From 237f7612628cb66920c4d63dea1aa1b015ec2e68 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Fri, 29 Apr 2022 11:09:50 -0400
Subject: Cirrus: Simplify rootless ssh setup

The sshd service is guaranteed to be running by the VM image build
process - it's required by the packer tool for access.  Remove the
startup and check on the sshd service.

For many tests, man ssh connections to/from $ROOTLESS_USER on the
host are needed.  To facilitate this, the localhost key is added to
`known_hosts` for root and `$ROOTLESS_USER`.  Simplify this setup using
the `ssh-keyscan` tool.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 contrib/cirrus/lib.sh | 25 ++++++++-----------------
 1 file changed, 8 insertions(+), 17 deletions(-)

(limited to 'contrib/cirrus/lib.sh')

diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 46b245a45..349970012 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -182,30 +182,21 @@ setup_rootless() {
     cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys
     cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys
 
-    msg "Ensure the ssh daemon is up and running within 5 minutes"
-    systemctl start sshd
-    lilto systemctl is-active sshd
-
     msg "Configure ssh file permissions"
     chmod -R 700 "$HOME/.ssh"
     chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
     chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
 
+    # N/B: We're clobbering the known_hosts here on purpose.  There should
+    # never be any non-localhost connections made from tests (using strict-mode).
+    # If there are, it's either a security problem or a broken test, both of which
+    # we want to lead to test failures.
     msg "   setup known_hosts for $USER"
-    ssh -q root@localhost \
-        -o UserKnownHostsFile=/root/.ssh/known_hosts \
-        -o UpdateHostKeys=yes \
-        -o StrictHostKeyChecking=no \
-        -o CheckHostIP=no \
-        true
-
+    ssh-keyscan localhost > /root/.ssh/known_hosts
     msg "   setup known_hosts for $ROOTLESS_USER"
-    su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \
-        -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \
-        -o UpdateHostKeys=yes \
-        -o StrictHostKeyChecking=no \
-        -o CheckHostIP=no \
-        true"
+    # Maintain access-permission consistency with all other .ssh files.
+    install -Z -m 700 -o $ROOTLESS_USER -g $ROOTLESS_USER \
+        /root/.ssh/known_hosts /home/$ROOTLESS_USER/.ssh/known_hosts
 }
 
 install_test_configs() {
-- 
cgit v1.2.3-54-g00ecf


From 2b5778d416e148df68a99a8c48b814eceddcbce8 Mon Sep 17 00:00:00 2001
From: Chris Evich <cevich@redhat.com>
Date: Mon, 2 May 2022 10:49:19 -0400
Subject: Cirrus: Update images + new automation library

Add support for new automation library version w/ `$DEBUG` fix
(ref: containers/automation_images#128) and added definitions
for commonly used Distro/version variables.

Signed-off-by: Chris Evich <cevich@redhat.com>
---
 .cirrus.yml                         | 2 +-
 contrib/cirrus/lib.sh               | 7 ++-----
 contrib/cirrus/setup_environment.sh | 3 +++
 hack/get_ci_vm.sh                   | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'contrib/cirrus/lib.sh')

diff --git a/.cirrus.yml b/.cirrus.yml
index 64b3afa06..324fd32f6 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -29,7 +29,7 @@ env:
     UBUNTU_NAME: "ubuntu-2110"
 
     # Google-cloud VM Images
-    IMAGE_SUFFIX: "c4955393725038592"
+    IMAGE_SUFFIX: "c6211193021923328"
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
     UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 349970012..a7f39e7af 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -36,11 +36,6 @@ fi
 # Managed by setup_environment.sh; holds task-specific definitions.
 if [[ -r "/etc/ci_environment" ]]; then source /etc/ci_environment; fi
 
-OS_RELEASE_ID="$(source /etc/os-release; echo $ID)"
-# GCE image-name compatible string representation of distribution _major_ version
-OS_RELEASE_VER="$(source /etc/os-release; echo $VERSION_ID | tr -d '.')"
-# Combined to ease some usage
-OS_REL_VER="${OS_RELEASE_ID}-${OS_RELEASE_VER}"
 # This is normally set from .cirrus.yml but default is necessary when
 # running under hack/get_ci_vm.sh since it cannot infer the value.
 DISTRO_NV="${DISTRO_NV:-$OS_REL_VER}"
@@ -261,6 +256,8 @@ remove_packaged_podman_files() {
         done
     done
 
+    # OS_RELEASE_ID is defined by automation-library
+    # shellcheck disable=SC2154
     if [[ "$OS_RELEASE_ID" =~ "ubuntu" ]]
     then
         LISTING_CMD="dpkg-query -L podman"
diff --git a/contrib/cirrus/setup_environment.sh b/contrib/cirrus/setup_environment.sh
index 34a276f10..832cb58ab 100755
--- a/contrib/cirrus/setup_environment.sh
+++ b/contrib/cirrus/setup_environment.sh
@@ -121,6 +121,9 @@ case "$OS_RELEASE_ID" in
         # CNI networking available.  Upgrading from one to the other is
         # not supported at this time.  Support execution of the upgrade
         # tests in F36 and later, by disabling Netavark and enabling CNI.
+        #
+        # OS_RELEASE_VER is defined by automation-library
+        # shellcheck disable=SC2154
         if [[ "$OS_RELEASE_VER" -ge 36 ]] && \
            [[ "$TEST_FLAVOR" != "upgrade_test" ]];
         then
diff --git a/hack/get_ci_vm.sh b/hack/get_ci_vm.sh
index ef7069a81..6632a0178 100755
--- a/hack/get_ci_vm.sh
+++ b/hack/get_ci_vm.sh
@@ -61,7 +61,7 @@ else
         -e NAME="$USER" \
         -e SRCDIR=/src \
         -e GCLOUD_ZONE="$GCLOUD_ZONE" \
-        -e DEBUG="${DEBUG:-0}" \
+        -e A_DEBUG="${A_DEBUG:-0}" \
         -v $REPO_DIRPATH:/src:O \
         -v $HOME/.config/gcloud:/root/.config/gcloud:z \
         -v $HOME/.config/gcloud/ssh:/root/.ssh:z \
-- 
cgit v1.2.3-54-g00ecf