From b43c9cac51519ed6c7a8fd54664c1c6e61b136a4 Mon Sep 17 00:00:00 2001
From: Alessio Biancalana <alessio@dottorblaster.it>
Date: Sun, 15 Feb 2026 18:38:31 +0100
Subject: [PATCH 1/6] ci: fix missing init in qemu

---
 .github/workflows/go.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 53507c1..c634159 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -128,10 +128,14 @@ jobs:
           exit 1
         fi
         echo "Image: $IMG ($(stat -c%s "$IMG") bytes)"
+        # Dump partition table for debugging
+        sudo sfdisk --json "$IMG" | jq '.partitiontable.partitions[] | {type, start, size}'
+        # Select the root partition (x86-64 root GUID), not the ESP
         eval "$(sudo sfdisk --json "$IMG" | jq -r '
-          .partitiontable.partitions[0] |
+          .partitiontable.partitions[] |
+          select(.type == "4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709") |
           "PART_START=\(.start) PART_SIZE=\(.size)"')"
-        echo "Partition start=$PART_START size=$PART_SIZE (sectors)"
+        echo "Root partition start=$PART_START size=$PART_SIZE (sectors)"
         sudo dd if="$IMG" of=rootfs_ext4.raw \
           bs=512 skip="$PART_START" count="$PART_SIZE" status=progress
         mv rootfs_ext4.raw rootfs.raw

From d008407df76391d164af87237b507e1a3ab54fd7 Mon Sep 17 00:00:00 2001
From: Alessio Biancalana <alessio@dottorblaster.it>
Date: Sun, 15 Feb 2026 18:49:38 +0100
Subject: [PATCH 2/6] fixup! ci: fix missing init in qemu

---
 .github/workflows/go.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index c634159..64f6142 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -140,6 +140,23 @@ jobs:
           bs=512 skip="$PART_START" count="$PART_SIZE" status=progress
         mv rootfs_ext4.raw rootfs.raw
 
+    - name: Verify rootfs contents
+      working-directory: testdata
+      run: |
+        mkdir -p /tmp/rootfs-check
+        sudo mount -o loop,ro rootfs.raw /tmp/rootfs-check
+        echo "=== Checking for init ==="
+        ls -la /tmp/rootfs-check/sbin/init /tmp/rootfs-check/usr/lib/systemd/systemd 2>&1 || true
+        echo "=== /sbin/ contents ==="
+        ls -la /tmp/rootfs-check/sbin/ 2>&1 | head -20
+        echo "=== /usr/bin/ sample ==="
+        ls /tmp/rootfs-check/usr/bin/ 2>&1 | head -20
+        echo "=== Installed packages ==="
+        ls /tmp/rootfs-check/var/lib/pacman/local/ 2>&1 | head -30
+        echo "=== ext4 features ==="
+        sudo tune2fs -l rootfs.raw 2>&1 | grep features || true
+        sudo umount /tmp/rootfs-check
+
     - name: Create qcow2 overlay
       working-directory: testdata
       run: qemu-img create -o backing_file=rootfs.raw,backing_fmt=raw -f qcow2 rootfs.cow

From 943a33b265eeb77c75c121304b7864dadca47882 Mon Sep 17 00:00:00 2001
From: Alessio Biancalana <alessio@dottorblaster.it>
Date: Sun, 15 Feb 2026 18:59:04 +0100
Subject: [PATCH 3/6] fixup! ci: fix missing init in qemu

---
 testdata/mkosi.repart/00-root.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/testdata/mkosi.repart/00-root.conf b/testdata/mkosi.repart/00-root.conf
index 9b26bfe..357e8f2 100644
--- a/testdata/mkosi.repart/00-root.conf
+++ b/testdata/mkosi.repart/00-root.conf
@@ -1,4 +1,5 @@
 [Partition]
 Type=root
 Format=ext4
+CopyFiles=/
 SizeMinBytes=1536M

From 8d71a9eaaed4444e3c9dcde50da9406b1748152a Mon Sep 17 00:00:00 2001
From: Alessio Biancalana <alessio@dottorblaster.it>
Date: Sun, 15 Feb 2026 19:05:53 +0100
Subject: [PATCH 4/6] fixup! ci: fix missing init in qemu

---
 testdata/mkosi.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/testdata/mkosi.conf b/testdata/mkosi.conf
index fe94387..3b49583 100644
--- a/testdata/mkosi.conf
+++ b/testdata/mkosi.conf
@@ -8,6 +8,9 @@ Output=rootfs
 OutputDirectory=mkosi.output
 
 [Content]
+Locale=C.UTF-8
+Timezone=UTC
+Hostname=schedctl-test
 Packages=
         base
         openssh

From 6f488509751423f227721975baafd2f331c0cf38 Mon Sep 17 00:00:00 2001
From: Alessio Biancalana <alessio@dottorblaster.it>
Date: Sun, 15 Feb 2026 19:16:05 +0100
Subject: [PATCH 5/6] ci: fix sshd dropping connections

---
 testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf | 2 ++
 testdata/mkosi.postinst.chroot                          | 4 +---
 2 files changed, 3 insertions(+), 3 deletions(-)
 create mode 100644 testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf

diff --git a/testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf b/testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf
new file mode 100644
index 0000000..1391768
--- /dev/null
+++ b/testdata/mkosi.extra/etc/ssh/sshd_config.d/99-test.conf
@@ -0,0 +1,2 @@
+PermitRootLogin yes
+PermitEmptyPasswords yes
diff --git a/testdata/mkosi.postinst.chroot b/testdata/mkosi.postinst.chroot
index e6636d4..88c4478 100755
--- a/testdata/mkosi.postinst.chroot
+++ b/testdata/mkosi.postinst.chroot
@@ -4,9 +4,7 @@ set -e
 # Remove root password for passwordless SSH access (test environment only)
 passwd -d root
 
-# Configure SSH for root login with empty password
-sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
-sed -i 's/#PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
+# SSH config is handled via drop-in at /etc/ssh/sshd_config.d/99-test.conf
 
 # Enable required services
 systemctl enable sshd systemd-networkd containerd podman.socket

From e44befe38e31b7d5b6633dbc5a28986b41851ebf Mon Sep 17 00:00:00 2001
From: Alessio Biancalana <alessio@dottorblaster.it>
Date: Sun, 15 Feb 2026 19:56:09 +0100
Subject: [PATCH 6/6] fixup! ci: fix sshd dropping connections

---
 .github/workflows/go.yml       | 46 +++++++++++++++++++++++-----------
 testdata/mkosi.postinst.chroot |  2 ++
 2 files changed, 34 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 64f6142..2861745 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -140,22 +140,40 @@ jobs:
           bs=512 skip="$PART_START" count="$PART_SIZE" status=progress
         mv rootfs_ext4.raw rootfs.raw
 
-    - name: Verify rootfs contents
+    - name: Configure rootfs image
       working-directory: testdata
       run: |
-        mkdir -p /tmp/rootfs-check
-        sudo mount -o loop,ro rootfs.raw /tmp/rootfs-check
-        echo "=== Checking for init ==="
-        ls -la /tmp/rootfs-check/sbin/init /tmp/rootfs-check/usr/lib/systemd/systemd 2>&1 || true
-        echo "=== /sbin/ contents ==="
-        ls -la /tmp/rootfs-check/sbin/ 2>&1 | head -20
-        echo "=== /usr/bin/ sample ==="
-        ls /tmp/rootfs-check/usr/bin/ 2>&1 | head -20
-        echo "=== Installed packages ==="
-        ls /tmp/rootfs-check/var/lib/pacman/local/ 2>&1 | head -30
-        echo "=== ext4 features ==="
-        sudo tune2fs -l rootfs.raw 2>&1 | grep features || true
-        sudo umount /tmp/rootfs-check
+        mkdir -p /tmp/rootfs-mnt
+        sudo mount -o loop rootfs.raw /tmp/rootfs-mnt
+        R=/tmp/rootfs-mnt
+
+        # Remove root password
+        sudo sed -i '/^root:/ s|^root:[^:]*:|root::|' $R/etc/shadow
+
+        # Generate SSH host keys
+        sudo ssh-keygen -A -f $R
+
+        # SSH config drop-in (in case mkosi.extra didn't copy it)
+        sudo mkdir -p $R/etc/ssh/sshd_config.d
+        echo -e "PermitRootLogin yes\nPermitEmptyPasswords yes" | sudo tee $R/etc/ssh/sshd_config.d/99-test.conf
+
+        # Enable services
+        sudo ln -sf /usr/lib/systemd/system/sshd.service $R/etc/systemd/system/multi-user.target.wants/sshd.service
+        sudo ln -sf /usr/lib/systemd/system/systemd-networkd.service $R/etc/systemd/system/multi-user.target.wants/systemd-networkd.service
+        sudo ln -sf /usr/lib/systemd/system/containerd.service $R/etc/systemd/system/multi-user.target.wants/containerd.service
+        sudo mkdir -p $R/etc/systemd/system/sockets.target.wants
+        sudo ln -sf /usr/lib/systemd/system/podman.socket $R/etc/systemd/system/sockets.target.wants/podman.socket
+
+        # Verify
+        echo "=== root shadow entry ==="
+        sudo grep '^root:' $R/etc/shadow
+        echo "=== SSH host keys ==="
+        ls -la $R/etc/ssh/ssh_host_*
+        echo "=== Enabled services ==="
+        ls -la $R/etc/systemd/system/multi-user.target.wants/
+        ls -la $R/etc/systemd/system/sockets.target.wants/
+
+        sudo umount /tmp/rootfs-mnt
 
     - name: Create qcow2 overlay
       working-directory: testdata
diff --git a/testdata/mkosi.postinst.chroot b/testdata/mkosi.postinst.chroot
index 88c4478..42024ed 100755
--- a/testdata/mkosi.postinst.chroot
+++ b/testdata/mkosi.postinst.chroot
@@ -5,6 +5,8 @@ set -e
 passwd -d root
 
 # SSH config is handled via drop-in at /etc/ssh/sshd_config.d/99-test.conf
+# Pre-generate host keys so sshd can complete handshakes on first boot
+ssh-keygen -A
 
 # Enable required services
 systemctl enable sshd systemd-networkd containerd podman.socket