Advanced Programming in the UNIX EnvironmentCS631 - APUE - NetBSD VM SetupThis document describes the steps to configure your NetBSD VM for use in this class. Create your VMDepending on your hardware, you may want to follow either of these two documents to create and install your NetBSD VM:
Once you've followed either of these guides and you have a working NetBSD VM, you can then follow the steps outlined below. Set up SSHFirst, verify that ssh(1) to the system works from outside the VM by connecting to the IP address in question. (For your port-forwarded VirtualBox setup, that would be port 2222 on the 127.0.0.1 address; for your bridged UTM setup, that might be an address like 1726.16.1.25). From your host OS: $ ssh jschauma@172.16.1.25 The authenticity of host '172.16.1.25 (172.16.1.25)' can't be established. ED25519 key fingerprint is SHA256:A/UHXG11TA5+zNAxz8XEOMzyF4yxxxct1gUG6Scfjfo. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? Compare against the fingerprint as seen on your VM: apue$ ssh-keygen -l -f /etc/ssh/ssh_host_ed25519.pub 256 SHA256:A/UHXG11TA5+zNAxz8XEOMzyF4yxxxct1gUG6Scfjfo root@apue (ED25519) (Verifying the SSH host key in this context is something we do primarily out of good security hygiene and habit. A MitM attack against 'localhost' on your VM network is... rather unlikely. However, you should get into the habit of verifying host keys when you connect to other systems.) Once you have confirmed that you can log in, let's create an SSH key pair so that you no longer need a password to access the VM. On your parent OS (i.e., outside your VM), run the following command: $ ssh-keygen -t ecdsa -f ~/.ssh/apue Generating public/private ecdsa key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ~/.ssh/apue. Your public key has been saved in ~/.ssh/apue.pub. The key fingerprint is: SHA256:yAEdeNrI+AFbly9ULxlY5xOaKON+IQ2EwP/5Ikyy2DE jschauma@laptop The key's randomart image is: +---[ECDSA 256]---+ |o. .oo.*+ o | | .o.o.B. O . | | .*+Bo.= + | | oo=*oo.. . | | .+.*.S | | .Eo.+ . | |..=o. o | |...o o . | | . . | +----[SHA256]-----+ $ Next, copy the public key to your VM and install it under ~/.ssh/authorized_keys: $ scp ~/.ssh/apue.pub 172.16.1.25: (jschauma@172.16.1.25) Password for jschauma@apue: apue.pub 100% 401 565.1KB/s 00:00 $ ssh 172.16.1.25 (jschauma@172.16.1.25) Password for jschauma@apue: apue$ mkdir ~/.ssh apue$ mv apue.pub ~/.ssh/authorized_keys apue$ exit $ With that in place, you should now be able to ssh to the VM using your key. If you are on macOS, your ssh agent will automatically store the key's passphrase in the login keychain, so after the first time, you won't have to provide it any longer. $ ssh -i ~/.ssh/apue 172.16.1.25 Enter passphrase for key '/Users/jschauma/.ssh/apue': Last login: Thu Jun 2 03:00:58 2022 from 172.16.1.22 NetBSD 9.99.97 (GENERIC64) #0: Wed May 25 15:52:25 UTC 2022 Welcome to NetBSD! apue$ So far, so good: you can ssh to your VM using your ssh key without having to enter a passphrase. But that's a lot of typing just to log in there. Let's save ourselves some work by adding the right lines to our ~/.ssh/config (on the parent OS), then verify that just typing 'ssh apue' works: Enable binary packages using pkginYou may want to set up easy installation of binary packages using pkgin to allow you to install other applications: $ su # export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/9.2/All/" # pkg_add pkgin [ warnings about mismatching OS is ok here: we are using NetBSD-current, so binary compatible with NetBSD-9.2 ] # pkgin install vim # or any other packages you might need Install a trusted certificate bundleIn order to be able to validate e.g., https connections, you will need to install a trusted certificate bundle and link it into place for use with the system tools: $ pkgin -y install mozilla-rootcerts $ su # ln -s /usr/pkg/share/mozilla-rootcerts/cacert.pem /etc/openssl/cert.pem Set up your C development environmentNext, let's set up our C development environment. As discussed in class, _all code *must* be compiled using the '-Wall -Werror' flags. To do this, we first set the CFLAGS environment variable in our shell and then create an alias for the compiler to use these flags. Assuming your user uses /bin/sh as the default shell, you would do this as follows: Next, fetch all the code examples from our lectures and extract them in the VM so you can run the programs as you prepare for class: apue$ ftp https://stevens.netmeister.org/631/apue-code.tar.gz Trying [2001:470:30:84:e276:63ff:fe72:3900]:443 ... Trying 166.84.7.99:443 ... Requesting https://stevens.netmeister.org/631/apue-code.tar.gz 100% |***********************************| 67278 243.74 KiB/s 00:00 ETA 67278 bytes retrieved in 00:00 (243.44 KiB/s) apue$ tar zxf apue-code.tar.gz apue$ rm apue-code.tar.gz apue$ ls apue-code 01 02 03 04 05 06 07 08 09 10 11 12 13 tt apue$ Next, install the NetBSD source code: apue$ ftp https://stevens.netmeister.org/631/fetch-sources.sh [...] apue$ openssl sha256 fetch-sources.sh SHA256(fetch-sources.sh)= ce9a8231bc7d3485ac7f909763006fe6d7ba23b6bd6f8250a718935e1a49f092 apue$ sh fetch-sources.sh Fetching gnusrc... Extracting gnusrc... Fetching sharesrc... Extracting sharesrc... Fetching src... Extracting src... Fetching syssrc... Extracting syssrc... apue$ With all that in place, perhaps continue with our screen(1) or ctags(1) tool tip. [Course Website] |