diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2014-02-15 18:23:43 +0100 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2014-02-26 04:50:54 +0100 |
| commit | 9b1862ca1fad149275e4d3e9241579b9aec9b952 (patch) | |
| tree | e771af6ac1e43f4402ad5ccf20acf19b7898f744 /pkgs/build-support/vm | |
| parent | 4e21215d52025be5338e89020874b5ed7c903e19 (diff) | |
| download | nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.tar nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.tar.gz nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.tar.bz2 nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.tar.lz nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.tar.xz nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.tar.zst nixlib-9b1862ca1fad149275e4d3e9241579b9aec9b952.zip | |
vm/windows: Move creating SSH key into install/.
This SSH key is specifically only for accessing the installed Cygwin within the Windows VM, so we only need to expose the private key. Yes, you heard right, the private key. It's not security-relevant because the machine is completely read-only, only exposed to the filesystem and networking is not available. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'pkgs/build-support/vm')
| -rw-r--r-- | pkgs/build-support/vm/windows/default.nix | 11 | ||||
| -rw-r--r-- | pkgs/build-support/vm/windows/install/default.nix | 15 |
2 files changed, 13 insertions, 13 deletions
diff --git a/pkgs/build-support/vm/windows/default.nix b/pkgs/build-support/vm/windows/default.nix index 06bf6c9bb6d2..470fac0437df 100644 --- a/pkgs/build-support/vm/windows/default.nix +++ b/pkgs/build-support/vm/windows/default.nix @@ -11,7 +11,6 @@ let base = import ./install { isoFile = winISO; productKey = "XXX"; - sshPublicKey = "${snakeOilSSH}/key.pub"; }; maybeKvm64 = lib.optional (stdenv.system == "x86_64-linux") "-cpu kvm64"; @@ -33,14 +32,6 @@ let rootModules = o.rootModules ++ lib.singleton "virtio_net"; }); - snakeOilSSH = stdenv.mkDerivation { - name = "snakeoil-ssh-cygwin"; - buildCommand = '' - ensureDir "$out" - ${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N "" - ''; - }; - controllerQemuArgs = cmd: let preInitScript = writeScript "preinit.sh" '' #!${vmTools.initrdUtils}/bin/ash -e @@ -108,7 +99,7 @@ let ${samba}/sbin/nmbd -D ${samba}/sbin/smbd -D - ${coreutils}/bin/cp -L "${snakeOilSSH}/key" /ssh.key + ${coreutils}/bin/cp -L "${base.sshKey}" /ssh.key ${coreutils}/bin/chmod 600 /ssh.key echo -n "Waiting for Windows VM to become ready" diff --git a/pkgs/build-support/vm/windows/install/default.nix b/pkgs/build-support/vm/windows/install/default.nix index fec7dac0714e..0021bae87bc8 100644 --- a/pkgs/build-support/vm/windows/install/default.nix +++ b/pkgs/build-support/vm/windows/install/default.nix @@ -1,16 +1,15 @@ { isoFile , productKey -, sshPublicKey }: let - inherit (import <nixpkgs> {}) lib runCommand; + inherit (import <nixpkgs> {}) lib stdenv runCommand openssh; bootstrapAfterLogin = runCommand "bootstrap.sh" {} '' cat > "$out" <<EOF mkdir -p ~/.ssh cat > ~/.ssh/authorized_keys <<PUBKEY - $(cat "${sshPublicKey}") + $(cat "${cygwinSshKey}/key.pub") PUBKEY ssh-host-config -y -c 'binmode ntsec' -w dummy cygrunsrv -S sshd @@ -21,6 +20,14 @@ let EOF ''; + cygwinSshKey = stdenv.mkDerivation { + name = "snakeoil-ssh-cygwin"; + buildCommand = '' + ensureDir "$out" + ${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N "" + ''; + }; + packages = [ "openssh" ]; in { @@ -36,4 +43,6 @@ in { cygwinPackages = packages; inherit productKey; }; + + sshKey = "${cygwinSshKey}/key"; } |