Skip to content

Instantly share code, notes, and snippets.

View tormath1's full-sized avatar

Mathieu Tortuyaux tormath1

View GitHub Profile
@tormath1
tormath1 / cluster.tf
Created December 11, 2020 17:47
resource "google_container_cluster" "primary" {
name = "cluster-lab"
location = "us-central1"
# We can't create a cluster with no node pool defined, but we want to only use
# separately managed node pools. So we create the smallest possible default
# node pool and immediately delete it.
remove_default_node_pool = true
initial_node_count = 1
@tormath1
tormath1 / plan.json
Created December 15, 2020 10:04
{"format_version":"0.1","terraform_version":"0.13.5","variables":{"project":{"value":"toto1234"}},"planned_values":{"root_module":{"resources":[{"address":"google_container_cluster.primary","mode":"managed","type":"google_container_cluster","name":"primary","provider_name":"registry.terraform.io/hashicorp/google","schema_version":1,"values":{"description":null,"enable_binary_authorization":false,"enable_intranode_visibility":null,"enable_kubernetes_alpha":false,"enable_legacy_abac":false,"enable_shielded_nodes":false,"enable_tpu":null,"initial_node_count":1,"ip_allocation_policy":[],"location":"us-central1","maintenance_policy":[],"master_auth":[{"client_certificate_config":[{"issue_client_certificate":false}],"password":"","username":""}],"master_authorized_networks_config":[],"min_master_version":null,"name":"cluster-lab","network":"default","pod_security_policy_config":[],"private_cluster_config":[],"remove_default_node_pool":true,"resource_labels":null,"resource_usage_export_config":[],"timeouts":null,"ve
@tormath1
tormath1 / play-pause.py
Created March 16, 2021 15:30
Play / Pause your Chromium multimedia using d-bus
#!/usr/bin/env python
# goal of this script is to control (play / pause) multimedia played
# on a chromium tab through dbus
# requirements:
# * dbus (session)
import dbus
# used to identify a Dbus chromium instance
@tormath1
tormath1 / main.go
Created April 9, 2021 16:08
package main
import (
"fmt"
"net"
"os"
"runtime"
"github.com/vishvananda/netlink"
"github.com/vishvananda/netns"
@tormath1
tormath1 / test
Created April 16, 2021 08:17
$ sudo ./bin/kola run -b cl -p qemu --qemu-image /home/mathieu/kinvolk/flatcar-sdk/src/build/images/amd64-usr/developer-2823.0.0+2021-04-06-1555-a1/flatcar_production_qemu_image.img
qemu-img: warning: Deprecated use of backing file without explicit backing format (detected format of qcow2)
=== RUN cl.update.badverity
=== RUN coreos.locksmith.tls
=== RUN cl.ignition.v1.users
=== RUN cl.verity
=== RUN cl.ignition.v1.xfsroot
=== RUN cl.ignition.v2_1.ext4checkexisting
=== RUN cl.network.initramfs.second-boot
=== RUN cl.basic
@tormath1
tormath1 / gist:094ebd2b5215342676def5de14a27190
Created April 21, 2021 14:35
kubelet logs
Apr 21 14:33:28 localhost systemd[1]: Starting kubelet.service...
Apr 21 14:33:28 localhost systemd[1]: Started kubelet.service.
Apr 21 14:33:28 localhost kubelet[2722]: Flag --register-schedulable has been deprecated, will be removed in a future version
Apr 21 14:33:28 localhost kubelet[2722]: Flag --pod-manifest-path has been deprecated, This parameter should be set via the config file specified by the Kubelet's --config flag. See https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/ for more information.
Apr 21 14:33:29 localhost kubelet[2722]: I0421 14:33:29.498947 2722 server.go:417] Version: v1.18.0
Apr 21 14:33:29 localhost kubelet[2722]: I0421 14:33:29.499496 2722 plugins.go:100] No cloud provider specified.
Apr 21 14:33:29 localhost kubelet[2722]: I0421 14:33:29.592520 2722 server.go:646] --cgroups-per-qos enabled, but --cgroup-root was not specified. defaulting to /
Apr 21 14:33:29 localhost kubelet[2722]: I0421 14:33:29.593185 2722 container_manager_linux.go:266] con
@tormath1
tormath1 / README.md
Last active May 2, 2021 11:39
generateCVE summary from a CVE list

Usage example:

$ go run ./main.go -cvefile ./cves.txt | jq
[
  {
    "score": 5.9,
    "severity": "MEDIUM",
    "description": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
  },
  {
@tormath1
tormath1 / selinux-policy-2.diff
Created June 4, 2021 14:15
patch to fix POLICY_PATCH applying
diff --git a/eclass/selinux-policy-2.eclass b/eclass/selinux-policy-2.eclass
index 5def86fbe..8f69847a9 100644
--- a/eclass/selinux-policy-2.eclass
+++ b/eclass/selinux-policy-2.eclass
@@ -179,11 +179,12 @@ selinux-policy-2_src_prepare() {
# Apply the additional patches refered to by the module ebuild.
# But first some magic to differentiate between bash arrays and strings
- if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]]; then
- [[ -n ${POLICY_PATCH[*]} ]] && eapply -d "${S}/refpolicy/policy/modules" "${POLICY_PATCH[@]}"
@tormath1
tormath1 / virt.patch
Created June 4, 2021 14:25
--- services/virt.te
+++ services/virt.te
@@ -1377,3 +1377,31 @@ sysnet_dns_name_resolve(virtlogd_t)
virt_manage_log(virtlogd_t)
virt_read_config(virtlogd_t)
+
+require {
+ type kernel_t;
+ type tmpfs_t;
@tormath1
tormath1 / gentoo-define-libdirs.patch
Created July 21, 2021 15:44
From dacbed2586288c5040e61c2856f455f64c35d39c Mon Sep 17 00:00:00 2001
From: Mathieu Tortuyaux <[email protected]>
Date: Tue, 20 Jul 2021 14:07:48 +0200
Subject: [PATCH] dev-lang/perl: apply tmp flatcar changes
temporary patch to fix https://github.com/Perl/perl5/issues/10651#issuecomment-882722892
Signed-off-by: Mathieu Tortuyaux <[email protected]>
---
dev-lang/perl/files/define.patch | 11 +++++++++++