Configuration Common Windows

From miki
Jump to navigation Jump to search

MSYS2 on corporate PC

  • Use installer msys2-x86_64-20240507.ex.
  • Issue Install is stuck at 50% (see Issue #2580).
  • Looking in task manager with see a bash process, running /usr/bin/pacman-key --refresh-keys.
  • We kill the process and let the install proceed.
  • Issue Later on we have issue installing some packages (from Mingw64) for instance.
  • Relevant issue: #2397.
  • Some script to import key manually:
# On debian machine:
KEYS="D55E7A6D7CE9BA1587C0ACACF40D263ECA25678A 6E8FEAFF9644F54EED90EEA0790AE56A1D3CFDDC \
9DD0D4217D75A33B896159E6DA7EF2ABAEEA755C 123D4D51A1793859C2BE916BBBE514E53E0D0813 \
69985C5EB351011C78DF7F6D755B8182ACD22879 B91BCF3303284BF90CC043CA9F418C233E652008 \
AD351C50AE085775EB59333B5F92EFC1A47D45A1 87771331B3F1FF5263856A6D974C8BE49078F532 \
C65EC8966983541D52B97A16D595C9AB2C51581E 909F9599D1A2046B21FAEB3C4DF3B7664CA56930 \
5F944B027F7FE2091985AA2EFA11531AA0AA7F57 B19514FB53EB3668471B296E794DCF97F93FC717"
gpg --keyserver keys.gnupg.net --recv-keys $KEYS
gpg --export $KEYS > msys2-keys.gpg
# On MSYS2:
pacman-key --add msys2-keys.gpg
for key in $KEYS; do pacman-key --lsign-key $key; done
  • Got some corrupted db in the process, this helped:
rm /var/lib/pacman/sync
pacman -Syu      # Had to download the .sig files manually...
  • Setup http_proxy variables in .bashrc, see Proxy.
  • Tell pacman to use our corporate certificates.
  • Collect corporate root certificate by visiting one of the msys2 repository (https://repo.msys2.org) (see SO for chrome).
  • Append corporate ROOT and intermediate SSL certificates (in Base64 format, see SSL) into etc/ssl/certs/ca-bundle.crt.
  • Alternatively, copy all certificate in /etc/pki/ca-trust/source/anchors/ (in PEM format), then run update-ca-trust (but didn't seem to work for me).
  • Edit /etc/pacman.conf, here using curl:
XferCommand = /usr/bin/curl --cacert /etc/ssl/certs/ca-bundle.crt -L -C - -f -o %o %u
  • Alternatively use option --ca-directory=/usr/ssl/certs with wget.
  • Remove Tier 1 / Tier 2 mirrors from /etc/pacman.d mirror lists (for stability).
  • Install a few packages:
pacman -S openssh openssl vim base base-devel gcc procps
 ❗  If using Python, it's better to install MinGW64 toolchain:
# Install gcc for MinGW64
pacman -S mingw64/mingw-w64-x86_64-gcc
# Install python for MinGW64
pacman -S mingw-w64-x86_64-python3 mingw-w64-x86_64-python3-pip mingw-w64-x86_64-python3-numpy  mingw-w64-x86_64-python-pytest
  • This assumes that the SSH key shares the same password as the proxy
  • File bin/echo-proxy-pass:
#!/bin/bash
echo "$HTTP_PROXY_PASSWORD"
unset HTTP_PROXY_PASSWORD
  • File bin/startup.sh:
# Add our ssh keys - eval because ssh-add.list contains '~'
DISPLAY="0:0" SSH_ASKPASS="echo-proxy-pass" SSH_ASKPASS_REQUIRE=force ssh-add  ~/.ssh/id_ed25519_winmail < /dev/null
pgrep -x autossh > /dev/null || autossh -M 0 -f -N -n -q -L 9143:localhost:9143 -L 9025:localhost:9025 ovhi
# Check that ssh is running fine (must keep same PID)
ps faux|grep "bin/ssh$" && sleep 2 && ps faux|grep "bin/ssh$"