stevefan1999
/
nix-scripts
forked from M-Labs/nix-scripts
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add wfvm

This commit is contained in:
Sebastien Bourdeauducq 2020-06-11 16:22:35 +08:00
parent b6c186b632
commit 40e8cc8407
16 changed files with 1250 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
artiq-fast/wfvm/README.md Normal file
View File

@ -0,0 +1,26 @@
# Preparation steps
## Install a Windows image
1. Adjust build.nix accordingly
2. Run:
If in impure mode
```shell
nix-build build.nix
./result
```
Results in a file called c.img
If in pure mode
```shell
nix-build build.nix
ls -la ./result
```
Results in a symlink to the image in the nix store
# Impure/pure mode
Sometimes it can be useful to build the image _outside_ of the Nix sandbox for debugging purposes.
For this purpose we have an attribute called `impureMode` which outputs the shell script used by Nix inside the sandbox to build the image.

318
artiq-fast/wfvm/autounattend.nix Normal file
View File

@ -0,0 +1,318 @@
{ pkgs
, lib ? pkgs.lib
, fullName
, organization
, administratorPassword
, uiLanguage ? "en-US"
, inputLocale ? "en-US"
, userLocale ? "en-US"
, systemLocale ? "en-US"
, users ? {}
, productKey ? null
, defaultUser ? null
, setupCommands ? []
, timeZone ? "UTC"
, services ? {}
, impureShellCommands ? []
, driveLetter ? "E:"
, ...
}:
let
serviceCommands = lib.mapAttrsToList (
serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + (
lib.concatStringsSep " " (
(
lib.mapAttrsToList (
n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}"
)
) (
# Always run without interaction
{ Force = true; } // attrs
)
)
)
) services;
sshSetupCommands =
# let
# makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users;
# writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let
# commands = [
# ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' ''
# ];
# in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users);
# mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs;
# writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys;
# in
# mkDirsDesc ++ writeKeysDesc ++
[
{
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
Description = "Add OpenSSH service.";
}
{
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
Description = "Enable SSH by default.";
}
];
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
[
{
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
Description = "Allow unsigned powershell scripts.";
}
]
++ [
{
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
Description = "Install any declared packages.";
}
]
++ setupCommands
++ [
{
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
Description = "Setup SSH and keys";
}
]
++ serviceCommands
++ impureShellCommands
);
mkCommand = attrs: ''
<RunSynchronousCommand wcm:action="add">
${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)}
</RunSynchronousCommand>
'';
mkCommands = commands: (
builtins.foldl' (
acc: v: rec {
i = acc.i + 1;
values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ];
}
) {
i = 0;
values = [];
} commands
).values;
mkUser =
{ name
, password
, description ? ""
, displayName ? ""
, groups ? []
# , sshKeys ? [] # Handled in scripts
}: ''
<LocalAccount wcm:action="add">
<Password>
<Value>${password}</Value>
<PlainText>true</PlainText>
</Password>
<Description>${description}</Description>
<DisplayName>${displayName}</DisplayName>
<Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group>
<Name>${name}</Name>
</LocalAccount>
'';
# Windows expects a flat list of users while we want to manage them as a set
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
autounattendXML = pkgs.writeText "autounattend.xml" ''
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DriverPaths>
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
<Path>D:\</Path>
</PathAndCredentials>
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
<Path>E:\</Path>
</PathAndCredentials>
</DriverPaths>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DiskConfiguration>
<Disk wcm:action="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Order>1</Order>
<Type>EFI</Type>
<Size>100</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>2</Order>
<Type>MSR</Type>
<Size>16</Size>
</CreatePartition>
<CreatePartition wcm:action="add">
<Order>3</Order>
<Type>Primary</Type>
<Extend>true</Extend>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition wcm:action="add">
<Order>1</Order>
<Format>FAT32</Format>
<Label>System</Label>
<PartitionID>1</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Order>2</Order>
<PartitionID>2</PartitionID>
</ModifyPartition>
<ModifyPartition wcm:action="add">
<Order>3</Order>
<Format>NTFS</Format>
<Label>Windows</Label>
<Letter>C</Letter>
<PartitionID>3</PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>true</WillWipeDisk>
</Disk>
</DiskConfiguration>
<ImageInstall>
<OSImage>
<InstallTo>
<DiskID>0</DiskID>
<PartitionID>3</PartitionID>
</InstallTo>
<InstallFrom>
<MetaData wcm:action="add">
<Key>/IMAGE/INDEX</Key>
<Value>1</Value>
</MetaData>
</InstallFrom>
</OSImage>
</ImageInstall>
<UserData>
<ProductKey>
${if productKey != null then "<Key>${productKey}</Key>" else ""}
<WillShowUI>OnError</WillShowUI>
</ProductKey>
<AcceptEula>true</AcceptEula>
<FullName>${fullName}</FullName>
<Organization>${organization}</Organization>
</UserData>
</component>
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>${uiLanguage}</UILanguage>
</SetupUILanguage>
<InputLocale>${inputLocale}</InputLocale>
<SystemLocale>${systemLocale}</SystemLocale>
<UILanguage>${uiLanguage}</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>${userLocale}</UserLocale>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale>${inputLocale}</InputLocale>
<SystemLocale>${systemLocale}</SystemLocale>
<UILanguage>${uiLanguage}</UILanguage>
<UILanguageFallback>en-US</UILanguageFallback>
<UserLocale>${userLocale}</UserLocale>
</component>
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<OOBE>
<HideEULAPage>true</HideEULAPage>
<HideLocalAccountScreen>true</HideLocalAccountScreen>
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
<ProtectYourPC>1</ProtectYourPC>
</OOBE>
<TimeZone>${timeZone}</TimeZone>
<UserAccounts>
${if administratorPassword != null then ''
<AdministratorPassword>
<Value>${administratorPassword}</Value>
<PlainText>true</PlainText>
</AdministratorPassword>
'' else ""}
<LocalAccounts>
${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)}
</LocalAccounts>
</UserAccounts>
${if defaultUser == null then "" else ''
<AutoLogon>
<Password>
<Value>${(builtins.getAttr defaultUser users).password}</Value>
<PlainText>true</PlainText>
</Password>
<Enabled>true</Enabled>
<Username>${defaultUser}</Username>
</AutoLogon>
''}
<FirstLogonCommands>
<SynchronousCommand wcm:action="add">
<Order>1</Order>
<CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
<Description>ChangeHideFiles</Description>
</SynchronousCommand>
</FirstLogonCommands>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<RunSynchronous>
${lib.concatStringsSep "\n" (mkCommands commands)}
</RunSynchronous>
</component>
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CEIPEnabled>0</CEIPEnabled>
</component>
</settings>
<!-- Disable Windows UAC -->
<settings pass="offlineServicing">
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableLUA>false</EnableLUA>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
'';
in {
# Lint and format as a sanity check
autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} ''
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
'';
# autounattend.xml is _super_ picky about quotes and other things
setupScript = pkgs.writeText "ssh-setup.ps1" (
''
# Setup SSH and keys
'' +
lib.concatStrings (
builtins.map (c: ''
# ${c.Description}
${c.Path}
'') sshSetupCommands
)
);
}

100
artiq-fast/wfvm/build.nix Normal file
View File

@ -0,0 +1,100 @@
{
pkgs ? import <nixpkgs> {}
, impureMode ? false
}:
let
win = (import ./default.nix { inherit pkgs; });
in
win.makeWindowsImage {
# Custom base iso
# windowsImage = pkgs.fetchurl {
# url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
# sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
# };
# User accounts
users = {
artiq = {
password = "1234";
# description = "Default user";
# displayName = "Display name";
groups = [
"Administrators"
];
};
};
# Build install script & skip building iso
inherit impureMode;
# impureShellCommands = [
# "powershell.exe echo Hello"
# ];
fullName = "M-Labs";
organization = "m-labs";
administratorPassword = "12345";
# Auto login
defaultUser = "artiq";
# Imperative installation commands, to be installed incrementally
installCommands = [
{
name = "Anaconda3";
script = let
Anaconda3 = pkgs.fetchurl {
name = "Anaconda3.exe";
url = "https://repo.anaconda.com/archive/Anaconda3-2019.03-Windows-x86_64.exe";
sha256 = "1f9icm5rwab6l1f23a70dw0qixzrl62wbglimip82h4zhxlh3jfj";
};
in ''
cp ${Anaconda3} ./Anaconda3.exe
win put Anaconda3.exe 'C:\Users\artiq'
win exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3'
'';
}
];
# services = {
# # Enable remote management
# WinRm = {
# Status = "Running";
# PassThru = true;
# };
# };
# License key
# productKey = "iboughtthisone";
# Locales
# uiLanguage = "en-US";
# inputLocale = "en-US";
# userLocale = "en-US";
# systemLocale = "en-US";
# packages = [
# (
# win.pkgs.makeMSIPkg {
# # Note: File not in repository, it's meant as an example to subsitute
# name = "notepadplusplus";
# msi = ./Notepad++7.7.msi;
# # Custom cert
# # cert = ./notepad++-cert.cer
# }
# )
# (
# win.pkgs.makeCrossPkg {
# name = "hello";
# pkg = pkgs.pkgsCross.mingwW64.hello;
# }
# )
# ];
}

1
artiq-fast/wfvm/bundle/.envrc Normal file
View File

@ -0,0 +1 @@
use nix

9
artiq-fast/wfvm/bundle/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs ? import <nixpkgs> {}
, lib ? pkgs.lib
}:
pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
cp ${./main.go} main.go
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
mv build.exe $out
''

116
artiq-fast/wfvm/bundle/main.go Normal file
View File

@ -0,0 +1,116 @@
package main
import (
"archive/tar"
"fmt"
"io"
"io/ioutil"
"log"
"os"
"os/exec"
"path/filepath"
)
func Untar(dst string, r io.Reader) error {
tr := tar.NewReader(r)
for {
header, err := tr.Next()
switch {
case err == io.EOF:
return nil
case err != nil:
return err
case header == nil:
continue
}
target := filepath.Join(dst, header.Name)
switch header.Typeflag {
case tar.TypeDir:
if _, err := os.Stat(target); err != nil {
if err := os.MkdirAll(target, 0755); err != nil {
return err
}
}
case tar.TypeReg:
f, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
if err != nil {
return err
}
if _, err := io.Copy(f, tr); err != nil {
return err
}
f.Close()
}
}
}
func InstallBundle(bundlePath string) error {
reader, err := os.Open(bundlePath)
if err != nil {
log.Fatal(err)
}
workDir, err := ioutil.TempDir("", "bundle_install")
if err != nil {
return err
}
defer os.RemoveAll(workDir)
err = Untar(workDir, reader)
if err != nil {
return err
}
installScript := filepath.Join(workDir, "install.ps1")
cmd := exec.Command("powershell", installScript)
cmd.Stdout = os.Stdout
cmd.Stderr = os.Stderr
cmd.Dir = workDir
err = cmd.Run()
return err
}
func main() {
// Get path relative to binary
baseDir, err := filepath.Abs(filepath.Dir(os.Args[0]))
if err != nil {
log.Fatal(err)
}
var dirs = [2]string{"bootstrap", "user"}
for _, pkgDir := range dirs {
dir := filepath.Join(baseDir, pkgDir)
files, err := ioutil.ReadDir(dir)
if err != nil {
log.Fatal(err)
}
for _, file := range files {
bundle := filepath.Join(dir, file.Name())
fmt.Println(fmt.Sprintf("Installing: %s", bundle))
err := InstallBundle(bundle)
if err != nil {
log.Fatal(err)
}
}
}
}

13
artiq-fast/wfvm/bundle/shell.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
buildInputs = [
pkgs.go
];
shellHook = ''
unset GOPATH
'';
}

7
artiq-fast/wfvm/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs ? import <nixpkgs> {}
}:
{
makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs);
pkgs = import ./pkgs.nix { inherit pkgs; };
}

99
artiq-fast/wfvm/install.nix Normal file
View File

@ -0,0 +1,99 @@
{ pkgs ? import <nixpkgs> {}
, diskImageSize ? "22G"
, qemuMem ? "4G"
,
}:
with pkgs;
let
windowsIso = fetchurl {
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
};
anaconda = fetchurl {
url = "https://repo.anaconda.com/archive/Anaconda3-2019.03-Windows-x86_64.exe";
sha256 = "1f9icm5rwab6l1f23a70dw0qixzrl62wbglimip82h4zhxlh3jfj";
};
escape = builtins.replaceStrings [ "\\" ] [ "\\\\" ];
qemu = import ./qemu.nix {
inherit pkgs qemuMem;
diskImage = "c.img";
};
# Double-escape because we produce a script from a shell heredoc
ssh = cmd: qemu.ssh (escape cmd);
scp = qemu.scp;
sshCondaEnv = cmd: ssh "anaconda\\scripts\\activate && ${cmd}";
condaEnv = "artiq-env";
condaDepSpecs =
builtins.concatStringsSep " "
(
map (s: "\"${s}\"")
(import ../conda-artiq-deps.nix)
);
instructions =
builtins.toFile "install.txt"
(builtins.readFile ./install.txt);
in
stdenv.mkDerivation {
name = "windows-installer";
src = windowsIso;
setSourceRoot = "sourceRoot=`pwd`";
unpackCmd = ''
ln -s $curSrc windows.iso
'';
propagatedBuildInputs = qemu.inputs;
dontBuild = true;
installPhase = ''
mkdir -p $out/bin $out/data
ln -s $(readlink windows.iso) $out/data/windows.iso
cat > $out/bin/windows-installer.sh << EOF
#!/usr/bin/env bash
set -e -m
${qemu.qemu-img} create -f qcow2 c.img ${diskImageSize}
${qemu.runQemu false [] [
"-boot"
"order=d"
"-drive"
"file=c.img,index=0,media=disk,cache=unsafe"
"-drive"
"file=$out/data/windows.iso,index=1,media=cdrom,cache=unsafe"
]} &
cat ${instructions}
wait
EOF
cat > $out/bin/anaconda-installer.sh << EOF
#!/usr/bin/env bash
set -e -m
${qemu.runQemu false [] [
"-boot"
"order=c"
"-drive"
"file=c.img,index=0,media=disk"
]} &
sleep 10
${ssh "ver"}
${scp anaconda "Anaconda.exe"}
${ssh "start /wait \"\" Anaconda.exe /S /D=%cd%\\anaconda"}
${sshCondaEnv "conda config --add channels conda-forge"}
${sshCondaEnv "conda config --add channels m-labs"}
( ${sshCondaEnv "conda update -y conda"} ) || true
${sshCondaEnv "conda update -y --all"}
${sshCondaEnv "conda create -y -n ${condaEnv}"}
${sshCondaEnv "conda install -y -n ${condaEnv} ${condaDepSpecs}"}
${ssh "shutdown /p /f"}
echo "Waiting for qemu exit"
wait
EOF
chmod a+x $out/bin/*.sh
'';
}

32
artiq-fast/wfvm/manual-test-run.nix Normal file
View File

@ -0,0 +1,32 @@
# This runs `run-test.nix` with `nix-build`
{ pkgs ? import <nixpkgs> {}
, artiqpkgs ? import ../. { inherit pkgs; }
, diskImage ? (import ./build.nix { inherit pkgs; })
, qemuMem ? "2G"
, testTimeout ? 180
}:
with pkgs;
let
windowsRunner = overrides:
import ./run-test.nix (
{
inherit pkgs diskImage qemuMem testTimeout;
sipycoPkg = artiqpkgs.conda-sipyco;
artiqPkg = artiqpkgs.conda-artiq;
} // overrides
);
in
stdenv.mkDerivation {
name = "windows-test";
phases = [ "installPhase" "checkPhase" ];
installPhase = "touch $out";
doCheck = true;
checkPhase = ''
${windowsRunner { testCommand = "set ARTIQ_ROOT=%cd%\\anaconda\\envs\\artiq-env\\Lib\\site-packages\\artiq\\examples\\kc705_nist_clock&&python -m unittest discover -v artiq.test"; }}/bin/run.sh
'';
}

1
artiq-fast/wfvm/openssh/README.md Normal file
View File

@ -0,0 +1 @@
This file is not publicaly acessible anywhere so had to be extracted from a connected instance

BIN
artiq-fast/wfvm/openssh/server-package.cab Normal file
View File

Binary file not shown.

110
artiq-fast/wfvm/pkgs.nix Normal file
View File

@ -0,0 +1,110 @@
{ pkgs ? import <nixpkgs> {}
, lib ? pkgs.lib
}:
/*
This file creates a simple custom simple bundle format containing
a powershell script plus any required executables and assets.
These are assets that are only handled in the pure build steps.
Impure packages are installed in _another_ step that runs impurely outside of
the Nix sandbox.
*/
let
makeBundle =
{ name
, bundle
}: pkgs.runCommandNoCC "${name}-archive.tar" {} ''
cp -r -L ${bundle} build
tar -cpf $out -C build .
'';
in
rec {
/*
Make a custom install bundle
*/
makePkg =
{ name
, src
, installScript
}: let
installScript_ = pkgs.writeText "${name}-install-script" installScript;
bundle = pkgs.runCommandNoCC "${name}-bundle" {} ''
mkdir build
ln -s ${src} build/"$(stripHash "${src}")"
ln -s ${installScript_} build/install.ps1
mv build $out
'';
in
makeBundle {
inherit name bundle;
};
/*
Make an install bundle from a .msi
*/
makeMSIPkg =
{ name
, msi
, cert ? null
, ADDLOCAL ? []
, preInstall ? ""
, postInstall ? ""
}: let
installScript = pkgs.writeText "${name}-install-script" ''
${preInstall}
${if cert != null then "certutil.exe -f -addstore TrustedPublisher cert.cer" else ""}
msiexec.exe /i .\${name}.msi ${if ADDLOCAL != [] then "ADDLOCAL=" else ""}${lib.concatStringsSep "," ADDLOCAL}
${postInstall}
'';
bundle = pkgs.runCommandNoCC "${name}-bundle" {} ''
mkdir build
ln -s ${msi} build/${name}.msi
${if cert != null then "ln -s ${cert} build/cert.cer" else ""}
ln -s ${installScript} build/install.ps1
mv build $out
'';
in
makeBundle {
inherit name bundle;
};
/*
Nix cross-built packages
*/
makeCrossPkg =
{ name
, pkg
, destination ? ''C:\Program Files\${name}\''
, preInstall ? ""
, postInstall ? ""
}: let
installScript = pkgs.writeText "${name}-install-script" ''
${preInstall}
Copy-Item pkg -Destination "${destination}"
${postInstall}
'';
bundle = pkgs.runCommandNoCC "${name}-bundle" {} ''
mkdir -p build/pkg
ln -s ${pkg} build/pkg
ln -s ${installScript} build/install.ps1
mv build $out
'';
in
makeBundle {
inherit name bundle;
};
}

63
artiq-fast/wfvm/qemu.nix Normal file
View File

@ -0,0 +1,63 @@
{ pkgs
, qemuMem
, sshUser ? "user"
, sshPassword ? "user"
,
}:
with pkgs;
let
qemu-img = "${qemu_kvm}/bin/qemu-img";
runQemu = isolateNetwork: forwardedPorts: extraArgs:
let
restrict =
if isolateNetwork
then "on"
else "off";
# use socat instead of `tcp:…` to allow multiple connections
guestfwds =
builtins.concatStringsSep ""
(
map (
{ listenAddr, targetAddr, port }:
",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}"
) forwardedPorts
);
args = [
"-enable-kvm"
"-m"
qemuMem
"-bios"
"${OVMF.fd}/FV/OVMF.fd"
"-netdev"
"user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}"
"-device"
"e1000,netdev=n1"
];
argStr = builtins.concatStringsSep " " (args ++ extraArgs);
in
"${qemu_kvm}/bin/qemu-system-x86_64 ${argStr}";
# Pass empty config file to prevent ssh from failing to create ~/.ssh
sshOpts = "-F /dev/null -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=\$TMP/known_hosts";
sshWithQuotes = quotes: cmd: ''
echo ssh windows ${quotes}${cmd}${quotes}
${sshpass}/bin/sshpass -p${sshPassword} -- \
${openssh}/bin/ssh -np 2022 ${sshOpts} \
${sshUser}@localhost \
${quotes}${cmd}${quotes}
'';
ssh = sshWithQuotes "'";
scp = src: target: ''
echo "Copy ${src} to ${target}"
${sshpass}/bin/sshpass -p${sshPassword} -- \
${openssh}/bin/scp -P 2022 ${sshOpts} \
"${src}" "${sshUser}@localhost:${target}"
'';
in
{
inherit qemu-img runQemu ssh sshWithQuotes scp;
inputs = [ qemu_kvm openssh sshpass ];
}

91
artiq-fast/wfvm/run-test.nix Normal file
View File

@ -0,0 +1,91 @@
{ pkgs
, sipycoPkg
, artiqPkg
, diskImage ? (import ./build.nix { inherit pkgs; })
, qemuMem ? "2G"
, testTimeout ? 600
, testCommand ? "python -m unittest discover -v sipyco.test && python -m unittest discover -v artiq.test"
,
}:
with pkgs;
let
escape = builtins.replaceStrings [ "\\" ] [ "\\\\" ];
qemu = import ./qemu.nix {
inherit pkgs qemuMem;
};
# Double-escape because we produce a script from a shell heredoc
ssh = cmd: qemu.ssh (escape cmd);
sshUnquoted = qemu.sshWithQuotes "\"";
scp = qemu.scp;
condaEnv = "artiq-env";
tcpPorts = [ 1380 1381 1382 1383 ];
forwardedPorts =
map (
port: {
listenAddr = "192.168.1.50";
targetAddr = "192.168.1.50";
inherit port;
}
) tcpPorts;
in
stdenv.mkDerivation {
name = "windows-test-runner";
# Dummy sources
src = pkgs.runCommandNoCC "dummy" {} "touch $out";
dontUnpack = true;
propagatedBuildInputs = qemu.inputs;
dontBuild = true;
installPhase = ''
mkdir -p $out/bin
cat > $out/bin/run.sh << EOF
#!/usr/bin/env bash
set -e -m
cp ${diskImage} c.img
${qemu.runQemu true forwardedPorts [
"-boot"
"order=c"
"-snapshot"
"-drive"
"file=c.img,index=0,media=disk,cache=unsafe"
"-display"
"none"
]} &
echo "Wait for Windows to boot"
sleep 30
${ssh "ver"}
i=0
for pkg in ${sipycoPkg}/noarch/sipyco*.tar.bz2 ${artiqPkg}/noarch/artiq*.tar.bz2 ; do
${scp "\\$pkg" "to_install\\$i.tar.bz2"}
${sshUnquoted "anaconda\\scripts\\activate ${condaEnv} && conda install to_install\\$i.tar.bz2"}
((i=i+1))
done
# Schedule a timed shutdown against hanging test runs
${ssh "shutdown -s -t ${toString testTimeout}"}
FAIL=n
( ${ssh "anaconda\\scripts\\activate ${condaEnv} && ${testCommand}"} ) || FAIL=y
# Abort timeouted shutdown
${ssh "shutdown -a"}
# Power off immediately
${ssh "shutdown -p -f"}
wait
if [ "\$FAIL" = "y" ]; then
exit 1
else
exit 0
fi
EOF
chmod a+x $out/bin/run.sh
'';
}

264
artiq-fast/wfvm/win.nix Normal file
View File

@ -0,0 +1,264 @@
{ pkgs ? import <nixpkgs> {}
, lib ? pkgs.lib
, diskImageSize ? "22G"
, qemuMem ? "4G"
, windowsImage ? null
, autoUnattendParams ? {}
, packages ? []
, impureMode ? false
, baseRtc ? "2020-04-20T14:21:42"
, installCommands ? []
, users ? {}
, ...
}@attrs:
let
# qemu_test is a smaller closure only building for a single system arch
qemu = pkgs.qemu_test;
libguestfs = pkgs.libguestfs-with-appliance;
# p7zip on >20.03 has known vulns but we have no better option
p7zip = pkgs.p7zip.overrideAttrs(old: {
meta = old.meta // {
knownVulnerabilities = [];
};
});
runQemuCommand = name: command: (
pkgs.runCommandNoCC name { buildInputs = [ p7zip qemu libguestfs ]; }
(
''
if ! test -f; then
echo "KVM not available, bailing out" >> /dev/stderr
exit 1
fi
'' + command
)
);
windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
};
openSshServerPackage = ./openssh/server-package.cab;
autounattend = import ./autounattend.nix (
attrs // {
inherit pkgs;
}
);
bundleInstaller = pkgs.callPackage ./bundle {};
# Packages required to drive installation of other packages
bootstrapPkgs = let
winPkgs = import ./pkgs.nix { inherit pkgs; };
in
runQemuCommand "bootstrap-win-pkgs.img" ''
mkdir pkgs
mkdir pkgs/bootstrap
mkdir pkgs/user
mkdir pkgs/fod
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
# Install optional windows features
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
# SSH setup script goes here because windows XML parser sucks
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
${lib.concatStringsSep "\n" (builtins.map (x: ''cp ${x} pkgs/bootstrap/"$(stripHash "${x}")"'') packages)}
virt-make-fs --partition --type=fat pkgs/ $out
'';
mkQemuFlags = extraFlags: [
"-enable-kvm"
"-cpu"
"host"
"-smp"
"$NIX_BUILD_CORES"
"-m"
"${qemuMem}"
"-bios"
"${pkgs.OVMF.fd}/FV/OVMF.fd"
"-vga"
"virtio"
"-device"
"piix3-usb-uhci" # USB root hub
# "CD" drive with windows features-on-demand
# "-cdrom" "${fodIso}"
# Set the base clock inside the VM
"-rtc base=${baseRtc}"
# Always enable SSH port forward
# It's not really required for the initial setup but we do it here anyway
"-netdev user,id=n1,net=192.168.1.0/24,restrict=off,hostfwd=tcp::2022-:22"
"-device e1000,netdev=n1"
] ++ lib.optional (!impureMode) "-nographic" ++ extraFlags;
installScript = pkgs.writeScript "windows-install-script" (
let
qemuParams = mkQemuFlags [
# "CD" drive with bootstrap pkgs
"-drive"
"id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on"
"-device"
"usb-storage,drive=virtio-win"
# USB boot
"-drive"
"id=win-install,file=usbimage.img,if=none,format=raw,readonly=on"
"-device"
"usb-storage,drive=win-install"
# Output image
"-drive"
"file=c.img,index=0,media=disk,cache=unsafe"
];
in
''
#!${pkgs.runtimeShell}
set -euxo pipefail
export PATH=${lib.makeBinPath [ p7zip qemu libguestfs ]}:$PATH
if test -z "''${NIX_BUILD_CORES+x}"; then
export NIX_BUILD_CORES=$(nproc)
fi
# Create a bootable "USB" image
# Booting in USB mode circumvents the "press any key to boot from cdrom" prompt
#
# Also embed the autounattend answer file in this image
mkdir -p win
mkdir -p win/nix-win
7z x -y ${windowsIso} -owin
cp ${autounattend.autounattendXML} win/autounattend.xml
virt-make-fs --partition --type=fat win/ usbimage.img
rm -rf win
# Qemu requires files to be rw
qemu-img create -f qcow2 c.img ${diskImageSize}
env NIX_BUILD_CORES="''${NIX_BUILD_CORES:4}" qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
''
);
baseImage = pkgs.runCommandNoCC "windows.img" {} ''
${installScript}
mv c.img $out
'';
# Use Paramiko instead of OpenSSH
#
# OpenSSH goes out of it's way to make password logins hard
# and Windows goes out of it's way to make key authentication hard
# so we're in a pretty tough spot
#
# Luckily the usage patterns are quite simple and easy to reimplement with paramiko
paramikoClient = pkgs.writeScriptBin "win" ''
#!${pkgs.python3.withPackages(ps: [ ps.paramiko ])}/bin/python
import paramiko
import os.path
import sys
def w_join(*args):
# Like os.path.join but for windows paths
return "\\".join(args)
if __name__ == '__main__':
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)
cmd = sys.argv[1]
try:
client.connect(hostname="127.0.0.1", port=2022, username="artiq", password="${users.artiq.password}", timeout=1)
if cmd == "put":
sftp = client.open_sftp()
src = sys.argv[2]
dst = sys.argv[3]
sftp.put(src, w_join(dst, os.path.basename(src)))
elif cmd == "exec":
_, stdout, stderr = client.exec_command(sys.argv[2])
sys.stdout.write(stdout.read().strip().decode())
sys.stdout.flush()
sys.stderr.write(stderr.read().strip().decode())
sys.stderr.flush()
else:
raise ValueError(f"Unhandled command: {cmd}")
except (EOFError, paramiko.ssh_exception.SSHException):
exit(1)
'';
finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "${v.name}.img" {
buildInputs = [
paramikoClient
qemu
];
} (let
script = pkgs.writeScript "${v.name}-script" v.script;
qemuParams = mkQemuFlags [
# Output image
"-drive"
"file=c.img,index=0,media=disk,cache=unsafe"
];
in ''
export HOME=$(mktemp -d)
# Create an image referencing the previous image in the chain
qemu-img create -f qcow2 -b ${acc} c.img
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
# If the machine is not up within 10 minutes it's likely never coming up
timeout=600
# Wait for VM to be accessible
sleep 20
echo "Waiting for SSH"
while true; do
if test "$timeout" -eq 0; then
echo "SSH connection timed out"
exit 1
fi
output=$(win exec 'echo Ran command' || echo "")
if test "$output" = "Ran command"; then
break
fi
echo "Retrying in 1 second, timing out in $timeout seconds"
((timeout=$timeout-1))
sleep 1
done
echo "Executing user script to build layer"
${script}
# Allow install to "settle"
sleep 20
win exec 'shutdown /s'
mv c.img $out
'')) baseImage installCommands;
in
# impureMode is meant for debugging the base image, not the full incremental build process
if !(impureMode) then finalImage else assert installCommands == []; installScript