The Ops Community ⚙️: Axel Navarro

Connecting through OpenVPN with deprecated ciphers, using Docker

Axel Navarro — Mon, 14 Nov 2022 13:43:50 +0000

Caution! This is a developer horror story 👻, Halloween 2022 comes with a nightmare for those who use a VPN. OpenSSL released the version 3.0.7 as the latest stable, if you compare that we're talking about a jump from 1.1.1 to 3.0.7 we can think that any already deprecated protocol was removed to guarantee the security of our systems! And, it happened.
Arch Linux, with its philosophy of using the latest stable release of everything, applied the OpenSSL v3 on Saturday morning November 5.

Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
--cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Unsupported cipher in --data-ciphers: BF-CBC
Options error: NCP cipher list contains unsupported ciphers or is too long.
Use --help for more information.

Surprise! You can't use the BF-CBC cipher on OpenVPN anymore, because it was removed from OpenSSL itself; OpenVPN plans to remove it on 2.7 but we're currently in 2.5.8 at the moment.

Downgrading the openssl package is a possible solution but not the best. Should I move my development environment to a virtual machine? 🙀 Change to an old Ubuntu version? Not for me. Here is when the hero 🦸 of this story appears to save us, and its name is Docker 🐳.

💡 You can receive an alternative error message in Ubuntu or other Linux distributions:

OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
WARNING: --ns-cert-type is DEPRECATED. Use --remote-cert-tls instead.
OpenSSL: error:0A00018E:SSL routines::ca md too weak
Cannot load inline certificate file
Exiting due to fatal error

The solution

The containers can use the same network of the host, this avoids the container being network isolated, and the VPN tunnel is shared with our host system.

Creating the image

For this example I'll use a simple ovpn file, but with a few tweaks I'm sure this will work for you too.

FROM ubuntu:focal

RUN apt update && \
  apt install -y openvpn && \
  rm -rf /var/lib/apt/lists/*

COPY profile.ovpn /etc/openvpn/client/

CMD ["openvpn", "/etc/openvpn/client/profile.ovpn"]

We based our image on Ubuntu 20.04 LTS (Focal Fossa), just install the openvpn package and copy your OpenVPN configuration file inside. Maybe you need a .p12, .key, or .crt files just to copy them too.

🧠 We can't use Ubuntu 22.04 LTS (Jammy Jellyfish) because it received the update to OpenSSL 3.0.2.

Build the image with the following command:

docker build -t openvpn .

Starting the container

Now, we can run the container!

docker run --name=vpn \
  --cap-add=NET_ADMIN \
  --network=host \
  --device /dev/net/tun \
  -it openvpn

The container needs the Linux kernel capability of network administration to create a VPN tunnel with the --cap-add=NET_ADMIN argument. Also --device /dev/net/tun gives access to the tunnel device of the host.

⚠️ Don't give kernel capabilities or access to devices if you don't trust the publisher.

Once started, the container could ask for your credentials (username and password) to establish the VPN connection and it's done! 🎉

Conclusion

Some changes can't be applied in enterprise environments without analyzing all possible scenarios, and the change of this cipher could take some time. That's where Docker could help us to continue using old software in a controlled way for specific tasks without compromising the security of our system.

I hope you don't get scared with this story, but Super-Docker saves the day, one more time. Tell me in the comments if this helped you, or if you found another solution.

Using Git with two or more users

Axel Navarro — Tue, 16 Aug 2022 12:53:00 +0000

Sometimes we need to use more than one Git user in the same machine. This is simple to configure but we need to know a few things before using this feature.

Creating an additional SSH key

By default the SSH key is generated in the ~/.ssh/ directory, and it's called id_rsa or id_ed25519, depending on the signature type. To create a key with a specific filename we can use the following command

ssh-keygen -f filename -t ed25519 -C 'machine_name'

💡 If you're going to use this key for a specific organization, it's very useful to use the format id_orgname for the filename.

The comment specified by using the -C argument should be something useful to know why this key was created 🤔. It could be the name of the machine that uses this SSH key or any notation that helps you. This comment is only visible by you.

Can we use the same key for all the users?

It depends. The source code hostings, like GitHub, associate the SSH key to a specific user of the platform to know which user is pushing code to a Git repository, check the access, etc. If your company doesn’t use Github, con can also use the same key for a personal email in Github and your company’s email in GitLab.

Cloning a repository with a specific SSH key

The git clone command uses the SSH protocol to connect to the Git hosting, and the SSH program in your machine uses the default key (usually located at ~/.ssh/id_ed25519) for authentication. You should use a custom SSH command to clone the repository using this:

git clone --config core.sshCommand="ssh -i path/to/private_ssh_key" git@github.com:orgname/repo.git

🧠 Remember that, if the key name ends with .pub, e.g. id_orgname.pub, then that is the public key. You should use the key file without this extension because that's your private key.

If you want to use a different email address, configure it with the following commands:

git config user.name "John Doe"
git config user.email john@example.com

💡 Use the --global argument to set default settings for all the Git repositories in the machine. Otherwise the git config command only sets configuration values for the repository in the current directory.

Changing the key to an already cloned repository

If you've cloned a Git repository but you need to use a new SSH key to push code, you can use this command to set a new SSH command:

git config core.sshCommand "ssh -i path/to/private_ssh_key"

Extra SSH tips

Maybe your company has their Git repositories in a custom port 🙈 (22 is the default port for SSH), you need to clone these repositories with the following option:

git clone --config core.sshCommand="ssh -p 2222" git@git.example.com:path/to/repo.git

Conclusion

You can use specific Git configurations for each repository, like commit author's information or specific command aliases.

The variations for the SSH commands to connect to a repository using the SSH protocol can be changed anytime.

How to use databases in the Docker world

Axel Navarro — Sun, 24 Jul 2022 19:01:37 +0000

We can run DB engines locally on our machine without installing them by using Docker containers.

💡 Remember that the container's data is removed with the container itself, so, we're going to store the DB data into a specific Docker volume (--volume) to keep it through time.

MongoDB

We can start a MongoDB instance with this simple command:

docker run --detach --name mongo \
  --publish 27017:27017 \
  --volume mongo:/data/db \
  mongo

This starts a Docker container that runs the mongod process and listens on the default MongoDB port 27017. By default MongoDB uses the test database and only accepts connections from localhost without authentication.

The Docker run command

Let's explain the docker run arguments:

--detach runs the container in background, like a service.
--name assigns a specific name to the created container.
--publish forwards a specific port in localhost to the given container.
--volume creates or reuses a volume and attaches it to the given container at the specified path.

By default MongoDB uses the /data/db directory to store the databases (remember to mount a Docker volume in that path).

A MongoDB root user

You can specify a root user to the DB adding the following environment variables to your the container

docker run --detach --name mongo \
  --env MONGO_INITDB_ROOT_USERNAME=mongoadmin \
  --env MONGO_INITDB_ROOT_PASSWORD=secret \
  --publish 27017:27017 \
  --volume mongo:/data/db \
  mongo

For more variables check the mongo image page in Docker hub.

Using the MongoDB shell

You can connect to your DB via terminal by using the mongosh command in the same container.

docker exec -it mongo mongosh

Use --username and --password if those values are required.

How to update the engine

We can update a DB instance easily if we have previously stored the DB data in a Docker volume‼️ This is important, otherwise we'll lose data.

Pull the latest MongoDB image
```
docker pull mongo
```
First stop and remove the Docker container
```
docker stop mongo
docker rm mongo
```
Recreate the container with the same given arguments, remember to include the --env variables (in this case, just MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD).
```
docker run --detach --name mongo \
  --publish 27017:27017 \
  --volume mongo:/data/db \
  mongo
```

It's done! your database is now up to date. 🙌

PostgreSQL

For Postgres remember to set the root user password.

docker run --detach --name pg \
  --env POSTGRES_PASSWORD=secret \
  --volume pgdata:/var/lib/postgresql/data \
  --publish 5432:5432 \
  postgres

By default the username is postgres but you can override that value using the POSTGRES_USER variable.

For more variables check the Docker Hub page.

Connecting via terminal

You can connect via terminal using the same container with the correct username instead of installing the client on your machine.

docker exec -it pg psql --username=postgres

The password is not required to connections from the same host.

MySQL

MySQL follows the Postgres rules with

docker run --detach --name mysql \
  --env MYSQL_ROOT_PASSWORD=secret \
  --volume mysql:/var/lib/mysql \
  --publish 3306:3306 \
  mysql

More information in Docker hub.

Connecting via terminal

docker exec -it mysql mysql -p

The client will prompt for the root password.

Microsoft SQL Server

Microsoft needs that you declare that you have a license to the SQL Server that you want to use with ACCEPT_EULA=Y. 🙄

docker run --name mssql \
  --env ACCEPT_EULA=Y \
  --env 'SA_PASSWORD=yourStrong(!)Password' \
  --volume mssql:/var/opt/mssql \
  --publish 1433:1433 \
  mcr.microsoft.com/mssql/server

Also, the SA password has stronger constraints than the other engines.

SQL Server editions

By default the Developer edition is the SQL Server edition used by this Docker image. If you need a SQL Express edition you should use MSSQL_PID=Express.

docker run --name mssql \
  --env ACCEPT_EULA=Y \
  --env MSSQL_PID=Express \
  --env 'SA_PASSWORD=yourStrong(!)Password' \
  --volume mssql:/var/opt/mssql \
  --publish 1433:1433 \
  mcr.microsoft.com/mssql/server

More information about SQL server editions in Docker hub.

Connecting via terminal

The sqlcmd command is not in PATH, so you should use the absolute path to execute it inside the container.

docker exec -it mssql /opt/mssql-tools/bin/sqlcmd -U sa -P 'yourStrong(!)Password'

Conclusion

Now, we know how to handle MongoDB and some SQL engines using Docker containers, using volumes to store the data.

We can connect to the database terminal using the container itself, and we must use Docker volume to prevent data loss.

ugrep: an interactive grep for the terminal

Axel Navarro — Wed, 08 Jun 2022 13:43:39 +0000

The ugrep tool is a faster, user-friendly and compatible grep replacement written in C++11. Let's check how to install ugrep and how to use the interactive query mode, fuzzy search, and other options.

What is `grep`?

If you are a terminal user, grep is a basic tool that you must learn. The grep command is a filter that prints lines from a file that contain a match for one or more patterns.

E.g. grep can help you to find specific output in a log file like the following:

grep 10.0.0.1 server.log

In this post we're going to focus in the ugrep app, an extension of this tool.

Installation

In Windows, you can just download the full-featured ugrep.exe from the official repository, or use a tool like: choco install ugrep or scoop install ugrep.

In MacOS, you could use brew install ugrep.

Or, find your destiny here: https://github.com/Genivia/ugrep#install.

The basics

The basic usage is start the interactive query mode and look for a specific text in recursively in sub-directories using plain-text or regex.

ugrep -Q

💡 Tip: you can add the --ignore-case argument to make case-insensitive matches.

If you want to see only the files that contains the search term you can use the following arguments:

ugrep -Q --ignore-case --files-with-matches

The fuzzy search

The fuzzy search is the technique of look for a text that match a pattern approximately, instead of exactly. We can look for a text within the specified Levenshtein distance.

ugrep -Z3 android

💡 Tip: -Z3 matches up to three extra, missing or replaced characters; -Z+~3 allows up to three insertions (+) or substitutions (~), but no deletions (-).

You can start a query mode with fuzzy search like the following:

ugrep -Q -Z3

Interactive TUI

Once you started the query mode, you can toggle fuzzy search, list only filenames, or more in options panel pressing F1.

Press the upper case Z to toggle on/off the fuzzy search mode, and [ to increase and ] to decrease the fuzziness.

Also, you can scroll the result of a search using the arrow keys or ^S, then with F2 you can open the editor for the file of the current matched text (nano, vim, etc).

More ugrep

You have a lot of possible customization options you could investigate in the README or use ugrep with Vim.

Thanks to Dr. Robert van Engelen for this awesome tool! and if you 💛 it too, leave a ⭐ in https://github.com/Genivia/ugrep.

Sign your code

Axel Navarro — Wed, 25 May 2022 19:52:15 +0000

Did you know you can sign your code in Git using a GPG key? A lot of programmers don't know they can sign their Git commits using a signature created by themselves.

Introduction

You can use any name or email when you create a Git commit, but you can't sign a commit with a GPG key that doesn't belong to you.

What is GPG?

The GNU Privacy Guard is an implementation of the OpenPGP standard and allows you to encrypt and sign your data and communications.

This is fully integrated with Git and you can automatically sign your code with it.

You can create a GPG key following this guide in GitHub. Remember that you should register it in GitHub, or GitLab.

Should I sign every commit?

There is a discussion about this, because Linus Torvalds says that when you're signing a Git tag 🏷️, you're validating all the commits in the release, signed or not. If you automatically sign every commit in the repository, the source of the signature loses its sense.

On the other hand, some Linux distros, like Arch Linux, uses Arch User (Git) Repositories made by users to build non-official supported packages. I mean, if you're compiling and installing a package via another user's instructions maybe you like the idea of the authors signing their work. ⚠️

I personally like the idea of signing my open source contributions, because that's a proof of my work. Anyway, if you use GitHub to squash your commits before merging a pull request, GitHub replaces all your commits, signed or not, by a commit made by itself and signed with the GitHub GPG key. The same happens when you create code releases via the GitHub web interface.

How to sign a Git commit?

First, get your key ID and copy it.

gpg --list-secret-keys --keyid-format=long

Then, tell Git your GPG key.

git config --global user.signingkey 3AA5C34371567BD2

Now, you can sign using the -S argument

git commit -S -am <your_commit_message>

and it's done! 🚀

💡 To sign every commit automatically you can use the following configuration without needing the -S flag:

git config --global commit.gpgsign true

How to sign a Git tag?

When you create a tag locally you should add the --sign argument.

git tag --sign <tag_name>

Also, you can turn on this using the following Git configuration setting:

git config --global tag.gpgsign true

💡 If you only want to apply this for the repository in the current directory, remove the --global argument.

Conclusion

If you work in the open source world it's a really good practice to sign your releases using a GPG key. If your work is consumed from a branch instead of a Git tag, perhaps you should sign every commit.

And, if you work in a closed source repository, you can add a rule in your CI/CD tools to only allow releases with specific GPG keys.

Publish an npm to GitHub packages

Axel Navarro — Wed, 25 May 2022 19:47:36 +0000

Sometimes in website and backend projects we found common components (React, utils, validations, etc) and, if we follow the DRY concept, we should find a way to create a private package and install it in every project that needs it.

We're going to review how to build and publish JavaScript packages using GitHub and npm.

The GitHub solution

GitHub provides the GitHub Package Registry to publish private npm packages. We can also use it for Docker images and libraries for other languages like Ruby, but we're going to focus on the npm solution.

The publish configuration

You should add the publishConfig section in the package.json file to publish to the GitHub registry.

"publishConfig": {
  "registry": "https://npm.pkg.github.com"
}

The workflow

This workflow will publish a package to the GitHub Registry every time we create a release in the GitHub repository:

name: Publish
on:
  release:
    types: [created]
jobs:
  publish:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 16
      - run: npm install
      - run: npm run build
      - run: |
          echo @lexacode:https://npm.pkg.github.com/ > build/.npmrc
          echo '//npm.pkg.github.com/:_authToken=${NPM_TOKEN}' >> build/.npmrc
      - run: npm publish
        working-directory: ./build
        env:
          NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}

The permissions modifies the default permissions granted to the GITHUB_TOKEN.

This workflow creates a .npmrc file inside the build/ directory before publishing the package to the registry.

echo @lexacode:https://npm.pkg.github.com/ > build/.npmrc
echo '//npm.pkg.github.com/:_authToken=${NPM_TOKEN}' >> build/.npmrc

🧠 Remember that your organization name, e.g. lexacode, should be in kebab-case, no uppercase allowed.

Then, you should add the GITHUB_TOKEN as an environment variable for the npm publish command.

- run: npm publish
  working-directory: ./build
  env:
    NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Installing the GitHub package

To install the GitHub package locally you should create a PAT (Personal Access Token) in the GitHub web. Make sure you selected the read:packages permission. Then, add the token to your environment:

export NPM_TOKEN=<YOUR_GITHUB_TOKEN>

Create the following .npmrc file in the project:

@lexacode:registry=https://npm.pkg.github.com/
//npm.pkg.github.com/:_authToken=${NPM_TOKEN}

Now, you can run the npm install:

npm install @lexacode/package-example

In GitHub Actions

To use your package in GitHub actions you should use a code like the following:

build:
  permissions:
      contents: read
      packages: read
  steps:
    - uses: actions/checkout@v2
    - uses: actions/setup-node@v2
      with:
        node-version: 16
    - run: npm ci
      env:
        NPM_TOKEN: ${{ secrets.GITHUB_TOKEN }}

👉 You need the explicit packages: read permission.

Packages cross organizations

If you want to use a package from another organization using the GitHub Package Registry, you should set your PAT as a secret in the repository. Edit the YAML file using the new secret instead:

- run: npm ci
  env:
    NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

💡 The custom permissions section is not required for this scenario.

Conclusion

You can publish private packages and use it everywhere you want via the GitHub Package Registry.

I left you a full repository with a TypeScript package, already published using the CI action. 🙌

lexacode / package-example

Example npm package

This repository is a template for create TypeScript packages compatible with ES modules and CommonJS.

View on GitHub

Docker commit: converting a container into an image

Axel Navarro — Wed, 25 May 2022 19:46:46 +0000

We can convert a specific container into a base Docker image, but that's not the recommended way to create images because these could include useless cached or session data.
The easiest way to control the data stored in the Docker layers is using the Dockerfile.

🧠 Remember that a Docker image has a read-only filesystem based on layers which works as a template to start containers in a preinstalled environment, and a Docker container uses this "template" to run isolated applications into a virtualized run-time environment with a normal filesystem.

Is this necessary to create images with non-root users?

No, you can run commands with other users using the Dockerfile as well. You can see an example here.

Adding a port forwarding rule to a container

When you are testing a random software within a container you might need to publish a port on the host OS, or into another computer. In this case you can't add a forwarding port rule to an already existing container, so here is when docker commit comes to save us:

$ docker commit my_container my_image
$ docker run -p 8080:80 -it my_image

Now we can access to the port 80 in the container using http://localhost:8080 in the host OS.

docker commit can also be used to attach new volumes to the container.

The size is important

Remember that it's a good practice to keep your Docker images as minimalist as possible. Also the reproducible way to create and ship images is the Dockerfile.

💡 You can inspect the layers of a Docker image using Dive, to optimize the size of your images.

Analyzing the docker layers with dive

Axel Navarro — Wed, 25 May 2022 19:41:58 +0000

Dive is a tool to explore a docker image, layer contents and discover ways to shrink the size of your Docker image written in Go.

How do the layers work?

We should start with the concept of layer in Docker - we can say layers are like git commits:

they have a parent layer,
are readonly,
and receive an ID calculated via SHA256 hash.

Why is «readonly» important?

Because if you edit or remove a file, that file still exists inside your docker image.

So, we must clean temporal or useless files in the same RUN sentence to keep our images small.

RUN apt-get update && \
  apt-get install -y apt-transport-https ca-certificates && \
  rm -rf /var/lib/apt/lists/*

The same rule applies when we build an app in a RUN sentence. We must clean the intermediate files and only keep the useful ones.

What is a docker tag?

The Docker tags, like focal in ubuntu:focal, are just pointers to a layer. Unlike git tags, in Docker, we accept that a tag can point to a different layer when the image is updated.

💡 TIP: the image is not updated because the layers are readonly, it's a new image. 🤯

What Dive does?

With Dive we can inspect the layers of a Docker image and see the difference from the parent layer.

dive node:alpine

In the left panel, we can see the layers of the given image, the command which generates the selected layer in purple 💜, the ID and the digest of that selected layer.

In the right panel, we can see the diff of the layer with a color reference:

🟢 green: the new files.
🟡 yellow: the edited files.
🟥 red: the deleted files.

Did you see that /tmp folder in the layer? 🧐 now, I wonder if the /tmp folder with a v8-compile-cache could be not committed to the layer, reducing the size of the node:alpine image by 2.3MiB. 🤔

There is a PR to remove the v8-compile-cache folder, but the cache «is used to speed up a little Yarn loading time from from 153ms to 113ms». Worth it?

What is the efficiency score?

Dive tries to help us by indicating the efficiency of our images. The edited or removed files reduce the efficiency score because the original files exist in the image but are not useful for the container.

The Count column indicates how many times the same file is committed into the image.

The efficiency as linter

You can run this in your CI pipeline to ensure you're keeping wasted space to a minimum:

CI=true dive node:alpine

How is the efficiency score calculated?

The score only takes note of the edited or removed files that consume space in the image.

Maybe we can apply more validation rules that Dive doesn't have today.

Check for content in the /tmp folder.
Check for apt, yum or pacman cache files.
Check for a filename pattern, e.g: do not forget *.tar.gz files inside the image.

More Dive

Thanks to Alex Goodman for this awesome tool! and if you 💛 it, leave a ⭐ in https://github.com/wagoodman/dive.

Rust and the hidden cargo clippy

Axel Navarro — Wed, 25 May 2022 19:40:40 +0000

Clippy is a «collection of lints to catch common mistakes and improve your Rust code». 💪
But for some reason Clippy looks like a hidden treasure inside the cargo command. I found this by accident checking the code of the Orogene tool.

How can I get clippy?

Now, Clippy is inside cargo but is not listed when you run the cargo --help command. The same happens with cargo fmt to format your code, maybe there are more easter eggs inside cargo.

Also, there is a guide about how to add clippy to cargo if this is not present in your CLI.

And what does clippy do?

As any linters, clippy has a list of warnings like manual_memcpy:

What it does
Checks for for-loops that manually copy items between slices that could be optimized by having a memcpy.

Why is this bad
It is not as fast as a memcpy.

Example
for i in 0..src.len() {
    dst[i + 64] = src[i];
}

Could be written as:
dst[64..(src.len() + 64)].clone_from_slice(&src[..]);

And a long list of lint errors here.

How to run this command?

Clippy builds your code and then runs the linter, so Clippy receives the same arguments as the cargo check subcommand.

cargo clippy # Run in the default package(s).
cargo clippy --release # Run in release mode
cargo clippy --workspace # Checks the packages in the monorepo
cargo build --package myPkgName # An specific page

Then, after the -- you can add the arguments for clippy itself:

RUSTFLAGS="-Dwarnings" cargo clippy -- -D warnings

With this argument the build job will fail when encountering warnings. The RUSTFLAGS="-Dwarnings" environment variable is required to get this effect but the README doesn't mention it.

The custom configuration

You can configure the lint rules in a file called clippy.toml, e.g. you can turn the pedantic rules:

#![deny(clippy::pedantic)]

These rules contain some very aggressive lints prone to false positives. 🤭

You can check more examples here.

The CI config

The best config for CI is checking the code format, then linting in the code behavior, and finally running the tests that you wrote:

# set env RUSTFLAGS="-Dwarnings"
cargo fmt --workspace -- --check
cargo clippy --workspace -- -D warnings
cargo test --workspace

That's all! And... Isn't it awesome?

To spend a minute and use a lint tool, in my opinion, is one of those things that marks a difference and makes your code professional, clean and performant.

If you don't use them, I encourage you to start now! There are a lot of basic guides out there.

If you love to use them, now you know a hidden new trick (feels good, right?)

Tell me what you think!

Have you ever found or implement useful tools in Rust? 🦀 Have you improved your code with Clippy?

Tell me about it in the comments!

The Ops Community ⚙️: Axel Navarro

Connecting through OpenVPN with deprecated ciphers, using Docker

The solution

Creating the image

Starting the container

Conclusion

Using Git with two or more users

Creating an additional SSH key

Can we use the same key for all the users?

Cloning a repository with a specific SSH key

Changing the key to an already cloned repository

Extra SSH tips

Conclusion

How to use databases in the Docker world

MongoDB

The Docker run command

A MongoDB root user

Using the MongoDB shell

How to update the engine

PostgreSQL

Connecting via terminal

MySQL

Connecting via terminal

Microsoft SQL Server

SQL Server editions

Connecting via terminal

Conclusion

ugrep: an interactive grep for the terminal

What is grep?

Installation

The basics

The fuzzy search

Interactive TUI

More ugrep

Sign your code

Introduction

What is GPG?

Should I sign every commit?

How to sign a Git commit?

How to sign a Git tag?

Conclusion

Publish an npm to GitHub packages

The GitHub solution

The publish configuration

The workflow

Installing the GitHub package

In GitHub Actions

Packages cross organizations

Conclusion

lexacode / package-example

Example npm package

Docker commit: converting a container into an image

Is this necessary to create images with non-root users?

Adding a port forwarding rule to a container

The size is important

Analyzing the docker layers with dive

How do the layers work?

Why is «readonly» important?

What is a docker tag?

What Dive does?

What is the efficiency score?

The efficiency as linter

How is the efficiency score calculated?

More Dive

Rust and the hidden cargo clippy

How can I get clippy?

And what does clippy do?

How to run this command?

The custom configuration

The CI config

That's all! And... Isn't it awesome?

Tell me what you think!

What is `grep`?