thaloco/banger
1
Fork 0
Code Pull requests Releases Packages Activity Actions

cleanup: drop pre-v0.1 migration scaffolding + legacy-behavior refs

Browse source 
banger hasn't shipped a public release — every "legacy", "pre-opt-in",
"previously", "migration note", "no longer" reference in the tree is
pinning against a state no real user's install has ever been in.
That scaffolding has weight: it's a coordinate system future readers
have to decode, and it keeps dead code alive.

Removed (code):
- internal/daemon/ssh_client_config.go
    - vmSSHConfigIncludeBegin / vmSSHConfigIncludeEnd constants and
      every `removeManagedBlock(existing, vm...)` call they enabled
      (legacy inline `Host *.vm` block scrub)
    - cleanupLegacySSHConfigDir (+ its caller in syncVMSSHClientConfig)
      — wiped a pre-opt-in sibling file under $ConfigDir/ssh
    - sameDirOrParent + resolvePathForComparison — only ever used
      by cleanupLegacySSHConfigDir
    - the "also check legacy marker" fallback in
      UserSSHIncludeInstalled / UninstallUserSSHInclude
- internal/store/migrations.go
    - migrateDropDeadImageColumns (migration 2) + its slice entry
    - dropColumnIfExists (orphaned after the above)
    - addColumnIfMissing + the whole "columns added across the pre-
      versioning lifetime" block at the end of migrateBaseline —
      subsumed into the baseline CREATE TABLE
    - `packages_path TEXT` column on the images table (the
      throwaway migration 2 dropped it, but there was never any
      reader)
- internal/daemon/vm.go
    - vmDNSRecordName local wrapper — was justified as "avoid
      pulling vmdns into every file"; three of four callers already
      imported vmdns directly, so inline the one stray call
- internal/cli/cli_test.go
    - TestLegacyRemovedCommandIsRejected (`tui` subcommand never
      shipped)

Removed / simplified (tests):
- ssh_client_config_test.go: dropped TestSameDirOrParentHandlesSymlinks,
  TestSyncVMSSHClientConfigPreservesUserKeyInLegacyDir,
  TestSyncVMSSHClientConfigNarrowsCleanupToLegacyFile,
  TestSyncVMSSHClientConfigLeavesUnexpectedLegacyContents,
  TestInstallUserSSHIncludeMigratesLegacyInlineBlock, plus the
  "legacy posture" regression strings in the remaining happy-path
  test; TestUninstallUserSSHIncludeRemovesBothMarkerBlocks collapsed
  to a single-block test
- migrations_test.go: dropped TestMigrateDropDeadImageColumns_AcrossInstallPaths,
  TestDropColumnIfExistsIsIdempotent; TestOpenReadOnlyDoesNotRunMigrations
  simplified to test against the baseline marker

Removed (docs):
- README.md "**Migration note.**" blockquote about the SSH-key path move
- docs/advanced.md parenthetical "(the old behaviour)"

Reworded (comments):
- Dropped "Previously this file also contained LogLevel DEBUG3..."
  history from vm_disk.go's sshdGuestConfig doc
- Dropped "Call sites that previously read vm.Runtime.{PID,...}"
  from vm_handles.go; now documents the current contract
- Dropped "Pre-v0.1 the defaults are" scaffolding in doctor_test.go
- Dropped "no longer does its own git inspection" phrasing in vm_run.go
- Dropped the "(also cleans up legacy inline block from pre-opt-in
  builds)" aside on the `ssh-config` CLI docstring
- Renamed test var `legacyKey` → `existingKey` in vm_test.go; its
  purpose was "pre-existing authorized_keys line," not banger-legacy

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Thales Maciel 2026-04-23 13:56:32 -03:00
parent 5791466498
commit 700a1e6e60
No known key found for this signature in database
GPG key ID: 33112E6833C34679
16 changed files with 54 additions and 735 deletions
Download patch file Download diff file Expand all files Collapse all files

6
internal/daemon/doctor_test.go
View file

@ -178,9 +178,9 @@ func TestDoctorReport_IncludesEveryDefaultCapability(t *testing.T) {
report := d.doctorReport(context.Background(), nil, false)
// Every registered capability that implements doctorCapability must
// contribute a check. Pre-v0.1 the defaults are work-disk, dns, nat.
// If a capability is added later it should either extend this list
// or register its own check name — either way, the assertion makes
// contribute a check. Current defaults: work-disk, dns, nat. If a
// capability is added later it should either extend this list or
// register its own check name — either way, the assertion makes
// the contract visible.
for _, name := range []string{
"feature /root work disk",

120
internal/daemon/ssh_client_config.go
View file

@ -12,19 +12,9 @@ import (
"banger/internal/paths"
)
// Marker sentinels.
//
// vmSSHConfigIncludeBegin / vmSSHConfigIncludeEnd used to wrap the full
// Host *.vm stanza when banger wrote directly into ~/.ssh/config.
// We keep the sentinel strings only so uninstall can find and remove
// legacy blocks on systems that upgraded from that behaviour.
//
// The new opt-in flow writes a short Include block with its own marker
// pair; the daemon itself no longer touches ~/.ssh/config at all.
// Marker sentinels that fence the `Include` block banger writes into
// ~/.ssh/config when the user runs `banger ssh-config --install`.
const (
vmSSHConfigIncludeBegin = "# BEGIN BANGER MANAGED VM SSH"
vmSSHConfigIncludeEnd = "# END BANGER MANAGED VM SSH"
bangerSSHIncludeBegin = "# BEGIN BANGER SSH INCLUDE"
bangerSSHIncludeEnd = "# END BANGER SSH INCLUDE"
)
@ -78,11 +68,6 @@ func (d *Daemon) ensureVMSSHClientConfig() {
//
// The file lives in the banger config dir so users who manage their
// SSH config declaratively can decide how (or whether) to pull it in.
// A narrow migration step also runs here: the pre-opt-in daemon
// wrote a sibling file at $ConfigDir/ssh/ssh_config. Remove only
// that specific legacy file, then remove the enclosing directory
// only if it's empty — never os.RemoveAll, because the user may
// have pointed ssh_key_path at a key under that directory.
func syncVMSSHClientConfig(layout paths.Layout, keyPath string) error {
keyPath = strings.TrimSpace(keyPath)
if keyPath == "" {
@ -96,79 +81,12 @@ func syncVMSSHClientConfig(layout paths.Layout, keyPath string) error {
return err
}
block := renderManagedVMSSHBlock(keyPath, layout.KnownHostsPath)
if err := writeTextFileIfChanged(target, block, 0o644); err != nil {
return err
}
cleanupLegacySSHConfigDir(layout, keyPath)
return nil
}
// cleanupLegacySSHConfigDir removes the pre-opt-in sibling file at
// $ConfigDir/ssh/ssh_config and, if the directory is then empty, the
// directory itself. Skips the whole operation when ssh_key_path
// resolves under that directory — users who explicitly configured a
// key there must not have the enclosing dir yanked out from under
// them. All errors are swallowed: this is best-effort migration, not
// a hard failure mode.
func cleanupLegacySSHConfigDir(layout paths.Layout, keyPath string) {
legacyDir := filepath.Join(layout.ConfigDir, "ssh")
if sameDirOrParent(legacyDir, keyPath) {
return
}
_ = os.Remove(filepath.Join(legacyDir, "ssh_config"))
// Remove the dir only if it's now empty. os.Remove returns
// ENOTEMPTY when it isn't, which is the signal we want.
_ = os.Remove(legacyDir)
}
// sameDirOrParent reports whether dir contains path (or equals it)
// after resolving symlinks. Used to gate destructive cleanup against
// a configured key that lives inside the cleanup target — either
// directly or via a symlinked spelling of the same physical
// location. Lexical comparison alone would miss the symlink case
// and let the scrub delete a user key aliased through an symlinked
// directory.
func sameDirOrParent(dir, path string) bool {
if strings.TrimSpace(dir) == "" || strings.TrimSpace(path) == "" {
return false
}
absDir, err := resolvePathForComparison(dir)
if err != nil {
return false
}
absPath, err := resolvePathForComparison(path)
if err != nil {
return false
}
rel, err := filepath.Rel(absDir, absPath)
if err != nil {
return false
}
// filepath.Rel returns "../..." when absPath is outside absDir.
// A path inside (or equal to) the dir starts with "." or a
// non-".." prefix.
return rel != ".." && !strings.HasPrefix(rel, ".."+string(filepath.Separator))
}
// resolvePathForComparison returns an absolute, symlink-resolved
// version of p. Falls back to filepath.Abs when EvalSymlinks errors
// — typically because p refers to a file or directory that doesn't
// exist yet, which is fine for comparison purposes: two non-existent
// paths compared lexically is the best we can do and matches the
// pre-symlink-aware behaviour.
func resolvePathForComparison(p string) (string, error) {
if resolved, err := filepath.EvalSymlinks(p); err == nil {
return resolved, nil
}
return filepath.Abs(p)
return writeTextFileIfChanged(target, block, 0o644)
}
// InstallUserSSHInclude adds an `Include <bangerSSHConfigPath>` line
// to ~/.ssh/config inside a banger-owned marker block. Idempotent:
// running it twice leaves a single block. Also strips any legacy
// inline `Host *.vm` banger block left over from the pre-opt-in
// era so the user ends up with the Include-only layout.
// running it twice leaves a single block.
func InstallUserSSHInclude(layout paths.Layout) error {
bangerConfig := BangerSSHConfigPath(layout)
if bangerConfig == "" {
@ -182,21 +100,17 @@ func InstallUserSSHInclude(layout paths.Layout) error {
if err != nil {
return err
}
stripped, err := removeManagedBlock(existing, vmSSHConfigIncludeBegin, vmSSHConfigIncludeEnd)
if err != nil {
return err
}
block := renderBangerSSHIncludeBlock(bangerConfig)
updated, err := upsertManagedBlock(stripped, bangerSSHIncludeBegin, bangerSSHIncludeEnd, block)
updated, err := upsertManagedBlock(existing, bangerSSHIncludeBegin, bangerSSHIncludeEnd, block)
if err != nil {
return err
}
return writeTextFileIfChanged(userConfigPath, updated, 0o600)
}
// UninstallUserSSHInclude removes the Include block (and any legacy
// inline Host *.vm block) from ~/.ssh/config. Idempotent: missing
// file or missing block is a no-op.
// UninstallUserSSHInclude removes the Include block from
// ~/.ssh/config. Idempotent: missing file or missing block is a
// no-op.
func UninstallUserSSHInclude() error {
userConfigPath, err := userSSHConfigPath()
if err != nil {
@ -213,16 +127,12 @@ func UninstallUserSSHInclude() error {
if err != nil {
return err
}
updated, err = removeManagedBlock(updated, vmSSHConfigIncludeBegin, vmSSHConfigIncludeEnd)
if err != nil {
return err
}
return writeTextFileIfChanged(userConfigPath, updated, 0o600)
}
// UserSSHIncludeInstalled reports whether ~/.ssh/config contains
// either the new Include block or a legacy inline banger block.
// Used by `ssh-config` (status readout) and `doctor`.
// UserSSHIncludeInstalled reports whether ~/.ssh/config contains the
// banger Include block. Used by `ssh-config` (status readout) and
// `doctor`.
func UserSSHIncludeInstalled() (bool, error) {
userConfigPath, err := userSSHConfigPath()
if err != nil {
@ -232,13 +142,7 @@ func UserSSHIncludeInstalled() (bool, error) {
if err != nil {
return false, err
}
if strings.Contains(existing, bangerSSHIncludeBegin) {
return true, nil
}
if strings.Contains(existing, vmSSHConfigIncludeBegin) {
return true, nil
}
return false, nil
return strings.Contains(existing, bangerSSHIncludeBegin), nil
}
func userSSHConfigPath() (string, error) {

279
internal/daemon/ssh_client_config_test.go
View file

@ -9,200 +9,6 @@ import (
"banger/internal/paths"
)
// TestSameDirOrParentHandlesSymlinks guards against a drift where
// sameDirOrParent (the gate that protects a user key under the
// legacy dir from the cleanup scrub) compares lexical paths and
// misses symlink aliasing.
//
// Scenario: user configured ssh_key_path at a path that lands inside
// ConfigDir/ssh via a symlink (e.g. ConfigDir is itself symlinked,
// or the user maintains a symlink alias for their key tree). The
// gate must resolve both sides to the same physical location and
// refuse to scrub.
func TestSameDirOrParentHandlesSymlinks(t *testing.T) {
physical := t.TempDir()
realDir := filepath.Join(physical, "real-ssh")
if err := os.Mkdir(realDir, 0o700); err != nil {
t.Fatalf("Mkdir: %v", err)
}
realKey := filepath.Join(realDir, "id_ed25519")
if err := os.WriteFile(realKey, []byte("PRIVATE"), 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
// A symlink that aliases the whole real-ssh directory. The user
// configured ssh_key_path via this alias, but sameDirOrParent is
// called with the canonical (realDir) legacyDir path.
aliasDir := filepath.Join(physical, "alias-ssh")
if err := os.Symlink(realDir, aliasDir); err != nil {
t.Skipf("symlink unsupported on this filesystem: %v", err)
}
aliasKey := filepath.Join(aliasDir, "id_ed25519")
if !sameDirOrParent(realDir, aliasKey) {
t.Fatalf("sameDirOrParent(%q, %q) = false; symlinked key was not recognised as inside the dir — cleanup would delete it", realDir, aliasKey)
}
// Reverse direction: dir provided as a symlink, key as canonical.
if !sameDirOrParent(aliasDir, realKey) {
t.Fatalf("sameDirOrParent(%q, %q) = false; reverse symlink direction also missed", aliasDir, realKey)
}
// Negative: a key in a completely unrelated directory must not
// be reported inside either spelling of the legacy dir.
outside := filepath.Join(t.TempDir(), "other", "id_ed25519")
if err := os.MkdirAll(filepath.Dir(outside), 0o700); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
if err := os.WriteFile(outside, []byte("UNRELATED"), 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
if sameDirOrParent(realDir, outside) {
t.Fatalf("sameDirOrParent(%q, %q) = true; unrelated dir incorrectly flagged as inside", realDir, outside)
}
}
// A user-configured ssh_key_path that happens to live under the
// legacy $ConfigDir/ssh directory must survive the pre-opt-in
// migration cleanup. The old code did os.RemoveAll on the whole
// directory, which nuked the key. Pin the narrower behavior so a
// future refactor can't re-broaden the scrub.
func TestSyncVMSSHClientConfigPreservesUserKeyInLegacyDir(t *testing.T) {
homeDir := t.TempDir()
t.Setenv("HOME", homeDir)
configDir := filepath.Join(homeDir, ".config", "banger")
legacyDir := filepath.Join(configDir, "ssh")
if err := os.MkdirAll(legacyDir, 0o700); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
userKey := filepath.Join(legacyDir, "id_ed25519")
if err := os.WriteFile(userKey, []byte("PRIVATE"), 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
// A stale ssh_config under the same dir from pre-opt-in era.
legacyConfig := filepath.Join(legacyDir, "ssh_config")
if err := os.WriteFile(legacyConfig, []byte("stale"), 0o644); err != nil {
t.Fatalf("WriteFile: %v", err)
}
layout := paths.Layout{
ConfigDir: configDir,
KnownHostsPath: filepath.Join(homeDir, ".local", "state", "banger", "ssh", "known_hosts"),
}
if err := syncVMSSHClientConfig(layout, userKey); err != nil {
t.Fatalf("syncVMSSHClientConfig: %v", err)
}
// The configured key must survive.
if _, err := os.Stat(userKey); err != nil {
t.Fatalf("user-configured key disappeared: %v", err)
}
// Enclosing directory must also survive (it contains the key).
if _, err := os.Stat(legacyDir); err != nil {
t.Fatalf("legacy dir removed despite containing the configured key: %v", err)
}
// The stale legacy ssh_config file can still be gone in this
// case — the user's key isn't ssh_config, so cleaning up the
// sibling file is fine. We don't assert either way, since the
// gate is "don't delete the user's key" not "always delete the
// sibling file."
}
// With ssh_key_path configured outside ConfigDir/ssh, the legacy
// migration step should scrub the old sibling file and then the
// (now-empty) directory — no os.RemoveAll on anything still in use.
func TestSyncVMSSHClientConfigNarrowsCleanupToLegacyFile(t *testing.T) {
homeDir := t.TempDir()
t.Setenv("HOME", homeDir)
configDir := filepath.Join(homeDir, ".config", "banger")
legacyDir := filepath.Join(configDir, "ssh")
if err := os.MkdirAll(legacyDir, 0o700); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
// Simulate the pre-opt-in leftover: just the ssh_config file.
legacyConfig := filepath.Join(legacyDir, "ssh_config")
if err := os.WriteFile(legacyConfig, []byte("stale"), 0o644); err != nil {
t.Fatalf("WriteFile: %v", err)
}
// ssh_key_path lives in the state dir (the new default location).
stateDir := filepath.Join(homeDir, ".local", "state", "banger", "ssh")
if err := os.MkdirAll(stateDir, 0o700); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
userKey := filepath.Join(stateDir, "id_ed25519")
if err := os.WriteFile(userKey, []byte("PRIVATE"), 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
layout := paths.Layout{
ConfigDir: configDir,
KnownHostsPath: filepath.Join(homeDir, ".local", "state", "banger", "ssh", "known_hosts"),
}
if err := syncVMSSHClientConfig(layout, userKey); err != nil {
t.Fatalf("syncVMSSHClientConfig: %v", err)
}
// Legacy ssh_config file: gone.
if _, err := os.Stat(legacyConfig); !os.IsNotExist(err) {
t.Fatalf("legacy ssh_config survived cleanup: %v", err)
}
// Legacy dir: gone, since it was empty after the file removal.
if _, err := os.Stat(legacyDir); !os.IsNotExist(err) {
t.Fatalf("legacy dir survived cleanup when empty: %v", err)
}
// User's key: untouched.
if _, err := os.Stat(userKey); err != nil {
t.Fatalf("user key disappeared: %v", err)
}
}
// If the legacy dir contains UNEXPECTED files (not ssh_config, not
// the configured key), leave the dir alone. os.Remove on a non-
// empty dir errors with ENOTEMPTY, which we swallow. Regression
// guard so the cleanup can never escalate to recursive deletion.
func TestSyncVMSSHClientConfigLeavesUnexpectedLegacyContents(t *testing.T) {
homeDir := t.TempDir()
t.Setenv("HOME", homeDir)
configDir := filepath.Join(homeDir, ".config", "banger")
legacyDir := filepath.Join(configDir, "ssh")
if err := os.MkdirAll(legacyDir, 0o700); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
// A user-managed file we have no business removing.
userFile := filepath.Join(legacyDir, "my-other-thing")
if err := os.WriteFile(userFile, []byte("mine"), 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
layout := paths.Layout{
ConfigDir: configDir,
KnownHostsPath: filepath.Join(homeDir, ".local", "state", "banger", "ssh", "known_hosts"),
}
// ssh_key_path lives elsewhere; cleanup would otherwise proceed.
stateKey := filepath.Join(homeDir, ".local", "state", "banger", "ssh", "id_ed25519")
if err := os.MkdirAll(filepath.Dir(stateKey), 0o700); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
if err := os.WriteFile(stateKey, []byte("PRIVATE"), 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
if err := syncVMSSHClientConfig(layout, stateKey); err != nil {
t.Fatalf("syncVMSSHClientConfig: %v", err)
}
if _, err := os.Stat(userFile); err != nil {
t.Fatalf("user-managed legacy-dir file disappeared: %v", err)
}
if _, err := os.Stat(legacyDir); err != nil {
t.Fatalf("legacy dir vanished despite non-empty contents: %v", err)
}
}
// Under the opt-in contract the daemon writes its own ssh_config file
// and never touches ~/.ssh/config on its own.
func TestSyncVMSSHClientConfigWritesBangerFileOnly(t *testing.T) {
@ -240,17 +46,6 @@ func TestSyncVMSSHClientConfigWritesBangerFileOnly(t *testing.T) {
if _, err := os.Stat(filepath.Join(homeDir, ".ssh", "config")); !os.IsNotExist(err) {
t.Fatalf("~/.ssh/config should be untouched; stat err = %v", err)
}
// Regression: the legacy posture (strict no + /dev/null) must not
// reappear in the banger file.
for _, must := range []string{
"StrictHostKeyChecking no",
"UserKnownHostsFile /dev/null",
} {
if strings.Contains(string(bangerConfig), must) {
t.Fatalf("banger ssh_config leaked legacy posture %q:\n%s", must, bangerConfig)
}
}
}
func TestInstallUserSSHIncludeAddsIncludeBlock(t *testing.T) {
@ -307,64 +102,7 @@ func TestInstallUserSSHIncludeIsIdempotent(t *testing.T) {
}
}
func TestInstallUserSSHIncludeMigratesLegacyInlineBlock(t *testing.T) {
homeDir := t.TempDir()
t.Setenv("HOME", homeDir)
layout := paths.Layout{ConfigDir: filepath.Join(homeDir, ".config", "banger")}
if err := os.MkdirAll(layout.ConfigDir, 0o755); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
if err := os.WriteFile(BangerSSHConfigPath(layout), []byte("Host *.vm\n"), 0o644); err != nil {
t.Fatalf("WriteFile: %v", err)
}
sshDir := filepath.Join(homeDir, ".ssh")
if err := os.MkdirAll(sshDir, 0o700); err != nil {
t.Fatalf("MkdirAll(.ssh): %v", err)
}
legacy := strings.Join([]string{
"ServerAliveInterval 120",
"",
vmSSHConfigIncludeBegin,
"Host *.vm",
" User root",
" IdentityFile /some/old/key",
vmSSHConfigIncludeEnd,
"",
"Host other",
" HostName 192.0.2.5",
"",
}, "\n")
if err := os.WriteFile(filepath.Join(sshDir, "config"), []byte(legacy), 0o600); err != nil {
t.Fatalf("seed legacy config: %v", err)
}
if err := InstallUserSSHInclude(layout); err != nil {
t.Fatalf("InstallUserSSHInclude: %v", err)
}
got, err := os.ReadFile(filepath.Join(sshDir, "config"))
if err != nil {
t.Fatalf("ReadFile: %v", err)
}
gotStr := string(got)
// Legacy inline block must be gone.
if strings.Contains(gotStr, vmSSHConfigIncludeBegin) {
t.Fatalf("legacy inline block survived:\n%s", gotStr)
}
// New Include block must be present.
if !strings.Contains(gotStr, bangerSSHIncludeBegin) {
t.Fatalf("new include block missing:\n%s", gotStr)
}
// Unrelated stanzas must be preserved.
for _, want := range []string{"ServerAliveInterval 120", "Host other"} {
if !strings.Contains(gotStr, want) {
t.Fatalf("user config lost unrelated entry %q:\n%s", want, gotStr)
}
}
}
func TestUninstallUserSSHIncludeRemovesBothMarkerBlocks(t *testing.T) {
func TestUninstallUserSSHIncludeRemovesIncludeBlock(t *testing.T) {
homeDir := t.TempDir()
t.Setenv("HOME", homeDir)
@ -376,10 +114,6 @@ func TestUninstallUserSSHIncludeRemovesBothMarkerBlocks(t *testing.T) {
"Host keep",
" HostName 198.51.100.1",
"",
vmSSHConfigIncludeBegin,
"Host *.vm",
vmSSHConfigIncludeEnd,
"",
bangerSSHIncludeBegin,
"Include /tmp/banger-ssh-config",
bangerSSHIncludeEnd,
@ -397,10 +131,8 @@ func TestUninstallUserSSHIncludeRemovesBothMarkerBlocks(t *testing.T) {
t.Fatalf("ReadFile: %v", err)
}
gotStr := string(got)
for _, banned := range []string{vmSSHConfigIncludeBegin, bangerSSHIncludeBegin} {
if strings.Contains(gotStr, banned) {
t.Fatalf("residue of %q:\n%s", banned, gotStr)
}
if strings.Contains(gotStr, bangerSSHIncludeBegin) {
t.Fatalf("begin marker survived uninstall:\n%s", gotStr)
}
if !strings.Contains(gotStr, "Host keep") {
t.Fatalf("lost unrelated entry:\n%s", gotStr)
@ -419,7 +151,7 @@ func TestUninstallUserSSHIncludeIsNoOpWhenMissing(t *testing.T) {
}
}
func TestUserSSHIncludeInstalledDetectsBothMarkers(t *testing.T) {
func TestUserSSHIncludeInstalledDetectsMarker(t *testing.T) {
for _, tc := range []struct {
name string
seed string
@ -427,8 +159,7 @@ func TestUserSSHIncludeInstalledDetectsBothMarkers(t *testing.T) {
}{
{"missing file", "", false},
{"unrelated only", "Host other\n HostName 1.2.3.4\n", false},
{"legacy marker", vmSSHConfigIncludeBegin + "\nHost *.vm\n" + vmSSHConfigIncludeEnd + "\n", true},
{"new marker", bangerSSHIncludeBegin + "\nInclude /tmp/banger\n" + bangerSSHIncludeEnd + "\n", true},
{"installed", bangerSSHIncludeBegin + "\nInclude /tmp/banger\n" + bangerSSHIncludeEnd + "\n", true},
} {
t.Run(tc.name, func(t *testing.T) {
homeDir := t.TempDir()

10
internal/daemon/vm.go
View file

@ -13,6 +13,7 @@ import (
"banger/internal/model"
"banger/internal/namegen"
"banger/internal/system"
"banger/internal/vmdns"
)
// Cross-service constants. Kept in vm.go because both lifecycle
@ -46,18 +47,11 @@ func (s *VMService) rebuildDNS(ctx context.Context) error {
if strings.TrimSpace(vm.Runtime.GuestIP) == "" {
continue
}
records[vmDNSRecordName(vm.Name)] = vm.Runtime.GuestIP
records[vmdns.RecordName(vm.Name)] = vm.Runtime.GuestIP
}
return s.net.replaceDNS(records)
}
// vmDNSRecordName is a small indirection so the dns-record-name
// helper is not directly pulled into every file that used to import
// vmdns for this one call. Equivalent to vmdns.RecordName.
func vmDNSRecordName(name string) string {
return strings.ToLower(strings.TrimSpace(name)) + ".vm"
}
// cleanupRuntime tears down the host-side state for a VM: firecracker
// process, DM snapshot, capabilities, tap, sockets. Lives on VMService
// because it reaches into handles (VMService-owned); the capability

7
internal/daemon/vm_disk.go
View file

@ -172,13 +172,6 @@ func (s *VMService) ensureWorkDisk(ctx context.Context, vm *model.VMRecord, imag
// Pins the lookup path so the banger-written file always wins,
// regardless of distro default ($HOME/.ssh/authorized_keys) and
// regardless of any per-image weirdness.
//
// Previously this file also contained `LogLevel DEBUG3` and
// `StrictModes no`. DEBUG3 was a leftover from debugging the
// first-boot flow and flooded journald in normal use. StrictModes no
// was a workaround for perm drift on /root inside the work disk; the
// real fix — normalising /root permissions at provisioning time — is
// in ensureAuthorizedKeyOnWorkDisk / seedAuthorizedKeyOnExt4Image.
func sshdGuestConfig() string {
return strings.Join([]string{
"PermitRootLogin prohibit-password",

4
internal/daemon/vm_handles.go
View file

@ -123,8 +123,8 @@ func (s *VMService) setVMHandlesInMemory(vmID string, h model.VMHandles) {
}
// vmHandles returns the cached handles for vm (zero-value if no
// entry). Call sites that previously read `vm.Runtime.{PID,...}`
// should read through this instead.
// entry). The in-process handle cache is the authoritative source
// for PID / loops / dm-name — VMRecord.Runtime holds only paths.
func (s *VMService) vmHandles(vmID string) model.VMHandles {
if s == nil {
return model.VMHandles{}

8
internal/daemon/vm_test.go
View file

@ -798,8 +798,8 @@ func TestEnsureAuthorizedKeyOnWorkDiskRepairsNestedRootLayout(t *testing.T) {
if err := os.WriteFile(filepath.Join(nestedHome, ".bashrc"), []byte("export TEST_PROMPT=1\n"), 0o644); err != nil {
t.Fatalf("WriteFile(.bashrc): %v", err)
}
legacyKey := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILEgacykey legacy@test\n"
if err := os.WriteFile(filepath.Join(nestedHome, ".ssh", "authorized_keys"), []byte(legacyKey), 0o600); err != nil {
existingKey := "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILEgacykey existing@test\n"
if err := os.WriteFile(filepath.Join(nestedHome, ".ssh", "authorized_keys"), []byte(existingKey), 0o600); err != nil {
t.Fatalf("WriteFile(authorized_keys): %v", err)
}
@ -838,8 +838,8 @@ func TestEnsureAuthorizedKeyOnWorkDiskRepairsNestedRootLayout(t *testing.T) {
t.Fatalf("ReadFile(authorized_keys): %v", err)
}
content := string(data)
if !strings.Contains(content, strings.TrimSpace(legacyKey)) {
t.Fatalf("authorized_keys missing legacy key: %q", content)
if !strings.Contains(content, strings.TrimSpace(existingKey)) {
t.Fatalf("authorized_keys missing pre-existing key: %q", content)
}
if !strings.Contains(content, "ssh-rsa ") {
t.Fatalf("authorized_keys missing managed key: %q", content)

5
internal/daemon/workspace_test.go
View file

@ -456,8 +456,9 @@ func TestPrepareVMWorkspace_ReleasesVMLockDuringGuestIO(t *testing.T) {
}
// TestPrepareVMWorkspace_SerialisesConcurrentPreparesOnSameVM asserts
// the workspaceLocks scope: two concurrent prepares on the same VM do
// NOT interleave, even though they no longer take the core VM mutex.
// the workspaceLocks scope: two concurrent prepares on the same VM
// serialise via workspaceLocks even though they don't hold the core
// VM mutex, so a lifecycle op (stop/delete) isn't blocked.
func TestPrepareVMWorkspace_SerialisesConcurrentPreparesOnSameVM(t *testing.T) {
t.Parallel()
ctx := context.Background()