Phase 405 — host-to-guest TCP inspection proof
| Item | Value |
|---|---|
| Command | make phase 405 |
| Underlying make target/scripts | vm/phase4/materialize-etc.sh --remote-inspection, then vm/phase4/remote-inspection-probe.sh |
| Mutates disk/image? | Yes, it mounts artifacts/onix-image/onix.raw and installs a temporary TCP inspection listener |
| Boots QEMU? | Yes, it runs an automated host-to-guest connection proof |
| Main proof | The host connects to 127.0.0.1:7665, QEMU forwards the connection into ONIX guest port 6649, and the guest returns ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405. |
What this phase proves
Phase 403 proved:
the host can control ONIX through a serial shell
Phase 404 proved:
ONIX can configure its first QEMU network interface
Phase 405 proves the next step:
the host can reach a process inside the booted ONIX VM over TCP
That is the basic shape needed before SSH:
host process -> QEMU forwarding -> guest network stack -> guest service
Why this is not SSH yet
It would be tempting to jump straight to:
ssh root@127.0.0.1 -p ...
But real SSH means more than an open TCP port.
SSH needs:
- an SSH daemon package,
- host key generation and persistence,
- user account policy,
- login shell policy,
- password or key authentication policy,
- a decision about root login,
- a service unit,
- a clear place for authorized keys.
ONIX has not designed all of that yet.
So Phase 405 stays honest:
temporary TCP inspection proof
not final remote administration
not authenticated
not SSH
The final SSH or authenticated remote-inspection design should be a later subphase.
QEMU host port forwarding
The VM uses QEMU user networking. The host cannot directly route to the guest’s
private 10.0.2.15 address from the outside.
So QEMU provides host forwarding:
host 127.0.0.1:7665 -> guest 10.0.2.15:6649
In QEMU syntax this is:
hostfwd=tcp:127.0.0.1:7665-:6649
Port 6649 is ONIX’s project number.
Port 7665 is only the host-side test port for this phase.
The temporary guest listener
Phase 405 uses BusyBox nc inside the guest:
/bin/nc -lk -p 6649 -e /usr/lib/onix/bootstrap-remote-inspection-response
Read that slowly:
nc netcat, a tiny TCP tool
-l listen mode
-k keep listening after a connection
-p 6649 listen on guest TCP port 6649
-e file run this program for each connection
The response program prints one line:
ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405 uid=0 hostname=onix kernel=Linux
That gives the host a very small remote inspection result:
- the guest accepted a TCP connection,
- the process ran inside ONIX,
- it ran as root because this is still bootstrap bring-up,
- the guest could report hostname and kernel.
The systemd unit
Phase 405 installs:
onix-bootstrap-remote-inspection.service
into the copied bootstrap systemd unit tree:
/nix/store/...-systemd-.../example/systemd/system/
/persist/nix/store/...-systemd-.../example/systemd/system/
It starts after:
onix-bootstrap-network.service
because the TCP listener should come after Phase 404’s temporary network setup.
Again, the /persist copy matters because /nix is bind-mounted from
/persist/nix at boot.
The automated proof
make phase 405 first installs the pieces:
./materialize-etc.sh --remote-inspection
That installs:
/usr/lib/onix/bootstrap-remote-inspection-response
/usr/lib/onix/bootstrap-remote-inspection-status
/usr/lib/onix/bootstrap-remote-inspection-proof
/usr/share/onix/bootstrap/remote-inspection.txt
onix-bootstrap-remote-inspection.service
Then it boots QEMU:
./remote-inspection-probe.sh
That probe does two kinds of checks.
First, over the Phase 403 serial shell, it asks the guest:
/usr/lib/onix/bootstrap-network-proof &&
/usr/lib/onix/bootstrap-remote-inspection-proof
The guest must answer:
ONIX_REMOTE_INSPECTION_READY port=6649
Then the host connects through QEMU:
nc 127.0.0.1 7665
The host must receive:
ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405
That proves host-to-guest reachability.
Run it
From the repo root:
make phase 405
Expected image-mutation output includes:
remote : /usr/lib/onix/bootstrap-remote-inspection-response
remote : /usr/lib/onix/bootstrap-remote-inspection-status
remote : /usr/lib/onix/bootstrap-remote-inspection-proof
unit : /nix/store/.../onix-bootstrap-remote-inspection.service
unit : /persist/nix/store/.../onix-bootstrap-remote-inspection.service
proof : /usr/share/onix/bootstrap/remote-inspection.txt
Expected QEMU proof output includes:
ONIX_REMOTE_INSPECTION_READY port=6649
ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405 uid=0 hostname=onix kernel=Linux
==> success
Phase 405 proved host-to-guest TCP inspection through QEMU port forwarding.
What this phase does not do
Phase 405 does not solve final remote access.
It does not decide:
- OpenSSH vs Dropbear vs another daemon,
- root login policy,
- user creation policy,
- authorized key location,
- host key persistence,
- password login policy,
- firewall policy.
It only proves:
the host can reach a service inside the booted ONIX VM
That is exactly the proof needed before designing real SSH.