... | @@ -91,6 +91,49 @@ Alternatively, to run a pristine build and tests (takes a while): |
... | @@ -91,6 +91,49 @@ Alternatively, to run a pristine build and tests (takes a while): |
|
./validate
|
|
./validate
|
|
```
|
|
```
|
|
|
|
|
|
|
|
## Setting up up `sshd`
|
|
|
|
|
|
|
|
|
|
|
|
As most GHC developers are used to work on Unix workstations, having to use a graphical remote desktop session to access the CygWin/MSYS2 environment is rather disruptive to typical workflows. By setting up a SSH daemon inside the MSYS2 environment, such a CygWin/MSYS2 environment can be treated almost as yet another remote Unix environment.
|
|
|
|
|
|
|
|
|
|
|
|
While on CygWin setting up `sshd` is taken care of by the provided `ssh-host-config` shell script which creates the required user accounts and installs `sshd` as a system service in Windows, with MSYS2 these steps need to be performed manually. To this end, here's the steps needed to setup `sshd` manually (which I had to find out the hard, time-consuming way, hence documenting them here):
|
|
|
|
|
|
|
|
- `pacman -S cygrunsrv openssh`
|
|
|
|
- `ssh-keygen -A`
|
|
|
|
|
|
|
|
- Create priviledged `cyg_server` user (required in most current Windows versions)
|
|
|
|
|
|
|
|
```
|
|
|
|
# will be used as HOME
|
|
|
|
dos_var_empty=$(/usr/bin/cygpath -w /var/empty)# create some random password; this is only needed internally by cygrunsrv
|
|
|
|
_password=...
|
|
|
|
|
|
|
|
username=cyg_server
|
|
|
|
unpriv_user=sshd
|
|
|
|
|
|
|
|
# Usually, 'admingroup=Administrators'
|
|
|
|
admingroup=$(/usr/bin/mkgroup -l | /usr/bin/awk -F: '{if ( $2 == "S-1-5-32-544" ) print $1;}')# NB: From some reason, calling `net` doesn't work in MSYS's bash (seems that '/' isn't passed transparently)
|
|
|
|
net user "${username}""${_password}" /add /fullname:"Privileged server" /homedir:${dos_var_empty} /yes
|
|
|
|
|
|
|
|
net localgroup "${admingroup}""${username}" /add
|
|
|
|
|
|
|
|
net user "${unpriv_user}" /add /fullname:"${unpriv_user} privsep""/homedir:${dos_var_empty}" /active:no
|
|
|
|
|
|
|
|
# set infinite passwd expiry
|
|
|
|
passwed -e ${username}# set required priviledges;
|
|
|
|
# NOTE: `editrights.exe` doesn't seem to be packaged in MSYS2 yet;
|
|
|
|
# use editrights.exe + cygwin1.dll from a CygWin install for the meantime.
|
|
|
|
editrights -a SeAssignPrimaryTokenPrivilege -u ${username}&&\
|
|
|
|
editrights -a SeCreateTokenPrivilege -u ${username}&&\
|
|
|
|
editrights -a SeTcbPrivilege -u ${username}&&\
|
|
|
|
editrights -a SeDenyRemoteInteractiveLogonRight -u ${username}&&\
|
|
|
|
editrights -a SeServiceLogonRight -u ${username}# add passwd entry
|
|
|
|
pwd_entry="$(/usr/bin/mkpasswd -l -u "${username}"| /usr/bin/sed -n -e '/^'${username}'/s?\(^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:\).*?\1'/var'/empty:/bin/false?p')"echo"${pwd_entry}" >> "/etc/passwd"pwd_entry="$(/usr/bin/mkpasswd -l -u "${unpriv_user}"| /usr/bin/sed -n -e '/^'${unpriv_user}'/s?\(^[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:\).*?\1'/var'/empty:/bin/false?p')"echo"${pwd_entry}" >> "/etc/passwd"# finally, register service with cygrunsrv
|
|
|
|
/usr/bin/cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/bin/sshd -a "-D" -y tcpip -u cyg_server -w "${_password}"# if something doesn't work, make sure /etc/ssh*_* /var/empty /var/log/lastlog /var/log/sshd.log are accessible by cyg_server user.
|
|
|
|
# NB: if you need to tweak env-vars such as PATH or MSYSTEM, use ~/.bashrc or ~/.bash_profile
|
|
|
|
```
|
|
|
|
|
|
## Other documentation
|
|
## Other documentation
|
|
|
|
|
|
|
|
|
... | | ... | |