Skip to content

Instantly share code, notes, and snippets.

View tiran's full-sized avatar

Christian Heimes tiran

View GitHub Profile
@tiran
tiran / cpython_wasm_info.md
Last active July 10, 2022 23:13
CPython on WASM: macros and constants

CPython WASM

CPython

>>> import sys, os, platform
>>> sys.platform
'emscripten'
>>> os.name
'posix'
@tiran
tiran / config.site-wasm
Last active November 26, 2021 13:16
CONFIG_SITE for CPython wasm cross builds
#
# CONFIG_SITE=config.site-wasm READELF=true emconfigure ./configure -C --host=wasm32-unknown-emscripten --build=$(./config.guess) --without-pymalloc --enable-big-digits=30
# ln -sfr Modules/Setup.stdlib Modules/Setup.local
# emmake make CROSS_COMPILE=yes FREEZE_MODULE=../x86_64/Programs/_freeze_module PYTHON_FOR_BUILD=../x86_64/python _PYTHON_HOST_PLATFORM=wasm32-unknown-emscripten
#
# cannot be detected for cross builds
ac_cv_buggy_getaddrinfo=no
ac_cv_file__dev_ptmx=yes
ac_cv_file__dev_ptc=no
@tiran
tiran / audient_id4_pipewire.md
Last active March 25, 2024 07:32
Audient iD4 with pipewire: split mic and DI inputs into separate streams

UPDATE

The workaround is no longer needed with recent alsa-ucm, e.g. alsa-ucm-1.2.11-2.fc39. Just configure the device to use Default Alsa Profile instead of Pro.

old workaround

  • cp /usr/share/pipewire/media-session.d/media-session.conf ~/.config/pipewire/media-session.d/
  • add loopback modules to context.modules section
  • configure interface to use Pro Audio profile
  • systemctl restart --user pipewire.service pipewire-pulse.service
@tiran
tiran / ldap_sasl.py
Created August 27, 2021 12:31
Test SASL data security layer / SSF behavior
#!/usr/bin/python
"""Test SASL data security layer / SSF behavior
"""
from __future__ import print_function
import socket
import ldap
import ldap.sasl
FQDN = socket.getfqdn()
@tiran
tiran / make.txt
Created May 6, 2021 13:46
OpenSSL 3.0.0 alpha16+
$ make -s
crypto/ec/curve448/f_generic.c:21:27: warning: argument 1 of type 'uint8_t[56]' {aka 'unsigned char[56]'} with mismatched bound [-Warray-parameter=]
21 | void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
| ~~~~~~~~^~~~~~~~~~~~~~~~~
In file included from crypto/ec/curve448/f_generic.c:12:
crypto/ec/curve448/field.h:65:28: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
65 | void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
| ~~~~~~~~~^~~~~~
crypto/ec/curve448/f_generic.c:21:27: warning: argument 1 of type 'uint8_t[56]' {aka 'unsigned char[56]'} with mismatched bound [-Warray-parameter=]
21 | void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
```
<Not-4ecb> [cpython] vstinner closed pull request #1658: bpo-30367: fix _testcapi to work when statically linked into Cpython3 - https://git.io/J3zgE
<Not-4ecb> [cpython] vstinner closed pull request #2336: bpo-36700: Updated obsolete references for RFC 3548 to RFC 4648 - https://git.io/J3zgu
<Not-4ecb> [cpython] vstinner closed pull request #4435: bpo-31956: Add start and stop parameters to array.index() - https://git.io/J3zgz
<Not-4ecb> [cpython] vstinner closed pull request #4988: bpo-32414: use string after the last dot as the capsule name in PyCapsule_Import - https://git.io/J3zgg
<Not-4ecb> [cpython] vstinner closed pull request #5068: bpo-32469: Improve representation of the coroutines - https://git.io/J3zg2
<Not-4ecb> [cpython] vstinner closed pull request #5215: bpo-32579: UUID python module fix, when there is no clock sequence given - https://git.io/J3zga
<Not-4ecb> [cpython] vstinner closed pull request #5313: bpo-29708: support SOURCE_DATE_EPOCH for build info - https://git.io/J3zgV
<Not-4ecb>
@tiran
tiran / proxykdc.md
Last active March 18, 2021 15:41
Create Kerberos pkinit cert for proxy

On each IPA server (server.ipa.example)

  1. Apply patch https://github.com/freeipa/freeipa/pull/5496/files (https://pagure.io/freeipa/issue/8686). on RHEL it's in /usr/lib/python3.6/site-packages/ipaserver/plugins/cert.py
  2. systemctl restart httpd.service to reload server code with patch
  3. ipa host-add proxy.ipa.example --force
  4. ipa host-add-managedby proxy.ipa.example --hosts=server.ipa.example
  5. Create /tmp/fake-kdc.update (replace proxy.ipa.example with your actual proxy name three times)
  6. Create fake KDC entry in masters configuration ipa-ldap-updater fake-kdc.update
  7. systemctl restart httpd.service
  8. request new KDC cert for server's and proxy's DNS name: ipa-getcert resubmit --wait -f /var/kerberos/krb5kdc/kdc.crt -D proxy.ipa.example -D server.ipa.example
@tiran
tiran / saslprof.py
Created January 4, 2021 15:24
Profile LDAP SASL bind performance
#!/usr/bin/python3
import collections
import configparser
import time
import socket
import ldap
import ldap.sasl
SASL_GSSAPI = ldap.sasl.sasl({}, 'GSSAPI')
@tiran
tiran / python-on-debian.md
Last active May 21, 2024 08:46
Negative Python user experience on Debian/Ubuntu

Negative Python user experience on Debian/Ubuntu

The user experience of Python on a minimal Debian or Ubuntu installation is bad. Core features like virtual environments, pip bootstrapping, and the ssl module are either missing or do not work like designed and documented. Some Python core developers including me are worried and consider Debian/Ubuntu's packaging harmful for Python's reputation and branding. Users don't get what they expect.

Reproducer

The problems can be easily reproduced with official Debian and Ubuntu containers in Docker or Podman. Debian Stable (Debian 10 Buster) comes with Python 3.7.3. Ubuntu Focal (20.04 LTS) has Python 3.8.5.

Run Debian container

@tiran
tiran / freeipa-image-f32.sh
Created July 24, 2020 06:59
Build FreeIPA libvirt image
#!/bin/sh
set -e
VER=32
IMG=f${VER}-base.qcow2
if [ ! -f $IMG ]; then
virt-builder \
--format qcow2 \
--update \