Add support for incremental install of packages

This commit is contained in:
adisbladis 2020-05-04 08:43:34 +01:00 committed by Stephan Maka
parent 7b4cd0b944
commit 28da250925
3 changed files with 140 additions and 5 deletions

View File

@ -14,7 +14,7 @@
, timeZone ? "UTC"
, services ? {}
, impureShellCommands ? []
, driveLetter ? "F:"
, driveLetter ? "E:"
, ...

View File

@ -42,6 +42,26 @@ win.makeWindowsImage {
# Auto login
defaultUser = "artiq";
# Imperative installation commands, to be installed incrementally
installCommands = [
name = "Anaconda3";
script = let
Anaconda3 = pkgs.fetchurl {
name = "Anaconda3.exe";
url = "";
sha256 = "1f9icm5rwab6l1f23a70dw0qixzrl62wbglimip82h4zhxlh3jfj";
in ''
cp ${Anaconda3} ./Anaconda3.exe
win put Anaconda3.exe 'C:\Users\artiq'
win exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3'
# services = {
# # Enable remote management
# WinRm = {

View File

@ -7,6 +7,8 @@
, packages ? []
, impureMode ? false
, baseRtc ? "2020-04-20T14:21:42"
, installCommands ? []
, users ? {}
, ...
@ -103,6 +105,7 @@ let
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
# Install optional windows features
cp ${openSshServerPackage} pkgs/fod/
# SSH setup script goes here because windows XML parser sucks
@ -131,6 +134,10 @@ let
# "-cdrom" "${fodIso}"
# Set the base clock inside the VM
"-rtc base=${baseRtc}"
# Always enable SSH port forward
# It's not really required for the initial setup but we do it here anyway
"-netdev user,id=n1,net=,restrict=off,hostfwd=tcp::2022-:22"
"-device e1000,netdev=n1"
] ++ lib.optional (!impureMode) "-nographic" ++ extraFlags;
installScript = pkgs.writeScript "windows-install-script" (
@ -179,8 +186,116 @@ let
if impureMode then installScript else pkgs.runCommandNoCC "windows.img" {} ''
baseImage = pkgs.runCommandNoCC "windows.img" {} ''
mv c.img $out
# Use Paramiko instead of OpenSSH
# OpenSSH goes out of it's way to make password logins hard
# and Windows goes out of it's way to make key authentication hard
# so we're in a pretty tough spot
# Luckily the usage patterns are quite simple and easy to reimplement with paramiko
paramikoClient = pkgs.writeScriptBin "win" ''
#!${pkgs.python3.withPackages(ps: [ ps.paramiko ])}/bin/python
import paramiko
import os.path
import sys
def w_join(*args):
# Like os.path.join but for windows paths
return "\\".join(args)
if __name__ == '__main__':
client = paramiko.SSHClient()
cmd = sys.argv[1]
client.connect(hostname="", port=2022, username="artiq", password="${users.artiq.password}", timeout=1)
if cmd == "put":
sftp = client.open_sftp()
src = sys.argv[2]
dst = sys.argv[3]
sftp.put(src, w_join(dst, os.path.basename(src)))
elif cmd == "exec":
_, stdout, stderr = client.exec_command(sys.argv[2])
raise ValueError(f"Unhandled command: {cmd}")
except (EOFError, paramiko.ssh_exception.SSHException):
finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "${}.img" {
buildInputs = [
} (let
script = pkgs.writeScript "${}-script" v.script;
qemuParams = mkQemuFlags [
# Output image
in ''
export HOME=$(mktemp -d)
# Create an image referencing the previous image in the chain
qemu-img create -f qcow2 -b ${acc} c.img
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
# If the machine is not up within 10 minutes it's likely never coming up
# Wait for VM to be accessible
sleep 20
echo "Waiting for SSH"
while true; do
if test "$timeout" -eq 0; then
echo "SSH connection timed out"
exit 1
output=$(win exec 'echo Ran command' || echo "")
if test "$output" = "Ran command"; then
echo "Retrying in 1 second, timing out in $timeout seconds"
sleep 1
echo "Executing user script to build layer"
win exec 'shutdown /s'
mv c.img $out
'')) baseImage installCommands;
# impureMode is meant for debugging the base image, not the full incremental build process
if !(impureMode) then finalImage else assert installCommands == []; installScript