Fix ssh option processing, change to-disk to use ssh

[cgwalters]

I got bit badly by the problem that ssh always runs
a remote shell and basically just does the completely
wrong thing if you pass it multiple things
in argv.

While we're here fix things so libvirt and ephemeral
share more code.

Signed-off-by: Colin Walters walters@verbum.org

[gemini-code-assist]

Summary of Changes

Hello @cgwalters, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical issue where the ssh command incorrectly processed multiple arguments when executing remote commands, leading to unexpected behavior. It introduces a shared CommonSshOptions structure to standardize SSH client configuration and implements robust shell escaping for remote commands, ensuring that multi-argument commands are correctly interpreted. This refactoring also promotes code reuse between libvirt and ephemeral SSH functionalities and includes minor documentation updates.

Highlights

• Centralized SSH Option Management: Introduced a CommonSshOptions struct to consolidate and share SSH configuration parameters across different SSH implementations (e.g., libvirt and ephemeral), promoting code reuse and consistency.
• Robust Remote Command Escaping: Implemented a shell_escape_command utility using the shlex crate to correctly handle multiple arguments passed to ssh for remote execution, preventing misinterpretation by the remote shell.
• Refactored libvirt SSH Integration: Updated the libvirt SSH command builder to leverage the new CommonSshOptions and the improved command argument escaping logic, addressing issues with ssh always running a remote shell and misinterpreting multiple arguments.
• Documentation Updates: Removed the --connect option from several bcvk-libvirt man pages, streamlining the command-line interface.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request effectively addresses a critical issue with how command arguments are passed to SSH by introducing proper shell escaping. The refactoring to create a shared CommonSshOptions is also a great improvement for maintainability and consistency. My review includes a couple of suggestions to further enhance these changes: one to improve the flexibility of the new libvirt SSH options, and another to strengthen the tests for the new shell escaping logic.

[cgwalters]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a critical fix for handling multi-argument commands over SSH by correctly shell-escaping them. The refactoring to centralize common SSH options into a shared struct is a great improvement for code reuse and maintainability. The changes in to-disk to use a detached VM with an SSH-based installation process also appear more robust. I've identified a couple of high-severity issues regarding potential panics on user input and a shell injection vulnerability, along with a medium-severity suggestion to strengthen the new tests. Overall, these are excellent changes that significantly improve the correctness and structure of the SSH handling.

[jmarrero]

lgtm