start container with iroh ssh compatibility

Author: Panaetius

.github/workflows/release.yaml

@@ -22,6 +22,13 @@ jobs:
             name: coman-Linux-x86_64-musl.tar.gz
             cargo_command: cargo
 
+          - os_name: Linux-aarch64
+            os: ubuntu-latest
+            target: aarch64-unknown-linux-musl
+            bin: coman
+            name: coman-Linux-aarch64-musl.tar.gz
+            cargo_command: cargo
+
           - os_name: Windows-aarch64
             os: windows-latest
             target: aarch64-pc-windows-msvc
@@ -47,7 +54,7 @@ jobs:
       - name: Install oas3-gen
         run: cargo install oas3-gen@0.21.1
       - name: Install build dependencies on Linux
-        run: sudo apt-get update --yes && sudo apt-get install --yes musl-tools openssl libssl-dev
+        run: sudo apt-get update --yes && sudo apt-get install --yes musl-tools openssl libssl-dev squashfs-tools
         if: contains(matrix.platform.os, 'ubuntu')
       - name: Build binary (*nix)
         shell: bash
@@ -76,6 +83,9 @@ jobs:
           else
             tar czvf ../../../${{ matrix.platform.name }} ${{ matrix.platform.bin }}
           fi
+          if [[ "${{ matrix.platform.os }}" == "ubuntu-latest" ]]; then
+            mksquashfs coman coman_${{matrix.platform.os_name}}.sqsh
+          fi
           cd -
       - name: Publish GitHub release
         uses: softprops/action-gh-release@v1

Cargo.lock

@@ -41,6 +41,11 @@ workdir = "{{container_workdir}}"
 {% for key, value in env %}
 {{key}} = "{{value}}"
 {% endfor %}
+
+[annotations]
+com.hooks.ssh.enabled = "true"
+com.hooks.ssh.authorize_ssh_key = "{{ remote_ssh_key_path}}"
+com.hooks.ssh.port = 15263
 """
 
 # set environment variables that should be passed to a job

coman/.config/config.toml

@@ -78,6 +78,7 @@ pid1 = "0.1.5"
 rust_supervisor = "0.2.0"
 iroh-ssh = "0.2.7"
 whoami = "1.6.1"
+base64 = "0.22.1"
 
 [build-dependencies]
 anyhow = "1.0.90"

coman/Cargo.toml

@@ -1,5 +1,6 @@
 use std::{error::Error, path::PathBuf, thread, time::Duration};
 
+use base64::prelude::*;
 use clap::{Args, Command, Parser, Subcommand, ValueHint, builder::TypedValueParser};
 use clap_complete::{Generator, Shell, generate};
 use color_eyre::Result;
@@ -401,6 +402,20 @@ pub(crate) async fn cli_exec_command(command: Vec<String>) -> Result<()> {
             // Call the asynchronous connect method using the runtime.
             rt.block_on(async move {
                 let mut builder = IrohSsh::builder().accept_incoming(true).accept_port(22);
+                if let Ok(secret) = std::env::var("COMAN_IROH_SECRET") {
+                    let secret_key = BASE64_STANDARD.decode(secret).unwrap();
+                    let secret_key: &[u8; 32] = secret_key[0..32].try_into().unwrap();
+                    builder = builder.secret_key(secret_key);
+                    //TODO: for this feature:
+                    // - upload an ssh key and template to the ssh hook
+                    // - upload coman squash and mount to container
+                    // - use coman as entrypoint for container command (also add -pty to start command)
+                    // - generate secret key on client, set as env var on container
+                    // - wait for connection to endpoint to be available?
+                    // - drop into a local shell once connection is established?
+                    // - add connection to ssh config so it can be picked up by vscode et al?
+                }
+
                 let server = builder.build().await.expect("couldn't create iroh server");
                 println!("{}@{}", whoami::username(), server.node_id());
                 loop {