Add experimental Void guest workflow and vsock agent

Make iterating on a Firecracker-friendly Void guest practical without replacing the Debian default image path. Add local Void rootfs build/register/verify plumbing, a language-agnostic dev package baseline, and guest SSH/work-disk hardening so new images use the runtime bundle key, keep a normal root bash environment, and repair stale nested /root layouts on restart. Replace the guest PING/PONG responder with an HTTP /healthz agent over vsock, rename the runtime bundle and config surface from ping helper to agent while still accepting the legacy keys, and route the post-SSH reminder through the new vm.health path. Validated with GOCACHE=/tmp/banger-gocache go test ./..., make build, bash -n customize.sh make-rootfs-void.sh, and git diff --check.
2026-03-19 14:51:25 -03:00 · 2026-03-19 14:51:25 -03:00 · 3ed78fdcfc
commit 3ed78fdcfc
parent c8d9a122f9
42 changed files with 2222 additions and 388 deletions
--- a/internal/system/system_test.go
+++ b/internal/system/system_test.go
@ -409,3 +409,42 @@ func TestUseLoopMount(t *testing.T) {
 		t.Fatalf("useLoopMount(missing) = true, want false")
 	}
 }
+
+func TestEstimateWorkSeedSizeFallsBackToSudoDuWhenUnreadable(t *testing.T) {
+	t.Parallel()
+
+	rootHome := filepath.Join(t.TempDir(), "root")
+	if err := os.Mkdir(rootHome, 0o700); err != nil {
+		t.Fatalf("Mkdir: %v", err)
+	}
+	if err := os.WriteFile(filepath.Join(rootHome, "visible.txt"), []byte("seed"), 0o600); err != nil {
+		t.Fatalf("WriteFile: %v", err)
+	}
+	if err := os.Chmod(rootHome, 0o000); err != nil {
+		t.Fatalf("Chmod: %v", err)
+	}
+	defer os.Chmod(rootHome, 0o700)
+
+	var sudoCalled bool
+	runner := funcRunner{
+		runSudo: func(ctx context.Context, args ...string) ([]byte, error) {
+			sudoCalled = true
+			want := []string{"du", "-sb", rootHome}
+			if !reflect.DeepEqual(args, want) {
+				t.Fatalf("RunSudo args = %v, want %v", args, want)
+			}
+			return []byte("4096\t" + rootHome + "\n"), nil
+		},
+	}
+
+	sizeBytes, err := estimateWorkSeedSize(context.Background(), runner, rootHome)
+	if err != nil {
+		t.Fatalf("estimateWorkSeedSize: %v", err)
+	}
+	if !sudoCalled {
+		t.Fatal("estimateWorkSeedSize did not fall back to sudo du")
+	}
+	if sizeBytes != minWorkSeedBytes {
+		t.Fatalf("sizeBytes = %d, want %d", sizeBytes, minWorkSeedBytes)
+	}
+}