diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 53507c1..2861745 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -128,14 +128,53 @@ jobs: exit 1 fi echo "Image: $IMG ($(stat -c%s "$IMG") bytes)" + # Dump partition table for debugging + sudo sfdisk --json "$IMG" | jq '.partitiontable.partitions[] | {type, start, size}' + # Select the root partition (x86-64 root GUID), not the ESP eval "$(sudo sfdisk --json "$IMG" | jq -r ' - .partitiontable.partitions[0] | + .partitiontable.partitions[] | + select(.type == "4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709") | "PART_START=\(.start) PART_SIZE=\(.size)"')" - echo "Partition start=$PART_START size=$PART_SIZE (sectors)" + echo "Root partition start=$PART_START size=$PART_SIZE (sectors)" sudo dd if="$IMG" of=rootfs_ext4.raw \ bs=512 skip="$PART_START" count="$PART_SIZE" status=progress mv rootfs_ext4.raw rootfs.raw + - name: Configure rootfs image + working-directory: testdata + run: | + mkdir -p /tmp/rootfs-mnt + sudo mount -o loop rootfs.raw /tmp/rootfs-mnt + R=/tmp/rootfs-mnt + + # Remove root password + sudo sed -i '/^root:/ s|^root:[^:]*:|root::|' $R/etc/shadow + + # Generate SSH host keys + sudo ssh-keygen -A -f $R + + # SSH config drop-in (in case mkosi.extra didn't copy it) + sudo mkdir -p $R/etc/ssh/sshd_config.d + echo -e "PermitRootLogin yes\nPermitEmptyPasswords yes" | sudo tee $R/etc/ssh/sshd_config.d/99-test.conf + + # Enable services + sudo ln -sf /usr/lib/systemd/system/sshd.service $R/etc/systemd/system/multi-user.target.wants/sshd.service + sudo ln -sf /usr/lib/systemd/system/systemd-networkd.service $R/etc/systemd/system/multi-user.target.wants/systemd-networkd.service + sudo ln -sf /usr/lib/systemd/system/containerd.service $R/etc/systemd/system/multi-user.target.wants/containerd.service + sudo mkdir -p $R/etc/systemd/system/sockets.target.wants + sudo ln -sf /usr/lib/systemd/system/podman.socket $R/etc/systemd/system/sockets.target.wants/podman.socket + + # Verify + echo "=== root shadow entry ===" + sudo grep '^root:' $R/etc/shadow + echo "=== SSH host keys ===" + ls -la $R/etc/ssh/ssh_host_* + echo "=== Enabled services ===" + ls -la $R/etc/systemd/system/multi-user.target.wants/ + ls -la $R/etc/systemd/system/sockets.target.wants/ + + sudo umount /tmp/rootfs-mnt + - name: Create qcow2 overlay working-directory: testdata run: qemu-img create -o backing_file=rootfs.raw,backing_fmt=raw -f qcow2 rootfs.cow diff --git a/testdata/mkosi.conf b/testdata/mkosi.conf index fe94387..3b49583 100644 --- a/testdata/mkosi.conf +++ b/testdata/mkosi.conf @@ -8,6 +8,9 @@ Output=rootfs OutputDirectory=mkosi.output [Content] +Locale=C.UTF-8 +Timezone=UTC +Hostname=schedctl-test Packages= base openssh diff --git a/testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf b/testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf new file mode 100644 index 0000000..1391768 --- /dev/null +++ b/testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf @@ -0,0 +1,2 @@ +PermitRootLogin yes +PermitEmptyPasswords yes diff --git a/testdata/mkosi.postinst.chroot b/testdata/mkosi.postinst.chroot index e6636d4..42024ed 100755 --- a/testdata/mkosi.postinst.chroot +++ b/testdata/mkosi.postinst.chroot @@ -4,9 +4,9 @@ set -e # Remove root password for passwordless SSH access (test environment only) passwd -d root -# Configure SSH for root login with empty password -sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config -sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config +# SSH config is handled via drop-in at /etc/ssh/sshd_config.d/99-test.conf +# Pre-generate host keys so sshd can complete handshakes on first boot +ssh-keygen -A # Enable required services systemctl enable sshd systemd-networkd containerd podman.socket diff --git a/testdata/mkosi.repart/00-root.conf b/testdata/mkosi.repart/00-root.conf index 9b26bfe..357e8f2 100644 --- a/testdata/mkosi.repart/00-root.conf +++ b/testdata/mkosi.repart/00-root.conf @@ -1,4 +1,5 @@ [Partition] Type=root Format=ext4 +CopyFiles=/ SizeMinBytes=1536M