Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Phase 405 — host-to-guest TCP inspection proof

ItemValue
Commandmake phase 405
Underlying make target/scriptsvm/phase4/materialize-etc.sh --remote-inspection, then vm/phase4/remote-inspection-probe.sh
Mutates disk/image?Yes, it mounts artifacts/onix-image/onix.raw and installs a temporary TCP inspection listener
Boots QEMU?Yes, it runs an automated host-to-guest connection proof
Main proofThe host connects to 127.0.0.1:7665, QEMU forwards the connection into ONIX guest port 6649, and the guest returns ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405.

What this phase proves

Phase 403 proved:

the host can control ONIX through a serial shell

Phase 404 proved:

ONIX can configure its first QEMU network interface

Phase 405 proves the next step:

the host can reach a process inside the booted ONIX VM over TCP

That is the basic shape needed before SSH:

host process -> QEMU forwarding -> guest network stack -> guest service

Why this is not SSH yet

It would be tempting to jump straight to:

ssh root@127.0.0.1 -p ...

But real SSH means more than an open TCP port.

SSH needs:

  • an SSH daemon package,
  • host key generation and persistence,
  • user account policy,
  • login shell policy,
  • password or key authentication policy,
  • a decision about root login,
  • a service unit,
  • a clear place for authorized keys.

ONIX has not designed all of that yet.

So Phase 405 stays honest:

temporary TCP inspection proof
not final remote administration
not authenticated
not SSH

The final SSH or authenticated remote-inspection design should be a later subphase.

QEMU host port forwarding

The VM uses QEMU user networking. The host cannot directly route to the guest’s private 10.0.2.15 address from the outside.

So QEMU provides host forwarding:

host 127.0.0.1:7665  ->  guest 10.0.2.15:6649

In QEMU syntax this is:

hostfwd=tcp:127.0.0.1:7665-:6649

Port 6649 is ONIX’s project number.

Port 7665 is only the host-side test port for this phase.

The temporary guest listener

Phase 405 uses BusyBox nc inside the guest:

/bin/nc -lk -p 6649 -e /usr/lib/onix/bootstrap-remote-inspection-response

Read that slowly:

nc        netcat, a tiny TCP tool
-l        listen mode
-k        keep listening after a connection
-p 6649   listen on guest TCP port 6649
-e file   run this program for each connection

The response program prints one line:

ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405 uid=0 hostname=onix kernel=Linux

That gives the host a very small remote inspection result:

  • the guest accepted a TCP connection,
  • the process ran inside ONIX,
  • it ran as root because this is still bootstrap bring-up,
  • the guest could report hostname and kernel.

The systemd unit

Phase 405 installs:

onix-bootstrap-remote-inspection.service

into the copied bootstrap systemd unit tree:

/nix/store/...-systemd-.../example/systemd/system/
/persist/nix/store/...-systemd-.../example/systemd/system/

It starts after:

onix-bootstrap-network.service

because the TCP listener should come after Phase 404’s temporary network setup.

Again, the /persist copy matters because /nix is bind-mounted from /persist/nix at boot.

The automated proof

make phase 405 first installs the pieces:

./materialize-etc.sh --remote-inspection

That installs:

/usr/lib/onix/bootstrap-remote-inspection-response
/usr/lib/onix/bootstrap-remote-inspection-status
/usr/lib/onix/bootstrap-remote-inspection-proof
/usr/share/onix/bootstrap/remote-inspection.txt
onix-bootstrap-remote-inspection.service

Then it boots QEMU:

./remote-inspection-probe.sh

That probe does two kinds of checks.

First, over the Phase 403 serial shell, it asks the guest:

/usr/lib/onix/bootstrap-network-proof &&
/usr/lib/onix/bootstrap-remote-inspection-proof

The guest must answer:

ONIX_REMOTE_INSPECTION_READY port=6649

Then the host connects through QEMU:

nc 127.0.0.1 7665

The host must receive:

ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405

That proves host-to-guest reachability.

Run it

From the repo root:

make phase 405

Expected image-mutation output includes:

remote   : /usr/lib/onix/bootstrap-remote-inspection-response
remote   : /usr/lib/onix/bootstrap-remote-inspection-status
remote   : /usr/lib/onix/bootstrap-remote-inspection-proof
unit     : /nix/store/.../onix-bootstrap-remote-inspection.service
unit     : /persist/nix/store/.../onix-bootstrap-remote-inspection.service
proof    : /usr/share/onix/bootstrap/remote-inspection.txt

Expected QEMU proof output includes:

ONIX_REMOTE_INSPECTION_READY port=6649
ONIX_REMOTE_INSPECTION_OK name=ONIX phase=405 uid=0 hostname=onix kernel=Linux

==> success
Phase 405 proved host-to-guest TCP inspection through QEMU port forwarding.

What this phase does not do

Phase 405 does not solve final remote access.

It does not decide:

  • OpenSSH vs Dropbear vs another daemon,
  • root login policy,
  • user creation policy,
  • authorized key location,
  • host key persistence,
  • password login policy,
  • firewall policy.

It only proves:

the host can reach a service inside the booted ONIX VM

That is exactly the proof needed before designing real SSH.