From nobody Mon Feb  9 06:48:51 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 205.139.110.120 as permitted sender) client-ip=205.139.110.120;
 envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-1.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1579625253; cv=none;
	d=zohomail.com; s=zohoarc;
	b=R8n2fRWLF5bVm6fGbUhp5PECva+nwW1rrKI2Bm4GdjoTq9C9bZoR07n50uaW87o6L16AkWtvILvmeJ2AZIBl9H+s1bJtetZncQDaSiu/UPFoh8dA8QA1OnmJI+y2Yh6epIgro5JJbkig0IeqTudZlG5SGgFFZtnAf1+p6CM4fpM=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1579625253;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=tYdr3olyo0tJwRG1UcdVtAal1cB43yLJfr9cfOVmWf8=;
	b=OQMsKm0uB79MzaQgsEsEvOrcZH4X8pIa4gqT1serjJYVqbTaqIf6PBh0YW/luymho2t3GVBCiiZrOnJ/9UV1pFfAPEQh5MxKjl5jbN1OZhGfnH6eUAYS/Ivu/0+ITh5w/BvhJN+2KYdRjks0Av/TuWr7mPjh3PfsZGgHm2gzi+w=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 205.139.110.120 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<eskultet@redhat.com> (p=none dis=none)
 header.from=<eskultet@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com
 [205.139.110.120]) by mx.zohomail.com
	with SMTPS id 1579625253004875.4391849453364;
 Tue, 21 Jan 2020 08:47:33 -0800 (PST)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-6-f5XUSQqoOI-Q1LBMP_JawQ-1; Tue, 21 Jan 2020 11:47:28 -0500
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
 [10.5.11.13])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4F00EA3165;
	Tue, 21 Jan 2020 16:47:23 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 17DC98BE2D;
	Tue, 21 Jan 2020 16:47:23 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 95051180880C;
	Tue, 21 Jan 2020 16:47:21 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
	[10.5.11.22])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 00LGlIEr031177 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 21 Jan 2020 11:47:18 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id E937C1001B2C; Tue, 21 Jan 2020 16:47:18 +0000 (UTC)
Received: from ridgehead.redhat.com (ovpn-204-18.brq.redhat.com
 [10.40.204.18])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 3AB3110013A7;
	Tue, 21 Jan 2020 16:47:18 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1579625251;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=tYdr3olyo0tJwRG1UcdVtAal1cB43yLJfr9cfOVmWf8=;
	b=GkpaXsSr04ZJPEDA6etOqzKRFatBNnmikkz7Bz/FUJYz8bkvchdLUBJzHBux7zTtjScowr
	cPidRtssv6DyOJ2ru7er8oicSjnTCCqsM4oEEoapID1XAHZnZYw1PG+Uztw2/MSBHSEA5K
	I2dhxVV8mRQH0MzCaPqTdOVvMavq6s8=
From: Erik Skultety <eskultet@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt-tck PATCH 1/2] lib: TCK.pm: Favour pubkey auth over
	passwords on SSH connections
Date: Tue, 21 Jan 2020 17:47:16 +0100
Message-Id: 
 <20620fdc44e7badad31bd834767a2f415907693a.1579625223.git.eskultet@redhat.com>
In-Reply-To: <cover.1579625223.git.eskultet@redhat.com>
References: <cover.1579625223.git.eskultet@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-loop: libvir-list@redhat.com
Cc: Erik Skultety <eskultet@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-MC-Unique: f5XUSQqoOI-Q1LBMP_JawQ-1
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The reason for this change is our Fedora 31 test image, because starting
with Fedora 31, the SSH policy for root logins with password
authentication changed and password auth is now disabled by default.
Since we were relying on this, we're now unable to log in to the guest
as root. Let's convert to the SSH keys usage.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
Reviewed-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 lib/Sys/Virt/TCK.pm | 30 +++++++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/lib/Sys/Virt/TCK.pm b/lib/Sys/Virt/TCK.pm
index a641d01..5a5c9e4 100644
--- a/lib/Sys/Virt/TCK.pm
+++ b/lib/Sys/Virt/TCK.pm
@@ -408,6 +408,32 @@ sub has_disk_image {
     return -f $target
 }
=20
+sub ssh_key_path {
+    my $self =3D shift;
+    my $basedir =3D shift;
+
+    return catfile($basedir, "ssh", "id_rsa");
+}
+
+sub create_host_ssh_keys {
+    my $self =3D shift;
+
+    my $scratch =3D $self->scratch_dir;
+    my $ssh_dir_path =3D catfile($scratch, "ssh");
+    my $ssh_key_path =3D $self->ssh_key_path($scratch);
+
+    if (! -d "$ssh_dir_path") {
+        mkdir "$ssh_dir_path", 0700;
+    }
+
+    if (! -e "$ssh_key_path") {
+        print "# generating a new SSH RSA key pair under $ssh_dir_path\n";
+        system "ssh-keygen -q -t rsa -f $ssh_key_path -N ''";
+    }
+
+    return $ssh_key_path;
+}
+
 sub create_virt_builder_disk {
     my $self =3D shift;
     my $bucket =3D shift;
@@ -424,8 +450,10 @@ sub create_virt_builder_disk {
         return $target;
     }
=20
+    my $ssh_key_path =3D $self->create_host_ssh_keys;
+
     print "# running virt-builder $osname\n";
-    system "virt-builder", "--install", "dsniff", "--selinux-relabel", "--=
root-password", "password:$password", "--output", $target, $osname;
+    system "virt-builder", "--install", "dsniff", "--selinux-relabel", "--=
root-password", "password:$password", "--ssh-inject", "root:file:$ssh_key_p=
ath.pub", "--output", $target, $osname;
=20
     die "cannot run virt-builder: $?" if $? !=3D 0;
=20
--=20
2.24.1