libssh2 cannot handle all OpenSSH private key formats (e.g. passphrase-
protected or newer ed25519 keys), causing auth failures. Instead of
referencing the user's ~/.ssh keys, generate a fresh Ed25519 keypair at
resolve time when the VMFile omits ssh-key and private-key. The public
key is injected into cloud-init and the private PEM is persisted to the
VM's work directory so that provision, reload, and ssh commands can
reuse it.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
VMFile.kdl defines the omnios-builder VM with cloud-init, SSH config,
and a 3-stage provision pipeline (bootstrap packages + Rust, upload
forger source tarball, build and install forger). Makefile provides
convenience targets wrapping vmctl commands. pack-forger.sh creates a
minimal tarball of just the forger + spec-parser crates and image specs
from refraction-forger for upload to the VM.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
