thaloco/banger
1
Fork 0
Code Pull requests Releases Packages Activity Actions
banger/internal/guest/ssh_test.go
Thales Maciel 3ed78fdcfc
Add experimental Void guest workflow and vsock agent 
Make iterating on a Firecracker-friendly Void guest practical without replacing the Debian default image path.

Add local Void rootfs build/register/verify plumbing, a language-agnostic dev package baseline, and guest SSH/work-disk hardening so new images use the runtime bundle key, keep a normal root bash environment, and repair stale nested /root layouts on restart.

Replace the guest PING/PONG responder with an HTTP /healthz agent over vsock, rename the runtime bundle and config surface from ping helper to agent while still accepting the legacy keys, and route the post-SSH reminder through the new vm.health path.

Validated with GOCACHE=/tmp/banger-gocache go test ./..., make build, bash -n customize.sh make-rootfs-void.sh, and git diff --check.
2026-03-19 14:51:25 -03:00

93 lines
2.3 KiB
Go
Raw Blame History

package guest
import (
"archive/tar"
"bytes"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"io"
"os"
"path/filepath"
"testing"
"golang.org/x/crypto/ssh"
)
func TestWriteTarArchiveKeepsTopLevelDirectory(t *testing.T) {
t.Parallel()
sourceDir := filepath.Join(t.TempDir(), "6.8.0-test")
if err := os.MkdirAll(filepath.Join(sourceDir, "kernel"), 0o755); err != nil {
t.Fatalf("MkdirAll: %v", err)
}
if err := os.WriteFile(filepath.Join(sourceDir, "modules.dep"), []byte("deps"), 0o644); err != nil {
t.Fatalf("WriteFile modules.dep: %v", err)
}
if err := os.WriteFile(filepath.Join(sourceDir, "kernel", "module.ko"), []byte("ko"), 0o644); err != nil {
t.Fatalf("WriteFile module.ko: %v", err)
}
var buf bytes.Buffer
if err := writeTarArchive(&buf, sourceDir); err != nil {
t.Fatalf("writeTarArchive: %v", err)
}
tr := tar.NewReader(bytes.NewReader(buf.Bytes()))
var names []string
for {
header, err := tr.Next()
if err == io.EOF {
break
}
if err != nil {
t.Fatalf("tar.Next: %v", err)
}
names = append(names, header.Name)
}
want := map[string]struct{}{
"6.8.0-test": {},
"6.8.0-test/modules.dep": {},
"6.8.0-test/kernel": {},
"6.8.0-test/kernel/module.ko": {},
}
if len(names) != len(want) {
t.Fatalf("archive names = %v, want %d entries", names, len(want))
}
for _, name := range names {
if _, ok := want[name]; !ok {
t.Fatalf("unexpected archive entry %q in %v", name, names)
}
}
}
func TestAuthorizedPublicKey(t *testing.T) {
t.Parallel()
privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
t.Fatalf("GenerateKey: %v", err)
}
privateKeyPEM := pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
})
keyPath := filepath.Join(t.TempDir(), "id_rsa")
if err := os.WriteFile(keyPath, privateKeyPEM, 0o600); err != nil {
t.Fatalf("WriteFile: %v", err)
}
publicKey, err := AuthorizedPublicKey(keyPath)
if err != nil {
t.Fatalf("AuthorizedPublicKey: %v", err)
}
parsed, _, _, _, err := ssh.ParseAuthorizedKey(publicKey)
if err != nil {
t.Fatalf("ParseAuthorizedKey: %v", err)
}
if parsed.Type() != ssh.KeyAlgoRSA {
t.Fatalf("key type = %q, want %q", parsed.Type(), ssh.KeyAlgoRSA)
}
}
View git blame Copy permalink