neptards
/
libshit
Code Issues 1 Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
test-doctest
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
libshit/tools/README.md

125 lines
7.2 KiB
Markdown
Raw Permalink Blame History

The scripts in this folder are used by a jenkins slave to build and test
neptools. To use it you'll need an amd64 sysroot, a qemu image of win 7 (or
later) with ssh, wine, msvc includes+libs, patched clang, gcc, and probably
else. Documetation is mostly non-existing.
Sysroot creation
================
You need docker to run this script, it will place the base sysroot in your
working directory. Readline and its deps (ncurses, tinfo) were required by ljx
cli, TODO remove them.
```sh
docker run --rm jimbly/steamrt-amd64-gcc bash -c 'sed -i -re "s/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g" /etc/apt/sources.list && apt-get update >&2 && apt-get -y install libreadline6-dev >&2 && dpkg-query -L libc6 libc6-dev linux-libc-dev libgcc1 gcc-4.6 libreadline6-dev libncurses5-dev libtinfo-dev libstdc++6-4.6-dev | grep -E "^(/usr/include/|/usr/lib/|/lib/)" | xargs tar cvh --no-recursion' | tar x
rm usr/lib/x86_64-linux-gnu/lib{readline,ncurses,tinfo}.so
mv usr/lib/x86_64-linux-gnu/lib{*_nonshared,readline,ncurses,tinfo}.a ./
rm usr/lib/x86_64-linux-gnu/*.a
rm -r usr/lib/x86_64-linux-gnu/{gconv,libc}
rm usr/lib/gcc/x86_64-linux-gnu/*/{lto1,lto-wrapper}
mv lib{*_nonshared,readline,ncurses,tinfo}.a usr/lib/x86_64-linux-gnu/
mkdir lib64
ln -s ../lib/x86_64-linux-gnu/ld-2.15.so lib64/ld-linux-x86-64.so.2
```
Windows VM creationg
====================
There are two windows VMs at the moment, a 32-bit XP SP3 with zero updates and a
64-bit Win7 SP1 + probably some updates. I didn't take any notes when I made the
win7 VM, but with XP it went something like this:
* Qemu settings: `-enable-kvm -nodefaults -machine pc-i440fx-2.7 -m 1024
-cpu pentium2,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff
-smp cores=2,sockets=1 -rtc base=localtime
-drive file=$image_file,id=disk,format=qcow2,discard=unmap,detect-zeroes=unmap,cache=unsafe,if=none
-device virtio-blk,drive=disk
-netdev user,restrict=on,ipv6=off,id=mynet,hostfwd=tcp:127.0.0.1:2222-:22
-device virtio-net,netdev=mynet,id=mynic -vga std -usbdevice tablet`
XP itself can run with pentium, but ucrt used by vc 14.11 requires pentium2.
Also, with kvm it's not possible to disable every feature not supported by
pentium(2) but supported by your host, you need to use CPU emulation if you
need that, but it's very slow. My recommendation is to install the OS with
KVM, then disable and create a snapshot after it booted.
* Get an original WinXP SP3 iso
* Install with ~default settings, user password not needed
* Essential settings: set visual settings to performance, remove unneeded
windows components, disable windows firewall (and probably the whole security
center nonsense)
* Computer -> Manage -> Services, and disable "Error Reporting Service"
(otherwise if the test crashes, it'll hang the SSH connection since it'll wait
for the non-existing user to close the graphical dialog that is being
redirected to /dev/null)
* Install MSVC redist 12 (2013) and 14.11 (2017)
* SSH server: [freesshd] Manually add a user with some dummy password. As of
OpenSSH-8.6, you'll have to specify to `-o HostKeyAlgorithms=ssh-rsa,ssh-dss`
to be able to connect to the server. If you want to run "shell" commands, you
neet to run it as `ssh user@host cmd /c 'your commandline'`.
Alternative SSH servers:
* [kpym]: can't run commands, only supports interactive sessions, garbage.
* [bitvise ssh][bitvise]: intaller crashed with an unknown instruction when I
tried. It needs more than a pentium cpu, but it doesn't document which.
* [sshwindows]: didn't try, last release in 2004
* Microsoft's OpenSSH: "official" port of OpenSSH to windows. Requires win7 (and
a fair amount of swearing, as the provided PowerShell installer doesn't
fucking work on win7. Also have fun finding the installer online, all they
document is how to install this shit on botnet 10). Requires you to have a
password on your windows user if you want to login with password. Used in the
win7 vm, but if I reinstall it, I'm not sure I'll use this again.
[freesshd]: http://www.freesshd.com/?ctt=download
[kpym]: http://www.kpym.com/2/kpym/download.htm
[bitvise]: https://www.bitvise.com/
[sshwindows]: http://sshwindows.sourceforge.net/
General tips:
* You basically have two options to authenticate with an SSH server: password
and public key based. Public key based is the normally recommended way to use
in scripts, but it's a pain in the ass to set up (you have to copy the pubkey
of your build chroot's BEFORE you make the final disk image and copy it to the
build machine, you can't easily use the VM from other machines unless you copy
*every* relevant pubkey there. It's much easier to get `sshpass` and just pass
the password on the command line (and use `-o StrictHostKeyChecking=no` to get
rid of the host key verification prompt). It's pointless to argue about
security when your user has RW access to the SSH server's disk image and the
SSH server is never exposed to a network anyway.
* OpenSSH has a fantastic security anti-feature that it automatically writes the
pubkey of every server you ever connect to, then it complains that the key
changed after you try to connect to a different VM, forcing you to manually
edit the known hosts files, or more likely just `rm ~/.ssh/known_hosts`
because ain't nobody got time for that shit. The CI scripts solves this
problem by running SSH in a mount namespace where it doesn't have write access
to `~/.ssh`...
How to create an image that's small and can be loaded fast:
1. Install & configure everything you need, copy [sdelete] to the VM
2. It's a good idea to make a snapshot with `qemu-img snapshot -c $snapshot_name
$disk_image` if you use a qcow2 disk image.
3. Unless you want to inflate your disk image to its maximum size, make sure you
use `discard=unmap,detect-zeroes=unmap` with your disk drive.
4. Boot windows, run `sdelete -z c`, (delete sdelete), shutdown
5. Now start qemu with `-snapshot`, wait until windows boots and network/ssh is
ready
6. Qemu console: `migrate -i "exec:cat > $state_file"` then quit
7. You can try it with `-snapshot` and `-incoming "exec:cat $state_file"`
8. If it's working, time to shrink these huge images. For the base disk image:
`qemu-img convert -p -f qcow2 -O qcow2 -o compression_type=zstd -c $disk_img
$output_img`. For the migration state file, just compress it with whatever
you like, I used `zstd --ultra -22`. Note that qemu compresses with the
default 3 compression level, if you want your disk images to be a few percent
smaller while spending 5x more time compressing it, apply
`qemu-6.0.0-zstd.patch` and recompile qemu.
9. Test that it still works. Run qemu with `$output_img` as disk image, still
with `-snapshot` and `-incoming "exec:zstdcat $compressed_state_file"`.
10. If you fucked up anything, go back to the snapshot you made with `qemu-img
snapshot -a $snapshot_name $disk_image`, fix the problems, then try again
from step 2.
If you use an OS with discard/trim support it might be better to use
virtio-scsi-pci/scsi-hd instead of virtio-blk, and issue an `fstrim` (or
whatever command is required for your OS) instead of manually overwriting every
unused sector with zeroes.
[sdelete]: https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
Reference in New Issue View Git Blame Copy Permalink