2022-06-23 14:34:54 +02:00
|
|
|
#!/bin/sh
|
|
|
|
#
|
passt: Relicense to GPL 2.0, or any later version
In practical terms, passt doesn't benefit from the additional
protection offered by the AGPL over the GPL, because it's not
suitable to be executed over a computer network.
Further, restricting the distribution under the version 3 of the GPL
wouldn't provide any practical advantage either, as long as the passt
codebase is concerned, and might cause unnecessary compatibility
dilemmas.
Change licensing terms to the GNU General Public License Version 2,
or any later version, with written permission from all current and
past contributors, namely: myself, David Gibson, Laine Stump, Andrea
Bolognani, Paul Holzinger, Richard W.M. Jones, Chris Kuhn, Florian
Weimer, Giuseppe Scrivano, Stefan Hajnoczi, and Vasiliy Ulyanov.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2023-04-05 20:11:44 +02:00
|
|
|
# SPDX-License-Identifier: GPL-2.0-or-later
|
2022-06-23 14:34:54 +02:00
|
|
|
#
|
|
|
|
# PASST - Plug A Simple Socket Transport
|
|
|
|
# for qemu/UNIX domain socket mode
|
|
|
|
#
|
|
|
|
# test/passt.mbuto - mbuto (https://mbuto.sh) profile for test images
|
|
|
|
#
|
|
|
|
# Copyright (c) 2022 Red Hat GmbH
|
|
|
|
# Author: Stefano Brivio <sbrivio@redhat.com>
|
|
|
|
|
|
|
|
PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod
|
2022-07-07 16:39:09 +02:00
|
|
|
modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname
|
2022-09-26 20:43:40 +10:00
|
|
|
sed tr chown sipcalc cut socat dd strace ping tail killall sleep sysctl
|
test: Look for possible sshd-session paths (if it's there at all) in mbuto's profile
Some distributions already have OpenSSH 9.8, which introduces split
sshd/sshd-session binaries, and there we need to copy the binary from
the host, which can be /usr/libexec/openssh/sshd-session (Fedora
Rawhide), /usr/lib/ssh/sshd-session (Arch Linux),
/usr/lib/openssh/sshd-session (Debian), and possibly other paths.
Add at least those three, and, if we don't find sshd-session, assume
we don't need it: it could very well be an older version of OpenSSH,
as reported by David for Fedora 40, or perhaps another daemon (would
Dropbear even work? I'm not sure).
Reported-by: David Gibson <david@gibson.dropbear.id.au>
Fixes: d6817b3930be ("test/passt.mbuto: Install sshd-session OpenSSH's split process")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Tested-by: David Gibson <david@gibson.dropbear.id.au>
2024-08-26 20:41:31 +02:00
|
|
|
nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen cmp}"
|
|
|
|
|
|
|
|
# OpenSSH 9.8 introduced split binaries, with sshd being the daemon, and
|
|
|
|
# sshd-session the per-session program. We need the latter as well, and the path
|
|
|
|
# depends on the distribution. It doesn't exist on older versions.
|
|
|
|
for bin in /usr/lib/openssh/sshd-session /usr/lib/ssh/sshd-session \
|
|
|
|
/usr/libexec/openssh/sshd-session; do
|
|
|
|
command -v "${bin}" >/dev/null && PROGS="${PROGS} ${bin}"
|
|
|
|
done
|
2022-06-23 14:34:54 +02:00
|
|
|
|
2022-09-12 20:56:22 +10:00
|
|
|
KMODS="${KMODS:- virtio_net virtio_pci vmw_vsock_virtio_transport}"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
|
|
|
LINKS="${LINKS:-
|
|
|
|
ash,dash,bash /init
|
2022-07-15 15:21:24 +10:00
|
|
|
ash,dash,bash /bin/sh}"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
2024-01-15 17:39:42 +11:00
|
|
|
DIRS="${DIRS} /tmp /usr/sbin /usr/share /var/log /var/lib /etc/ssh /run/sshd /root/.ssh"
|
2022-06-23 14:34:54 +02:00
|
|
|
|
2022-09-26 20:43:40 +10:00
|
|
|
COPIES="${COPIES} small.bin,/root/small.bin medium.bin,/root/medium.bin big.bin,/root/big.bin"
|
|
|
|
|
2022-07-07 16:39:09 +02:00
|
|
|
FIXUP="${FIXUP}"'
|
2023-12-14 16:12:19 -05:00
|
|
|
mv /sbin/* /usr/sbin || :
|
|
|
|
rm -rf /sbin
|
|
|
|
ln -s /usr/sbin /sbin
|
2022-07-07 16:39:09 +02:00
|
|
|
cat > /sbin/dhclient-script << EOF
|
|
|
|
#!/bin/sh
|
2022-07-15 15:21:26 +10:00
|
|
|
LOG=/var/log/dhclient-script.log
|
|
|
|
echo \${reason} \${interface} >> \$LOG
|
|
|
|
set >> \$LOG
|
|
|
|
|
2022-07-07 16:39:09 +02:00
|
|
|
[ -n "\${new_interface_mtu}" ] && ip link set dev \${interface} mtu \${new_interface_mtu}
|
|
|
|
|
|
|
|
[ -n "\${new_ip_address}" ] && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface}
|
|
|
|
[ -n "\${new_routers}" ] && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done
|
2022-07-15 15:21:30 +10:00
|
|
|
:> /etc/resolv.conf
|
2022-07-07 16:39:09 +02:00
|
|
|
[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done
|
2022-07-15 15:21:30 +10:00
|
|
|
[ -n "\${new_domain_name}" ] && echo "search \${new_domain_name}" >> /etc/resolf.conf
|
|
|
|
[ -n "\${new_domain_search}" ] && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
|
2022-07-07 16:39:09 +02:00
|
|
|
[ -n "\${new_ip6_address}" ] && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface}
|
|
|
|
[ -n "\${new_dhcp6_name_servers}" ] && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done
|
|
|
|
[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
|
|
|
|
[ -n "\${new_host_name}" ] && hostname "\${new_host_name}"
|
|
|
|
exit 0
|
|
|
|
EOF
|
|
|
|
chmod 755 /sbin/dhclient-script
|
2022-09-12 20:56:22 +10:00
|
|
|
ln -s /bin /usr/bin
|
|
|
|
ln -s /run /var/run
|
2022-06-23 14:34:54 +02:00
|
|
|
:> /etc/fstab
|
2022-09-12 20:56:22 +10:00
|
|
|
|
2024-05-01 18:31:04 +10:00
|
|
|
# sshd via vsock
|
2022-09-12 20:56:22 +10:00
|
|
|
cat > /etc/passwd << EOF
|
|
|
|
root:x:0:0:root:/root:/bin/sh
|
|
|
|
sshd:x:100:100:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
|
|
|
|
EOF
|
|
|
|
cat > /etc/shadow << EOF
|
|
|
|
root:::0:99999:7:::
|
|
|
|
EOF
|
|
|
|
chmod 000 /etc/shadow
|
|
|
|
|
2024-05-01 18:31:04 +10:00
|
|
|
cat > /etc/ssh/sshd_config << EOF
|
|
|
|
Subsystem sftp internal-sftp
|
|
|
|
EOF
|
2022-09-12 20:56:22 +10:00
|
|
|
ssh-keygen -A
|
|
|
|
chmod 700 /root/.ssh
|
|
|
|
chmod 700 /run/sshd
|
|
|
|
# Alternative location for the priv separation dir
|
|
|
|
ln -s /run/sshd /usr/share/empty.sshd
|
|
|
|
|
|
|
|
cat > /root/.ssh/authorized_keys <<EOF
|
2022-09-23 17:55:10 +02:00
|
|
|
'"$(cat guest-key.pub 2>/dev/null || :)"'
|
2022-09-12 20:56:22 +10:00
|
|
|
EOF
|
|
|
|
chmod 600 /root/.ssh/authorized_keys
|
|
|
|
chmod 700 /root
|
2024-08-19 23:59:18 +02:00
|
|
|
socat VSOCK-LISTEN:22,fork EXEC:"/sbin/sshd -i -e" 2> /var/log/vsock-ssh.log &
|
2022-06-23 14:34:54 +02:00
|
|
|
sh +m
|
2022-07-07 16:39:09 +02:00
|
|
|
'
|
2022-06-23 14:34:54 +02:00
|
|
|
|
|
|
|
OUTPUT="KERNEL=__KERNEL__
|
|
|
|
INITRD=__INITRD__
|
|
|
|
"
|