update 7-year-old test-bench machine setup

Updates the developer documentation for remote test bench

developer/debugging/test-bench.md

@@ -15,57 +15,72 @@ This guide shows how to set up simple test bench that automatically test your co
 
 We will set up a spare machine (bare metal, not a virtual) that will be hosting our experimental Dom0. We will communicate with it via Ethernet and SSH. This tutorial assumes you are familiar with [QubesBuilder](/doc/qubes-builder/) and you have it set up and running flawlessly.
 
-## Setting up the machine
+<div class="alert alert-warning" role="alert">
+  <i class="fa fa-exclamation-triangle"></i>
+  <b>Notice:</b>
+  This setup intentionally weakens some security properties in the testing system. So make sure you understand the risks and use exclusively for testing.
+</div>
 
-First, do a clean install from ISO you built or grabbed elsewhere.
 
-You have to fix network, because it is intentionally broken. This script should reenable your network card without depending on anything else.
+## Setting up the Machine
 
-```bash
+### Install ISO
-#!/bin/sh
+First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/) or grabbed elsewhere (for example [here](https://qubes-os.discourse.group/t/qubesos-4-1-alpha-signed-weekly-builds/3601))
 
-# adjust this for your NIC (run lspci)
+### Enabling Network Access in Dom0
-BDF=0000:02:00.0
 
-prog=$(basename $0)
+Internet access is intentionally disabled by default in dom0. But to ease the deployment process we will give it access. The following steps should be done in `dom0`.
 
-pciunbind() {
+1. Remove the network card (PCI device) from `sys-net`
-    local path
+2. Restart your computer (for the removal to take effect)
-    path=/sys/bus/pci/devices/${1}/driver/unbind
+3. The following script should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.*
-    if ! [ -w ${path} ]; then
-        echo "${prog}: Device ${1} not bound"
-        return 1
-    fi
-    echo -n ${1} >${path}
-}
 
-pcibind() {
+    ```bash
-    local path
+    #!/bin/sh
-    path=/sys/bus/pci/drivers/${2}/bind
-    if ! [ -w ${path} ]; then
-        echo "${prog}: Driver ${2} not found"
-        return 1
-    fi
-    echo ${1} >${path}
-}
 
-pciunbind ${BDF}
+    # adjust this for your NIC (run lspci)
-pcibind ${BDF} e1000e
+    BDF=0000:02:00.0
 
-dhclient
+    # adjust this for your network driver
-```
+    DRIVER=e1000e
 
-TODO: describe how to run this at every startup
+    prog=$(basename $0)
+    
+    pciunbind() {
+        local path
+        path=/sys/bus/pci/devices/${1}/driver/unbind
+        if ! [ -w ${path} ]; then
+            echo "${prog}: Device ${1} not bound"
+            return 1
+        fi
+        echo -n ${1} >${path}
+    }
 
-Now configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
+    pcibind() {
+        local path
+        path=/sys/bus/pci/drivers/${2}/bind
+        if ! [ -w ${path} ]; then
+            echo "${prog}: Driver ${2} not found"
+            return 1
+        fi
+        echo ${1} >${path}
+    }
 
-Install `openssh-server` on your testbench:
+    pciunbind ${BDF}
+    pcibind ${BDF} ${DRIVER}
 
-~~~
+    sudo dhclient
-yum install openssh-server
+    ```
-~~~
 
-Ensure that sudo works without password from your user account (it should by default).
+4. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
+
+5. Install `openssh-server` on your testbench (since dom0 now has internet access the command `qubes-dom0-update` is not needed).
+ 
+    ~~~
+    sudo dnf install openssh-server
+    ~~~
+
+**Note:** You'll need to run the at every startup (TODO: describe how to run this at every startup)
 
 ## Development VM