add debug output via tesseract

2022-10-14 03:48:16 +02:00
8 changed files with 70 additions and 98 deletions
--- a/flake.lock
+++ b/flake.lock
@ -2,16 +2,16 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1685004253,
-        "narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
-        "owner": "NixOS",
+        "lastModified": 1665449268,
+        "narHash": "sha256-cw4xrQIAZUyJGj58Dp5VLICI0rscd+uap83afiFzlcA=",
+        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
+        "rev": "285e77efe87df64105ec14b204de6636fb0a7a27",
        "type": "github"
      },
      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-23.05",
+        "owner": "nixos",
+        "ref": "nixos-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
--- a/flake.nix
+++ b/flake.nix
@ -2,7 +2,7 @@
  description = "WFVM: Windows Functional Virtual Machine";

  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
  };

  outputs = { self, nixpkgs }:
@ -12,26 +12,13 @@

      pkgs = nixpkgs.legacyPackages.${system};

-    in rec {
+    in {
      lib = import ./wfvm {
        inherit pkgs;
      };

-      packages.${system} = rec {
-        demoImage = import ./wfvm/demo-image.nix {
-          inherit self;
-        };
-
-        default = lib.utils.wfvm-run {
-          name = "demo";
-          image = demoImage;
-          script =
-            ''
-            echo "Windows booted. Press Enter to terminate VM."
-            read
-            '';
-          display = true;
-        };
+      packages.${system}.demoImage = import ./wfvm/demo-image.nix {
+        inherit self;
      };
    };
 }
--- a/wfvm/autounattend.nix
+++ b/wfvm/autounattend.nix
@ -15,8 +15,7 @@
 , impureShellCommands ? []
 , driveLetter ? "D:"
 , efi ? true
-, imageSelection ? "Windows 11 Pro N"
-, enableTpm
+, imageSelection ? "Windows 10 Pro"
 , ...
 }:

@ -59,16 +58,18 @@ let
  assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;

  commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
-    [ {
-      Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
-      Description = "Allow unsigned powershell scripts.";
-    } {
-      Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
-      Description = "Install any declared packages.";
-    } {
-      Path = "net accounts /maxpwage:unlimited";
-      Description = "Disable forced password expiry.";
-    } ]
+    [
+      {
+        Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
+        Description = "Allow unsigned powershell scripts.";
+      }
+    ]
+    ++ [
+      {
+        Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
+        Description = "Install any declared packages.";
+      }
+    ]
    ++ setupCommands
    ++ [
      {
@ -147,14 +148,6 @@ let
          </DriverPaths>
        </component>
        <component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-          ${lib.optionalString (!enableTpm) ''
-            <RunSynchronous>
-              <RunSynchronousCommand wcm:action="add">
-                <Order>1</Order>
-                <Path>reg add HKLM\System\Setup\LabConfig /v BypassTPMCheck /t reg_dword /d 0x00000001 /f</Path>
-              </RunSynchronousCommand>
-            </RunSynchronous>
-          ''}

          <DiskConfiguration>
            <Disk wcm:action="add">
@ -206,7 +199,6 @@ let
                <PartitionID>3</PartitionID>
              </InstallTo>
              <InstallFrom>
-                <Path>\install.swm</Path>
                <MetaData wcm:action="add">
                  <Key>/IMAGE/NAME</Key>
                  <Value>${imageSelection}</Value>
@ -217,7 +209,7 @@ let

          <UserData>
            <ProductKey>
-              ${if productKey != null then "<Key>${productKey}</Key>" else "<Key/>"}
+              ${if productKey != null then "<Key>${productKey}</Key>" else ""}
              <WillShowUI>OnError</WillShowUI>
            </ProductKey>
            <AcceptEula>true</AcceptEula>
@ -307,7 +299,7 @@ let
        </component>
      </settings>

-       <cpi:offlineImage cpi:source="wim:c:/wim/windows-11/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
+       <cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#${imageSelection}" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
    </unattend>
  '';

--- a/wfvm/default.nix
+++ b/wfvm/default.nix
@ -2,6 +2,6 @@

 {
  makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs);
-  layers = import ./layers { inherit pkgs; };
-  utils = import ./utils.nix { inherit pkgs; };
+  layers = (import ./layers { inherit pkgs; });
+  utils = (import ./utils.nix { inherit pkgs; });
 }
--- a/wfvm/demo-image.nix
+++ b/wfvm/demo-image.nix
@ -19,9 +19,9 @@ wfvm.makeWindowsImage {

  # Custom base iso
  # windowsImage = pkgs.requireFile rec {
-  #   name = "Win11_22H2_English_x64v1.iso";
-  #   sha256 = "08mbppsm1naf73z8fjyqkf975nbls7xj9n4fq0yp802dv1rz3whd";
-  #   message = "Get disk image ${name} from https://www.microsoft.com/en-us/software-download/windows11/";
+  #   name = "Win10_21H1_English_x64.iso";
+  #   sha256 = "1sl51lnx4r6ckh5fii7m2hi15zh8fh7cf7rjgjq9kacg8hwyh4b9";
+  #   message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
  # };

  # impureShellCommands = [
@ -57,7 +57,7 @@ wfvm.makeWindowsImage {
        disable-autolock
        disable-firewall
      ])
-      anaconda3 msys2
+      anaconda3 msys2 msvc msvc-ide-unbreak
    ];

  # services = {
@ -70,7 +70,7 @@ wfvm.makeWindowsImage {

  # License key (required)
  # productKey = throw "Search the f* web"
-  imageSelection = "Windows 11 Pro N";
+  imageSelection = "Windows 10 Pro";


  # Locales
--- a/wfvm/layers/default.nix
+++ b/wfvm/layers/default.nix
@ -72,7 +72,7 @@ in
      bootstrapper = pkgs.fetchurl {
        name = "RESTRICTDIST-vs_Community.exe";
        url = "https://aka.ms/vs/16/release/vs_community.exe";
-        sha256 = "sha256-l4ZKFZTgHf3BmD0eFWyGwsvb4lqB/LiQYizAABOs3gg=";
+        sha256 = "sha256-4X8NhdcNyfHkN6eKkNz8Unvv49wRZE4CQ1vf6P1R2ic=";
      };
      # This touchy-feely "community" piece of trash seems deliberately crafted to break Wine, so we use the VM to run it.
      download-vs = wfvm.utils.wfvm-run {
@ -93,7 +93,7 @@ in

        outputHashAlgo = "sha256";
        outputHashMode = "recursive";
-        outputHash = "sha256-GoOKzln8DXVMx52jWGEjwkOFkpSW+wEffAVmBVugIyk=";
+        outputHash = "0ic3jvslp2y9v8yv9mfr2mafkvj2q5frmcyhmlbxj71si1x3kpag";

        phases = [ "buildPhase" ];
        buildInputs = [ download-vs ];
--- a/wfvm/utils.nix
+++ b/wfvm/utils.nix
@ -1,45 +1,23 @@
-{ pkgs
-, baseRtc ? "2022-10-10T10:10:10"
-, cores ? "4"
-, qemuMem ? "4G"
-, efi ? true
-, enableTpm ? false
-, ...
-}:
+{ pkgs, baseRtc ? "2022-10-10T10:10:10", cores ? "4", qemuMem ? "4G", efi ? true }:

 rec {
  # qemu_test is a smaller closure only building for a single system arch
  qemu = pkgs.qemu;

-  OVMF = pkgs.OVMF.override {
-    secureBoot = true;
-  };
-
  mkQemuFlags = extraFlags: [
    "-enable-kvm"
    "-cpu host"
    "-smp ${cores}"
    "-m ${qemuMem}"
-    "-M q35,smm=on"
+    "-M q35"
    "-vga qxl"
    "-rtc base=${baseRtc}"
    "-device qemu-xhci"
    "-device virtio-net-pci,netdev=n1"
  ] ++ pkgs.lib.optionals efi [
-    "-bios ${OVMF.fd}/FV/OVMF.fd"
-  ] ++ pkgs.lib.optionals enableTpm [
-    "-chardev" "socket,id=chrtpm,path=tpm.sock"
-    "-tpmdev" "emulator,id=tpm0,chardev=chrtpm"
-    "-device" "tpm-tis,tpmdev=tpm0"
+    "-bios ${pkgs.OVMF.fd}/FV/OVMF.fd"
  ] ++ extraFlags;

-  tpmStartCommands = pkgs.lib.optionalString enableTpm ''
-    mkdir -p tpmstate
-    ${pkgs.swtpm}/bin/swtpm socket \
-      --tpmstate dir=tpmstate \
-      --ctrl type=unixio,path=tpm.sock &
-  '';
-
  # Pass empty config file to prevent ssh from failing to create ~/.ssh
  sshOpts = "-F /dev/null -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o LogLevel=ERROR -o ConnectTimeout=1";
  win-exec = pkgs.writeShellScriptBin "win-exec" ''
@ -58,6 +36,7 @@ rec {
    # Wait for VM to be accessible
    sleep 20
    echo "Waiting for SSH..."
+    TEXT=""
    while true; do
      if test "$timeout" -eq 0; then
        echo "SSH connection timed out"
@ -69,6 +48,13 @@ rec {
        break
      fi

+      ${pkgs.vncdo}/bin/vncdo rcapture cap.png 0 0 1024 768
+      ${pkgs.imagemagick}/bin/mogrify -density 70x70 -units PixelsPerInch cap.png
+      NEW_TEXT="$(${pkgs.tesseract}/bin/tesseract cap.png stdout)"
+      if [ "$TEXT" != "$NEW_TEXT" ]; then
+        echo "$NEW_TEXT"
+        TEXT="$NEW_TEXT"
+      fi
      echo "Retrying in 1 second, timing out in $timeout seconds"

      ((timeout=$timeout-1))
@ -107,7 +93,7 @@ rec {
        (map ({ listenAddr, targetAddr, port }:
          ",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${pkgs.socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}"
        ) forwardedPorts);
-      qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-display none" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [
+      qemuParams = mkQemuFlags (pkgs.lib.optional (!display) "-vnc 127.0.0.1:0" ++ pkgs.lib.optional (!fakeRtc) "-rtc base=localtime" ++ [
        "-drive"
        "file=${image},index=0,media=disk,cache=unsafe"
        "-snapshot"
@ -115,7 +101,6 @@ rec {
      ]);
    in pkgs.writeShellScriptBin "wfvm-run-${name}" ''
      set -e -m
-      ${tpmStartCommands}
      ${qemu}/bin/qemu-system-x86_64 ${pkgs.lib.concatStringsSep " " qemuParams} &

      ${win-wait}/bin/win-wait
--- a/wfvm/win.nix
+++ b/wfvm/win.nix
@ -5,16 +5,15 @@
 , impureMode ? false
 , installCommands ? []
 , users ? {}
-, enableTpm ? true
 # autounattend always installs index 1, so this default is backward-compatible
-, imageSelection ? "Windows 11 Pro N"
+, imageSelection ? "Windows 10 Pro"
 , efi ? true
 , ...
 }@attrs:

 let
  lib = pkgs.lib;
-  utils = import ./utils.nix ({ inherit pkgs efi enableTpm; } // attrs);
+  utils = import ./utils.nix { inherit pkgs efi; };
  inherit (pkgs) guestfs-tools;

  # p7zip on >20.03 has known vulns but we have no better option
@ -37,14 +36,15 @@ let
  );

  windowsIso = if windowsImage != null then windowsImage else pkgs.requireFile rec {
-    name = "Win11_22H2_English_x64v2.iso";
-    sha256 = "0xhhxy47yaf1jsfmskym5f65hljw8q0aqs70my86m402i6dsjnc0";
-    message = "Get disk image ${name} from https://www.microsoft.com/en-us/software-download/windows11/";
+    name = "Win10_21H2_English_x64.iso";
+    sha256 = "0kr3m0bjy086whcbssagsshdxj6lffcz7wmvbh50zhrkxgq3hrbz";
+    message = "Get ${name} from https://www.microsoft.com/en-us/software-download/windows10ISO";
  };

+  # stable as of 2021-04-08
  virtioWinIso = pkgs.fetchurl {
-    url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.229-1/virtio-win.iso";
-    sha256 = "1q5vrcd70kya4nhlbpxmj7mwmwra1hm3x7w8rzkawpk06kg0v2n8";
+    url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.185-2/virtio-win-0.1.185.iso";
+    sha256 = "11n3kjyawiwacmi3jmfmn311g9xvfn6m0ccdwnjxw1brzb4kqaxg";
  };

  openSshServerPackage = pkgs.fetchurl {
@ -54,7 +54,7 @@ let

  autounattend = import ./autounattend.nix (
    attrs // {
-      inherit pkgs enableTpm;
+      inherit pkgs;
      users = users // {
        wfvm = {
          password = "1234";
@ -88,7 +88,7 @@ let

  installScript = pkgs.writeScript "windows-install-script" (
    let
-      qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-display none" ++ [
+      qemuParams = utils.mkQemuFlags (lib.optional (!impureMode) "-vnc 127.0.0.1:0" ++ [
        # "CD" drive with bootstrap pkgs
        "-drive"
        "id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on"
@ -108,7 +108,7 @@ let
    in
      ''
        #!${pkgs.runtimeShell}
-        set -euxo pipefail
+        set -euo pipefail
        export PATH=${lib.makeBinPath [ p7zip utils.qemu guestfs-tools pkgs.wimlib ]}:$PATH

        # Create a bootable "USB" image
@ -132,11 +132,21 @@ let
        ''}
        rm -rf win

-        ${utils.tpmStartCommands}
-
        # Qemu requires files to be rw
        qemu-img create -f qcow2 c.img ${diskImageSize}
-        qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
+        qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
+
+        TEXT=""
+        while [ -n "$(jobs)" ]; do
+          ${pkgs.vncdo}/bin/vncdo rcapture cap.png 0 0 1024 768
+          ${pkgs.imagemagick}/bin/mogrify -density 70x70 -units PixelsPerInch cap.png
+          NEW_TEXT="$(${pkgs.tesseract5}/bin/tesseract cap.png stdout)"
+          if [ "$TEXT" != "$NEW_TEXT" ]; then
+            echo "$NEW_TEXT"
+            TEXT="$NEW_TEXT"
+          fi
+          sleep 1
+        done
      ''
  );

@ -161,8 +171,6 @@ let

  in ''
    set -x
-    ${utils.tpmStartCommands}
-
    # Create an image referencing the previous image in the chain
    qemu-img create -F qcow2 -f qcow2 -b ${acc} c.img