Skip to content

fix: allow ssh-as in connect.pl #822

fix: allow ssh-as in connect.pl

fix: allow ssh-as in connect.pl #822

Workflow file for this run

name: FreeBSD tests
on:
pull_request:
types: [labeled, synchronize]
jobs:
freebsd:
runs-on: ubuntu-latest
name: FreeBSD
timeout-minutes: 180
if: ${{ contains(github.event.pull_request.labels.*.name, 'tests:freebsd') }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Functional tests under FreeBSD
uses: cross-platform-actions/action@master
with:
operating_system: freebsd
version: '13.2'
shell: bash
sync_files: runner-to-vm
run: |
# source this to get the $SSH_DIR var properly filled
source lib/shell/functions.inc
# a few debug commands
set -x
freebsd-version
id
# to do proper tests, we need the fs to have ACLs enabled
sudo mount -o acls /
# install required packages
sudo env IGNORE_OSVERSION=yes pkg update
sudo env IGNORE_OSVERSION=yes pkg install -y bash rsync ca_root_nss jq fping screen flock curl
# create required folder
sudo mkdir -p /opt/bastion
# copy bastion code to the proper location
sudo rsync -a . /opt/bastion/
# save default ssh config, so we can restore it when we're done,
# or the github action will fail because the post-run actions it'll
# try to do over ssh won't complete due to our modified ssh config
sudo tar czf /opt/bastion/ssh_config.tar.gz $SSH_DIR/
# setup bastion
sudo /opt/bastion/bin/admin/packages-check.sh -i
sudo /opt/bastion/bin/admin/install-ttyrec.sh -s
sudo /opt/bastion/bin/admin/install-yubico-piv-checker.sh -s
sudo /opt/bastion/bin/admin/install-mkhash-helper.sh -s
sudo /opt/bastion/bin/admin/install --new-install
# by default, this is 0700, but we'll run those as non-root
sudo chmod 0755 /opt/bastion/tests
# generate two sets of keys
ssh-keygen -t ed25519 -f id_user -N ''
ssh-keygen -t ed25519 -f id_root -N ''
# setup the local bastion for tests
sudo env WANT_HTTP_PROXY=0 NO_SLEEP=1 user_pubkey="$(cat id_user.pub)" root_pubkey="$(cat id_root.pub)" TARGET_USER=user5000 /opt/bastion/tests/functional/docker/target_role.sh
# run the tests, then in post-run, restore saved ssh config and restart sshd
/opt/bastion/tests/functional/launch_tests_on_instance.sh \
--has-mfa=0 \
--has-mfa-password=1 \
--has-pamtester=1 \
--skip-consistency-check \
--remote-etc-bastion=/usr/local/etc/bastion \
--slowness-factor=2 \
--post-run="sudo tar xzf /opt/bastion/ssh_config.tar.gz -C / ; sudo /etc/rc.d/sshd restart" \
127.0.0.1 22 0 user5000 id_user id_root
# for some reason, any other command below is skipped, so don't try to add anything,
# augment --post-run in the script above instead, if needed.