passt/test/passt.mbuto

#!/bin/sh
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# PASST - Plug A Simple Socket Transport
#  for qemu/UNIX domain socket mode
#
# test/passt.mbuto - mbuto (https://mbuto.sh) profile for test images
#
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>

PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod
       modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname
       sed tr chown sipcalc cut md5sum socat dd strace ping tail killall sleep
       sysctl nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen}"

KMODS="${KMODS:- virtio_net virtio_pci vmw_vsock_virtio_transport}"

LINKS="${LINKS:-
	 ash,dash,bash		/init
	 ash,dash,bash		/bin/sh}"

DIRS="${DIRS} /tmp /sbin /usr/share /var/log /var/lib /etc/ssh /run/sshd /root/.ssh"

FIXUP="${FIXUP}"'
	cat > /sbin/dhclient-script << EOF
#!/bin/sh
LOG=/var/log/dhclient-script.log
echo \${reason} \${interface} >> \$LOG
set >> \$LOG

[ -n "\${new_interface_mtu}" ]       && ip link set dev \${interface} mtu \${new_interface_mtu}

[ -n "\${new_ip_address}" ]          && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface}
[ -n "\${new_routers}" ]             && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done
:> /etc/resolv.conf
[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done
[ -n "\${new_domain_name}" ]         && echo "search \${new_domain_name}" >> /etc/resolf.conf
[ -n "\${new_domain_search}" ]       && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
[ -n "\${new_ip6_address}" ]         && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface}
[ -n "\${new_dhcp6_name_servers}" ]  && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done
[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
[ -n "\${new_host_name}" ]           && hostname "\${new_host_name}"
exit 0
EOF
	chmod 755 /sbin/dhclient-script
	ln -s /sbin /usr/sbin
	ln -s /bin /usr/bin
	ln -s /run /var/run
	:> /etc/fstab

	# sshd(dropbear) via vsock
	cat > /etc/passwd << EOF
root:x:0:0:root:/root:/bin/sh
sshd:x:100:100:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
EOF
	cat > /etc/shadow << EOF
root:::0:99999:7:::
EOF
	chmod 000 /etc/shadow

	:> /etc/ssh/sshd_config
	ssh-keygen -A
	chmod 700 /root/.ssh
	chmod 700 /run/sshd
	# Alternative location for the priv separation dir
	ln -s /run/sshd /usr/share/empty.sshd

	cat > /root/.ssh/authorized_keys <<EOF
'"$(cat guest-key.pub)"'
EOF
	chmod 600 /root/.ssh/authorized_keys
	chmod 700 /root
	socat VSOCK-LISTEN:22,fork EXEC:"sshd -i -e" 2> /var/log/vsock-ssh.log &
	sh +m
'

OUTPUT="KERNEL=__KERNEL__
INITRD=__INITRD__
"
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00			`#!/bin/sh`
			`#`
			`# SPDX-License-Identifier: AGPL-3.0-or-later`
			`#`
			`# PASST - Plug A Simple Socket Transport`
			`# for qemu/UNIX domain socket mode`
			`#`
			`# test/passt.mbuto - mbuto (https://mbuto.sh) profile for test images`
			`#`
			`# Copyright (c) 2022 Red Hat GmbH`
			`# Author: Stefano Brivio <sbrivio@redhat.com>`

			`PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod`
test: Embed script for dhclient(8) in mbuto(1) profile David reports that dhclient-script(8) on Fedora needs a number of binaries that are not included in PROGS of the current mbuto profile, and we would also need to include hostnamectl(1) there, which will fail without a systemd init. Embed a minimal script for dhclient(8) in the profile itself, written to /sbin/dhclient-script at boot, to just check what we need to check out of DHCP and DHCPv6 functionality. While at it, drop busybox and logger from PROGS, as we don't need them, and add hostname(1). While DHCP option 12 isn't supported yet by the DHCP implementation in passt, we should probably add it soon. Note: owing to the simplicity of this script, we now need to bring up the interface before starting dhclient: add this in test scripts where it's not the case yet. Reported-by: David Gibson <david@gibson.dropbear.id.au> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> note that we need to bring up the interface before starting dhclient 2022-07-07 14:39:09 +00:00			`modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname`
tests: Use socat instead of netcat Commit 41c02e10 ("tests: Use nmap-ncat instead of openbsd netcat for pasta tests") updated the pasta tests to use the nmap version of ncat instead of the openbsd version, for greater portability. For some upcoming changes, however, we'll be wanting to use socat. "socat" can do everything "ncat" can and more, so let's move all the tests using host tools (either directly on the host or via mbuto generated images) to using socat instead. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> [sbrivio: Fix a typo in port specification, 31337 instead of x31337] Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-07-15 05:21:34 +00:00			`sed tr chown sipcalc cut md5sum socat dd strace ping tail killall sleep`
test: Use context system for guest commands Extends the context system in the test scripts to allow executing commands within a guest. Do this without requiring an existing network in the guest by using socat to run ssh via a vsock connection. We do need some additional "sleep"s in the tests, because the new faster dispatch means that sometimes we attempt to connect before socat has managed to listen. For now, only use this for the plain "passt" tests. The "passt_in_ns" and other tests have additional complications we still need to deal with. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-09-12 10:56:22 +00:00			`sysctl nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen}"`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00
test: Use context system for guest commands Extends the context system in the test scripts to allow executing commands within a guest. Do this without requiring an existing network in the guest by using socat to run ssh via a vsock connection. We do need some additional "sleep"s in the tests, because the new faster dispatch means that sometimes we attempt to connect before socat has managed to listen. For now, only use this for the plain "passt" tests. The "passt_in_ns" and other tests have additional complications we still need to deal with. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-09-12 10:56:22 +00:00			`KMODS="${KMODS:- virtio_net virtio_pci vmw_vsock_virtio_transport}"`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00
			`LINKS="${LINKS:-`
			`ash,dash,bash /init`
tests: Remove no longer needed /usr/bin/bash link AFAICT the symlink we created in mbuto from /usr/bin/bash to /bin/sh was for the benefit of a dhclient-script which used /usr/bin/bash as its interpreter (e.g. in Fedora). That was a bit risky if the script really did require bash and we linked it to dash or another shell. We now supply our own custom dhclient-script, so we don't need the link any more. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-07-15 05:21:24 +00:00			`ash,dash,bash /bin/sh}"`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00
test: Use context system for guest commands Extends the context system in the test scripts to allow executing commands within a guest. Do this without requiring an existing network in the guest by using socat to run ssh via a vsock connection. We do need some additional "sleep"s in the tests, because the new faster dispatch means that sometimes we attempt to connect before socat has managed to listen. For now, only use this for the plain "passt" tests. The "passt_in_ns" and other tests have additional complications we still need to deal with. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-09-12 10:56:22 +00:00			`DIRS="${DIRS} /tmp /sbin /usr/share /var/log /var/lib /etc/ssh /run/sshd /root/.ssh"`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00
test: Embed script for dhclient(8) in mbuto(1) profile David reports that dhclient-script(8) on Fedora needs a number of binaries that are not included in PROGS of the current mbuto profile, and we would also need to include hostnamectl(1) there, which will fail without a systemd init. Embed a minimal script for dhclient(8) in the profile itself, written to /sbin/dhclient-script at boot, to just check what we need to check out of DHCP and DHCPv6 functionality. While at it, drop busybox and logger from PROGS, as we don't need them, and add hostname(1). While DHCP option 12 isn't supported yet by the DHCP implementation in passt, we should probably add it soon. Note: owing to the simplicity of this script, we now need to bring up the interface before starting dhclient: add this in test scripts where it's not the case yet. Reported-by: David Gibson <david@gibson.dropbear.id.au> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> note that we need to bring up the interface before starting dhclient 2022-07-07 14:39:09 +00:00			`FIXUP="${FIXUP}"'`
			`cat > /sbin/dhclient-script << EOF`
			`#!/bin/sh`
tests: Add rudimentary debugging to dhclient-script We now supply a minimal dhclient-script of our own in the mbuto boot image. There are some problems with it, so add some basic logging to help debug it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-07-15 05:21:26 +00:00			`LOG=/var/log/dhclient-script.log`
			`echo \${reason} \${interface} >> \$LOG`
			`set >> \$LOG`

test: Embed script for dhclient(8) in mbuto(1) profile David reports that dhclient-script(8) on Fedora needs a number of binaries that are not included in PROGS of the current mbuto profile, and we would also need to include hostnamectl(1) there, which will fail without a systemd init. Embed a minimal script for dhclient(8) in the profile itself, written to /sbin/dhclient-script at boot, to just check what we need to check out of DHCP and DHCPv6 functionality. While at it, drop busybox and logger from PROGS, as we don't need them, and add hostname(1). While DHCP option 12 isn't supported yet by the DHCP implementation in passt, we should probably add it soon. Note: owing to the simplicity of this script, we now need to bring up the interface before starting dhclient: add this in test scripts where it's not the case yet. Reported-by: David Gibson <david@gibson.dropbear.id.au> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> note that we need to bring up the interface before starting dhclient 2022-07-07 14:39:09 +00:00			`[ -n "\${new_interface_mtu}" ] && ip link set dev \${interface} mtu \${new_interface_mtu}`

			`[ -n "\${new_ip_address}" ] && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface}`
			`[ -n "\${new_routers}" ] && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done`
tests: Correctly handle domain search list in dhclient-script Currently our small custom dhclient-script only handles the 'domain-name' option, which can just list a single domain, not the 'domain-search' option, which can handle several. Correct it to handle both. We also weren't emptying the resolv.conf file before we began, which could lead to surprising contents after multiple DHCP transactions. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-07-15 05:21:30 +00:00			`:> /etc/resolv.conf`
test: Embed script for dhclient(8) in mbuto(1) profile David reports that dhclient-script(8) on Fedora needs a number of binaries that are not included in PROGS of the current mbuto profile, and we would also need to include hostnamectl(1) there, which will fail without a systemd init. Embed a minimal script for dhclient(8) in the profile itself, written to /sbin/dhclient-script at boot, to just check what we need to check out of DHCP and DHCPv6 functionality. While at it, drop busybox and logger from PROGS, as we don't need them, and add hostname(1). While DHCP option 12 isn't supported yet by the DHCP implementation in passt, we should probably add it soon. Note: owing to the simplicity of this script, we now need to bring up the interface before starting dhclient: add this in test scripts where it's not the case yet. Reported-by: David Gibson <david@gibson.dropbear.id.au> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> note that we need to bring up the interface before starting dhclient 2022-07-07 14:39:09 +00:00			`[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done`
tests: Correctly handle domain search list in dhclient-script Currently our small custom dhclient-script only handles the 'domain-name' option, which can just list a single domain, not the 'domain-search' option, which can handle several. Correct it to handle both. We also weren't emptying the resolv.conf file before we began, which could lead to surprising contents after multiple DHCP transactions. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-07-15 05:21:30 +00:00			`[ -n "\${new_domain_name}" ] && echo "search \${new_domain_name}" >> /etc/resolf.conf`
			`[ -n "\${new_domain_search}" ] && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf`
test: Embed script for dhclient(8) in mbuto(1) profile David reports that dhclient-script(8) on Fedora needs a number of binaries that are not included in PROGS of the current mbuto profile, and we would also need to include hostnamectl(1) there, which will fail without a systemd init. Embed a minimal script for dhclient(8) in the profile itself, written to /sbin/dhclient-script at boot, to just check what we need to check out of DHCP and DHCPv6 functionality. While at it, drop busybox and logger from PROGS, as we don't need them, and add hostname(1). While DHCP option 12 isn't supported yet by the DHCP implementation in passt, we should probably add it soon. Note: owing to the simplicity of this script, we now need to bring up the interface before starting dhclient: add this in test scripts where it's not the case yet. Reported-by: David Gibson <david@gibson.dropbear.id.au> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> note that we need to bring up the interface before starting dhclient 2022-07-07 14:39:09 +00:00			`[ -n "\${new_ip6_address}" ] && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface}`
			`[ -n "\${new_dhcp6_name_servers}" ] && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done`
			`[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf`
			`[ -n "\${new_host_name}" ] && hostname "\${new_host_name}"`
			`exit 0`
			`EOF`
			`chmod 755 /sbin/dhclient-script`
tests: Let Fedora find dhclient-script in /usr/sbin Modern Fedora (and RHEL) systems have /sbin as a symlink to /usr/sbin (along with a number of similar links). Along with that it expects to find dhclient-script in /usr/sbin/dhclient-script rather than /sbin/dhclient-script. Link them together in our mbuto image so that the Fedora build of dhclient can find it. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-07-15 05:21:25 +00:00			`ln -s /sbin /usr/sbin`
test: Use context system for guest commands Extends the context system in the test scripts to allow executing commands within a guest. Do this without requiring an existing network in the guest by using socat to run ssh via a vsock connection. We do need some additional "sleep"s in the tests, because the new faster dispatch means that sometimes we attempt to connect before socat has managed to listen. For now, only use this for the plain "passt" tests. The "passt_in_ns" and other tests have additional complications we still need to deal with. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-09-12 10:56:22 +00:00			`ln -s /bin /usr/bin`
			`ln -s /run /var/run`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00			`:> /etc/fstab`
test: Use context system for guest commands Extends the context system in the test scripts to allow executing commands within a guest. Do this without requiring an existing network in the guest by using socat to run ssh via a vsock connection. We do need some additional "sleep"s in the tests, because the new faster dispatch means that sometimes we attempt to connect before socat has managed to listen. For now, only use this for the plain "passt" tests. The "passt_in_ns" and other tests have additional complications we still need to deal with. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> 2022-09-12 10:56:22 +00:00
			`# sshd(dropbear) via vsock`
			`cat > /etc/passwd << EOF`
			`root:x:0:0:root:/root:/bin/sh`
			`sshd:x:100:100:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin`
			`EOF`
			`cat > /etc/shadow << EOF`
			`root:::0:99999:7:::`
			`EOF`
			`chmod 000 /etc/shadow`

			`:> /etc/ssh/sshd_config`
			`ssh-keygen -A`
			`chmod 700 /root/.ssh`
			`chmod 700 /run/sshd`
			`# Alternative location for the priv separation dir`
			`ln -s /run/sshd /usr/share/empty.sshd`

			`cat > /root/.ssh/authorized_keys <<EOF`
			`'"$(cat guest-key.pub)"'`
			`EOF`
			`chmod 600 /root/.ssh/authorized_keys`
			`chmod 700 /root`
			`socat VSOCK-LISTEN:22,fork EXEC:"sshd -i -e" 2> /var/log/vsock-ssh.log &`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00			`sh +m`
test: Embed script for dhclient(8) in mbuto(1) profile David reports that dhclient-script(8) on Fedora needs a number of binaries that are not included in PROGS of the current mbuto profile, and we would also need to include hostnamectl(1) there, which will fail without a systemd init. Embed a minimal script for dhclient(8) in the profile itself, written to /sbin/dhclient-script at boot, to just check what we need to check out of DHCP and DHCPv6 functionality. While at it, drop busybox and logger from PROGS, as we don't need them, and add hostname(1). While DHCP option 12 isn't supported yet by the DHCP implementation in passt, we should probably add it soon. Note: owing to the simplicity of this script, we now need to bring up the interface before starting dhclient: add this in test scripts where it's not the case yet. Reported-by: David Gibson <david@gibson.dropbear.id.au> Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> note that we need to bring up the interface before starting dhclient 2022-07-07 14:39:09 +00:00			`'`
test: Add external mbuto profile, drop udhcpc, and switch to it This depends on a future change in mbuto to accept external profile files. Add a file defining what we need for tests and demos, dropping udhcpc and script as they're not needed anymore, and switch to it. Suggested-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> 2022-06-23 12:34:54 +00:00
			`OUTPUT="KERNEL=__KERNEL__`
			`INITRD=__INITRD__`
			`"`