Configuration Common Windows: Difference between revisions
Jump to navigation
Jump to search
Line 36: | Line 36: | ||
</source> |
</source> |
||
:* Alternatively use option <code>--ca-directory=/usr/ssl/certs</code> with <code>wget</code>. |
:* Alternatively use option <code>--ca-directory=/usr/ssl/certs</code> with <code>wget</code>. |
||
* Remove Tier 1 / Tier 2 mirrors from {{file|/etc/pacman.d}} mirror lists (for stability). |
|||
* Install a few packages: |
* Install a few packages: |
||
<source lang="bash"> |
<source lang="bash"> |
Revision as of 16:37, 9 July 2024
MSYS2 on corporate PC
- Use installer
msys2-x86_64-20240507.ex
.
- Issue Install is stuck at 50% (see Issue #2580).
- Looking in task manager with see a
bash
process, running/usr/bin/pacman-key --refresh-keys
. - We kill the process and let the install proceed.
- Issue Later on we have issue installing some packages (from Mingw64) for instance.
- Relevant issue: #2397.
- Some script to import key manually:
# On debian machine:
KEYS="D55E7A6D7CE9BA1587C0ACACF40D263ECA25678A 6E8FEAFF9644F54EED90EEA0790AE56A1D3CFDDC \
9DD0D4217D75A33B896159E6DA7EF2ABAEEA755C 123D4D51A1793859C2BE916BBBE514E53E0D0813 \
69985C5EB351011C78DF7F6D755B8182ACD22879 B91BCF3303284BF90CC043CA9F418C233E652008 \
AD351C50AE085775EB59333B5F92EFC1A47D45A1 87771331B3F1FF5263856A6D974C8BE49078F532 \
C65EC8966983541D52B97A16D595C9AB2C51581E 909F9599D1A2046B21FAEB3C4DF3B7664CA56930 \
5F944B027F7FE2091985AA2EFA11531AA0AA7F57 B19514FB53EB3668471B296E794DCF97F93FC717"
gpg --keyserver keys.gnupg.net --recv-keys $KEYS
gpg --export $KEYS > msys2-keys.gpg
# On MSYS2:
pacman-key --add msys2-keys.gpg
for key in $KEYS; do pacman-key --lsign-key $key; done
- Got some corrupted db in the process, this helped:
rm /var/lib/pacman/sync
pacman -Syu # Had to download the .sig files manually...
- Setup
http_proxy
variables in .bashrc, see Proxy. - Tell pacman to use our corporate certificates.
- Collect corporate root certificate by visiting one of the msys2 repository (https://repo.msys2.org) (see SO for chrome).
- Append corporate ROOT and intermediate SSL certificates (in Base64 format, see SSL) into etc/ssl/certs/ca-bundle.crt.
- Alternatively, copy all certificate in /etc/pki/ca-trust/source/anchors/ (in PEM format), then run
update-ca-trust
(but didn't seem to work for me). - Edit /etc/pacman.conf, here using
curl
:
XferCommand = /usr/bin/curl --cacert /etc/ssl/certs/ca-bundle.crt -L -C - -f -o %o %u
- Alternatively use option
--ca-directory=/usr/ssl/certs
withwget
.
- Alternatively use option
- Remove Tier 1 / Tier 2 mirrors from /etc/pacman.d mirror lists (for stability).
- Install a few packages:
pacman -S openssh openssl vim base base-devel gcc procps
- Download, build and install autossh (autossh-1.4e.tgz).
- Download, build and install connect-proxy (https://github.com/larryhou/connect-proxy.git, commit 63a650a)
- Install Git For Windows.
- Setup auto ssh forward for IMAP:
- This assumes that the SSH key shares the same password as the proxy
- File bin/echo-proxy-pass:
#!/bin/bash
echo "$HTTP_PROXY_PASSWORD"
unset HTTP_PROXY_PASSWORD
- File bin/startup.sh:
# Add our ssh keys - eval because ssh-add.list contains '~'
DISPLAY="0:0" SSH_ASKPASS="echo-proxy-pass" SSH_ASKPASS_REQUIRE=force ssh-add ~/.ssh/id_ed25519_winmail < /dev/null
pgrep -x autossh > /dev/null || autossh -M 0 -f -N -n -q -L 9143:localhost:9143 -L 9025:localhost:9025 ovhi
# Check that ssh is running fine (must keep same PID)
ps faux|grep "bin/ssh$" && sleep 2 && ps faux|grep "bin/ssh$"