From 9b1862ca1fad149275e4d3e9241579b9aec9b952 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Sat, 15 Feb 2014 18:23:43 +0100
Subject: vm/windows: Move creating SSH key into install/.

This SSH key is specifically only for accessing the installed Cygwin
within the Windows VM, so we only need to expose the private key. Yes,
you heard right, the private key. It's not security-relevant because the
machine is completely read-only, only exposed to the filesystem and
networking is not available.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 pkgs/build-support/vm/windows/default.nix         | 11 +----------
 pkgs/build-support/vm/windows/install/default.nix | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 13 deletions(-)

(limited to 'pkgs/build-support/vm')

diff --git a/pkgs/build-support/vm/windows/default.nix b/pkgs/build-support/vm/windows/default.nix
index 06bf6c9bb6d2..470fac0437df 100644
--- a/pkgs/build-support/vm/windows/default.nix
+++ b/pkgs/build-support/vm/windows/default.nix
@@ -11,7 +11,6 @@ let
   base = import ./install {
     isoFile = winISO;
     productKey = "XXX";
-    sshPublicKey = "${snakeOilSSH}/key.pub";
   };
 
   maybeKvm64 = lib.optional (stdenv.system == "x86_64-linux") "-cpu kvm64";
@@ -33,14 +32,6 @@ let
     rootModules = o.rootModules ++ lib.singleton "virtio_net";
   });
 
-  snakeOilSSH = stdenv.mkDerivation {
-    name = "snakeoil-ssh-cygwin";
-    buildCommand = ''
-      ensureDir "$out"
-      ${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N ""
-    '';
-  };
-
   controllerQemuArgs = cmd: let
     preInitScript = writeScript "preinit.sh" ''
       #!${vmTools.initrdUtils}/bin/ash -e
@@ -108,7 +99,7 @@ let
 
       ${samba}/sbin/nmbd -D
       ${samba}/sbin/smbd -D
-      ${coreutils}/bin/cp -L "${snakeOilSSH}/key" /ssh.key
+      ${coreutils}/bin/cp -L "${base.sshKey}" /ssh.key
       ${coreutils}/bin/chmod 600 /ssh.key
 
       echo -n "Waiting for Windows VM to become ready"
diff --git a/pkgs/build-support/vm/windows/install/default.nix b/pkgs/build-support/vm/windows/install/default.nix
index fec7dac0714e..0021bae87bc8 100644
--- a/pkgs/build-support/vm/windows/install/default.nix
+++ b/pkgs/build-support/vm/windows/install/default.nix
@@ -1,16 +1,15 @@
 { isoFile
 , productKey
-, sshPublicKey
 }:
 
 let
-  inherit (import <nixpkgs> {}) lib runCommand;
+  inherit (import <nixpkgs> {}) lib stdenv runCommand openssh;
 
   bootstrapAfterLogin = runCommand "bootstrap.sh" {} ''
     cat > "$out" <<EOF
     mkdir -p ~/.ssh
     cat > ~/.ssh/authorized_keys <<PUBKEY
-    $(cat "${sshPublicKey}")
+    $(cat "${cygwinSshKey}/key.pub")
     PUBKEY
     ssh-host-config -y -c 'binmode ntsec' -w dummy
     cygrunsrv -S sshd
@@ -21,6 +20,14 @@ let
     EOF
   '';
 
+  cygwinSshKey = stdenv.mkDerivation {
+    name = "snakeoil-ssh-cygwin";
+    buildCommand = ''
+      ensureDir "$out"
+      ${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N ""
+    '';
+  };
+
   packages = [ "openssh" ];
 
 in {
@@ -36,4 +43,6 @@ in {
     cygwinPackages = packages;
     inherit productKey;
   };
+
+  sshKey = "${cygwinSshKey}/key";
 }
-- 
cgit 1.4.1