profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/shibumi/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Christian Rebischke shibumi @archlinux Germany https://shibumi.dev Site Reliability Engineer and member of Arch Linux Security Team and Arch Linux Trusted User

archlinux/arch-boxes 159

Arch-boxes provides automated builds of the Arch Linux releases for different providers and post-processors (read-only mirror)

in-toto/in-toto-golang 23

A go implementation of in-toto verifylib

shibumi/cifs-exporter 10

SMB/CIFS Prometheus Exporter

shibumi/batteryd 7

The smallest battery daemon ever!

shibumi/Arch-Linux-Catapult 4

Arch Linux Catapult (ALC) catapults your favourite Arch Linux image on your machine

kgizdov/arch-installer 3

WIP: An installer for Arch Linux

shibumi/bachelor-thesis 2

My bachelor-thesis at TU Clausthal

shibumi/ansible-systemd-conf 1

Ansible role to setup systemd configs, networkd, timers and more

shibumi/aoc2019 1

Advent of Code 2019

shibumi/bachelor-kolloquium 1

The slides for my bachelor defense

push eventshibumi/master-thesis

Christian Rebischke

commit sha 11f0523b5434fdd26a6f6b03991207a207cdf202

started working on namespaces

view details

push time in 17 hours

created tagshibumi/master-thesis

tag2021-07-31

This will be the git repository for my master-thesis

created time in 17 hours

pull request commenttheupdateframework/go-tuf

Add the ability to sign with an external tool (Dump signable content + append signature)

Mh looks like @mnm678's and my approval do not count. @joshuagl can you have a look and approve this if fine?

asraa

comment created time in a day

PullRequestReviewEvent

pull request commentnspawn/nspawn

show progress of machinectl pull

@vaporup yes

vaporup

comment created time in 7 days

push eventnspawn/nspawn

Sven Wick

commit sha df47558c96de101cb9b9d90304ed565c8d16734a

Remove path from usage/help

view details

Christian Rebischke

commit sha 6e5c338f08a81f0ae9939b9273c5f752386770ae

Merge pull request #11 from vaporup/progname Remove path from usage/help

view details

push time in 7 days

PR merged nspawn/nspawn

Reviewers
Remove path from usage/help

Avoids output like

/home/swick/repos/vaporup/nspawn/nspawn {COMMAND} [PARAMETER]

or

./nspawn {COMMAND} [PARAMETER]

Now it always shows

nspawn {COMMAND} [PARAMETER]
+2 -2

0 comment

2 changed files

vaporup

pr closed time in 7 days

push eventnspawn/nspawn

Sven Wick

commit sha 380cf602669067b0f281d19ca87537348e8838f9

Same output like in machinectl show-image

view details

Christian Rebischke

commit sha 3d5e0c37cad4e9a510cfab2c9019e10d69d04aa4

Merge pull request #12 from vaporup/consistent-output Same output like in machinectl show-image

view details

push time in 7 days

PR merged nspawn/nspawn

Reviewers
Same output like in machinectl show-image
+1 -1

0 comment

1 changed file

vaporup

pr closed time in 7 days

push eventnspawn/nspawn

Sven Wick

commit sha ab5c74e7cef22e1459d9a24a5c4d0ea11a7abc99

fix typo

view details

Christian Rebischke

commit sha db2c9735953109ef9bf7988906a8c2bd7f2627e4

Merge pull request #5 from vaporup/patch-1 fix typo

view details

push time in 7 days

PR merged nspawn/nspawn

Reviewers
fix typo
+1 -1

0 comment

1 changed file

vaporup

pr closed time in 7 days

PullRequestReviewEvent

pull request commenttheupdateframework/go-tuf

Make targetsWalkFunc public

@trishankatdatadog I don't have write access to the repository :D I guess you need to squash merge.

asraa

comment created time in 9 days

pull request commenttheupdateframework/go-tuf

Make targetsWalkFunc public

looks fine for me as well.

One addition: It may make sense to add a doc string if we make this public. This is very useful for generating Godocs.

@asraa can you add a a few sentences as doc strings above the function for documentation?

asraa

comment created time in 9 days

PullRequestReviewEvent

issue closedsigstore/rekor

Failing tests on Arch Linux (Go 1.16.5)

Hi,

I try to build rekor right now and there are a few failing tests.

Do I need to generate something special prior build? (Note: I don't use the makefile..) Right now I am building rekor-cli and rekor-server like this:

  export CGO_CPPFLAGS="${CPPFLAGS}"
  export CGO_CFLAGS="${CFLAGS}"
  export CGO_CXXFLAGS="${CXXFLAGS}"
  export CGO_LDFLAGS="${LDFLAGS}"
  export GOFLAGS="-buildmode=pie -trimpath -mod=readonly -modcacherw"
  go build -ldflags "-linkmode=external -w" -o cmd/rekor-cli/rekor-cli cmd/rekor-cli/main.go
  go build -ldflags "-linkmode=external -w" -o cmd/rekor-server/rekor-server cmd/rekor-server/main.go

closed time in 13 days

shibumi

issue commentsigstore/rekor

Failing tests on Arch Linux (Go 1.16.5)

closed with #378

shibumi

comment created time in 13 days

delete branch shibumi/rekor

delete branch : shibumi/check-for-ssh-keygen

delete time in 13 days

push eventshibumi/rekor

Christian Rebischke

commit sha 448fd41fd96d0ffbeb7bdea0a820dfe68cc81cf8

skip openssh tests if ssh-keygen is not in PATH This commit adds a PATH lookup to the openSSH tests. This prevents failing tests on systems with no ssh-keygen in PATH. Signed-off-by: Christian Rebischke <chris@shibumi.dev>

view details

push time in 13 days

PR opened sigstore/rekor

Fix #373: skip openssh tests if ssh-keygen is not in PATH

This PR tries to solve #373 via checking for the ssh-keygen executable in the path. Note: The skipped tests will only be shown when adding the -v flag to go test. The PR has been tested on my local system:

❯ go test -v ./...
=== RUN   TestFromOpenSSH
    sign_test.go:144: skip TestFromOpenSSH: missing ssh-keygen in PATH
--- SKIP: TestFromOpenSSH (0.00s)
=== RUN   TestToOpenSSH
    sign_test.go:200: skip TestToOpenSSH: missing ssh-keygen in PATH
--- SKIP: TestToOpenSSH (0.00s)
=== RUN   TestRoundTrip
=== RUN   TestRoundTrip/rsa
=== RUN   TestRoundTrip/ed25519
--- PASS: TestRoundTrip (0.02s)
    --- PASS: TestRoundTrip/rsa (0.01s)
    --- PASS: TestRoundTrip/ed25519 (0.00s)
PASS
❯ go test -v ./...                                    
=== RUN   TestFromOpenSSH
=== RUN   TestFromOpenSSH/rsa
    sign_test.go:159: cmd /usr/bin/ssh-keygen -Y sign -n file -f /tmp/TestFromOpenSSH_rsa719251063/001/id /tmp/TestFromOpenSSH_rsa719251063/001/data: Signing file /tmp/TestFromOpenSSH_rsa719251063/001/data
        Write signature to /tmp/TestFromOpenSSH_rsa719251063/001/data.sig
=== RUN   TestFromOpenSSH/ed25519
    sign_test.go:159: cmd /usr/bin/ssh-keygen -Y sign -n file -f /tmp/TestFromOpenSSH_ed255193943236978/001/id /tmp/TestFromOpenSSH_ed255193943236978/001/data: Signing file /tmp/TestFromOpenSSH_ed255193943236978/001/data
        Write signature to /tmp/TestFromOpenSSH_ed255193943236978/001/data.sig
--- PASS: TestFromOpenSSH (0.02s)
    --- PASS: TestFromOpenSSH/rsa (0.01s)
    --- PASS: TestFromOpenSSH/ed25519 (0.01s)
=== RUN   TestToOpenSSH
=== RUN   TestToOpenSSH/rsa
    sign_test.go:223: cmd /usr/bin/ssh-keygen -Y verify -f /tmp/TestToOpenSSH_rsa2114079591/001/allowed_signer -I test@rekor.dev -n file -s /tmp/TestToOpenSSH_rsa2114079591/001/oursig: Good "file" signature for test@rekor.dev with RSA key SHA256:IkDRT/GXJRFrSruMf8F+ilGMaW+kFf2D4quUApK8p6E
    sign_test.go:227: cmd /usr/bin/ssh-keygen -Y verify -f /tmp/TestToOpenSSH_rsa2114079591/001/allowed_signer -I othertest@rekor.dev -n file -s /tmp/TestToOpenSSH_rsa2114079591/001/oursig: Could not verify signature.
    sign_test.go:232: cmd /usr/bin/ssh-keygen -Y check-novalidate -n file -s /tmp/TestToOpenSSH_rsa2114079591/001/oursig: Signature verification failed: incorrect signature
        Could not verify signature.
=== RUN   TestToOpenSSH/ed25519
    sign_test.go:223: cmd /usr/bin/ssh-keygen -Y verify -f /tmp/TestToOpenSSH_ed25519648723907/001/allowed_signer -I test@rekor.dev -n file -s /tmp/TestToOpenSSH_ed25519648723907/001/oursig: Good "file" signature for test@rekor.dev with ED25519 key SHA256:nTfAQgoE0o29gjmx7bF3pSliPLQ/UVdzeK2QFM4qEw4
    sign_test.go:227: cmd /usr/bin/ssh-keygen -Y verify -f /tmp/TestToOpenSSH_ed25519648723907/001/allowed_signer -I othertest@rekor.dev -n file -s /tmp/TestToOpenSSH_ed25519648723907/001/oursig: Could not verify signature.
    sign_test.go:232: cmd /usr/bin/ssh-keygen -Y check-novalidate -n file -s /tmp/TestToOpenSSH_ed25519648723907/001/oursig: Signature verification failed: incorrect signature
        Could not verify signature.
--- PASS: TestToOpenSSH (0.06s)
    --- PASS: TestToOpenSSH/rsa (0.03s)
    --- PASS: TestToOpenSSH/ed25519 (0.03s)
=== RUN   TestRoundTrip
=== RUN   TestRoundTrip/rsa
=== RUN   TestRoundTrip/ed25519
--- PASS: TestRoundTrip (0.01s)
    --- PASS: TestRoundTrip/rsa (0.00s)
    --- PASS: TestRoundTrip/ed25519 (0.00s)
PASS
+6 -0

0 comment

1 changed file

pr created time in 13 days

create barnchshibumi/rekor

branch : shibumi/check-for-ssh-keygen

created branch time in 13 days

fork shibumi/rekor

Secure Supply Chain - Transparency Log

https://sigstore.dev

fork in 13 days

issue commentfalcosecurity/falco

Combination of default and customized macro not working

I am new to falco, but is it possible that the first rule matches and that's it? What I am trying to say is that I think it might make sense that the rule gets only triggered alone, because both conditions of the multi-macro has been already triggered. So why triggering that multi macro at all (both parts have been already triggered).

Can you validate this?

- macro: known_exception
  condition: (user.name=root
              and fd.name startswith /etc/falco/rules.d)

- macro: combination_macro
  condition: (known_exception
              and write_etc_common)

- rule: Combination
  desc: Combination Test an attempt to write to any file below /etc
  condition: combination_macro
  output: "Combination below /etc opened for writing (user=%user.name user_loginuid=%user.loginuid command=%proc.cmdline parent=%proc.pname pcmdline=%proc.pcmdline file=%fd.name program=%proc.name gparent=%proc.aname[2] ggparent=%proc.aname[3] gggparent=%proc.aname[4] container_id=%container.id image=%container.image.repository)"
  priority: ERROR
  tags: [filesystem, mitre_persistence]

Does the above rule work?

rewanthtammana

comment created time in 13 days

issue commentfalcosecurity/falco

Combination of default and customized macro not working

mh I looked on this for a while now and I can't see the error as well. Are you sure it's not being logged? I think you forgot at least one line, because I see two errors being thrown for the swap file generated by vi and just one line for the actual file opened by vi. So there is at least one error line missing in your screenshot. Would be interesting to know if that gets thrown or not.

rewanthtammana

comment created time in 14 days

push eventshibumi/infra

Christian Rebischke

commit sha b4ae0d891c0c5c2dc3b4f02950f1fad2f06c3f04

task: add netlify and github support

view details

push time in 15 days

startedAegirHealth/terraform-provider-netlify

started time in 15 days

issue closedrestic/restic

s3 backend throws: "Fatal: parsing repository location failed: invalid backend"-error

Output of restic version

restic 0.12.0 compiled with go1.15.8 on linux/amd64

What backend/server/service did you use to store the repository?

Configuration via environment variables (worked for years.. now it suddenly breaks with the new restic version):

RESTIC_REPOSITORY="s3:s3.wasabisys.com/<my bucket>"
RESTIC_PASSWORD=<my pw>
AWS_ACCESS_KEY_ID=<access key id>
AWS_SECRET_ACCESS_KEY=<access key>

Command:

$ restic snapshots
Fatal: parsing repository location failed: invalid backend
If the repo is in a local directory, you need to add a `local:` prefix

Expected behavior

Restic should list all snapshots.

Actual behavior

Restic fails to connect to the repository/backend.

Steps to reproduce the behavior

See above

Do you have any idea what may have caused this?

I guess it is version 0.12

Do you have an idea how to solve the issue?

no

Did restic help you today? Did it make you happy in any way?

It made me happy for years :)

closed time in 15 days

shibumi

issue commentrestic/restic

s3 backend throws: "Fatal: parsing repository location failed: invalid backend"-error

found the issue... had something to do with my password manager.. m(

shibumi

comment created time in 15 days

issue openedrestic/restic

Fatal: parsing repository location failed: invalid backend

Output of restic version

restic 0.12.0 compiled with go1.15.8 on linux/amd64

What backend/server/service did you use to store the repository?

Configuration via environment variables (worked for years.. now it suddenly breaks with the new restic version):

RESTIC_REPOSITORY="s3:s3.wasabisys.com/<my bucket>"
RESTIC_PASSWORD=<my pw>
AWS_ACCESS_KEY_ID=<access key id>
AWS_SECRET_ACCESS_KEY=<access key>

Command:

$ restic snapshots
Fatal: parsing repository location failed: invalid backend
If the repo is in a local directory, you need to add a `local:` prefix

Expected behavior

Restic should list all snapshots.

Actual behavior

Restic fails to connect to the repository/backend.

Steps to reproduce the behavior

See above

Do you have any idea what may have caused this?

I guess it is version 0.12

Do you have an idea how to solve the issue?

no

Did restic help you today? Did it make you happy in any way?

It made me happy for years :)

created time in 15 days

issue commentgopasspw/gopass

Gopass alters output

@dominikschulz mhhh I am just afraid there is one additional problem. If I use gopass show -n it will also show the Secret: <name> header.. but I only want the content. Is it save to delete this "Secret" header? Will gopass re-add it?

shibumi

comment created time in 15 days