Add FIPS Module to OpenSSL 3.0.11 on Debian 12 Bookworm

I had a task to create a container image based on Debian 12 (Bookworm) which had the OpenSSL FIPS 140-2 module. By default, OpenSSL version 3.0.11 (current version on Debian 12 as of writing) does not have the FIPS module built in it. OpenSSL 3.0 requires that the module be built from the version that has a valid FIPS certificate, which was 3.0.9 at the time of writing.

Read more …

Test Go Function That Calls Another Function

A very popular question people ask when working with Go and HTTP clients is how to test the code with go test. You will see many mentions of interfaces, test doubles (stubs, mocks, fakes, etc.), httptest, and so on.

I had a similar problem but it was like this: a function in module A was doing some work on the results returned by a function in module B. In other words, module A was depending on module B. Module B is expected to have its own tests, which must not be repeated in the tests written for module A; why duplicate the effort? How could I test module A without also testing module B in the tests written for module A?

Read more …

Build Python 3.11 From Source With TLS/SSL on CentOS 7

Building Python 3.11 from source on CentOS 7 is straightforward but it is tricky when we want to build with TLS/SSL support. The reason is that OpenSSL version (1.0.2k) in CentOS 7 is older than the minimum required by Python 3.11 i.e. 1.1.1k. This is not an unsurmountable problem because the newer version is available in the EPEL repository.

Read more …

Ansible runs task in role even when condition is false

I ran into a perplexing problem where Ansible was running a task in a role even if the role had a when condition which was resolving to false. Plus the task was failing.

To visualize it better, one task (not all) was running in the role symptom in the example playbook below,

- hosts: all
    - role: symptom
        - false

Read more …

nginx Magic Variables

Let's say an upstream, proxied by nginx, sets a cookie foo=bar in its HTTP response. To use this cookie name as a variable in nginx configuration, use the magic prefix $cookie_ and the variable becomes $cookie_foo. But how did a cookie become a variable? I call it a magic variable. It could also be called an arbitrary variable.

Read more …

Configure Wifi on Ubuntu Server with Netplan

Add a file, 1-wlan0.yaml, to /etc/netplan/ with the following contents,

$ sudo cat << EOF >> /etc/netplan/1-wlan0.yaml
    version: 2
            optional: true
                    password: "YOUR_SECRET_WPA_PSK_HERE"
            dhcp4: true
            dhcp6: true

Then apply the plan,

$ sudo netplan apply