Merge branch 'main' into custom-lease-name

Author: bennyz

.devcontainer/Dockerfile

@@ -9,7 +9,5 @@ COPY --from=ghcr.io/astral-sh/uv:latest /uv  /bin/uv
 COPY --from=ghcr.io/astral-sh/uv:latest /uvx /bin/uvx
 COPY ./.python-version ./
 
-RUN uv python pin "$(cat .python-version)"
-
 # Install required tools for development
 RUN apt-get update && apt-get install -y iperf3 libusb-dev

.devcontainer/devcontainer.json

@@ -5,7 +5,7 @@
 		"dockerfile": "Dockerfile"
 	},
 	"postCreateCommand": "make sync",
-	"postStartCommand": "uv run pre-commit install",
+	"postStartCommand": "uv python pin 3.12 && uv run pre-commit install",
 	"remoteUser": "vscode",
 	// Mount USB devices to devcontainer for tests
 	"mounts": [

.github/workflows/documentation.yaml

@@ -42,7 +42,9 @@ jobs:
           version: "latest"
 
       - name: Install Python
-        run: uv python install
+        run: |
+          uv python pin 3.12
+          uv python install
 
       - name: Setup Pages
         id: pages
@@ -80,7 +82,9 @@ jobs:
           version: "latest"
 
       - name: Install Python
-        run: uv python install
+        run: |
+          uv python pin 3.12
+          uv python install
 
       - name: Build the documentation for the current version (no warnings allowed)
         run: make sync && make docs

.python-version

@@ -3,6 +3,17 @@
 [![Matrix](https://img.shields.io/matrix/jumpstarter%3Amatrix.org?color=blue)](https://matrix.to/#/#jumpstarter:matrix.org)
 [![Etherpad](https://img.shields.io/badge/Etherpad-Notes-blue?logo=etherpad)](https://etherpad.jumpstarter.dev/pad-lister)
 [![Community Meeting](https://img.shields.io/badge/Weekly%20Meeting-Google%20Meet-blue?logo=google-meet)](https://meet.google.com/gzd-hhbd-hpu)
+![GitHub Release](https://img.shields.io/github/v/release/jumpstarter-dev/jumpstarter)
+![PyPI - Version](https://img.shields.io/pypi/v/jumpstarter)
+![GitHub Downloads (all assets, all releases)](https://img.shields.io/github/downloads/jumpstarter-dev/jumpstarter/total)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/jumpstarter-dev/jumpstarter)
+
+[![E2E Tests](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/e2e.yaml/badge.svg)](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/e2e.yaml)
+[![Tests](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/pytest.yaml/badge.svg)](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/pytest.yaml)
+[![documentation](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/documentation.yaml/badge.svg)](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/documentation.yaml)<br>
+[![Wheels](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/publish.yaml/badge.svg)](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/publish.yaml)
+[![Flashing bundles](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/build_oci_bundle.yaml/badge.svg)](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/build_oci_bundle.yaml)
+[![Containers](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/build.yaml/badge.svg)](https://github.com/jumpstarter-dev/jumpstarter/actions/workflows/build.yaml)
 
 A free, open source tool for automated testing on real and virtual hardware with
 CI/CD integration. Simplify device automation with consistent rules across local

README.md

@@ -42,6 +42,7 @@ Drivers that provide various communication interfaces:
   Protocol
 * **[TFTP](tftp.md)** (`jumpstarter-driver-tftp`) - Trivial File Transfer
   Protocol
+* **[VNC](vnc.md)** (`jumpstarter-driver-vnc`) - VNC (Virtual Network Computing) remote desktop protocol
 
 ### Storage and Data Drivers
 
@@ -111,5 +112,6 @@ tmt.md
 tftp.md
 uboot.md
 ustreamer.md
+vnc.md
 yepkit.md
 ```

docs/source/reference/package-apis/drivers/index.md

@@ -0,0 +1 @@
+../../../../../packages/jumpstarter-driver-vnc/README.md

docs/source/reference/package-apis/drivers/vnc.md

@@ -20,7 +20,7 @@ def _run_shell_with_lease(lease, exporter_logs, config, command):
     def launch_remote_shell(path: str) -> int:
         return launch_shell(
             path, lease.exporter_name, config.drivers.allow, config.drivers.unsafe,
-            config.shell.use_profiles, command=command
+            config.shell.use_profiles, command=command, lease=lease
         )
 
     with lease.serve_unix() as path:

packages/jumpstarter-cli/jumpstarter_cli/shell.py

@@ -10,7 +10,22 @@
 
 @blocking
 @asynccontextmanager
-async def NovncAdapter(*, client: DriverClient, method: str = "connect"):
+async def NovncAdapter(*, client: DriverClient, method: str = "connect", encrypt: bool = True):
+    """
+    Provide a noVNC URL that proxies a temporary local TCP listener to a remote
+    driver stream via a WebSocket bridge.
+
+    Parameters:
+        client (DriverClient): Client used to open the remote stream that will be
+                               bridged to the local listener.
+        method (str): Name of the async stream method to call on the client (default "connect").
+        encrypt (bool): If True request an encrypted (TLS) vnc connection;
+                        if False request an unencrypted vnc connection.
+
+    Returns:
+        str: The URL to connect to the VNC session.
+    """
+
     async def handler(conn):
         async with conn:
             async with client.stream_async(method) as stream:
@@ -19,13 +34,21 @@ async def handler(conn):
                         pass
 
     async with TemporaryTcpListener(handler) as addr:
+        params = {
+            "encrypt": 1 if encrypt else 0,
+            "autoconnect": 1,
+            "reconnect": 1,
+            "host": addr[0],
+            "port": addr[1],
+        }
+
         yield urlunparse(
             (
                 "https",
                 "novnc.com",
                 "/noVNC/vnc.html",
                 "",
-                urlencode({"autoconnect": 1, "reconnect": 1, "host": addr[0], "port": addr[1]}),
+                urlencode(params),
                 "",
             )
         )

packages/jumpstarter-driver-network/jumpstarter_driver_network/adapters/novnc.py

@@ -0,0 +1,111 @@
+# SSH MITM Driver
+
+`jumpstarter-driver-ssh-mitm` provides a secure SSH proxy layer where private keys
+are stored on the exporter and never transmitted to clients. It is designed to be
+used as a child of `SSHWrapper`.
+
+## Installation
+
+```{code-block} console
+:substitutions:
+$ pip3 install --extra-index-url {{index_url}} jumpstarter-driver-ssh-mitm
+```
+
+## Architecture
+
+```
+SSHWrapper --> SSHMITM --> TcpNetwork --> DUT
+```
+
+- **SSHWrapper**: Handles SSH CLI and command execution
+- **SSHMITM**: Provides authenticated proxy connection (stores the SSH key)
+- **TcpNetwork**: Raw TCP connection to the DUT
+
+## Configuration
+
+The command name is determined by the key in the `export` section. Use `ssh_mitm` to get the `j ssh_mitm` command:
+
+```yaml
+export:
+  ssh_mitm:  # ← This gives you "j ssh_mitm" command
+    type: jumpstarter_driver_ssh.driver.SSHWrapper
+    config:
+      default_username: root
+    children:
+      tcp:
+        type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
+        config:
+          ssh_identity_file: /path/to/private/key
+          default_username: root
+        children:
+          tcp:
+            type: jumpstarter_driver_network.driver.TcpNetwork
+            config:
+              host: 192.168.1.100
+              port: 22
+```
+
+Or with inline key:
+
+```yaml
+export:
+  ssh_mitm:  # ← This gives you "j ssh_mitm" command
+    type: jumpstarter_driver_ssh.driver.SSHWrapper
+    config:
+      default_username: root
+    children:
+      tcp:
+        type: jumpstarter_driver_ssh_mitm.driver.SSHMITM
+        config:
+          default_username: root
+          ssh_identity: |
+            -----BEGIN OPENSSH PRIVATE KEY-----
+            ...
+            -----END OPENSSH PRIVATE KEY-----
+        children:
+          tcp:
+            type: jumpstarter_driver_network.driver.TcpNetwork
+            config:
+              host: 192.168.1.100
+              port: 22
+```
+
+### SSHMITM Config parameters
+
+| Parameter         | Description                              | Type  | Required | Default |
+| ----------------- | ---------------------------------------- | ----- | -------- | ------- |
+| default_username  | SSH username for DUT connection          | str   | no       | ""      |
+| ssh_identity      | SSH private key content (inline)         | str   | no*      | None    |
+| ssh_identity_file | Path to SSH private key file             | str   | no*      | None    |
+
+\* Either `ssh_identity` or `ssh_identity_file` must be provided.
+
+### Required children
+
+- `tcp`: A `TcpNetwork` driver providing target host and port
+
+## Usage
+
+Since SSHMITM is used as a child of SSHWrapper, you use the configured command name (e.g., `ssh_mitm`):
+
+```bash
+# Execute a command
+j ssh_mitm whoami
+
+# Interactive shell
+j ssh_mitm
+
+# With arguments
+j ssh_mitm ls -la /tmp
+
+# With SSH flags
+j ssh_mitm -v hostname
+```
+
+**Note**: The command name (`ssh_mitm`) is determined by the key in your exporter config's `export` section. You can use any name you prefer.
+
+## API Reference
+
+```{eval-rst}
+.. autoclass:: jumpstarter_driver_ssh_mitm.driver.SSHMITM()
+```