Crosscompile under GoLang

Python is cool and everybody like it, but i also like the Concept of writing some Code, compile it for different Platforms and run it everywhere. Google’s Go Language got the possiblity to compile it for multiple Architectures and Operating Systems at the same time. Why not give a try … ?

Little Hello World

package main

import (
    "fmt"
    "os"
)

func main() {
    s := "world"

    if len(os.Args) > 1 {
        s = os.Args[1]
    }

    fmt.Printf("Hello, %v!", s)
    fmt.Println("")

    if s == "fail" {
        os.Exit(30)
    }
}

go.mod

module example.com/test

go 1.18

Compile and run under macOS

go build

./test
Hello, world!

CrossCompile Script

#!/usr/bin/env bash

archs=(amd64 arm64)
os=(darwin freebsd linux openbsd windows)
name="hello"

for arch in ${archs[@]}; do
  for os in ${os[@]}; do
        env GOOS=${os} GOARCH=${arch} go build -o ${name}_${os}-${arch}
  done
done

Compile it

execute it …

Misc Oneliners

Tar Folder and copy to remote Machine

tar cf - /etc/ |ssh ${remote-host} "cd /tmp/ && cat > $(hostname)-etc.tar"

Tar & GZIP Folder and copy to remote Machine

tar czf - /etc/ |ssh ${remote-host} "cd /tmp/ && cat > $(hostname)-etc.tar.gz"

Dump Certs Chain

s="google.com"; timeout 2 openssl s_client -servername ${s} -connect ${s}:443 -showcerts > /tmp/${s}.chain

selfsigned certificate for 1 year

cd /etc/ssl; openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 356

set default branch to main

git config --global init.defaultBranch main

bash - check multiple files

[ -f /etc/resolv.conf -a -f /etc/hosts ] && echo "Both files exist" || echo "One or Both Files are missing"

remove word ’nosuid’ on the line /var in /etc/fstab

sed -E -i.bak 's/(.*\/var.*)(,nosuid)(.*)/\1\3/' /etc/fstab

macos show hidden files

defaults write com.apple.finder AppleShowAllFiles -boolean true; killall Finder

or

Background

It seems as OpenBSD (and the installed Software) is useing more and more Space in the /usr Partition. For Upgrading to 7.1, at least 1.1 GB Free Space is needed. So, i’m gooing to update my Default Partitioning Proposal like this:

Example with 25 GB

root@puffy# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    766M    2.9G    20%    /
/dev/sd0d      1.9G   20.0K    1.8G     0%    /tmp
/dev/sd0e      5.8G   36.1M    7.3G     0%    /var
/dev/sd0f      7.8G    3.6G    3.8G    49%    /usr
/dev/sd0g      2.xG    150M    7.2G     2%    /home

which results in this:

a 4G  /
a 2G  swap
a 2G  /tmp
a 6G  /var
a 8G  /usr
a *   /home

Example with 32 GB

root@puffy# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    766M    2.9G    20%    /
/dev/sd0d      1.9G   20.0K    1.8G     0%    /tmp
/dev/sd0e      7.8G   36.1M    7.3G     0%    /var
/dev/sd0f      7.8G    3.6G    3.8G    49%    /usr
/dev/sd0g      7.7G    150M    7.2G     2%    /home

which results in this:

a 4G  /
a 2G  swap
a 2G  /tmp
a 8G  /var
a 8G  /usr
a *   /home

Any Comments ?

sha256: 2f78497b58d2704bc07a1d2404cefe74432d634a4d816bb58f11b5c0a359627f

Python PIP

OpenBSD 7.1

# python3 --version
Python 3.9.12

# python3 -m pip --version
pip 22.0.4 from /usr/local/lib/python3.9/site-packages/pip (python 3.9)

List installed Packages

python3 -m pip list

List outdated Packages

python3 -m pip list --outdated --format columns

Any Comments ?

sha256: 6ada0942bc4d02ee477ab233571e893547049a379479b61910541e561d2f053a

Let’s tweak a bit the settings …

settings.json

Useful Settings for VSCode … settings.json

test -d .vscode || mkdir .vscode
test -f .vscode/settings.json && mv .vscode/settings.json .vscode/settings.json-$(date +%s)
cat << 'EOF' > .vscode/settings.json
{
    "[python]": {
        "editor.defaultFormatter": "charliermarsh.ruff",
        "editor.formatOnSave": true,
        "editor.codeActionsOnSave": {
            "source.organizeImports": "explicit",
            "source.fixAll": true
        },
    },
}
EOF

pyproject.toml

[tool.ruff]
# Disable rule F401 for unused imports
ignore = ["F401"]

launch.json

test -d .vscode || mkdir .vscode
test -f .vscode/launch.json && mv .vscode/launch.json .vscode/launch.json-$(date +%s)
cat << 'EOF' > .vscode/launch.json
{
    // Use IntelliSense to learn about possible attributes.
    // Hover to view descriptions of existing attributes.
    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
    "version": "0.2.0",
    "configurations": [
        // default config to debug your current active file with python
        {
            "name": "Python: Current File",
            "type": "python",
            "request": "launch",
            "program": "${file}",
            "console": "integratedTerminal",
            "justMyCode": true
        },
        {
            "name": "Python: Test001",
            "type": "python",
            "request": "launch",
            "program": "${workspaceFolder}/project/code.py",
            "args": [
                "arg1",
                "arg2",
                "arg3"
            ],
            "console": "integratedTerminal"
        },
        {
            "name": "Python: FastAPI",
            "type": "python",
            "request": "launch",
            "module": "uvicorn",
            "args": [
                "app.main:app",
                "--reload"
            ]
        },
        {
            "name": "Python: Flask",
            "type": "python",
            "request": "launch",
            "module": "flask",
            "args": [
                "run",
                "--reload"
            ]
        }
    ]
}
EOF

.gitignore

test -f .gitignore && mv .gitignore .gitignore-$(date +%s)
cat << EOF > .gitignore
# added $(date), https://blog.stoege.net/posts/vscode/

# Files
.DS_Store
backup.*
secret
secrets

# Folders
**/.DS_Store/*
**/.history/*
**/.terraform/*
**/.venv/*
**/__pycache__/*
**/cache/*
EOF

Add Basic Packages

poetry add --group dev black pylint py-pytest

keyboards shortcuts macOS

Comment block

command + k, command + u

Uncomment block

command + k, command + u

Collapse All

command + k, command + 0

Expand All

command + k, command + j

Export Extensions

code --list-extensions |xargs -L 1 echo code --install-extension |sed "s/$/ --force/"

import Extensions on another Machine

IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!

wrote a little Mail Adresse Validator in Python. use it, modify it, like it … best practice for python is to use a virtual env like Poetry (or virtualenv) and add the “email-validator” module like this:

poetry add email-validator

Code

few lines of code …

#!/usr/bin/env python3

from email_validator import validate_email, EmailNotValidError

ok=[]
nok=[]

emails = [
        "my+address@mydomain.tld", "hans@dampf.ch", "gott@welt.net",
        "adsf@asdf.com", "asf.asdf", "franz!mueller@abc.com", "asdf@asdf.adf"
        ]

print ("\nMy Little Mail Validator\n")

for email in emails:

    try:
        # Validate.
        valid = validate_email(email)

        # Update with the n
        email = valid.email

        # Append to List
        ok.append(email)

    except EmailNotValidError as e:

        # email is not valid, exception message is human-readable
        nok.append(str(e))


print ("*** Mail ok ***")
for item in ok:
    print("ok: ", item)

print ("\n*** Mail NOT ok ***")
for item in nok:
    print("NOK:", item,"!")

print()

Run

just run and enjoy …

How to enable Logging with Headers for Nginx

Assuming you have a running setup and you want to enable logging with headers for debug and learning purposes ?

Add Lua

doas pkg_add nginx-lua--

and you get …

doas pkg_info -L nginx-lua--
Information for inst:nginx-lua-1.20.1p0

Files:
/var/www/modules/ndk_http_module.so
/var/www/modules/ngx_http_lua_module.so

Enable Modules in /etc/nginx/nginx.conf

add two lines on Top

load_module "modules/ndk_http_module.so";
load_module "modules/ngx_http_lua_module.so";

Enhance Logging

add the following to the “http” Section

log_format log_req_resp   '$remote_addr - $remote_user [$time_local] '
                          '"$request" $status $body_bytes_sent '
                          '"$http_referer" "$http_user_agent" '
                          '$request_time req_header:"$req_header" '
                          'resp_header:"$resp_header"';

Enable Logging

add the following lines to your virtual Host Section

Environment

OpenBSD 7.0
Debian 11.2 with Strongswan
IPv4 only
IKE v1

ToDo

IPv6 and Dualstack
IKE v2

Debian

ipsec.conf

conn puffy
   authby      = secret
   ike         = aes256-sha256-modp2048
   keyexchange = ikev1
   ikelifetime = 1h
   keyingtries = 0
   left        = %defaultroute
   right       = 193.xx.xx.xx
   leftid      = 212.xx.xx.xx
   rightid     = 193.xx.xx.xx
   lifetime    = 1200s
   leftsubnet  = 10.11.1.8/30
   rightsubnet = 10.1.6.0/24
   esp         = aes256-sha256-modp2048
   dpddelay    = 30
   dpdtimeout  = 120
   dpdaction   = restart
   auto        = start

OpenBSD

/etc/sysctl.conf

net.inet.ip.forwarding=1
net.inet.gre.allow=1

Apply all Settings

for i in $(cat /etc/sysctl.conf); do sysctl $i;done

/etc/ipsec.conf

# Tunnel to Debian

local_gw    = "193.xx.xx.xx"
local_net   = "10.1.6.0/24"
remote_gw   = "212.xx.xx.xx"
remote_net  = "10.11.1.8/30"
key         = "DAS-SAG-ICH-DIR-NICHT-:)"

ike dynamic esp tunnel from $local_net to $remote_net peer $remote_gw \
main    auth $auth1   enc $enc1   group $group1   lifetime $time1 \
quick   auth $auth2   enc $enc2   group $group2   lifetime $time2 \
srcid $local_gw \
psk $key

ike dynamic esp tunnel from $remote_net to $local_net peer $local_gw \
main    auth $auth1   enc $enc1   group $group1   lifetime $time1 \
quick   auth $auth2   enc $enc2   group $group2   lifetime $time2 \
srcid $remote_gw \
psk $key

start/restart services

rcctl enable ipsec isakmpd
rcctl set isakmpd flags -K
rcctl restart ipsec isakmpd

Enc Interfaces

cat /etc/hostname.enc0
up

FW Rules

# Allow UDP Port 500 and 4500
pass in  on (egress) proto udp from 193.xx.xx.xx to 212.xx.xx.xx port {isakmp, ipsec-nat-t}
pass out on (egress) proto udp from 212.xx.xx.xx to 193.xx.xx.xx {isakmp, ipsec-nat-t}

# Allow ESP encapsulated IPsec traffic on the external interface
pass in  on (egress) proto esp from 193.xx.xx.xx to 212.xx.xx.xx
pass out on (egress) proto esp from 212.xx.xx.xx to 139.xx.xx.xx

# Allow IP in IP Traffic
pass in  on enc0 proto ipencap from 193.xx.xx.xx to 212.xx.xx.xx keep state (if-bound)
pass out on enc0 proto ipencap from 212.xx.xx.xx to 193.xx.xx.xx keep state (if-bound)

Start Services & Apply Setting

… or reboot the Box so all Settings gets applied

Regex is cool. But have you ever tried to grep IPv4 / IPv6 Adresses from a File or extract from a bunch of data ? Did you use Google Search and found lot of Links, Tip’s and Examples ? And non of them worked well ?

I can highly recommend CyberChef for stuff like that … https://gchq.github.io/CyberChef/

Regex from CyberChef

If you wanna use Regex in your own Scripts, here is a little Extract from Cyberchef.