Builds a full dev workstation from a bare Arch Linux install. https://git.cjennings.net/archsetup/atom?h=main 2026-06-25T07:39:10+00:00 2026-06-25T07:39:10+00:00 Craig Jennings c@cjennings.net 2026-06-25T07:39:10+00:00 urn:sha1:ce83e4aac50055bdb7926fca1448a9864d122715 run-test.sh no longer runs the shell run_all_validations sweep; the Testinfra pytest sweep now drives the run's pass/fail. run_testinfra_validation returns pytest's exit code (and treats "could not run" as a failure, not a silent pass), surfaces the pass/skip/fail counts through the shared VALIDATION_* counters, and parses the attribution file so generate_issue_report still buckets failures into archsetup / base_install / unknown. The shell-sweep functions stay in validation.sh for now because run-test-baremetal.sh still calls them; removing them (after migrating the bare-metal runner) is filed as a follow-up. 2026-06-25T05:24:33+00:00 Craig Jennings c@cjennings.net 2026-06-25T05:24:33+00:00 urn:sha1:f50fc1def85c1dbbb0ec781be4071b7ec9285785 The VM test SSHes into the guest as root with a password for the whole run. archsetup hardens sshd to PermitRootLogin prohibit-password and reloads it partway through the install, so every SSH after that step failed with "Permission denied" and the run aborted before any validation — make test had been silently broken since the hardening landed. inject_root_key authorizes a throwaway root key right after the first SSH (before archsetup runs) and the ssh/scp helpers now add -i <key> via SSH_KEY_OPT. prohibit-password still allows root key auth, so the harness survives the very hardening it validates. Password stays as the fallback, so the change is additive. 2026-06-25T04:54:53+00:00 Craig Jennings c@cjennings.net 2026-06-25T04:54:53+00:00 urn:sha1:99a26d7de23bbfc757957c08e47606c3690df4cb Stand up the Testinfra/pytest harness alongside the existing shell sweep so the two can be compared for parity before pytest takes over. Adds scripts/testing/tests/ (conftest with failure attribution markers, a report hook, and a target_user fixture, plus three parity checks: user, ufw, dotfiles) and scripts/testing/lib/testinfra.sh, which injects a throwaway SSH key into the VM and runs pytest over SSH. The sweep is advisory here (RUN_TESTINFRA toggle, non-fatal) and does not yet affect pass/fail. Pulls python-pytest and python-pytest-testinfra into make deps. Verified on the host: py_compile clean, pytest --collect-only green, bash -n and shellcheck clean. The sweep running against a real VM is verified by the next make test run.