forked from M-Labs/nix-scripts
add wfvm
This commit is contained in:
parent
b6c186b632
commit
40e8cc8407
|
@ -0,0 +1,26 @@
|
||||||
|
# Preparation steps
|
||||||
|
|
||||||
|
## Install a Windows image
|
||||||
|
|
||||||
|
1. Adjust build.nix accordingly
|
||||||
|
2. Run:
|
||||||
|
|
||||||
|
If in impure mode
|
||||||
|
```shell
|
||||||
|
nix-build build.nix
|
||||||
|
./result
|
||||||
|
```
|
||||||
|
Results in a file called c.img
|
||||||
|
|
||||||
|
If in pure mode
|
||||||
|
```shell
|
||||||
|
nix-build build.nix
|
||||||
|
ls -la ./result
|
||||||
|
```
|
||||||
|
Results in a symlink to the image in the nix store
|
||||||
|
|
||||||
|
|
||||||
|
# Impure/pure mode
|
||||||
|
Sometimes it can be useful to build the image _outside_ of the Nix sandbox for debugging purposes.
|
||||||
|
|
||||||
|
For this purpose we have an attribute called `impureMode` which outputs the shell script used by Nix inside the sandbox to build the image.
|
|
@ -0,0 +1,318 @@
|
||||||
|
{ pkgs
|
||||||
|
, lib ? pkgs.lib
|
||||||
|
, fullName
|
||||||
|
, organization
|
||||||
|
, administratorPassword
|
||||||
|
, uiLanguage ? "en-US"
|
||||||
|
, inputLocale ? "en-US"
|
||||||
|
, userLocale ? "en-US"
|
||||||
|
, systemLocale ? "en-US"
|
||||||
|
, users ? {}
|
||||||
|
, productKey ? null
|
||||||
|
, defaultUser ? null
|
||||||
|
, setupCommands ? []
|
||||||
|
, timeZone ? "UTC"
|
||||||
|
, services ? {}
|
||||||
|
, impureShellCommands ? []
|
||||||
|
, driveLetter ? "E:"
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
serviceCommands = lib.mapAttrsToList (
|
||||||
|
serviceName: attrs: "powershell Set-Service -Name ${serviceName} " + (
|
||||||
|
lib.concatStringsSep " " (
|
||||||
|
(
|
||||||
|
lib.mapAttrsToList (
|
||||||
|
n: v: if builtins.typeOf v != "bool" then "-${n} ${v}" else "-${n}"
|
||||||
|
)
|
||||||
|
) (
|
||||||
|
# Always run without interaction
|
||||||
|
{ Force = true; } // attrs
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
) services;
|
||||||
|
|
||||||
|
sshSetupCommands =
|
||||||
|
# let
|
||||||
|
# makeDirs = lib.mapAttrsToList (n: v: ''mkdir C:\Users\${n}\.ssh'') users;
|
||||||
|
# writeKeys = lib.flatten (lib.mapAttrsToList (n: v: builtins.map (key: let
|
||||||
|
# commands = [
|
||||||
|
# ''powershell.exe Set-Content -Path C:\Users\${n}\.ssh\authorized_keys -Value '${key}' ''
|
||||||
|
# ];
|
||||||
|
# in lib.concatStringsSep "\n" commands) (v.sshKeys or [])) users);
|
||||||
|
# mkDirsDesc = builtins.map (c: {Path = c; Description = "Make SSH key dir";}) makeDirs;
|
||||||
|
# writeKeysDesc = builtins.map (c: {Path = c; Description = "Add SSH key";}) writeKeys;
|
||||||
|
# in
|
||||||
|
# mkDirsDesc ++ writeKeysDesc ++
|
||||||
|
[
|
||||||
|
{
|
||||||
|
Path = ''powershell.exe Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 -Source ${driveLetter}\fod -LimitAccess'';
|
||||||
|
Description = "Add OpenSSH service.";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
Path = ''powershell.exe Set-Service -Name sshd -StartupType Automatic'';
|
||||||
|
Description = "Enable SSH by default.";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
assertCommand = c: builtins.typeOf c == "string" || builtins.typeOf c == "set" && builtins.hasAttr "Path" c && builtins.hasAttr "Description" c;
|
||||||
|
|
||||||
|
commands = builtins.map (x: assert assertCommand x; if builtins.typeOf x == "string" then { Path = x; Description = x; } else x) (
|
||||||
|
[
|
||||||
|
{
|
||||||
|
Path = "powershell.exe Set-ExecutionPolicy -Force Unrestricted";
|
||||||
|
Description = "Allow unsigned powershell scripts.";
|
||||||
|
}
|
||||||
|
]
|
||||||
|
++ [
|
||||||
|
{
|
||||||
|
Path = ''powershell.exe ${driveLetter}\win-bundle-installer.exe'';
|
||||||
|
Description = "Install any declared packages.";
|
||||||
|
}
|
||||||
|
]
|
||||||
|
++ setupCommands
|
||||||
|
++ [
|
||||||
|
{
|
||||||
|
Path = ''powershell.exe ${driveLetter}\ssh-setup.ps1'';
|
||||||
|
Description = "Setup SSH and keys";
|
||||||
|
}
|
||||||
|
]
|
||||||
|
++ serviceCommands
|
||||||
|
++ impureShellCommands
|
||||||
|
);
|
||||||
|
|
||||||
|
mkCommand = attrs: ''
|
||||||
|
<RunSynchronousCommand wcm:action="add">
|
||||||
|
${lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: "<${n}>${v}</${n}>") attrs)}
|
||||||
|
</RunSynchronousCommand>
|
||||||
|
'';
|
||||||
|
mkCommands = commands: (
|
||||||
|
builtins.foldl' (
|
||||||
|
acc: v: rec {
|
||||||
|
i = acc.i + 1;
|
||||||
|
values = acc.values ++ [ (mkCommand (v // { Order = builtins.toString i; })) ];
|
||||||
|
}
|
||||||
|
) {
|
||||||
|
i = 0;
|
||||||
|
values = [];
|
||||||
|
} commands
|
||||||
|
).values;
|
||||||
|
|
||||||
|
mkUser =
|
||||||
|
{ name
|
||||||
|
, password
|
||||||
|
, description ? ""
|
||||||
|
, displayName ? ""
|
||||||
|
, groups ? []
|
||||||
|
# , sshKeys ? [] # Handled in scripts
|
||||||
|
}: ''
|
||||||
|
<LocalAccount wcm:action="add">
|
||||||
|
<Password>
|
||||||
|
<Value>${password}</Value>
|
||||||
|
<PlainText>true</PlainText>
|
||||||
|
</Password>
|
||||||
|
<Description>${description}</Description>
|
||||||
|
<DisplayName>${displayName}</DisplayName>
|
||||||
|
<Group>${builtins.concatStringsSep ";" (lib.unique ([ "Users" ] ++ groups))}</Group>
|
||||||
|
<Name>${name}</Name>
|
||||||
|
</LocalAccount>
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Windows expects a flat list of users while we want to manage them as a set
|
||||||
|
flatUsers = builtins.attrValues (builtins.mapAttrs (name: s: s // { inherit name; }) users);
|
||||||
|
|
||||||
|
autounattendXML = pkgs.writeText "autounattend.xml" ''
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<unattend xmlns="urn:schemas-microsoft-com:unattend">
|
||||||
|
<settings pass="windowsPE">
|
||||||
|
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<DriverPaths>
|
||||||
|
<PathAndCredentials wcm:action="add" wcm:keyValue="1">
|
||||||
|
<Path>D:\</Path>
|
||||||
|
</PathAndCredentials>
|
||||||
|
<PathAndCredentials wcm:action="add" wcm:keyValue="2">
|
||||||
|
<Path>E:\</Path>
|
||||||
|
</PathAndCredentials>
|
||||||
|
</DriverPaths>
|
||||||
|
</component>
|
||||||
|
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
|
||||||
|
<DiskConfiguration>
|
||||||
|
<Disk wcm:action="add">
|
||||||
|
<CreatePartitions>
|
||||||
|
<CreatePartition wcm:action="add">
|
||||||
|
<Order>1</Order>
|
||||||
|
<Type>EFI</Type>
|
||||||
|
<Size>100</Size>
|
||||||
|
</CreatePartition>
|
||||||
|
<CreatePartition wcm:action="add">
|
||||||
|
<Order>2</Order>
|
||||||
|
<Type>MSR</Type>
|
||||||
|
<Size>16</Size>
|
||||||
|
</CreatePartition>
|
||||||
|
<CreatePartition wcm:action="add">
|
||||||
|
<Order>3</Order>
|
||||||
|
<Type>Primary</Type>
|
||||||
|
<Extend>true</Extend>
|
||||||
|
</CreatePartition>
|
||||||
|
</CreatePartitions>
|
||||||
|
<ModifyPartitions>
|
||||||
|
<ModifyPartition wcm:action="add">
|
||||||
|
<Order>1</Order>
|
||||||
|
<Format>FAT32</Format>
|
||||||
|
<Label>System</Label>
|
||||||
|
<PartitionID>1</PartitionID>
|
||||||
|
</ModifyPartition>
|
||||||
|
<ModifyPartition wcm:action="add">
|
||||||
|
<Order>2</Order>
|
||||||
|
<PartitionID>2</PartitionID>
|
||||||
|
</ModifyPartition>
|
||||||
|
<ModifyPartition wcm:action="add">
|
||||||
|
<Order>3</Order>
|
||||||
|
<Format>NTFS</Format>
|
||||||
|
<Label>Windows</Label>
|
||||||
|
<Letter>C</Letter>
|
||||||
|
<PartitionID>3</PartitionID>
|
||||||
|
</ModifyPartition>
|
||||||
|
</ModifyPartitions>
|
||||||
|
<DiskID>0</DiskID>
|
||||||
|
<WillWipeDisk>true</WillWipeDisk>
|
||||||
|
</Disk>
|
||||||
|
</DiskConfiguration>
|
||||||
|
|
||||||
|
<ImageInstall>
|
||||||
|
<OSImage>
|
||||||
|
<InstallTo>
|
||||||
|
<DiskID>0</DiskID>
|
||||||
|
<PartitionID>3</PartitionID>
|
||||||
|
</InstallTo>
|
||||||
|
<InstallFrom>
|
||||||
|
<MetaData wcm:action="add">
|
||||||
|
<Key>/IMAGE/INDEX</Key>
|
||||||
|
<Value>1</Value>
|
||||||
|
</MetaData>
|
||||||
|
</InstallFrom>
|
||||||
|
</OSImage>
|
||||||
|
</ImageInstall>
|
||||||
|
|
||||||
|
<UserData>
|
||||||
|
<ProductKey>
|
||||||
|
${if productKey != null then "<Key>${productKey}</Key>" else ""}
|
||||||
|
<WillShowUI>OnError</WillShowUI>
|
||||||
|
</ProductKey>
|
||||||
|
<AcceptEula>true</AcceptEula>
|
||||||
|
<FullName>${fullName}</FullName>
|
||||||
|
<Organization>${organization}</Organization>
|
||||||
|
</UserData>
|
||||||
|
|
||||||
|
</component>
|
||||||
|
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<SetupUILanguage>
|
||||||
|
<UILanguage>${uiLanguage}</UILanguage>
|
||||||
|
</SetupUILanguage>
|
||||||
|
<InputLocale>${inputLocale}</InputLocale>
|
||||||
|
<SystemLocale>${systemLocale}</SystemLocale>
|
||||||
|
<UILanguage>${uiLanguage}</UILanguage>
|
||||||
|
<UILanguageFallback>en-US</UILanguageFallback>
|
||||||
|
<UserLocale>${userLocale}</UserLocale>
|
||||||
|
</component>
|
||||||
|
</settings>
|
||||||
|
|
||||||
|
<settings pass="oobeSystem">
|
||||||
|
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<InputLocale>${inputLocale}</InputLocale>
|
||||||
|
<SystemLocale>${systemLocale}</SystemLocale>
|
||||||
|
<UILanguage>${uiLanguage}</UILanguage>
|
||||||
|
<UILanguageFallback>en-US</UILanguageFallback>
|
||||||
|
<UserLocale>${userLocale}</UserLocale>
|
||||||
|
</component>
|
||||||
|
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<OOBE>
|
||||||
|
<HideEULAPage>true</HideEULAPage>
|
||||||
|
<HideLocalAccountScreen>true</HideLocalAccountScreen>
|
||||||
|
<HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
|
||||||
|
<HideOnlineAccountScreens>true</HideOnlineAccountScreens>
|
||||||
|
<HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
|
||||||
|
<ProtectYourPC>1</ProtectYourPC>
|
||||||
|
</OOBE>
|
||||||
|
<TimeZone>${timeZone}</TimeZone>
|
||||||
|
|
||||||
|
<UserAccounts>
|
||||||
|
${if administratorPassword != null then ''
|
||||||
|
<AdministratorPassword>
|
||||||
|
<Value>${administratorPassword}</Value>
|
||||||
|
<PlainText>true</PlainText>
|
||||||
|
</AdministratorPassword>
|
||||||
|
'' else ""}
|
||||||
|
<LocalAccounts>
|
||||||
|
${builtins.concatStringsSep "\n" (builtins.map mkUser flatUsers)}
|
||||||
|
</LocalAccounts>
|
||||||
|
</UserAccounts>
|
||||||
|
|
||||||
|
${if defaultUser == null then "" else ''
|
||||||
|
<AutoLogon>
|
||||||
|
<Password>
|
||||||
|
<Value>${(builtins.getAttr defaultUser users).password}</Value>
|
||||||
|
<PlainText>true</PlainText>
|
||||||
|
</Password>
|
||||||
|
<Enabled>true</Enabled>
|
||||||
|
<Username>${defaultUser}</Username>
|
||||||
|
</AutoLogon>
|
||||||
|
''}
|
||||||
|
|
||||||
|
<FirstLogonCommands>
|
||||||
|
<SynchronousCommand wcm:action="add">
|
||||||
|
<Order>1</Order>
|
||||||
|
<CommandLine>cmd /C shutdown /s /f /t 00</CommandLine>
|
||||||
|
<Description>ChangeHideFiles</Description>
|
||||||
|
</SynchronousCommand>
|
||||||
|
</FirstLogonCommands>
|
||||||
|
|
||||||
|
</component>
|
||||||
|
</settings>
|
||||||
|
|
||||||
|
<settings pass="specialize">
|
||||||
|
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<RunSynchronous>
|
||||||
|
${lib.concatStringsSep "\n" (mkCommands commands)}
|
||||||
|
</RunSynchronous>
|
||||||
|
</component>
|
||||||
|
<component name="Microsoft-Windows-SQMApi" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="NonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<CEIPEnabled>0</CEIPEnabled>
|
||||||
|
</component>
|
||||||
|
</settings>
|
||||||
|
|
||||||
|
<!-- Disable Windows UAC -->
|
||||||
|
<settings pass="offlineServicing">
|
||||||
|
<component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
|
||||||
|
<EnableLUA>false</EnableLUA>
|
||||||
|
</component>
|
||||||
|
</settings>
|
||||||
|
|
||||||
|
<cpi:offlineImage cpi:source="wim:c:/wim/windows-10/install.wim#Windows 10 Enterprise LTSC 2019 Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
|
||||||
|
</unattend>
|
||||||
|
'';
|
||||||
|
|
||||||
|
in {
|
||||||
|
# Lint and format as a sanity check
|
||||||
|
autounattendXML = pkgs.runCommandNoCC "autounattend.xml" {} ''
|
||||||
|
${pkgs.libxml2}/bin/xmllint --format ${autounattendXML} > $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
# autounattend.xml is _super_ picky about quotes and other things
|
||||||
|
setupScript = pkgs.writeText "ssh-setup.ps1" (
|
||||||
|
''
|
||||||
|
# Setup SSH and keys
|
||||||
|
'' +
|
||||||
|
lib.concatStrings (
|
||||||
|
builtins.map (c: ''
|
||||||
|
# ${c.Description}
|
||||||
|
${c.Path}
|
||||||
|
'') sshSetupCommands
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,100 @@
|
||||||
|
{
|
||||||
|
pkgs ? import <nixpkgs> {}
|
||||||
|
, impureMode ? false
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
win = (import ./default.nix { inherit pkgs; });
|
||||||
|
|
||||||
|
in
|
||||||
|
win.makeWindowsImage {
|
||||||
|
|
||||||
|
# Custom base iso
|
||||||
|
# windowsImage = pkgs.fetchurl {
|
||||||
|
# url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
||||||
|
# sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# User accounts
|
||||||
|
users = {
|
||||||
|
artiq = {
|
||||||
|
password = "1234";
|
||||||
|
# description = "Default user";
|
||||||
|
# displayName = "Display name";
|
||||||
|
groups = [
|
||||||
|
"Administrators"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Build install script & skip building iso
|
||||||
|
inherit impureMode;
|
||||||
|
|
||||||
|
# impureShellCommands = [
|
||||||
|
# "powershell.exe echo Hello"
|
||||||
|
# ];
|
||||||
|
|
||||||
|
fullName = "M-Labs";
|
||||||
|
organization = "m-labs";
|
||||||
|
|
||||||
|
administratorPassword = "12345";
|
||||||
|
|
||||||
|
# Auto login
|
||||||
|
defaultUser = "artiq";
|
||||||
|
|
||||||
|
# Imperative installation commands, to be installed incrementally
|
||||||
|
installCommands = [
|
||||||
|
|
||||||
|
{
|
||||||
|
name = "Anaconda3";
|
||||||
|
script = let
|
||||||
|
Anaconda3 = pkgs.fetchurl {
|
||||||
|
name = "Anaconda3.exe";
|
||||||
|
url = "https://repo.anaconda.com/archive/Anaconda3-2019.03-Windows-x86_64.exe";
|
||||||
|
sha256 = "1f9icm5rwab6l1f23a70dw0qixzrl62wbglimip82h4zhxlh3jfj";
|
||||||
|
};
|
||||||
|
in ''
|
||||||
|
cp ${Anaconda3} ./Anaconda3.exe
|
||||||
|
win put Anaconda3.exe 'C:\Users\artiq'
|
||||||
|
win exec 'start /wait "" .\Anaconda3.exe /S /D=%UserProfile%\Anaconda3'
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
# services = {
|
||||||
|
# # Enable remote management
|
||||||
|
# WinRm = {
|
||||||
|
# Status = "Running";
|
||||||
|
# PassThru = true;
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
# License key
|
||||||
|
# productKey = "iboughtthisone";
|
||||||
|
|
||||||
|
# Locales
|
||||||
|
# uiLanguage = "en-US";
|
||||||
|
# inputLocale = "en-US";
|
||||||
|
# userLocale = "en-US";
|
||||||
|
# systemLocale = "en-US";
|
||||||
|
|
||||||
|
# packages = [
|
||||||
|
# (
|
||||||
|
# win.pkgs.makeMSIPkg {
|
||||||
|
# # Note: File not in repository, it's meant as an example to subsitute
|
||||||
|
# name = "notepadplusplus";
|
||||||
|
# msi = ./Notepad++7.7.msi;
|
||||||
|
# # Custom cert
|
||||||
|
# # cert = ./notepad++-cert.cer
|
||||||
|
# }
|
||||||
|
# )
|
||||||
|
# (
|
||||||
|
# win.pkgs.makeCrossPkg {
|
||||||
|
# name = "hello";
|
||||||
|
# pkg = pkgs.pkgsCross.mingwW64.hello;
|
||||||
|
# }
|
||||||
|
# )
|
||||||
|
# ];
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
use nix
|
|
@ -0,0 +1,9 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
, lib ? pkgs.lib
|
||||||
|
}:
|
||||||
|
|
||||||
|
pkgs.runCommandNoCC "win-bundle-installer.exe" {} ''
|
||||||
|
cp ${./main.go} main.go
|
||||||
|
env HOME=$(mktemp -d) GOOS=windows GOARCH=amd64 ${pkgs.go}/bin/go build
|
||||||
|
mv build.exe $out
|
||||||
|
''
|
|
@ -0,0 +1,116 @@
|
||||||
|
package main
|
||||||
|
|
||||||
|
import (
|
||||||
|
"archive/tar"
|
||||||
|
"fmt"
|
||||||
|
"io"
|
||||||
|
"io/ioutil"
|
||||||
|
"log"
|
||||||
|
"os"
|
||||||
|
"os/exec"
|
||||||
|
"path/filepath"
|
||||||
|
)
|
||||||
|
|
||||||
|
func Untar(dst string, r io.Reader) error {
|
||||||
|
|
||||||
|
tr := tar.NewReader(r)
|
||||||
|
|
||||||
|
for {
|
||||||
|
header, err := tr.Next()
|
||||||
|
|
||||||
|
switch {
|
||||||
|
|
||||||
|
case err == io.EOF:
|
||||||
|
return nil
|
||||||
|
case err != nil:
|
||||||
|
return err
|
||||||
|
|
||||||
|
case header == nil:
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
|
||||||
|
target := filepath.Join(dst, header.Name)
|
||||||
|
|
||||||
|
switch header.Typeflag {
|
||||||
|
|
||||||
|
case tar.TypeDir:
|
||||||
|
if _, err := os.Stat(target); err != nil {
|
||||||
|
if err := os.MkdirAll(target, 0755); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
case tar.TypeReg:
|
||||||
|
f, err := os.OpenFile(target, os.O_CREATE|os.O_RDWR, os.FileMode(header.Mode))
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err := io.Copy(f, tr); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
f.Close()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func InstallBundle(bundlePath string) error {
|
||||||
|
|
||||||
|
reader, err := os.Open(bundlePath)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
workDir, err := ioutil.TempDir("", "bundle_install")
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
defer os.RemoveAll(workDir)
|
||||||
|
|
||||||
|
err = Untar(workDir, reader)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
installScript := filepath.Join(workDir, "install.ps1")
|
||||||
|
|
||||||
|
cmd := exec.Command("powershell", installScript)
|
||||||
|
cmd.Stdout = os.Stdout
|
||||||
|
cmd.Stderr = os.Stderr
|
||||||
|
cmd.Dir = workDir
|
||||||
|
err = cmd.Run()
|
||||||
|
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
func main() {
|
||||||
|
// Get path relative to binary
|
||||||
|
baseDir, err := filepath.Abs(filepath.Dir(os.Args[0]))
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
var dirs = [2]string{"bootstrap", "user"}
|
||||||
|
|
||||||
|
for _, pkgDir := range dirs {
|
||||||
|
|
||||||
|
dir := filepath.Join(baseDir, pkgDir)
|
||||||
|
|
||||||
|
files, err := ioutil.ReadDir(dir)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, file := range files {
|
||||||
|
bundle := filepath.Join(dir, file.Name())
|
||||||
|
fmt.Println(fmt.Sprintf("Installing: %s", bundle))
|
||||||
|
err := InstallBundle(bundle)
|
||||||
|
if err != nil {
|
||||||
|
log.Fatal(err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {} }:
|
||||||
|
|
||||||
|
pkgs.mkShell {
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
pkgs.go
|
||||||
|
];
|
||||||
|
|
||||||
|
shellHook = ''
|
||||||
|
unset GOPATH
|
||||||
|
'';
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
}:
|
||||||
|
|
||||||
|
{
|
||||||
|
makeWindowsImage = attrs: import ./win.nix ({ inherit pkgs; } // attrs);
|
||||||
|
pkgs = import ./pkgs.nix { inherit pkgs; };
|
||||||
|
}
|
|
@ -0,0 +1,99 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
, diskImageSize ? "22G"
|
||||||
|
, qemuMem ? "4G"
|
||||||
|
,
|
||||||
|
}:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
|
||||||
|
let
|
||||||
|
windowsIso = fetchurl {
|
||||||
|
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
||||||
|
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
||||||
|
};
|
||||||
|
anaconda = fetchurl {
|
||||||
|
url = "https://repo.anaconda.com/archive/Anaconda3-2019.03-Windows-x86_64.exe";
|
||||||
|
sha256 = "1f9icm5rwab6l1f23a70dw0qixzrl62wbglimip82h4zhxlh3jfj";
|
||||||
|
};
|
||||||
|
|
||||||
|
escape = builtins.replaceStrings [ "\\" ] [ "\\\\" ];
|
||||||
|
qemu = import ./qemu.nix {
|
||||||
|
inherit pkgs qemuMem;
|
||||||
|
diskImage = "c.img";
|
||||||
|
};
|
||||||
|
# Double-escape because we produce a script from a shell heredoc
|
||||||
|
ssh = cmd: qemu.ssh (escape cmd);
|
||||||
|
scp = qemu.scp;
|
||||||
|
|
||||||
|
sshCondaEnv = cmd: ssh "anaconda\\scripts\\activate && ${cmd}";
|
||||||
|
condaEnv = "artiq-env";
|
||||||
|
condaDepSpecs =
|
||||||
|
builtins.concatStringsSep " "
|
||||||
|
(
|
||||||
|
map (s: "\"${s}\"")
|
||||||
|
(import ../conda-artiq-deps.nix)
|
||||||
|
);
|
||||||
|
|
||||||
|
instructions =
|
||||||
|
builtins.toFile "install.txt"
|
||||||
|
(builtins.readFile ./install.txt);
|
||||||
|
in
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
name = "windows-installer";
|
||||||
|
src = windowsIso;
|
||||||
|
setSourceRoot = "sourceRoot=`pwd`";
|
||||||
|
unpackCmd = ''
|
||||||
|
ln -s $curSrc windows.iso
|
||||||
|
'';
|
||||||
|
propagatedBuildInputs = qemu.inputs;
|
||||||
|
dontBuild = true;
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin $out/data
|
||||||
|
ln -s $(readlink windows.iso) $out/data/windows.iso
|
||||||
|
cat > $out/bin/windows-installer.sh << EOF
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -e -m
|
||||||
|
|
||||||
|
${qemu.qemu-img} create -f qcow2 c.img ${diskImageSize}
|
||||||
|
${qemu.runQemu false [] [
|
||||||
|
"-boot"
|
||||||
|
"order=d"
|
||||||
|
"-drive"
|
||||||
|
"file=c.img,index=0,media=disk,cache=unsafe"
|
||||||
|
"-drive"
|
||||||
|
"file=$out/data/windows.iso,index=1,media=cdrom,cache=unsafe"
|
||||||
|
]} &
|
||||||
|
cat ${instructions}
|
||||||
|
wait
|
||||||
|
EOF
|
||||||
|
|
||||||
|
cat > $out/bin/anaconda-installer.sh << EOF
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -e -m
|
||||||
|
|
||||||
|
${qemu.runQemu false [] [
|
||||||
|
"-boot"
|
||||||
|
"order=c"
|
||||||
|
"-drive"
|
||||||
|
"file=c.img,index=0,media=disk"
|
||||||
|
]} &
|
||||||
|
sleep 10
|
||||||
|
${ssh "ver"}
|
||||||
|
|
||||||
|
${scp anaconda "Anaconda.exe"}
|
||||||
|
${ssh "start /wait \"\" Anaconda.exe /S /D=%cd%\\anaconda"}
|
||||||
|
|
||||||
|
${sshCondaEnv "conda config --add channels conda-forge"}
|
||||||
|
${sshCondaEnv "conda config --add channels m-labs"}
|
||||||
|
( ${sshCondaEnv "conda update -y conda"} ) || true
|
||||||
|
${sshCondaEnv "conda update -y --all"}
|
||||||
|
${sshCondaEnv "conda create -y -n ${condaEnv}"}
|
||||||
|
${sshCondaEnv "conda install -y -n ${condaEnv} ${condaDepSpecs}"}
|
||||||
|
${ssh "shutdown /p /f"}
|
||||||
|
|
||||||
|
echo "Waiting for qemu exit"
|
||||||
|
wait
|
||||||
|
EOF
|
||||||
|
chmod a+x $out/bin/*.sh
|
||||||
|
'';
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
# This runs `run-test.nix` with `nix-build`
|
||||||
|
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
, artiqpkgs ? import ../. { inherit pkgs; }
|
||||||
|
, diskImage ? (import ./build.nix { inherit pkgs; })
|
||||||
|
, qemuMem ? "2G"
|
||||||
|
, testTimeout ? 180
|
||||||
|
}:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
|
||||||
|
let
|
||||||
|
windowsRunner = overrides:
|
||||||
|
import ./run-test.nix (
|
||||||
|
{
|
||||||
|
inherit pkgs diskImage qemuMem testTimeout;
|
||||||
|
sipycoPkg = artiqpkgs.conda-sipyco;
|
||||||
|
artiqPkg = artiqpkgs.conda-artiq;
|
||||||
|
} // overrides
|
||||||
|
);
|
||||||
|
in
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
name = "windows-test";
|
||||||
|
|
||||||
|
phases = [ "installPhase" "checkPhase" ];
|
||||||
|
installPhase = "touch $out";
|
||||||
|
doCheck = true;
|
||||||
|
checkPhase = ''
|
||||||
|
${windowsRunner { testCommand = "set ARTIQ_ROOT=%cd%\\anaconda\\envs\\artiq-env\\Lib\\site-packages\\artiq\\examples\\kc705_nist_clock&&python -m unittest discover -v artiq.test"; }}/bin/run.sh
|
||||||
|
'';
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
This file is not publicaly acessible anywhere so had to be extracted from a connected instance
|
Binary file not shown.
|
@ -0,0 +1,110 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
, lib ? pkgs.lib
|
||||||
|
}:
|
||||||
|
|
||||||
|
/*
|
||||||
|
|
||||||
|
This file creates a simple custom simple bundle format containing
|
||||||
|
a powershell script plus any required executables and assets.
|
||||||
|
|
||||||
|
These are assets that are only handled in the pure build steps.
|
||||||
|
|
||||||
|
Impure packages are installed in _another_ step that runs impurely outside of
|
||||||
|
the Nix sandbox.
|
||||||
|
|
||||||
|
*/
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
makeBundle =
|
||||||
|
{ name
|
||||||
|
, bundle
|
||||||
|
}: pkgs.runCommandNoCC "${name}-archive.tar" {} ''
|
||||||
|
cp -r -L ${bundle} build
|
||||||
|
tar -cpf $out -C build .
|
||||||
|
'';
|
||||||
|
|
||||||
|
|
||||||
|
in
|
||||||
|
rec {
|
||||||
|
|
||||||
|
/*
|
||||||
|
Make a custom install bundle
|
||||||
|
*/
|
||||||
|
makePkg =
|
||||||
|
{ name
|
||||||
|
, src
|
||||||
|
, installScript
|
||||||
|
}: let
|
||||||
|
installScript_ = pkgs.writeText "${name}-install-script" installScript;
|
||||||
|
|
||||||
|
bundle = pkgs.runCommandNoCC "${name}-bundle" {} ''
|
||||||
|
mkdir build
|
||||||
|
ln -s ${src} build/"$(stripHash "${src}")"
|
||||||
|
ln -s ${installScript_} build/install.ps1
|
||||||
|
mv build $out
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
makeBundle {
|
||||||
|
inherit name bundle;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
Make an install bundle from a .msi
|
||||||
|
*/
|
||||||
|
makeMSIPkg =
|
||||||
|
{ name
|
||||||
|
, msi
|
||||||
|
, cert ? null
|
||||||
|
, ADDLOCAL ? []
|
||||||
|
, preInstall ? ""
|
||||||
|
, postInstall ? ""
|
||||||
|
}: let
|
||||||
|
installScript = pkgs.writeText "${name}-install-script" ''
|
||||||
|
${preInstall}
|
||||||
|
${if cert != null then "certutil.exe -f -addstore TrustedPublisher cert.cer" else ""}
|
||||||
|
msiexec.exe /i .\${name}.msi ${if ADDLOCAL != [] then "ADDLOCAL=" else ""}${lib.concatStringsSep "," ADDLOCAL}
|
||||||
|
${postInstall}
|
||||||
|
'';
|
||||||
|
|
||||||
|
bundle = pkgs.runCommandNoCC "${name}-bundle" {} ''
|
||||||
|
mkdir build
|
||||||
|
ln -s ${msi} build/${name}.msi
|
||||||
|
${if cert != null then "ln -s ${cert} build/cert.cer" else ""}
|
||||||
|
ln -s ${installScript} build/install.ps1
|
||||||
|
mv build $out
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
makeBundle {
|
||||||
|
inherit name bundle;
|
||||||
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
Nix cross-built packages
|
||||||
|
*/
|
||||||
|
makeCrossPkg =
|
||||||
|
{ name
|
||||||
|
, pkg
|
||||||
|
, destination ? ''C:\Program Files\${name}\''
|
||||||
|
, preInstall ? ""
|
||||||
|
, postInstall ? ""
|
||||||
|
}: let
|
||||||
|
installScript = pkgs.writeText "${name}-install-script" ''
|
||||||
|
${preInstall}
|
||||||
|
Copy-Item pkg -Destination "${destination}"
|
||||||
|
${postInstall}
|
||||||
|
'';
|
||||||
|
|
||||||
|
bundle = pkgs.runCommandNoCC "${name}-bundle" {} ''
|
||||||
|
mkdir -p build/pkg
|
||||||
|
ln -s ${pkg} build/pkg
|
||||||
|
ln -s ${installScript} build/install.ps1
|
||||||
|
mv build $out
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
makeBundle {
|
||||||
|
inherit name bundle;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,63 @@
|
||||||
|
{ pkgs
|
||||||
|
, qemuMem
|
||||||
|
, sshUser ? "user"
|
||||||
|
, sshPassword ? "user"
|
||||||
|
,
|
||||||
|
}:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
|
||||||
|
let
|
||||||
|
qemu-img = "${qemu_kvm}/bin/qemu-img";
|
||||||
|
runQemu = isolateNetwork: forwardedPorts: extraArgs:
|
||||||
|
let
|
||||||
|
restrict =
|
||||||
|
if isolateNetwork
|
||||||
|
then "on"
|
||||||
|
else "off";
|
||||||
|
# use socat instead of `tcp:…` to allow multiple connections
|
||||||
|
guestfwds =
|
||||||
|
builtins.concatStringsSep ""
|
||||||
|
(
|
||||||
|
map (
|
||||||
|
{ listenAddr, targetAddr, port }:
|
||||||
|
",guestfwd=tcp:${listenAddr}:${toString port}-cmd:${socat}/bin/socat\\ -\\ tcp:${targetAddr}:${toString port}"
|
||||||
|
) forwardedPorts
|
||||||
|
);
|
||||||
|
args = [
|
||||||
|
"-enable-kvm"
|
||||||
|
"-m"
|
||||||
|
qemuMem
|
||||||
|
"-bios"
|
||||||
|
"${OVMF.fd}/FV/OVMF.fd"
|
||||||
|
"-netdev"
|
||||||
|
"user,id=n1,net=192.168.1.0/24,restrict=${restrict},hostfwd=tcp::2022-:22${guestfwds}"
|
||||||
|
"-device"
|
||||||
|
"e1000,netdev=n1"
|
||||||
|
];
|
||||||
|
argStr = builtins.concatStringsSep " " (args ++ extraArgs);
|
||||||
|
in
|
||||||
|
"${qemu_kvm}/bin/qemu-system-x86_64 ${argStr}";
|
||||||
|
|
||||||
|
# Pass empty config file to prevent ssh from failing to create ~/.ssh
|
||||||
|
sshOpts = "-F /dev/null -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=\$TMP/known_hosts";
|
||||||
|
sshWithQuotes = quotes: cmd: ''
|
||||||
|
echo ssh windows ${quotes}${cmd}${quotes}
|
||||||
|
${sshpass}/bin/sshpass -p${sshPassword} -- \
|
||||||
|
${openssh}/bin/ssh -np 2022 ${sshOpts} \
|
||||||
|
${sshUser}@localhost \
|
||||||
|
${quotes}${cmd}${quotes}
|
||||||
|
'';
|
||||||
|
ssh = sshWithQuotes "'";
|
||||||
|
scp = src: target: ''
|
||||||
|
echo "Copy ${src} to ${target}"
|
||||||
|
${sshpass}/bin/sshpass -p${sshPassword} -- \
|
||||||
|
${openssh}/bin/scp -P 2022 ${sshOpts} \
|
||||||
|
"${src}" "${sshUser}@localhost:${target}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit qemu-img runQemu ssh sshWithQuotes scp;
|
||||||
|
inputs = [ qemu_kvm openssh sshpass ];
|
||||||
|
}
|
|
@ -0,0 +1,91 @@
|
||||||
|
{ pkgs
|
||||||
|
, sipycoPkg
|
||||||
|
, artiqPkg
|
||||||
|
, diskImage ? (import ./build.nix { inherit pkgs; })
|
||||||
|
, qemuMem ? "2G"
|
||||||
|
, testTimeout ? 600
|
||||||
|
, testCommand ? "python -m unittest discover -v sipyco.test && python -m unittest discover -v artiq.test"
|
||||||
|
,
|
||||||
|
}:
|
||||||
|
|
||||||
|
with pkgs;
|
||||||
|
|
||||||
|
let
|
||||||
|
escape = builtins.replaceStrings [ "\\" ] [ "\\\\" ];
|
||||||
|
qemu = import ./qemu.nix {
|
||||||
|
inherit pkgs qemuMem;
|
||||||
|
};
|
||||||
|
# Double-escape because we produce a script from a shell heredoc
|
||||||
|
ssh = cmd: qemu.ssh (escape cmd);
|
||||||
|
sshUnquoted = qemu.sshWithQuotes "\"";
|
||||||
|
scp = qemu.scp;
|
||||||
|
condaEnv = "artiq-env";
|
||||||
|
tcpPorts = [ 1380 1381 1382 1383 ];
|
||||||
|
forwardedPorts =
|
||||||
|
map (
|
||||||
|
port: {
|
||||||
|
listenAddr = "192.168.1.50";
|
||||||
|
targetAddr = "192.168.1.50";
|
||||||
|
inherit port;
|
||||||
|
}
|
||||||
|
) tcpPorts;
|
||||||
|
in
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
name = "windows-test-runner";
|
||||||
|
|
||||||
|
# Dummy sources
|
||||||
|
src = pkgs.runCommandNoCC "dummy" {} "touch $out";
|
||||||
|
dontUnpack = true;
|
||||||
|
|
||||||
|
propagatedBuildInputs = qemu.inputs;
|
||||||
|
dontBuild = true;
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cat > $out/bin/run.sh << EOF
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -e -m
|
||||||
|
|
||||||
|
cp ${diskImage} c.img
|
||||||
|
|
||||||
|
${qemu.runQemu true forwardedPorts [
|
||||||
|
"-boot"
|
||||||
|
"order=c"
|
||||||
|
"-snapshot"
|
||||||
|
"-drive"
|
||||||
|
"file=c.img,index=0,media=disk,cache=unsafe"
|
||||||
|
"-display"
|
||||||
|
"none"
|
||||||
|
]} &
|
||||||
|
|
||||||
|
echo "Wait for Windows to boot"
|
||||||
|
sleep 30
|
||||||
|
${ssh "ver"}
|
||||||
|
i=0
|
||||||
|
for pkg in ${sipycoPkg}/noarch/sipyco*.tar.bz2 ${artiqPkg}/noarch/artiq*.tar.bz2 ; do
|
||||||
|
${scp "\\$pkg" "to_install\\$i.tar.bz2"}
|
||||||
|
${sshUnquoted "anaconda\\scripts\\activate ${condaEnv} && conda install to_install\\$i.tar.bz2"}
|
||||||
|
((i=i+1))
|
||||||
|
done
|
||||||
|
|
||||||
|
# Schedule a timed shutdown against hanging test runs
|
||||||
|
${ssh "shutdown -s -t ${toString testTimeout}"}
|
||||||
|
|
||||||
|
FAIL=n
|
||||||
|
( ${ssh "anaconda\\scripts\\activate ${condaEnv} && ${testCommand}"} ) || FAIL=y
|
||||||
|
|
||||||
|
# Abort timeouted shutdown
|
||||||
|
${ssh "shutdown -a"}
|
||||||
|
# Power off immediately
|
||||||
|
${ssh "shutdown -p -f"}
|
||||||
|
wait
|
||||||
|
|
||||||
|
if [ "\$FAIL" = "y" ]; then
|
||||||
|
exit 1
|
||||||
|
else
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
EOF
|
||||||
|
chmod a+x $out/bin/run.sh
|
||||||
|
'';
|
||||||
|
}
|
|
@ -0,0 +1,264 @@
|
||||||
|
{ pkgs ? import <nixpkgs> {}
|
||||||
|
, lib ? pkgs.lib
|
||||||
|
, diskImageSize ? "22G"
|
||||||
|
, qemuMem ? "4G"
|
||||||
|
, windowsImage ? null
|
||||||
|
, autoUnattendParams ? {}
|
||||||
|
, packages ? []
|
||||||
|
, impureMode ? false
|
||||||
|
, baseRtc ? "2020-04-20T14:21:42"
|
||||||
|
, installCommands ? []
|
||||||
|
, users ? {}
|
||||||
|
, ...
|
||||||
|
}@attrs:
|
||||||
|
|
||||||
|
let
|
||||||
|
# qemu_test is a smaller closure only building for a single system arch
|
||||||
|
qemu = pkgs.qemu_test;
|
||||||
|
libguestfs = pkgs.libguestfs-with-appliance;
|
||||||
|
|
||||||
|
# p7zip on >20.03 has known vulns but we have no better option
|
||||||
|
p7zip = pkgs.p7zip.overrideAttrs(old: {
|
||||||
|
meta = old.meta // {
|
||||||
|
knownVulnerabilities = [];
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
|
runQemuCommand = name: command: (
|
||||||
|
pkgs.runCommandNoCC name { buildInputs = [ p7zip qemu libguestfs ]; }
|
||||||
|
(
|
||||||
|
''
|
||||||
|
if ! test -f; then
|
||||||
|
echo "KVM not available, bailing out" >> /dev/stderr
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
'' + command
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
|
windowsIso = if windowsImage != null then windowsImage else pkgs.fetchurl {
|
||||||
|
url = "https://software-download.microsoft.com/download/sg/17763.107.101029-1455.rs5_release_svc_refresh_CLIENT_LTSC_EVAL_x64FRE_en-us.iso";
|
||||||
|
sha256 = "668fe1af70c2f7416328aee3a0bb066b12dc6bbd2576f40f812b95741e18bc3a";
|
||||||
|
};
|
||||||
|
|
||||||
|
openSshServerPackage = ./openssh/server-package.cab;
|
||||||
|
|
||||||
|
autounattend = import ./autounattend.nix (
|
||||||
|
attrs // {
|
||||||
|
inherit pkgs;
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
bundleInstaller = pkgs.callPackage ./bundle {};
|
||||||
|
|
||||||
|
# Packages required to drive installation of other packages
|
||||||
|
bootstrapPkgs = let
|
||||||
|
winPkgs = import ./pkgs.nix { inherit pkgs; };
|
||||||
|
|
||||||
|
in
|
||||||
|
runQemuCommand "bootstrap-win-pkgs.img" ''
|
||||||
|
mkdir pkgs
|
||||||
|
mkdir pkgs/bootstrap
|
||||||
|
mkdir pkgs/user
|
||||||
|
mkdir pkgs/fod
|
||||||
|
|
||||||
|
cp ${bundleInstaller} pkgs/"$(stripHash "${bundleInstaller}")"
|
||||||
|
|
||||||
|
# Install optional windows features
|
||||||
|
|
||||||
|
cp ${openSshServerPackage} pkgs/fod/OpenSSH-Server-Package~31bf3856ad364e35~amd64~~.cab
|
||||||
|
|
||||||
|
# SSH setup script goes here because windows XML parser sucks
|
||||||
|
cp ${autounattend.setupScript} pkgs/ssh-setup.ps1
|
||||||
|
|
||||||
|
${lib.concatStringsSep "\n" (builtins.map (x: ''cp ${x} pkgs/bootstrap/"$(stripHash "${x}")"'') packages)}
|
||||||
|
|
||||||
|
virt-make-fs --partition --type=fat pkgs/ $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
mkQemuFlags = extraFlags: [
|
||||||
|
"-enable-kvm"
|
||||||
|
"-cpu"
|
||||||
|
"host"
|
||||||
|
"-smp"
|
||||||
|
"$NIX_BUILD_CORES"
|
||||||
|
"-m"
|
||||||
|
"${qemuMem}"
|
||||||
|
"-bios"
|
||||||
|
"${pkgs.OVMF.fd}/FV/OVMF.fd"
|
||||||
|
"-vga"
|
||||||
|
"virtio"
|
||||||
|
"-device"
|
||||||
|
"piix3-usb-uhci" # USB root hub
|
||||||
|
# "CD" drive with windows features-on-demand
|
||||||
|
# "-cdrom" "${fodIso}"
|
||||||
|
# Set the base clock inside the VM
|
||||||
|
"-rtc base=${baseRtc}"
|
||||||
|
# Always enable SSH port forward
|
||||||
|
# It's not really required for the initial setup but we do it here anyway
|
||||||
|
"-netdev user,id=n1,net=192.168.1.0/24,restrict=off,hostfwd=tcp::2022-:22"
|
||||||
|
"-device e1000,netdev=n1"
|
||||||
|
] ++ lib.optional (!impureMode) "-nographic" ++ extraFlags;
|
||||||
|
|
||||||
|
installScript = pkgs.writeScript "windows-install-script" (
|
||||||
|
let
|
||||||
|
qemuParams = mkQemuFlags [
|
||||||
|
# "CD" drive with bootstrap pkgs
|
||||||
|
"-drive"
|
||||||
|
"id=virtio-win,file=${bootstrapPkgs},if=none,format=raw,readonly=on"
|
||||||
|
"-device"
|
||||||
|
"usb-storage,drive=virtio-win"
|
||||||
|
# USB boot
|
||||||
|
"-drive"
|
||||||
|
"id=win-install,file=usbimage.img,if=none,format=raw,readonly=on"
|
||||||
|
"-device"
|
||||||
|
"usb-storage,drive=win-install"
|
||||||
|
# Output image
|
||||||
|
"-drive"
|
||||||
|
"file=c.img,index=0,media=disk,cache=unsafe"
|
||||||
|
];
|
||||||
|
in
|
||||||
|
''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
set -euxo pipefail
|
||||||
|
export PATH=${lib.makeBinPath [ p7zip qemu libguestfs ]}:$PATH
|
||||||
|
|
||||||
|
if test -z "''${NIX_BUILD_CORES+x}"; then
|
||||||
|
export NIX_BUILD_CORES=$(nproc)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create a bootable "USB" image
|
||||||
|
# Booting in USB mode circumvents the "press any key to boot from cdrom" prompt
|
||||||
|
#
|
||||||
|
# Also embed the autounattend answer file in this image
|
||||||
|
mkdir -p win
|
||||||
|
mkdir -p win/nix-win
|
||||||
|
7z x -y ${windowsIso} -owin
|
||||||
|
|
||||||
|
cp ${autounattend.autounattendXML} win/autounattend.xml
|
||||||
|
|
||||||
|
virt-make-fs --partition --type=fat win/ usbimage.img
|
||||||
|
rm -rf win
|
||||||
|
|
||||||
|
# Qemu requires files to be rw
|
||||||
|
qemu-img create -f qcow2 c.img ${diskImageSize}
|
||||||
|
env NIX_BUILD_CORES="''${NIX_BUILD_CORES:4}" qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams}
|
||||||
|
''
|
||||||
|
);
|
||||||
|
|
||||||
|
baseImage = pkgs.runCommandNoCC "windows.img" {} ''
|
||||||
|
${installScript}
|
||||||
|
mv c.img $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Use Paramiko instead of OpenSSH
|
||||||
|
#
|
||||||
|
# OpenSSH goes out of it's way to make password logins hard
|
||||||
|
# and Windows goes out of it's way to make key authentication hard
|
||||||
|
# so we're in a pretty tough spot
|
||||||
|
#
|
||||||
|
# Luckily the usage patterns are quite simple and easy to reimplement with paramiko
|
||||||
|
paramikoClient = pkgs.writeScriptBin "win" ''
|
||||||
|
#!${pkgs.python3.withPackages(ps: [ ps.paramiko ])}/bin/python
|
||||||
|
import paramiko
|
||||||
|
import os.path
|
||||||
|
import sys
|
||||||
|
|
||||||
|
|
||||||
|
def w_join(*args):
|
||||||
|
# Like os.path.join but for windows paths
|
||||||
|
return "\\".join(args)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
client = paramiko.SSHClient()
|
||||||
|
client.set_missing_host_key_policy(paramiko.client.AutoAddPolicy)
|
||||||
|
|
||||||
|
|
||||||
|
cmd = sys.argv[1]
|
||||||
|
|
||||||
|
try:
|
||||||
|
client.connect(hostname="127.0.0.1", port=2022, username="artiq", password="${users.artiq.password}", timeout=1)
|
||||||
|
|
||||||
|
if cmd == "put":
|
||||||
|
sftp = client.open_sftp()
|
||||||
|
src = sys.argv[2]
|
||||||
|
dst = sys.argv[3]
|
||||||
|
sftp.put(src, w_join(dst, os.path.basename(src)))
|
||||||
|
|
||||||
|
elif cmd == "exec":
|
||||||
|
_, stdout, stderr = client.exec_command(sys.argv[2])
|
||||||
|
|
||||||
|
sys.stdout.write(stdout.read().strip().decode())
|
||||||
|
sys.stdout.flush()
|
||||||
|
|
||||||
|
sys.stderr.write(stderr.read().strip().decode())
|
||||||
|
sys.stderr.flush()
|
||||||
|
|
||||||
|
else:
|
||||||
|
raise ValueError(f"Unhandled command: {cmd}")
|
||||||
|
except (EOFError, paramiko.ssh_exception.SSHException):
|
||||||
|
exit(1)
|
||||||
|
'';
|
||||||
|
|
||||||
|
finalImage = builtins.foldl' (acc: v: pkgs.runCommandNoCC "${v.name}.img" {
|
||||||
|
buildInputs = [
|
||||||
|
paramikoClient
|
||||||
|
qemu
|
||||||
|
];
|
||||||
|
} (let
|
||||||
|
script = pkgs.writeScript "${v.name}-script" v.script;
|
||||||
|
qemuParams = mkQemuFlags [
|
||||||
|
# Output image
|
||||||
|
"-drive"
|
||||||
|
"file=c.img,index=0,media=disk,cache=unsafe"
|
||||||
|
];
|
||||||
|
|
||||||
|
in ''
|
||||||
|
export HOME=$(mktemp -d)
|
||||||
|
|
||||||
|
# Create an image referencing the previous image in the chain
|
||||||
|
qemu-img create -f qcow2 -b ${acc} c.img
|
||||||
|
|
||||||
|
qemu-system-x86_64 ${lib.concatStringsSep " " qemuParams} &
|
||||||
|
|
||||||
|
# If the machine is not up within 10 minutes it's likely never coming up
|
||||||
|
timeout=600
|
||||||
|
|
||||||
|
# Wait for VM to be accessible
|
||||||
|
sleep 20
|
||||||
|
echo "Waiting for SSH"
|
||||||
|
while true; do
|
||||||
|
if test "$timeout" -eq 0; then
|
||||||
|
echo "SSH connection timed out"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
output=$(win exec 'echo Ran command' || echo "")
|
||||||
|
if test "$output" = "Ran command"; then
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Retrying in 1 second, timing out in $timeout seconds"
|
||||||
|
|
||||||
|
((timeout=$timeout-1))
|
||||||
|
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Executing user script to build layer"
|
||||||
|
|
||||||
|
${script}
|
||||||
|
|
||||||
|
# Allow install to "settle"
|
||||||
|
sleep 20
|
||||||
|
|
||||||
|
win exec 'shutdown /s'
|
||||||
|
|
||||||
|
mv c.img $out
|
||||||
|
'')) baseImage installCommands;
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
|
# impureMode is meant for debugging the base image, not the full incremental build process
|
||||||
|
if !(impureMode) then finalImage else assert installCommands == []; installScript
|
Loading…
Reference in New Issue