...
 
Commits (4)
IMG_SIZE=300
build/server.img:
@mkdir -p build
dd if=/dev/zero of=$@ bs=$$((1024*1024)) count=$(IMG_SIZE)
printf 'n\np\n1\n\n\nt\nc\nw\n' | fdisk $@
mformat -i$@@@1M -s32 -h64 -t$(IMG_SIZE) -v"BNDRY TEST"
@echo "precious" > build/preserve.txt
mcopy -i$@@@1M build/preserve.txt ::
build/server.vmdk: build/server.img
[ -f $< ] || VBoxManage internalcommands createrawvmdk -filename $@ -rawdisk `readlink -f $<`
.PHONY: start-vms
start-vms:
start-vms: build/server.vmdk
vagrant up
BOUNDERY_SSHCONF=build/boundery.sshconf
......
# -*- mode: ruby -*-
# vi: set ft=ruby :
vagrant_dir = File.join(File.dirname(File.expand_path(__FILE__)), ".vagrant")
build_dir = File.join(File.dirname(File.expand_path(__FILE__)), "build")
Vagrant.configure("2") do |config|
config.vm.box = "debian/contrib-buster64"
......@@ -97,21 +97,27 @@ Vagrant.configure("2") do |config|
################# CLIENT #################
config.vm.define "client" do |client|
config.vm.provider "virtualbox" do |vb|
vb.memory = "1024"
vb.customize ['storageattach', :id, '--storagectl', 'SATA Controller', '--port', 1, '--device', 0,
'--type', 'hdd', '--mtype', 'shareable', '--hotpluggable', 'on',
'--medium', File.join(build_dir, "server.vmdk")]
end
client.vm.hostname = "client"
client.vm.network "private_network",
virtualbox__intnet: "client_router", type: "dhcp"
#XXX Figure out how to attach USB stick to write OS image to. See: client/Vagrantfile
# .vmdk can wrap a raw image, so no need to copy to .vdi:
# VBoxManage internalcommands createrawvmdk -filename test.vmdk -rawdisk raw.img
client.vm.network "forwarded_port", host: 22222, guest: 22222
client.vm.provision "shell", inline: <<-SHELL
while [ ! -f /usr/local/share/ca-certificates/fakeroot.crt ]; do
sudo wget --timeout 3 https://acme-v02.api.letsencrypt.org:15000/roots/0 -O /usr/local/share/ca-certificates/fakeroot.crt
done
sudo update-ca-certificates
#XXX Install selenium/chromedriver/any other deps.
#XXX Because we short circuit the dyndns NS forward to the pi, need to explicitly
# check that username.boundery.me gets the right NS destination (30.0.0.150).
# dig ns nolan.boundery.me. @boundery.me.
sudo cp /vagrant/client/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
SHELL
#XXX Provisioner to install client from boundery.me
......@@ -127,25 +133,24 @@ Vagrant.configure("2") do |config|
vb.memory = "1024"
vb.customize ["modifyvm", :id, "--firmware", "efi"]
#vb.customize ['storageattach', :id, '--storagectl', 'SATA', '--port', 1, '--device', 0,
# '--type', 'hdd', '--medium', 'boot.vmdk']
serial_log = File.join(vagrant_dir, "server_cons.log")
vb.customize ['storageattach', :id, '--storagectl', 'SATA', '--port', 1, '--device', 0,
'--type', 'hdd', '--mtype', 'shareable', '--hotpluggable', 'on',
'--medium', File.join(build_dir, "server.vmdk")]
serial_log = File.join(build_dir, "server_cons.log")
vb.customize ["modifyvm", :id, "--uart1", "0x3F8", "4", "--uartmode1", "file", serial_log]
end
server.vm.hostname = "server"
#server.vm.network "private_network", :mac => "443839FFF001", :adapter => 1,
# virtualbox__intnet: "client_router", auto_config: false
server.vm.network "private_network", :mac => "443839FFF001",
virtualbox__intnet: "client_router", type: "dhcp"
server.vm.network "private_network", :mac => "443839FFF001", :adapter => 1,
virtualbox__intnet: "client_router", auto_config: false
#XXX Need to disable/redirect 'vagrant ssh' for "Waiting for machine to boot"
#server.ssh.port=60000
#server.ssh.host = "192.168.1.9"
#Redirect this to our python dummy sshd
server.ssh.port=22222
server.ssh.host = "localhost"
server.vm.synced_folder ".", "/vagrant", disabled: true
#XXX Attach (and boot off of) USB stick that client wrote the image to.
#XXX Need to figure out how to get pebble's root cert into the os...
#XXX Attach USB stick for RW storage.
end
......
#!/bin/bash
rm /usr/local/share/ca-certificates/fakeroot.crt
while [ ! -f /usr/local/share/ca-certificates/fakeroot.crt ]; do
wget --timeout 3 --no-check-certificate https://acme-v02.api.letsencrypt.org:15000/roots/0 -O /usr/local/share/ca-certificates/fakeroot.crt
done
update-ca-certificates
exit 0
#!/usr/bin/env python
import socket
import sys
import threading
import paramiko
class Server(paramiko.ServerInterface):
def check_channel_request(self, kind, chanid):
if kind == 'session':
return paramiko.OPEN_SUCCEEDED
def check_auth_publickey(self, username, key):
return paramiko.AUTH_SUCCESSFUL
def get_allowed_auths(self, username):
return 'publickey'
def check_channel_exec_request(self, channel, command):
threading.Thread(target=self.handle_cmd, args=[command, channel],
daemon=True).start()
return True
def check_channel_pty_request(self, channel, term, width, height,
pixelwidth, pixelheight, modes):
assert(False)
def handle_cmd(self, cmd, chan):
ret = self.handle_cmd_streams(cmd.decode(), chan.makefile('r'),
chan.makefile('w'), chan.makefile_stderr('w'))
chan.send_exit_status(ret)
chan.close()
def handle_cmd_streams(self, cmd, stdin, stdout, stderr):
last_exit = 0
print("cmd:", cmd)
if cmd == '' or 'bash -l' in cmd:
for line in stdin:
line=line[:-1]
print('line:', line)
if line.startswith('(>&2 '):
out = stderr
line = line[5:-1]
else:
out = stdout
if line.startswith('printf \''):
out.write(line[8:-1])
elif line == 'exit':
break
out.flush()
elif cmd.startswith('scp -t '):
#Assume they're only sending 1 file, and respond to all msgs.
stdout.write('\0' * 7)
print('XXX \'%s\'' % stdin.read())
return last_exit
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
sock.bind(('', 22222))
sock.listen(5)
print("Listening")
while True:
client, addr = sock.accept()
print("Connection")
t = paramiko.Transport(client)
t.set_gss_host(socket.getfqdn(""))
t.load_server_moduli()
t.add_server_key( paramiko.RSAKey.generate(bits=1024))
print("Starting ssh session")
t.start_server(server=Server())