: \
version `HEIMDAL_ASN1_1.0' not found (required by /lib/x86_64-linux-gnu/libkrb5.so.26)
I'm working with lvm2 package in order to get some autopkgtest tests run on ubuntu before merging.
I've submitted a pull request to debian at lvm2/#6.
My post to the linux-lvm2 mailing list asking about stability of the tests can be seen here.
lvm2 in debian uses gbp to build. Changes are made directly to the source and a debian delta patch is generated (debian/source/format shows 3.0 (gitarchive)).
When working with photonvision and without a romi in front of me, I decided to give qemu a try.
It works, but it is very slow.
See the 'boot' script provided for booting.
- system reboots twice before staying up
I run a local zot for use with stacker.
It is very useful to be able to publish oci images. It also can improve performance by acting as a caching proxy. See sync extension. This is especially useful due to docker.io's low bandwidth limits.
To use this for localhost:
- Download a
zotfrom releases and make it executable (chmod 755 zot)