From e907f095b24632ebf25348bc17ba3ff3468a979b Mon Sep 17 00:00:00 2001
From: Jhon Honce <jhonce@redhat.com>
Date: Mon, 18 Oct 2021 07:47:46 -0700
Subject: test connection add

* Fix connection JSON encoding
* Add custom ginkgo matchers for connection testing
* Cleanup code

Fixes #11984

Signed-off-by: Jhon Honce <jhonce@redhat.com>
---
 contrib/cirrus/lib.sh | 50 +++++++++++++++++++++++++++++++-------------------
 1 file changed, 31 insertions(+), 19 deletions(-)

(limited to 'contrib/cirrus')

diff --git a/contrib/cirrus/lib.sh b/contrib/cirrus/lib.sh
index 9b7c613f5..cff8f4b3f 100644
--- a/contrib/cirrus/lib.sh
+++ b/contrib/cirrus/lib.sh
@@ -166,30 +166,42 @@ setup_rootless() {
     useradd -g $rootless_gid -u $rootless_uid --no-user-group --create-home $ROOTLESS_USER
     chown -R $ROOTLESS_USER:$ROOTLESS_USER "$GOPATH" "$GOSRC"
 
-    msg "creating ssh key pair for $USER"
+    mkdir -p "$HOME/.ssh" "/home/$ROOTLESS_USER/.ssh"
+
+    msg "Creating ssh key pairs"
     [[ -r "$HOME/.ssh/id_rsa" ]] || \
-        ssh-keygen -P "" -f "$HOME/.ssh/id_rsa"
+        ssh-keygen -t rsa -P "" -f "$HOME/.ssh/id_rsa"
+    ssh-keygen -t ed25519 -P "" -f "/home/$ROOTLESS_USER/.ssh/id_ed25519"
+    ssh-keygen -t rsa -P "" -f "/home/$ROOTLESS_USER/.ssh/id_rsa"
 
-    msg "Allowing ssh key for $ROOTLESS_USER"
-    akfilepath="/home/$ROOTLESS_USER/.ssh/authorized_keys"
-    (umask 077 && mkdir "/home/$ROOTLESS_USER/.ssh")
-    chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
-    install -o $ROOTLESS_USER -g $ROOTLESS_USER -m 0600 \
-        "$HOME/.ssh/id_rsa.pub" "$akfilepath"
-    # Makes debugging easier
-    cat /root/.ssh/authorized_keys >> "$akfilepath"
+    msg "Setup authorized_keys"
+    cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> $HOME/.ssh/authorized_keys
+    cat $HOME/.ssh/*.pub /home/$ROOTLESS_USER/.ssh/*.pub >> /home/$ROOTLESS_USER/.ssh/authorized_keys
 
     msg "Ensure the ssh daemon is up and running within 5 minutes"
     systemctl start sshd
-    sshcmd="ssh $ROOTLESS_USER@localhost
-           -o UserKnownHostsFile=/dev/null
-           -o StrictHostKeyChecking=no
-           -o CheckHostIP=no"
-    lilto $sshcmd true  # retry until sshd is up
-
-    msg "Configuring rootless user self-access to ssh to localhost"
-    $sshcmd ssh-keygen -P '""' -f "/home/$ROOTLESS_USER/.ssh/id_rsa"
-    cat "/home/$ROOTLESS_USER/.ssh/id_rsa" >> "$akfilepath"
+    lilto systemctl is-active sshd
+
+    msg "Configure ssh file permissions"
+    chmod -R 700 "$HOME/.ssh"
+    chmod -R 700 "/home/$ROOTLESS_USER/.ssh"
+    chown -R $ROOTLESS_USER:$ROOTLESS_USER "/home/$ROOTLESS_USER/.ssh"
+
+    msg "   setup known_hosts for $USER"
+    ssh -q root@localhost \
+        -o UserKnownHostsFile=/root/.ssh/known_hosts \
+        -o UpdateHostKeys=yes \
+        -o StrictHostKeyChecking=no \
+        -o CheckHostIP=no \
+        true
+
+    msg "   setup known_hosts for $ROOTLESS_USER"
+    su $ROOTLESS_USER -c "ssh -q $ROOTLESS_USER@localhost \
+        -o UserKnownHostsFile=/home/$ROOTLESS_USER/.ssh/known_hosts \
+        -o UpdateHostKeys=yes \
+        -o StrictHostKeyChecking=no \
+        -o CheckHostIP=no \
+        true"
 }
 
 install_test_configs() {
-- 
cgit v1.2.3-54-g00ecf