Configuration Common Windows: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== MSYS2 on corporate PC == * Use installer <code>msys2-x86_64-20240507.ex</code>. :* '''Issue''' Install is stuck at 50% (see [https://github.com/msys2/MSYS2-packages/issues/2580 Issue #2580]). :* Looking in task manager with see a <code>bash</code> process, running <code>/usr/bin/pacman-key --refresh-keys</code>. :* We kill the process and let the install proceed. * Setup the corporate proxy, see Proxy. * Tell pacman to use our corporate certificates. :* Collect co...") |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 4: | Line 4: | ||
:* Looking in task manager with see a <code>bash</code> process, running <code>/usr/bin/pacman-key --refresh-keys</code>. |
:* Looking in task manager with see a <code>bash</code> process, running <code>/usr/bin/pacman-key --refresh-keys</code>. |
||
:* We kill the process and let the install proceed. |
:* We kill the process and let the install proceed. |
||
:* '''{{red|Issue}}''' Later on we have issue installing some packages (from Mingw64) for instance. |
|||
* Setup the corporate proxy, see [[Proxy]]. |
|||
::* Relevant issue: [https://github.com/msys2/MSYS2-packages/issues/2397 #2397]. |
|||
::* Some script to import key manually: |
|||
<source lang="bash"> |
|||
# On debian machine: |
|||
KEYS="D55E7A6D7CE9BA1587C0ACACF40D263ECA25678A 6E8FEAFF9644F54EED90EEA0790AE56A1D3CFDDC \ |
|||
9DD0D4217D75A33B896159E6DA7EF2ABAEEA755C 123D4D51A1793859C2BE916BBBE514E53E0D0813 \ |
|||
69985C5EB351011C78DF7F6D755B8182ACD22879 B91BCF3303284BF90CC043CA9F418C233E652008 \ |
|||
AD351C50AE085775EB59333B5F92EFC1A47D45A1 87771331B3F1FF5263856A6D974C8BE49078F532 \ |
|||
C65EC8966983541D52B97A16D595C9AB2C51581E 909F9599D1A2046B21FAEB3C4DF3B7664CA56930 \ |
|||
5F944B027F7FE2091985AA2EFA11531AA0AA7F57 B19514FB53EB3668471B296E794DCF97F93FC717" |
|||
gpg --keyserver keys.gnupg.net --recv-keys $KEYS |
|||
gpg --export $KEYS > msys2-keys.gpg |
|||
# On MSYS2: |
|||
pacman-key --add msys2-keys.gpg |
|||
for key in $KEYS; do pacman-key --lsign-key $key; done |
|||
</source> |
|||
::* Got some corrupted db in the process, this helped: |
|||
<source lang="bash"> |
|||
rm /var/lib/pacman/sync |
|||
pacman -Syu # Had to download the .sig files manually... |
|||
</source> |
|||
⚫ | |||
* Tell pacman to use our corporate certificates. |
* Tell pacman to use our corporate certificates. |
||
:* Collect corporate root certificate by visiting one of the msys2 repository (https://repo.msys2.org) (see [https://stackoverflow.com/questions/69348953/certificate-error-when-trying-to-install-msys2-packages-on-windows-server/70398349#70398349 SO for chrome]). |
:* Collect corporate root certificate by visiting one of the msys2 repository (https://repo.msys2.org) (see [https://stackoverflow.com/questions/69348953/certificate-error-when-trying-to-install-msys2-packages-on-windows-server/70398349#70398349 SO for chrome]). |
||
:* Append corporate ROOT and intermediate SSL certificates (in Base64 format, see [[SSL]]) into {{file|etc/ssl/certs/ca-bundle.crt}}. |
:* Append corporate ROOT and intermediate SSL certificates (in Base64 format, see [[SSL]]) into {{file|etc/ssl/certs/ca-bundle.crt}}. |
||
:* Alternatively, copy all certificate in {{file|/etc/pki/ca-trust/source/anchors/}} (in PEM format), then run <code>update-ca-trust</code> (but didn't seem to work for me). |
|||
:* Edit {{file|/etc/pacman.conf}}, here using <code>curl</code>: |
:* Edit {{file|/etc/pacman.conf}}, here using <code>curl</code>: |
||
<source lang="text"> |
<source lang="text"> |
||
Line 13: | Line 36: | ||
</source> |
</source> |
||
:* Alternatively use option <code>--ca-directory=/usr/ssl/certs</code> with <code>wget</code>. |
:* Alternatively use option <code>--ca-directory=/usr/ssl/certs</code> with <code>wget</code>. |
||
* Remove Tier 1 / Tier 2 mirrors from {{file|/etc/pacman.d}} mirror lists (for stability). |
|||
* Install a few packages: |
* Install a few packages: |
||
<source lang="bash"> |
<source lang="bash"> |
||
pacman -S openssh openssl vim base base-devel gcc procps |
pacman -S openssh openssl vim base base-devel gcc procps |
||
</source> |
</source> |
||
{{warn|If using Python, it's better to install MinGW64 toolchain: |
|||
<source lang="bash"> |
|||
# Install gcc for MinGW64 |
|||
pacman -S mingw64/mingw-w64-x86_64-gcc |
|||
# Install python for MinGW64 |
|||
pacman -S mingw-w64-x86_64-python3 mingw-w64-x86_64-python3-pip mingw-w64-x86_64-python3-numpy mingw-w64-x86_64-python-pytest |
|||
</source> |
|||
}} |
|||
* Download, build and install autossh ({{file|autossh-1.4e.tgz}}). |
* Download, build and install autossh ({{file|autossh-1.4e.tgz}}). |
||
* Download, build and install connect-proxy (https://github.com/larryhou/connect-proxy.git, commit 63a650a) |
* Download, build and install connect-proxy (https://github.com/larryhou/connect-proxy.git, commit 63a650a) |
||
* Install Git For Windows. |
* Install Git For Windows. |
||
⚫ | |||
* Setup auto ssh forward for IMAP: |
* Setup auto ssh forward for IMAP: |
||
:* This assumes that the SSH key shares the same password as the proxy |
:* This assumes that the SSH key shares the same password as the proxy |
Latest revision as of 17:09, 9 July 2024
MSYS2 on corporate PC
- Use installer
msys2-x86_64-20240507.ex
.
- Issue Install is stuck at 50% (see Issue #2580).
- Looking in task manager with see a
bash
process, running/usr/bin/pacman-key --refresh-keys
. - We kill the process and let the install proceed.
- Issue Later on we have issue installing some packages (from Mingw64) for instance.
- Relevant issue: #2397.
- Some script to import key manually:
# On debian machine:
KEYS="D55E7A6D7CE9BA1587C0ACACF40D263ECA25678A 6E8FEAFF9644F54EED90EEA0790AE56A1D3CFDDC \
9DD0D4217D75A33B896159E6DA7EF2ABAEEA755C 123D4D51A1793859C2BE916BBBE514E53E0D0813 \
69985C5EB351011C78DF7F6D755B8182ACD22879 B91BCF3303284BF90CC043CA9F418C233E652008 \
AD351C50AE085775EB59333B5F92EFC1A47D45A1 87771331B3F1FF5263856A6D974C8BE49078F532 \
C65EC8966983541D52B97A16D595C9AB2C51581E 909F9599D1A2046B21FAEB3C4DF3B7664CA56930 \
5F944B027F7FE2091985AA2EFA11531AA0AA7F57 B19514FB53EB3668471B296E794DCF97F93FC717"
gpg --keyserver keys.gnupg.net --recv-keys $KEYS
gpg --export $KEYS > msys2-keys.gpg
# On MSYS2:
pacman-key --add msys2-keys.gpg
for key in $KEYS; do pacman-key --lsign-key $key; done
- Got some corrupted db in the process, this helped:
rm /var/lib/pacman/sync
pacman -Syu # Had to download the .sig files manually...
- Setup
http_proxy
variables in .bashrc, see Proxy. - Tell pacman to use our corporate certificates.
- Collect corporate root certificate by visiting one of the msys2 repository (https://repo.msys2.org) (see SO for chrome).
- Append corporate ROOT and intermediate SSL certificates (in Base64 format, see SSL) into etc/ssl/certs/ca-bundle.crt.
- Alternatively, copy all certificate in /etc/pki/ca-trust/source/anchors/ (in PEM format), then run
update-ca-trust
(but didn't seem to work for me). - Edit /etc/pacman.conf, here using
curl
:
XferCommand = /usr/bin/curl --cacert /etc/ssl/certs/ca-bundle.crt -L -C - -f -o %o %u
- Alternatively use option
--ca-directory=/usr/ssl/certs
withwget
.
- Alternatively use option
- Remove Tier 1 / Tier 2 mirrors from /etc/pacman.d mirror lists (for stability).
- Install a few packages:
pacman -S openssh openssl vim base base-devel gcc procps
❗ | If using Python, it's better to install MinGW64 toolchain:
# Install gcc for MinGW64
pacman -S mingw64/mingw-w64-x86_64-gcc
# Install python for MinGW64
pacman -S mingw-w64-x86_64-python3 mingw-w64-x86_64-python3-pip mingw-w64-x86_64-python3-numpy mingw-w64-x86_64-python-pytest
|
- Download, build and install autossh (autossh-1.4e.tgz).
- Download, build and install connect-proxy (https://github.com/larryhou/connect-proxy.git, commit 63a650a)
- Install Git For Windows.
- Setup auto ssh forward for IMAP:
- This assumes that the SSH key shares the same password as the proxy
- File bin/echo-proxy-pass:
#!/bin/bash
echo "$HTTP_PROXY_PASSWORD"
unset HTTP_PROXY_PASSWORD
- File bin/startup.sh:
# Add our ssh keys - eval because ssh-add.list contains '~'
DISPLAY="0:0" SSH_ASKPASS="echo-proxy-pass" SSH_ASKPASS_REQUIRE=force ssh-add ~/.ssh/id_ed25519_winmail < /dev/null
pgrep -x autossh > /dev/null || autossh -M 0 -f -N -n -q -L 9143:localhost:9143 -L 9025:localhost:9025 ovhi
# Check that ssh is running fine (must keep same PID)
ps faux|grep "bin/ssh$" && sleep 2 && ps faux|grep "bin/ssh$"