feat: lima VM testing

Author: hanthor

Justfile

@@ -221,15 +221,32 @@ build-all-experimental:
 
 qcow2 variant flavor='base' repo='local':
     #!/usr/bin/env bash
+    set -euo pipefail
     if [ "{{ flavor }}" != "base" ]; then
         FLAVOR="-{{ flavor }}"
     else
         FLAVOR=
     fi
     if [ "{{ repo }}" = "ghcr" ]; then bash ./scripts/build-bootc-diskimage.sh qcow2 ghcr.io/{{ repo_organization }}/{{ variant }}$FLAVOR:{{ default_tag }}
     elif [ "{{ repo }}" = "local" ]; then bash ./scripts/build-bootc-diskimage.sh qcow2 localhost/{{ variant }}$FLAVOR:{{ default_tag }}
+    else echo "DEBUG: repo '{{ repo }}' did not match ghcr or local"; exit 1
     fi
 
+test-vm variant flavor='base':
+    #!/usr/bin/env bash
+    set -euo pipefail
+    bash ./scripts/test-vm.sh {{ variant }} {{ flavor }}
+
+debug-vm variant flavor='base' repo='local':
+    #!/usr/bin/env bash
+    set -euo pipefail
+    if [ "{{ repo }}" == "local" ]; then
+        {{ just }} build {{ variant }} {{ flavor }}
+    fi
+    {{ just }} qcow2 {{ variant }} {{ flavor }} {{ repo }}
+    {{ just }} test-vm {{ variant }} {{ flavor }}
+
+
 iso variant flavor='base' repo='local' hook_script='iso_files/configure_lts_iso_anaconda.sh' flatpaks_file='system_files/etc/ublue-os/system-flatpaks.list':
     #!/usr/bin/env bash
     bash ./scripts/build-titanoboa.sh {{ variant }} {{ flavor }} {{ repo }} {{ hook_script }}

scripts/build-bootc-diskimage.sh

@@ -1,10 +1,12 @@
 #!/bin/bash
+set -euo pipefail
 # This script is merely a wrapper for bootc-image-builder
 
+# Check if running with root privileges
 # Check if running with root privileges
 if [ "$EUID" -ne 0 ]; then
-	echo "Please run as root"
-	exit
+	echo "Elevating privileges with sudo..."
+	exec sudo "$0" "$@"
 fi
 
 # Check if an argument is provided
@@ -53,6 +55,29 @@ else
 name = "centos"
 password = "centos"
 groups = ["wheel"]
+EOF
+
+	# Try to find an SSH key to inject
+	SSH_KEY=""
+	# If running under sudo, finding the real user's home
+	if [ -n "${SUDO_USER:-}" ]; then
+		USER_HOME=$(getent passwd "$SUDO_USER" | cut -d: -f6)
+	else
+		USER_HOME="$HOME"
+	fi
+	
+	if [ -f "$USER_HOME/.ssh/id_ed25519.pub" ]; then
+		SSH_KEY=$(cat "$USER_HOME/.ssh/id_ed25519.pub")
+	elif [ -f "$USER_HOME/.ssh/id_rsa.pub" ]; then
+		SSH_KEY=$(cat "$USER_HOME/.ssh/id_rsa.pub")
+	fi
+
+	if [ -n "$SSH_KEY" ]; then
+		echo "key = \"$SSH_KEY\"" >> "$TMPDIR/$TOML_FILE"
+		echo "Injected SSH key for user centos"
+	fi
+
+	cat <<EOF >>"$TMPDIR/$TOML_FILE"
 
 [[customizations.filesystem]]
 mountpoint = "/"
@@ -65,13 +90,14 @@ cat "$TMPDIR/$TOML_FILE"
 echo ""
 
 echo "Pulling image: $IMAGE_URI"
-sudo podman pull "$IMAGE_URI"
+podman pull "$IMAGE_URI"
 
 # Run the bootc-image-builder command
 echo "Running bootc-image-builder..."
-podman run --rm -it --privileged \
+podman run --rm -it --privileged --pid=host \
 	-v "$TMPDIR/output":/output:z \
 	-v /var/lib/containers/storage:/var/lib/containers/storage \
+	-v /dev:/dev \
 	-v "$TMPDIR/$TOML_FILE":/config.toml \
 	quay.io/centos-bootc/bootc-image-builder:latest \
 	build --type "$TYPE" \
@@ -83,7 +109,18 @@ IMAGE_NAME=$(echo "$IMAGE_URI" | awk -F'/' '{print $NF}' | awk -F':' '{print $1}
 file=$(find "$TMPDIR/output" -type f -name "*.$TYPE")
 if [ -f "$file" ]; then
 	mv "$file" "./${IMAGE_NAME}.$TYPE"
-	chown "$(id -u):$(id -g)" "./${IMAGE_NAME}.$TYPE"
+	
+	# Determine target UID/GID for ownership check
+	# Determine target UID/GID for ownership check
+	if [ -n "${SUDO_UID:-}" ]; then
+		TARGET_UID="$SUDO_UID"
+		TARGET_GID="$SUDO_GID"
+	else
+		TARGET_UID="0"
+		TARGET_GID="0"
+	fi
+	
+	chown "${TARGET_UID}:${TARGET_GID}" "./${IMAGE_NAME}.$TYPE"
 	echo "Image created: ${IMAGE_NAME}.$TYPE"
 else
 	echo "ERROR: Image was not created."

scripts/test-vm.sh

@@ -0,0 +1,112 @@
+#!/bin/bash
+set -euo pipefail
+
+# Usage: ./scripts/test-vm.sh <variant> <flavor>
+# Example: ./scripts/test-vm.sh yellowfin base
+
+if [ "$#" -ne 2 ]; then
+    echo "Usage: $0 <variant> <flavor>"
+    echo "Example: $0 yellowfin base"
+    exit 1
+fi
+
+VARIANT="$1"
+FLAVOR="$2"
+
+# Determine Architecture
+ARCH=$(uname -m)
+if [ "$ARCH" == "arm64" ]; then
+    LIMA_ARCH="aarch64"
+else
+    LIMA_ARCH="x86_64"
+fi
+
+# Construct Image Name
+# Matches logic in build-bootc-diskimage.sh / Justfile
+# Expected: <variant>[-<flavor>].qcow2
+if [ "$FLAVOR" == "base" ]; then
+    IMAGE_FILENAME="${VARIANT}.qcow2"
+    VM_NAME="tuna-${VARIANT}"
+else
+    IMAGE_FILENAME="${VARIANT}-${FLAVOR}.qcow2"
+    VM_NAME="tuna-${VARIANT}-${FLAVOR}"
+fi
+
+IMAGE_PATH="$(pwd)/${IMAGE_FILENAME}"
+
+if [ ! -f "$IMAGE_PATH" ]; then
+    echo "Error: Image not found at $IMAGE_PATH"
+    echo "Please build the image first (e.g., 'just qcow2 $VARIANT $FLAVOR')"
+    exit 1
+fi
+
+if ! command -v limactl &> /dev/null; then
+    echo "Error: limactl is not installed."
+    echo "Please install Lima (https://lima-vm.io/)"
+    exit 1
+fi
+
+echo "--- Preparing Test VM ---"
+echo "VM Name: $VM_NAME"
+echo "Image: $IMAGE_PATH"
+echo "Arch: $LIMA_ARCH"
+
+# Cleanup existing VM
+if limactl list -q | grep -q "^${VM_NAME}$"; then
+    echo "Stopping and deleting existing VM: $VM_NAME"
+    limactl stop -f "$VM_NAME" 2>/dev/null || true
+    limactl delete "$VM_NAME"
+fi
+
+# Generate Config
+TEMPLATE_FILE="tests/lima-template.yaml"
+CONFIG_FILE="$(mktemp)"
+cp "$TEMPLATE_FILE" "$CONFIG_FILE"
+
+# Replace placeholders
+# Use | as delimiter to handle paths with slashes
+sed -i "s|__IMAGE_PATH__|$IMAGE_PATH|g" "$CONFIG_FILE"
+sed -i "s|__ARCH__|$LIMA_ARCH|g" "$CONFIG_FILE"
+
+echo "Starting VM..."
+# Start the VM. We use --tty=false to avoid stealing the terminal if running via just
+limactl start --name="$VM_NAME" --tty=false "$CONFIG_FILE"
+
+echo "VM Started!"
+
+# Get VNC Port
+# Try strictly parsing the JSON stream (redirecting stderr to /dev/null to avoid WARN logs breaking jq)
+VNC_DISPLAY=$(limactl list --json 2>/dev/null | jq -r "select(.name==\"$VM_NAME\") | .video.vnc.display")
+
+# Fallback: check the vncdisplay file directly
+if [ -z "$VNC_DISPLAY" ] || [ "$VNC_DISPLAY" == "null" ]; then
+    VNC_FILE="$HOME/.lima/$VM_NAME/vncdisplay"
+    if [ -f "$VNC_FILE" ]; then
+        VNC_DISPLAY=$(cat "$VNC_FILE")
+    fi
+fi
+
+if [ -n "$VNC_DISPLAY" ] && [ "$VNC_DISPLAY" != "null" ]; then
+    echo "VNC listening at: $VNC_DISPLAY"
+    
+    # Handle the "127.0.0.1:0,to=9" format (extract everything before comma)
+    VNC_DISPLAY=${VNC_DISPLAY%%,*}
+    
+    # Try to open VNC viewer
+    if command -v xdg-open &> /dev/null; then
+        echo "Opening Default VNC Viewer..."
+        xdg-open "vnc://$VNC_DISPLAY" || echo "Failed to open VNC viewer automatically."
+    elif command -v open &> /dev/null; then
+        # macOS
+        echo "Opening Screen Sharing..."
+        open "vnc://$VNC_DISPLAY" || echo "Failed to open VNC viewer automatically."
+    else
+        echo "Could not detect tool to open VNC URI. Please connect manually to $VNC_DISPLAY"
+    fi
+else
+    echo "Could not determine VNC display address."
+fi
+
+echo "---"
+echo "To access shell: limactl shell $VM_NAME"
+echo "To stop: limactl stop $VM_NAME"

tests/lima-template.yaml

@@ -0,0 +1,24 @@
+# Lima configuration for TunaOS Testing
+# This file is a template. The placeholder __IMAGE_PATH__ will be replaced by the test script.
+
+images:
+  # location is the absolute path to the qcow2 image
+  - location: "__IMAGE_PATH__"
+    arch: "__ARCH__"
+
+# Enable VNC
+video:
+  display: "vnc"
+
+# Use the default user 'centos' with password 'centos' (as defined in build-bootc-diskimage.sh)
+# Lima will try to inject its own keys, but since we are booting a pre-built image 
+# without cloud-init (unless we add it), we rely on the baked-in credentials or 
+# if the image has cloud-init enabled, lima can handle it. 
+# Our current bootc build might not have cloud-init fully set up for Lima, 
+# so we might need to rely on the console/VNC or SSH if keys are injected.
+# For now, we assume the user will log in via VNC or SSH if configured.
+
+# SSH Configuration
+# We attempt to rely on standard Lima key injection if cloud-init is present.
+# If not, 'limactl shell' might fail to connect automatically, but the VM will run.
+