Skip to content

Instantly share code, notes, and snippets.

View mkulke's full-sized avatar

Magnus Kulke mkulke

41 followers · 4 following
View GitHub Profile
@mkulke
mkulke / launch-libvirt-vm.sh
Created December 3, 2024 07:58
#!/bin/bash
set -euo pipefail
VM_NAME="${1:-mgns}"
SCREEN_SESSION="vm-console"
virt-install \
--name "$VM_NAME" \
--osinfo name=fedora40 \
@mkulke
mkulke / Dockerfile.kbs
Last active August 23, 2023 12:12
Cloud Api Adaptor image decryption with cc_kbc
FROM rust:1.71-slim-bullseye as builder
ARG KBS_COMMIT=81f3de7
RUN apt-get update && apt-get install -y curl gnupg2
RUN curl -L https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add -
RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' > /etc/apt/sources.list.d/intel-sgx.list
RUN apt-get update && apt-get install -y \
build-essential \
clang \
git \
@mkulke
mkulke / encrypt_decrypt.sh
Last active September 6, 2024 06:03
coco kbs image enc/dec
#!/bin/bash
set -euo pipefail
# login to GHCR
pass github/token/packages | docker login ghcr.io -u USERNAME --password-stdin
# Encryption
# Provides the GRPC api for skopeo/ocicrypt. it performs no attestation
@mkulke
mkulke / secret_key_release.md
Created May 24, 2023 14:34

Get the secret from KBS via AA

Install grpcurl:

cd $(mktemp -d)
curl -LO https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz
tar -xvzf grpcurl_1.8.7_linux_x86_64.tar.gz
sudo mv grpcurl /usr/local/bin
@mkulke
mkulke / client_side_encryption.py
Created May 5, 2023 13:51
Client Side Key Encryption with Azure Blob Storage
import os, uuid
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.keywrap import aes_key_wrap, aes_key_unwrap
from base64 import b64decode
KEK_B64 = 'DGLwgnzlaBYAlxRuuCkthRgYRfUWryR8Cqo79g88Gek='
class KeyWrapper:
@mkulke
mkulke / reader-monad.ts
Created March 6, 2021 12:22
sample code with fp-ts reader monads
// ts 4.2.0
// fp-ts 2.9.5
import * as RE from 'fp-ts/lib/Reader';
import { pipe } from 'fp-ts/lib/pipeable';
import * as assert from 'assert';
interface Dependencies {
logger: { log: (message: string) => void };
env: 'development' | 'production';
@mkulke
mkulke / type-golf.ts
Created December 30, 2020 23:25
fizzbuzz in typescripts type system
// typescript v4.1.3
type _0 = 0;
type Increment<N> = [N, 1];
type Eq<A, B extends A> = true;
type _1 = Increment<_0>;
type _2 = Increment<_1>;
type _3 = Increment<_2>;
type _4 = Increment<_3>;
@mkulke
mkulke / extract.sh
Last active May 18, 2020 14:31
blacklisted categories
cat mapping.json | jq 'map(select(.categories | map(startswith("blacklisted")) | any)) | map(.code)' > blacklisted_expressions.json
@mkulke
mkulke / osm.sh
Created May 6, 2020 22:02
#!/bin/bash
docker run -v $PWD/bla:/data mediagis/osmtools osmconvert /data/berlin.pbf -b=10.5,49,11.5,50 -o=/data/cropped.pbf
xsv input -d ";" < adressen-be.txt | xsv search --no-headers -s 15 '10437' | xsv select 14,10,11 > addr.csv
/pelias-pbf2json -leveldb=bla/ -tags="addr:housenumber+addr:street+addr:postcode~10437" berlin.pbf | jq -s -r '.[] | [.tags."addr:housenumber", .tags."addr:street"] | @csv' > addr.csv
sort -k1,1 -k2,2n -t ',' addr.csv
@mkulke
mkulke / limit.ts
Created June 25, 2019 22:15
limit concurrency of promises
async function limitConcurrency<T, U>(
arr: T[],
fn: (t: T) => Promise<U>,
limit: number,
): Promise<U[]> {
const results: Promise<U>[] = [];
const pool: Promise<void>[] = [];
for (const elem of arr) {
// add promise to the pool