public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vm/windows: Move creating SSH key into install/.

Browse Source 
This SSH key is specifically only for accessing the installed Cygwin
within the Windows VM, so we only need to expose the private key. Yes,
you heard right, the private key. It's not security-relevant because the
machine is completely read-only, only exposed to the filesystem and
networking is not available.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2014-02-15 18:23:43 +01:00
parent 4e21215d52
commit 9b1862ca1f
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
pkgs/build-support/vm/windows/default.nix
View File

@ -11,7 +11,6 @@ let
base = import ./install { base = import ./install {
isoFile = winISO; isoFile = winISO;
productKey = "XXX"; productKey = "XXX";
sshPublicKey = "${snakeOilSSH}/key.pub";
}; };
maybeKvm64 = lib.optional (stdenv.system == "x86_64-linux") "-cpu kvm64"; maybeKvm64 = lib.optional (stdenv.system == "x86_64-linux") "-cpu kvm64";
@ -33,14 +32,6 @@ let
rootModules = o.rootModules ++ lib.singleton "virtio_net"; rootModules = o.rootModules ++ lib.singleton "virtio_net";
}); });
snakeOilSSH = stdenv.mkDerivation {
name = "snakeoil-ssh-cygwin";
buildCommand = ''
ensureDir "$out"
${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N ""
'';
};
controllerQemuArgs = cmd: let controllerQemuArgs = cmd: let
preInitScript = writeScript "preinit.sh" '' preInitScript = writeScript "preinit.sh" ''
#!${vmTools.initrdUtils}/bin/ash -e #!${vmTools.initrdUtils}/bin/ash -e
@ -108,7 +99,7 @@ let
${samba}/sbin/nmbd -D ${samba}/sbin/nmbd -D
${samba}/sbin/smbd -D ${samba}/sbin/smbd -D
${coreutils}/bin/cp -L "${snakeOilSSH}/key" /ssh.key ${coreutils}/bin/cp -L "${base.sshKey}" /ssh.key
${coreutils}/bin/chmod 600 /ssh.key ${coreutils}/bin/chmod 600 /ssh.key
echo -n "Waiting for Windows VM to become ready" echo -n "Waiting for Windows VM to become ready"

15
pkgs/build-support/vm/windows/install/default.nix
View File

@ -1,16 +1,15 @@
{ isoFile { isoFile
, productKey , productKey
, sshPublicKey
}: }:
let let
inherit (import <nixpkgs> {}) lib runCommand; inherit (import <nixpkgs> {}) lib stdenv runCommand openssh;
bootstrapAfterLogin = runCommand "bootstrap.sh" {} '' bootstrapAfterLogin = runCommand "bootstrap.sh" {} ''
cat > "$out" <<EOF cat > "$out" <<EOF
mkdir -p ~/.ssh mkdir -p ~/.ssh
cat > ~/.ssh/authorized_keys <<PUBKEY cat > ~/.ssh/authorized_keys <<PUBKEY
$(cat "${sshPublicKey}") $(cat "${cygwinSshKey}/key.pub")
PUBKEY PUBKEY
ssh-host-config -y -c 'binmode ntsec' -w dummy ssh-host-config -y -c 'binmode ntsec' -w dummy
cygrunsrv -S sshd cygrunsrv -S sshd
@ -21,6 +20,14 @@ let
EOF EOF
''; '';
cygwinSshKey = stdenv.mkDerivation {
name = "snakeoil-ssh-cygwin";
buildCommand = ''
ensureDir "$out"
${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N ""
'';
};
packages = [ "openssh" ]; packages = [ "openssh" ];
in { in {
@ -36,4 +43,6 @@ in {
cygwinPackages = packages; cygwinPackages = packages;
inherit productKey; inherit productKey;
}; };
sshKey = "${cygwinSshKey}/key";
} }