UEFI development with Go-lang

See demo:  https://ablog.jc-lab.net/352 tinygo has made it possible to develop bare metal firmware such as MCUs with golang. Seeing this possibility, I thought, why not make a UEFI application in Go? I thought about it and implemented it. Development branch : https://github.com/jclab-joseph/tinygo/tree/feat/uefi WIP PR : https://github.com/tinygo-org/tinygo/pull/3996 For traditional EFI development, there is a framework called edk2, but it is complicated to use and it is difficult to use various libraries effectively. For example, I recently tried to implement curl instead of HttpDxe, but when I added the LibC dependency, OpenSsl wouldn't build, etc. There are issues. The biggest difficulty is that it's a C language. Unlike Java and Node.js, golang has the great advantage of being compiled and operated in machine language without the need for a VM, but if you implement platform-specific things well, you can implement cross-platform regardless of OS. That's why UEFI is possi

Fix "go get" error "invalid char ':'" when using custom-port.

Korean:  https://jsty.tistory.com/334  We are running gitlab on a non-standard port. A problem occurred recently when I tried to use the go package through the gitlab repository. $ go get https://gitlab.company.com:1234/group/pkg-name go: malformed module path "https:/gitlab.company.com:1234/group/pkg-name": invalid char ':' Related issues: - https://github.com/golang/go/issues/26912 - https://stackoverflow.com/questions/60445266/not-able-to-get-private-go-module-while-having-port-number-in-url I developed a simple service to solve this. It simply generates metadata to find the actual repository. See https://github.com/jc-lab/go-pkg-meta-proxy/

gRPC over Anything

gRPC over Anything https://github.com/jc-lab/grpc-over/tree/master/java WebSocket Example:  https://github.com/jc-lab/grpc-over/tree/master/java/websocket

Go-lang TLS-PSK implementation

 https://jsty.tistory.com/331 https://github.com/jc-lab/go-tls-psk

can not access github.com inside the docker container executed through dockerd(dind) on Kubernetes.

 https://jsty.tistory.com/330 There was a problem that could not access github.com in the docker container executed through dockerd(dind) on Kubernetes. All other sites worked for the most part. Connection that work: echo "" | openssl s_client -connect dl-cdn.alpinelinux.org:443 CONNECTED(00000003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return :1 depth=1 C = US, O = Let 's Encrypt, CN = R3 verify return:1 depth=0 CN = dl-cdn.alpinelinux.org verify return:1 --- Certificate chain 0 s:CN = dl-cdn.alpinelinux.org i:C = US, O = Let' s Encrypt, CN = R3 1 s:C = US, O = Let 's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=CN = dl-cdn.alpinelinux.org issuer=C = US, O = Let&

How does RKE2 connect to the API server?

This article is a mirror of https://jsty.tistory.com/326 There may be updates to the original article. Kubernetes' kubelet communicates with kube-apiserver. So, if there are multiple control plane nodes, need to create a Domain or VIP and implement it so that it can be connected to a live Control Plane node through a Load Balancer. However, I installed RKE2 as Elemental, but I had a problem. This is because there was no way to set up such a Load Balancer. (If you just install RKE2, you can set the server address, but if you provision with elemental and rancher, it will be configured automatically) So if the first provisioned control plane node dies, how do other nodes communicate? I asked RKE2 Slack. > https://rancher-users.slack.com/archives/C3ASABBD1/p1666656986435839 According to the above, even if Rancher dies, the provisioned cluster operates alone, and after Node Join, the address of the control node becomes caching for all nodes, so that the load balances itself. And, if

EJBCA: "no such algorithm" error when using PKCS11.

I used pkcs11-proxy for EJBCA-CE, but the signature didn't work. 2022-10-26 10:18:14,995+0000 ERROR [org.cesecore.certificates.certificate.CertificateCreateSessionBean] (default task-4) Error creating certificate: org.bouncycastle.operator.OperatorCreationException: cannot create signer: no such algorithm: SHA512WITHRSA for provider SunPKCS11-p11proxy-client.so-slot0 at deployment.ejbca.ear//org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.build(Unknown Source) at deployment.ejbca.ear//org.cesecore.certificates.ca.X509CAImpl.generateCertificate(X509CAImpl.java:1698) at deployment.ejbca.ear//org.cesecore.certificates.ca.X509CAImpl.generateCertificate(X509CAImpl.java:1117) at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.certificate.CertificateCreateSessionBean.createCertificate(CertificateCreateSessionBean.java:563) at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.certificates.certificate.CertificateCreate