Advanced Programming in the UNIX Environment

CS631 - APUE - NetBSD VM Setup


This document describes the steps to configure your NetBSD VM for use in this class.

Create your VM

Depending on your hardware, you may want to follow either of these two documents to create and install your NetBSD VM:

  • VirtualBox
  • UTM (needed if you have an Apple computer with an M1 chip)

Once you've followed either of these guides and you have a working NetBSD VM, you can then follow the steps outlined below.

Set up SSH

First, verify that ssh(1) to the system works from outside the VM by connecting to the IP address in question. (For your port-forwarded VirtualBox setup, that would be port 2222 on the 127.0.0.1 address; for your bridged UTM setup, that might be an address like 1726.16.1.25). From your host OS:

$ ssh jschauma@172.16.1.25
The authenticity of host '172.16.1.25 (172.16.1.25)' can't be established.
ED25519 key fingerprint is SHA256:A/UHXG11TA5+zNAxz8XEOMzyF4yxxxct1gUG6Scfjfo.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? 

Compare against the fingerprint as seen on your VM:

apue$ ssh-keygen -l -f /etc/ssh/ssh_host_ed25519.pub
256 SHA256:A/UHXG11TA5+zNAxz8XEOMzyF4yxxxct1gUG6Scfjfo root@apue (ED25519)

(Verifying the SSH host key in this context is something we do primarily out of good security hygiene and habit. A MitM attack against 'localhost' on your VM network is... rather unlikely. However, you should get into the habit of verifying host keys when you connect to other systems.)

Once you have confirmed that you can log in, let's create an SSH key pair so that you no longer need a password to access the VM. On your parent OS (i.e., outside your VM), run the following command:

$ ssh-keygen -t ecdsa -f ~/.ssh/apue
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in ~/.ssh/apue.
Your public key has been saved in ~/.ssh/apue.pub.
The key fingerprint is: SHA256:yAEdeNrI+AFbly9ULxlY5xOaKON+IQ2EwP/5Ikyy2DE jschauma@laptop
The key's randomart image is:
+---[ECDSA 256]---+
|o. .oo.*+ o      |
| .o.o.B. O .     |
|  .*+Bo.= +      |
|  oo=*oo.. .     |
|   .+.*.S        |
| .Eo.+ .         |
|..=o. o          |
|...o o .         |
|    . .          |
+----[SHA256]-----+
$ 

Next, copy the public key to your VM and install it under ~/.ssh/authorized_keys:

$ scp ~/.ssh/apue.pub 172.16.1.25: (jschauma@172.16.1.25) Password for jschauma@apue: apue.pub 100% 401 565.1KB/s 00:00 $ ssh 172.16.1.25 (jschauma@172.16.1.25) Password for jschauma@apue: apue$ mkdir ~/.ssh apue$ mv apue.pub ~/.ssh/authorized_keys apue$ exit $

With that in place, you should now be able to ssh to the VM using your key. If you are on macOS, your ssh agent will automatically store the key's passphrase in the login keychain, so after the first time, you won't have to provide it any longer.

$ ssh -i ~/.ssh/apue 172.16.1.25 Enter passphrase for key '/Users/jschauma/.ssh/apue': Last login: Thu Jun 2 03:00:58 2022 from 172.16.1.22 NetBSD 9.99.97 (GENERIC64) #0: Wed May 25 15:52:25 UTC 2022 Welcome to NetBSD! apue$

So far, so good: you can ssh to your VM using your ssh key without having to enter a passphrase. But that's a lot of typing just to log in there. Let's save ourselves some work by adding the right lines to our ~/.ssh/config (on the parent OS), then verify that just typing 'ssh apue' works:

$ cat >> ~/.ssh/config <<EOF
Host apue
        HostName 172.16.1.25
	# Uncomment the next line if you are not using
	# bridged networking:
	# Port 2222
        IdentityFile ~/.ssh/apue
        User jschauma
EOF
$ ssh apue
Last login: Thu Jun  2 03:02:48 2022 from 172.16.1.22
NetBSD 9.99.97 (GENERIC64) #0: Wed May 25 15:52:25 UTC 2022

Welcome to NetBSD!

apue$ 

Enable binary packages using pkgin

You may want to set up easy installation of binary packages using pkgin to allow you to install other applications:

$ su
# export PKG_PATH="http://cdn.NetBSD.org/pub/pkgsrc/packages/NetBSD/$(uname -p)/9.2/All/"
# pkg_add pkgin
[ warnings about mismatching OS is ok here: we are
using NetBSD-current, so binary compatible with
NetBSD-9.2 ]
# pkgin install vim # or any other packages you might need

Install a trusted certificate bundle

In order to be able to validate e.g., https connections, you will need to install a trusted certificate bundle and link it into place for use with the system tools:

$ pkgin -y install mozilla-rootcerts
$ su
# ln -s /usr/pkg/share/mozilla-rootcerts/cacert.pem /etc/openssl/cert.pem

Set up your C development environment

Next, let's set up our C development environment. As discussed in class, _all code *must* be compiled using the '-Wall -Werror' flags. To do this, we first set the CFLAGS environment variable in our shell and then create an alias for the compiler to use these flags. Assuming your user uses /bin/sh as the default shell, you would do this as follows:

$ ssh apue
apue$ cat >>~/.shrc <<EOF
# APUE compiler flags and alias
export CFLAGS='-Wall -Werror -Wextra'
alias cc='cc \${CFLAGS}'
EOF
$ 

Next, fetch all the code examples from our lectures and extract them in the VM so you can run the programs as you prepare for class:

apue$ ftp https://stevens.netmeister.org/631/apue-code.tar.gz
Trying [2001:470:30:84:e276:63ff:fe72:3900]:443 ...
Trying 166.84.7.99:443 ...
Requesting https://stevens.netmeister.org/631/apue-code.tar.gz
100% |***********************************| 67278 243.74 KiB/s    00:00 ETA
67278 bytes retrieved in 00:00 (243.44 KiB/s)
apue$ tar zxf apue-code.tar.gz
apue$ rm apue-code.tar.gz
apue$ ls apue-code
01 02 03 04 05 06 07 08 09 10 11 12 13 tt
apue$ 

Next, install the NetBSD source code:

apue$ ftp https://stevens.netmeister.org/631/fetch-sources.sh
[...]
apue$ openssl sha256 fetch-sources.sh
SHA256(fetch-sources.sh)= ce9a8231bc7d3485ac7f909763006fe6d7ba23b6bd6f8250a718935e1a49f092 
apue$ sh fetch-sources.sh
Fetching gnusrc...
Extracting gnusrc...
Fetching sharesrc...
Extracting sharesrc...
Fetching src...
Extracting src...
Fetching syssrc...
Extracting syssrc...
apue$ 

With all that in place, perhaps continue with our screen(1) or ctags(1) tool tip.


[Course Website]