From 0a6f37156e16be303c98a5c9c86b7b943e54fdad Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Wed, 2 Jun 2021 16:54:03 +0000
Subject: [PATCH 1/7] update 7-year-old test-bench machine setup
Updates the developer documentation for remote test bench
---
developer/debugging/test-bench.md | 89 ++++++++++++++++++-------------
1 file changed, 52 insertions(+), 37 deletions(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index bc21ea3f..2ad3fd60 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -15,57 +15,72 @@ This guide shows how to set up simple test bench that automatically test your co
We will set up a spare machine (bare metal, not a virtual) that will be hosting our experimental Dom0. We will communicate with it via Ethernet and SSH. This tutorial assumes you are familiar with [QubesBuilder](/doc/qubes-builder/) and you have it set up and running flawlessly.
-## Setting up the machine
+
+
+ Notice:
+ This setup intentionally weakens some security properties in the testing system. So make sure you understand the risks and use exclusively for testing.
+
-First, do a clean install from ISO you built or grabbed elsewhere.
-You have to fix network, because it is intentionally broken. This script should reenable your network card without depending on anything else.
+## Setting up the Machine
-```bash
-#!/bin/sh
+### Install ISO
+First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/) or grabbed elsewhere (for example [here](https://qubes-os.discourse.group/t/qubesos-4-1-alpha-signed-weekly-builds/3601))
-# adjust this for your NIC (run lspci)
-BDF=0000:02:00.0
+### Enabling Network Access in Dom0
-prog=$(basename $0)
+Internet access is intentionally disabled by default in dom0. But to ease the deployment process we will give it access. The following steps should be done in `dom0`.
-pciunbind() {
- local path
- path=/sys/bus/pci/devices/${1}/driver/unbind
- if ! [ -w ${path} ]; then
- echo "${prog}: Device ${1} not bound"
- return 1
- fi
- echo -n ${1} >${path}
-}
+1. Remove the network card (PCI device) from `sys-net`
+2. Restart your computer (for the removal to take effect)
+3. The following script should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.*
-pcibind() {
- local path
- path=/sys/bus/pci/drivers/${2}/bind
- if ! [ -w ${path} ]; then
- echo "${prog}: Driver ${2} not found"
- return 1
- fi
- echo ${1} >${path}
-}
+ ```bash
+ #!/bin/sh
-pciunbind ${BDF}
-pcibind ${BDF} e1000e
+ # adjust this for your NIC (run lspci)
+ BDF=0000:02:00.0
-dhclient
-```
+ # adjust this for your network driver
+ DRIVER=e1000e
-TODO: describe how to run this at every startup
+ prog=$(basename $0)
+
+ pciunbind() {
+ local path
+ path=/sys/bus/pci/devices/${1}/driver/unbind
+ if ! [ -w ${path} ]; then
+ echo "${prog}: Device ${1} not bound"
+ return 1
+ fi
+ echo -n ${1} >${path}
+ }
-Now configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
+ pcibind() {
+ local path
+ path=/sys/bus/pci/drivers/${2}/bind
+ if ! [ -w ${path} ]; then
+ echo "${prog}: Driver ${2} not found"
+ return 1
+ fi
+ echo ${1} >${path}
+ }
-Install `openssh-server` on your testbench:
+ pciunbind ${BDF}
+ pcibind ${BDF} ${DRIVER}
-~~~
-yum install openssh-server
-~~~
+ sudo dhclient
+ ```
-Ensure that sudo works without password from your user account (it should by default).
+4. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
+
+5. Install `openssh-server` on your testbench (since dom0 now has internet access the command `qubes-dom0-update` is not needed).
+
+ ~~~
+ sudo dnf install openssh-server
+ ~~~
+
+**Note:** You'll need to run the at every startup (TODO: describe how to run this at every startup)
## Development VM
From 185f33eb7e41a91b58cbbbb04278fbccc9db41ae Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Wed, 2 Jun 2021 18:00:41 +0000
Subject: [PATCH 2/7] implemented requested changes
---
developer/debugging/test-bench.md | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index 2ad3fd60..664f8c19 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -15,12 +15,8 @@ This guide shows how to set up simple test bench that automatically test your co
We will set up a spare machine (bare metal, not a virtual) that will be hosting our experimental Dom0. We will communicate with it via Ethernet and SSH. This tutorial assumes you are familiar with [QubesBuilder](/doc/qubes-builder/) and you have it set up and running flawlessly.
-
-
- Notice:
- This setup intentionally weakens some security properties in the testing system. So make sure you understand the risks and use exclusively for testing.
-
-
+> **Notice:**
+> This setup intentionally weakens some security properties in the testing system. So make sure you understand the risks and use exclusively for testing.
## Setting up the Machine
@@ -68,8 +64,9 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
pciunbind ${BDF}
pcibind ${BDF} ${DRIVER}
-
- sudo dhclient
+
+ sleep 1
+ dhclient
```
4. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
From 036d89eaa0108e635b9e8a8f46cf99bb5a1c87c0 Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Fri, 4 Jun 2021 13:59:07 +0000
Subject: [PATCH 3/7] add troubleshooting message
---
developer/debugging/test-bench.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index 664f8c19..da07ff4b 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -128,7 +128,7 @@ fi
set -e
ssh testbench mkdir -p "${TMPDIR}"
-scp "${@}" testbench:"${TMPDIR}"
+scp "${@}" testbench:"${TMPDIR}" || echo "check if you have 'scp' installed on your testbench"
while [ $# -gt 0 ]; do
ssh testbench sudo rpm -i --replacepkgs --replacefiles "${TMPDIR}/$(basename ${1})"
From 161a03f7bc1d5755b9cbcaa76299502254359d2a Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Fri, 4 Jun 2021 16:18:12 +0000
Subject: [PATCH 4/7] add notes about installing software with dom0 net
Add notes on how one can install software if the only network card was already to dom0.
---
developer/debugging/test-bench.md | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index da07ff4b..dc203d5b 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -27,9 +27,11 @@ First, do a clean install from the `.iso` [you built](/doc/qubes-iso-building/)
Internet access is intentionally disabled by default in dom0. But to ease the deployment process we will give it access. The following steps should be done in `dom0`.
+> **Note:** the following assume you have only one network card. If you have two, pick one and leave the other attached to `sys-net`.
+
1. Remove the network card (PCI device) from `sys-net`
2. Restart your computer (for the removal to take effect)
-3. The following script should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.*
+3. The following script should enable your network card in dom0. *Be sure to adjust the script's variables to suit your needs.* You'll need to run this at every startup (TODO: describe how to run this at every startup).
```bash
#!/bin/sh
@@ -77,7 +79,7 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
sudo dnf install openssh-server
~~~
-**Note:** You'll need to run the at every startup (TODO: describe how to run this at every startup)
+> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then instead of the usual `sudo qubes-dom0-update install ` you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d`.
## Development VM
From 4239ad785659b04d71dd16aadc53e2c180535073 Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Tue, 8 Jun 2021 09:52:40 +0000
Subject: [PATCH 5/7] add "ssh-copy-id" to "Passwordless SSH Login"
---
developer/debugging/test-bench.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index dc203d5b..accaed0c 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -101,7 +101,9 @@ Host testbench
HostName 192.168.123.45
~~~
-Then connect to your testbench and paste newly generated `id_ecdsa.pub` to `.ssh/authorized_keys` on testbench so you can log in without entering password every time.
+#### Passwordless SSH Login
+
+To log to your testbench without entering password every time, copy your newly generated public key (`id_ecdsa.pub`) to `~/.ssh/authorized_keys` on your testbench. You can do this easily by running this command on `qubes-dev`: `ssh-copy-id -i ~/.ssh/id_ecdsa.pub user@192.168.123.45` (substituting with the actual username address of your testbench).
### Scripting
From d33690dfd60898f5e09d4d6c3e4b71801309ee95 Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Thu, 17 Jun 2021 17:03:48 +0000
Subject: [PATCH 6/7] clarify "dnf --setopt" should be used
---
developer/debugging/test-bench.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index accaed0c..79ea9536 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -73,13 +73,13 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
4. Configure your DHCP server so your testbench gets static IP and connect your machine to your local network. You should ensure that your testbench can reach the Internet.
-5. Install `openssh-server` on your testbench (since dom0 now has internet access the command `qubes-dom0-update` is not needed).
+5. Install `openssh-server` on your testbench.
~~~
- sudo dnf install openssh-server
+ sudo dnf --setopt=reposdir=/etc/yum.repos.d install openssh-server
~~~
-> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then instead of the usual `sudo qubes-dom0-update install ` you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d`.
+> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update install ` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install `.
## Development VM
From 99083295b0a39cd03cd688bb85c363f381d3b934 Mon Sep 17 00:00:00 2001
From: deeplow <47065258+deeplow@users.noreply.github.com>
Date: Fri, 18 Jun 2021 08:53:15 +0000
Subject: [PATCH 7/7] qubes-dom0-update has no install argument
---
developer/debugging/test-bench.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/developer/debugging/test-bench.md b/developer/debugging/test-bench.md
index 79ea9536..cba9b7e1 100644
--- a/developer/debugging/test-bench.md
+++ b/developer/debugging/test-bench.md
@@ -79,7 +79,7 @@ Internet access is intentionally disabled by default in dom0. But to ease the de
sudo dnf --setopt=reposdir=/etc/yum.repos.d install openssh-server
~~~
-> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update install ` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install `.
+> **Note:** If you want to install additional software in dom0 and your only network card was assigned to dom0, then _instead_ of the usual `sudo qubes-dom0-update ` now you run `sudo dnf --setopt=reposdir=/etc/yum.repos.d install `.
## Development VM