fix: e2e test harness CI

.github/workflows/e2e-test.yml

@@ -51,6 +51,15 @@ jobs:
         uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ env.RUST_VERSION }}
+          targets: x86_64-unknown-linux-gnu
+
+      - name: Install Zig
+        uses: mlugg/setup-zig@v1
+        with:
+          version: 0.13.0
+
+      - name: Install cargo-zigbuild
+        run: cargo install --locked cargo-zigbuild
 
       - name: Install system dependencies
         run: |
@@ -95,13 +104,21 @@ jobs:
       - name: Build wireguard-go
         run: ./wireguard/build-wireguard-go.sh
 
-      - name: Build nym-vpnc and nym-vpnd
-        run: cargo build --release -p nym-vpnc -p nym-vpnd
+      - name: Build nym-vpnc, nym-vpnd and nym-socks5-proxy
+        env:
+          CFLAGS_x86_64_unknown_linux_gnu: -I/usr/include/x86_64-linux-gnu
+          BINDGEN_EXTRA_CLANG_ARGS_x86_64_unknown_linux_gnu: -I/usr/include/x86_64-linux-gnu
+          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: -L /usr/lib/x86_64-linux-gnu
+        run: cargo zigbuild --release --target x86_64-unknown-linux-gnu.2.36 -p nym-vpnc -p nym-vpnd -p nym-socks5-proxy
         working-directory: nym-vpn-core
 
       - name: Build test-manager, test-runner
+        env:
+          CFLAGS_x86_64_unknown_linux_gnu: -I/usr/include/x86_64-linux-gnu
+          BINDGEN_EXTRA_CLANG_ARGS_x86_64_unknown_linux_gnu: -I/usr/include/x86_64-linux-gnu
+          CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUSTFLAGS: -L /usr/lib/x86_64-linux-gnu
         run: |
-          cargo build --release \
+          cargo zigbuild --release --target x86_64-unknown-linux-gnu.2.36 \
             -p test-manager -p test-runner
         working-directory: ${{ env.TEST_CRATE_DIR }}
 
@@ -135,10 +152,11 @@ jobs:
       - name: Collect binaries
         run: |
           mkdir -p /tmp/dist
-          cp nym-vpn-core/target/release/nym-vpnc /tmp/dist/
-          cp nym-vpn-core/target/release/nym-vpnd /tmp/dist/
-          cp nym-vpn-core/target/release/test-manager /tmp/dist/
-          cp nym-vpn-core/target/release/test-runner /tmp/dist/
+          cp nym-vpn-core/target/x86_64-unknown-linux-gnu/release/nym-vpnc /tmp/dist/
+          cp nym-vpn-core/target/x86_64-unknown-linux-gnu/release/nym-vpnd /tmp/dist/
+          cp nym-vpn-core/target/x86_64-unknown-linux-gnu/release/nym-socks5-proxy /tmp/dist/
+          cp nym-vpn-core/target/x86_64-unknown-linux-gnu/release/test-manager /tmp/dist/
+          cp nym-vpn-core/target/x86_64-unknown-linux-gnu/release/test-runner /tmp/dist/
 
       - name: Upload binaries
         uses: actions/upload-artifact@v7

nym-vpn-core/crates/test/test-manager/src/tests/config_nym.rs

@@ -14,6 +14,21 @@ pub const BOOTSTRAP_SCRIPT: &[u8] = include_bytes!(concat!(
     "ssh-setup.sh"
 ));
 
+/// Blocking scripts executed inside the guest VM during circumvention tests. Baked into the
+/// binary so the test-manager has no filesystem dependency on the source tree at runtime.
+pub const IP_BLOCK_SCRIPT: &[u8] = include_bytes!(concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/../scripts/blocking/ip_block.sh"
+));
+pub const SNI_BLOCK_SCRIPT: &[u8] = include_bytes!(concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/../scripts/blocking/sni_block.sh"
+));
+pub const DELAYED_IP_BLOCK_SCRIPT: &[u8] = include_bytes!(concat!(
+    env!("CARGO_MANIFEST_DIR"),
+    "/../scripts/blocking/delayed_ip_block.sh"
+));
+
 /// Constants that are accessible from each test via `TEST_CONFIG`.
 /// The constants must be initialized before running any tests using `TEST_CONFIG.init()`.
 #[derive(Debug, Clone)]

nym-vpn-core/crates/test/test-manager/src/vm/provision.rs

@@ -4,7 +4,9 @@
 
 use crate::{
     config::{OsType, Provisioner, VmConfig},
-    tests::config_nym::BOOTSTRAP_SCRIPT,
+    tests::config_nym::{
+        BOOTSTRAP_SCRIPT, DELAYED_IP_BLOCK_SCRIPT, IP_BLOCK_SCRIPT, SNI_BLOCK_SCRIPT,
+    },
 };
 use anyhow::{Context, Result, bail};
 use ssh2::{File, Session};
@@ -150,17 +152,19 @@ fn blocking_ssh(
     ssh_send_file_with_opts(&session, &source, temp_dir, FileOpts { executable: true })
         .with_context(|| format!("Failed to send '{source:?}' to remote"))?;
 
-    // Transfer blocking scripts
+    // Transfer blocking scripts. Their contents are baked into this binary via include_bytes!,
+    // so we write them to the guest directly rather than reading them off the host filesystem.
     if matches!(os_type, OsType::Linux | OsType::Macos) {
-        let blocking_scripts_dir =
-            Path::new(concat!(env!("CARGO_MANIFEST_DIR"), "/../scripts/blocking"));
-        let scripts = ["ip_block.sh", "sni_block.sh", "delayed_ip_block.sh"];
-
-        for script in &scripts {
-            let source = blocking_scripts_dir.join(script);
-            log::debug!("Source: {}", source.display());
-            ssh_send_file_with_opts(&session, &source, temp_dir, FileOpts { executable: true })
-                .with_context(|| format!("Failed to send blocking script '{script}' to remote"))?;
+        let scripts: [(&str, &[u8]); 3] = [
+            ("ip_block.sh", IP_BLOCK_SCRIPT),
+            ("sni_block.sh", SNI_BLOCK_SCRIPT),
+            ("delayed_ip_block.sh", DELAYED_IP_BLOCK_SCRIPT),
+        ];
+
+        for (name, content) in &scripts {
+            let dest = temp_dir.join(name);
+            ssh_write_with_opts(&session, &dest, *content, FileOpts { executable: true })
+                .with_context(|| format!("Failed to send blocking script '{name}' to remote"))?;
         }
     }