#!/bin/sh
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# PASST - Plug A Simple Socket Transport
#  for qemu/UNIX domain socket mode
#
# test/passt.mbuto - mbuto (https://mbuto.sh) profile for test images
#
# Copyright (c) 2022 Red Hat GmbH
# Author: Stefano Brivio <sbrivio@redhat.com>

PROGS="${PROGS:-ash,dash,bash ip mount ls insmod mkdir ln cat chmod lsmod
       modprobe find grep mknod mv rm umount jq iperf3 dhclient hostname
       sed tr chown sipcalc cut md5sum socat dd strace ping tail killall sleep
       sysctl nproc tcp_rr tcp_crr udp_rr which tee seq bc sshd ssh-keygen}"

KMODS="${KMODS:- virtio_net virtio_pci vmw_vsock_virtio_transport}"

LINKS="${LINKS:-
	 ash,dash,bash		/init
	 ash,dash,bash		/bin/sh}"

DIRS="${DIRS} /tmp /sbin /usr/share /var/log /var/lib /etc/ssh /run/sshd /root/.ssh"

FIXUP="${FIXUP}"'
	cat > /sbin/dhclient-script << EOF
#!/bin/sh
LOG=/var/log/dhclient-script.log
echo \${reason} \${interface} >> \$LOG
set >> \$LOG

[ -n "\${new_interface_mtu}" ]       && ip link set dev \${interface} mtu \${new_interface_mtu}

[ -n "\${new_ip_address}" ]          && ip addr add \${new_ip_address}/\${new_subnet_mask} dev \${interface}
[ -n "\${new_routers}" ]             && for r in \${new_routers}; do ip route add default via \${r} dev \${interface}; done
:> /etc/resolv.conf
[ -n "\${new_domain_name_servers}" ] && for d in \${new_domain_name_servers}; do echo "nameserver \${d}" >> /etc/resolv.conf; done
[ -n "\${new_domain_name}" ]         && echo "search \${new_domain_name}" >> /etc/resolf.conf
[ -n "\${new_domain_search}" ]       && (printf "search"; for d in \${new_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
[ -n "\${new_ip6_address}" ]         && ip addr add \${new_ip6_address}/\${new_ip6_prefixlen} dev \${interface}
[ -n "\${new_dhcp6_name_servers}" ]  && for d in \${new_dhcp6_name_servers}; do echo "nameserver \${d}%\${interface}" >> /etc/resolv.conf; done
[ -n "\${new_dhcp6_domain_search}" ] && (printf "search"; for d in \${new_dhcp6_domain_search}; do printf " %s" "\${d}"; done; printf "\n") >> /etc/resolv.conf
[ -n "\${new_host_name}" ]           && hostname "\${new_host_name}"
exit 0
EOF
	chmod 755 /sbin/dhclient-script
	ln -s /sbin /usr/sbin
	ln -s /bin /usr/bin
	ln -s /run /var/run
	:> /etc/fstab

	# sshd(dropbear) via vsock
	cat > /etc/passwd << EOF
root:x:0:0:root:/root:/bin/sh
sshd:x:100:100:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
EOF
	cat > /etc/shadow << EOF
root:::0:99999:7:::
EOF
	chmod 000 /etc/shadow

	:> /etc/ssh/sshd_config
	ssh-keygen -A
	chmod 700 /root/.ssh
	chmod 700 /run/sshd
	# Alternative location for the priv separation dir
	ln -s /run/sshd /usr/share/empty.sshd

	cat > /root/.ssh/authorized_keys <<EOF
'"$(cat guest-key.pub)"'
EOF
	chmod 600 /root/.ssh/authorized_keys
	chmod 700 /root
	socat VSOCK-LISTEN:22,fork EXEC:"sshd -i -e" 2> /var/log/vsock-ssh.log &
	sh +m
'

OUTPUT="KERNEL=__KERNEL__
INITRD=__INITRD__
"