From 0bf6ea55d9ff58183b7b5e20e23b548ec0dc44e4 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Fri, 1 Mar 2024 14:58:23 -0500
Subject: [PATCH 1/3] Add `cosa supermin-run`

This is very close to `cosa supermin-shell` but instead expects a
command to run inside the supermin VM. Essentially, it's a very thin
wrapper around the `runvm` family of functions in `cmdlib.sh`.

By having it be a dedicated function, it becomes like a utility command
to have easy access to a privileged environment, with the working dir
automatically mounted in, podman remote proxying, etc... Note also this
*does not* require a cosa workdir.

The podman machine OS pipeline will be using this temporarily.
---
 src/cmd-supermin-run | 53 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100755 src/cmd-supermin-run

diff --git a/src/cmd-supermin-run b/src/cmd-supermin-run
new file mode 100755
index 0000000000..dfcf2e0493
--- /dev/null
+++ b/src/cmd-supermin-run
@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+dn=$(dirname "$0")
+# shellcheck source=src/cmdlib.sh
+. "${dn}"/cmdlib.sh
+
+print_help() {
+    echo "Usage: cosa supermin-run [--cache|--snapshot] COMMAND [ARG...]" >&2
+}
+
+if [ $# = 0 ]; then
+    print_help
+    exit 1
+fi
+
+need_cache_dir=0
+case "$1" in
+    --cache)
+        shift
+        set -- runvm_with_cache -- "$@"
+        need_cache_dir=1
+        ;;
+    --snapshot)
+        shift
+        set -- runvm_with_cache_snapshot on -- "$@"
+        need_cache_dir=1
+        ;;
+    --*)
+        echo "unrecognized option: $1"
+        print_help
+        exit 1
+        ;;
+    *)
+        set -- runvm -- "$@"
+        ;;
+esac
+
+# force caller to create tmp/ and possibly cache/ rather than surprisingly
+# auto-create them
+if [ ! -d tmp ]; then
+    echo 'Need tmp/ dir for supermin to work' >&2
+    exit 1
+fi
+if [ $need_cache_dir = 1 ] && [ ! -d cache ]; then
+    echo 'Need cache/ dir for caching' >&2
+    exit 1
+fi
+
+workdir=$(pwd)
+export workdir
+
+"$@"

From eb95a3d74bcfec3cced78f1fb51bb62c29eb9bdd Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Sat, 2 Mar 2024 21:35:09 -0500
Subject: [PATCH 2/3] supermin-init-prelude: skip creating cache dir

In a cosa workdir, that dir always exists in both privileged and
unprivileged paths.

Prep for a new command that'll use this code outside a cosa workdir
where to be nice we don't want to just randomly create a cache dir even
when no caching is required.
---
 src/supermin-init-prelude.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/supermin-init-prelude.sh b/src/supermin-init-prelude.sh
index 0ef11ca7a5..1dfc3ff1e5 100644
--- a/src/supermin-init-prelude.sh
+++ b/src/supermin-init-prelude.sh
@@ -50,7 +50,6 @@ for maybe_symlink in "${workdir}"/{src/config,src/yumrepos,builds}; do
     fi
 done
 
-mkdir -p "${workdir}"/cache
 cachedev=$(blkid -lt LABEL=cosa-cache -o device || true)
 if [ -n "${cachedev}" ]; then
     mount "${cachedev}" "${workdir}"/cache

From 3646501212f2dd04a4e00cf9771d9d7a0705d4f2 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Tue, 7 May 2024 16:12:24 -0400
Subject: [PATCH 3/3] cmdlib.sh: feed `/dev/zero` as qemu stdin

This is a follow-up to 79b15c89d ("cmdlib.sh: go back to using `tail -F`
for command output") which was subsequently reverted.

To summarize, it seems like in QEMU v8.2 (in f40), the guest sometimes
would hang when writing over virtio-serial if the device is hooked up to
the QEMU's stdio.

In testing, removing the `<&-` hack to close QEMU's stdin fixed it for
CoreOS CI but not Prow:

https://github.com/coreos/coreos-assembler/pull/3785#issuecomment-2087342748

I think I've narrowed it down to CoreOS CI (i.e. Jenkins) allocating a
tty and Prow not. When stdin is not a tty, QEMU would immediately gets
EOF if it tries to read anything. I'm not sure exactly what happens, but
I think the virtio-serial hang is linked to this (even though there's no
userspace code in the guest trying to read from the virtio-serial port).

Work around this by explicitly feeding `/dev/zero` to QEMU's stdin.

(cherry picked from commit bb60451ea6ff71ac3abbe4541d2da9e2e4ec4f7e)
---
 src/cmdlib.sh                           | 2 +-
 src/secex-genprotimgvm-scripts/runvm.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/cmdlib.sh b/src/cmdlib.sh
index f3c6acc0df..36a021d427 100755
--- a/src/cmdlib.sh
+++ b/src/cmdlib.sh
@@ -816,7 +816,7 @@ EOF
         if ! "${kola_args[@]}" -- "${base_qemu_args[@]}" \
             -device virtserialport,chardev=virtioserial0,name=cosa-cmdout \
             -chardev stdio,id=virtioserial0 \
-            "${qemu_args[@]}" <&-; then # the <&- here closes stdin otherwise qemu waits forever
+            "${qemu_args[@]}" < /dev/zero; then # qemu hangs if it has nothing to read on stdin
                 cat "${runvm_console}"
                 fatal "Failed to run 'kola qemuexec'"
         fi
diff --git a/src/secex-genprotimgvm-scripts/runvm.sh b/src/secex-genprotimgvm-scripts/runvm.sh
index c90a2c604d..a5361a1021 100644
--- a/src/secex-genprotimgvm-scripts/runvm.sh
+++ b/src/secex-genprotimgvm-scripts/runvm.sh
@@ -56,7 +56,7 @@ else
 fi
 
 if ! "${kola_args[@]}" -- "${base_qemu_args[@]}" \
-    "${qemu_args[@]}" <&-; then # the <&- here closes stdin otherwise qemu waits forever
+    "${qemu_args[@]}" < /dev/zero; then # qemu hangs if it has nothing to read on stdin
     cat "${runvm_console}"
     echo "Failed to run 'kola qemuexec'"
     exit 1