neptards
/
libshit
Code Issues 1 Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
test-doctest
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
libshit/tools/README.md

7.2 KiB
Raw Permalink Blame History

The scripts in this folder are used by a jenkins slave to build and test neptools. To use it you'll need an amd64 sysroot, a qemu image of win 7 (or later) with ssh, wine, msvc includes+libs, patched clang, gcc, and probably else. Documetation is mostly non-existing.

Sysroot creation

You need docker to run this script, it will place the base sysroot in your working directory. Readline and its deps (ncurses, tinfo) were required by ljx cli, TODO remove them.

docker run --rm jimbly/steamrt-amd64-gcc bash -c 'sed -i -re "s/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g" /etc/apt/sources.list && apt-get update >&2 && apt-get -y install libreadline6-dev >&2 && dpkg-query -L libc6 libc6-dev linux-libc-dev libgcc1 gcc-4.6 libreadline6-dev libncurses5-dev libtinfo-dev libstdc++6-4.6-dev | grep -E "^(/usr/include/|/usr/lib/|/lib/)" | xargs tar cvh --no-recursion' | tar x
rm usr/lib/x86_64-linux-gnu/lib{readline,ncurses,tinfo}.so
mv usr/lib/x86_64-linux-gnu/lib{*_nonshared,readline,ncurses,tinfo}.a ./
rm usr/lib/x86_64-linux-gnu/*.a
rm -r usr/lib/x86_64-linux-gnu/{gconv,libc}
rm usr/lib/gcc/x86_64-linux-gnu/*/{lto1,lto-wrapper}
mv lib{*_nonshared,readline,ncurses,tinfo}.a usr/lib/x86_64-linux-gnu/
mkdir lib64
ln -s ../lib/x86_64-linux-gnu/ld-2.15.so lib64/ld-linux-x86-64.so.2

Windows VM creationg

There are two windows VMs at the moment, a 32-bit XP SP3 with zero updates and a 64-bit Win7 SP1 + probably some updates. I didn't take any notes when I made the win7 VM, but with XP it went something like this:

  • Qemu settings: -enable-kvm -nodefaults -machine pc-i440fx-2.7 -m 1024 -cpu pentium2,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff -smp cores=2,sockets=1 -rtc base=localtime -drive file=$image_file,id=disk,format=qcow2,discard=unmap,detect-zeroes=unmap,cache=unsafe,if=none -device virtio-blk,drive=disk -netdev user,restrict=on,ipv6=off,id=mynet,hostfwd=tcp:127.0.0.1:2222-:22 -device virtio-net,netdev=mynet,id=mynic -vga std -usbdevice tablet XP itself can run with pentium, but ucrt used by vc 14.11 requires pentium2. Also, with kvm it's not possible to disable every feature not supported by pentium(2) but supported by your host, you need to use CPU emulation if you need that, but it's very slow. My recommendation is to install the OS with KVM, then disable and create a snapshot after it booted.
  • Get an original WinXP SP3 iso
  • Install with ~default settings, user password not needed
  • Essential settings: set visual settings to performance, remove unneeded windows components, disable windows firewall (and probably the whole security center nonsense)
  • Computer -> Manage -> Services, and disable "Error Reporting Service" (otherwise if the test crashes, it'll hang the SSH connection since it'll wait for the non-existing user to close the graphical dialog that is being redirected to /dev/null)
  • Install MSVC redist 12 (2013) and 14.11 (2017)
  • SSH server: freesshd Manually add a user with some dummy password. As of OpenSSH-8.6, you'll have to specify to -o HostKeyAlgorithms=ssh-rsa,ssh-dss to be able to connect to the server. If you want to run "shell" commands, you neet to run it as ssh user@host cmd /c 'your commandline'.

Alternative SSH servers:

  • kpym: can't run commands, only supports interactive sessions, garbage.
  • bitvise ssh: intaller crashed with an unknown instruction when I tried. It needs more than a pentium cpu, but it doesn't document which.
  • sshwindows: didn't try, last release in 2004
  • Microsoft's OpenSSH: "official" port of OpenSSH to windows. Requires win7 (and a fair amount of swearing, as the provided PowerShell installer doesn't fucking work on win7. Also have fun finding the installer online, all they document is how to install this shit on botnet 10). Requires you to have a password on your windows user if you want to login with password. Used in the win7 vm, but if I reinstall it, I'm not sure I'll use this again.

General tips:

  • You basically have two options to authenticate with an SSH server: password and public key based. Public key based is the normally recommended way to use in scripts, but it's a pain in the ass to set up (you have to copy the pubkey of your build chroot's BEFORE you make the final disk image and copy it to the build machine, you can't easily use the VM from other machines unless you copy every relevant pubkey there. It's much easier to get sshpass and just pass the password on the command line (and use -o StrictHostKeyChecking=no to get rid of the host key verification prompt). It's pointless to argue about security when your user has RW access to the SSH server's disk image and the SSH server is never exposed to a network anyway.
  • OpenSSH has a fantastic security anti-feature that it automatically writes the pubkey of every server you ever connect to, then it complains that the key changed after you try to connect to a different VM, forcing you to manually edit the known hosts files, or more likely just rm ~/.ssh/known_hosts because ain't nobody got time for that shit. The CI scripts solves this problem by running SSH in a mount namespace where it doesn't have write access to ~/.ssh...

How to create an image that's small and can be loaded fast:

  1. Install & configure everything you need, copy sdelete to the VM
  2. It's a good idea to make a snapshot with qemu-img snapshot -c $snapshot_name $disk_image if you use a qcow2 disk image.
  3. Unless you want to inflate your disk image to its maximum size, make sure you use discard=unmap,detect-zeroes=unmap with your disk drive.
  4. Boot windows, run sdelete -z c, (delete sdelete), shutdown
  5. Now start qemu with -snapshot, wait until windows boots and network/ssh is ready
  6. Qemu console: migrate -i "exec:cat > $state_file" then quit
  7. You can try it with -snapshot and -incoming "exec:cat $state_file"
  8. If it's working, time to shrink these huge images. For the base disk image: qemu-img convert -p -f qcow2 -O qcow2 -o compression_type=zstd -c $disk_img $output_img. For the migration state file, just compress it with whatever you like, I used zstd --ultra -22. Note that qemu compresses with the default 3 compression level, if you want your disk images to be a few percent smaller while spending 5x more time compressing it, apply qemu-6.0.0-zstd.patch and recompile qemu.
  9. Test that it still works. Run qemu with $output_img as disk image, still with -snapshot and -incoming "exec:zstdcat $compressed_state_file".
  10. If you fucked up anything, go back to the snapshot you made with qemu-img snapshot -a $snapshot_name $disk_image, fix the problems, then try again from step 2.

If you use an OS with discard/trim support it might be better to use virtio-scsi-pci/scsi-hd instead of virtio-blk, and issue an fstrim (or whatever command is required for your OS) instead of manually overwriting every unused sector with zeroes.