vm/windows: Move creating SSH key into install/.

This SSH key is specifically only for accessing the installed Cygwin within the Windows VM, so we only need to expose the private key. Yes, you heard right, the private key. It's not security-relevant because the machine is completely read-only, only exposed to the filesystem and networking is not available. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-15 18:23:43 +01:00 · 2014-02-15 18:23:43 +01:00 · 9b1862ca1f
commit 9b1862ca1f
parent 4e21215d52
2 changed files with 13 additions and 13 deletions
--- a/pkgs/build-support/vm/windows/default.nix
+++ b/pkgs/build-support/vm/windows/default.nix
@ -11,7 +11,6 @@ let
  base = import ./install {
    isoFile = winISO;
    productKey = "XXX";
-    sshPublicKey = "${snakeOilSSH}/key.pub";
  };

  maybeKvm64 = lib.optional (stdenv.system == "x86_64-linux") "-cpu kvm64";
@ -33,14 +32,6 @@ let
    rootModules = o.rootModules ++ lib.singleton "virtio_net";
  });

-  snakeOilSSH = stdenv.mkDerivation {
-    name = "snakeoil-ssh-cygwin";
-    buildCommand = ''
-      ensureDir "$out"
-      ${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N ""
-    '';
-  };
-
  controllerQemuArgs = cmd: let
    preInitScript = writeScript "preinit.sh" ''
      #!${vmTools.initrdUtils}/bin/ash -e
@ -108,7 +99,7 @@ let

      ${samba}/sbin/nmbd -D
      ${samba}/sbin/smbd -D
-      ${coreutils}/bin/cp -L "${snakeOilSSH}/key" /ssh.key
+      ${coreutils}/bin/cp -L "${base.sshKey}" /ssh.key
      ${coreutils}/bin/chmod 600 /ssh.key

      echo -n "Waiting for Windows VM to become ready"
--- a/pkgs/build-support/vm/windows/install/default.nix
+++ b/pkgs/build-support/vm/windows/install/default.nix
@ -1,16 +1,15 @@
 { isoFile
 , productKey
-, sshPublicKey
 }:

 let
-  inherit (import <nixpkgs> {}) lib runCommand;
+  inherit (import <nixpkgs> {}) lib stdenv runCommand openssh;

  bootstrapAfterLogin = runCommand "bootstrap.sh" {} ''
    cat > "$out" <<EOF
    mkdir -p ~/.ssh
    cat > ~/.ssh/authorized_keys <<PUBKEY
-    $(cat "${sshPublicKey}")
+    $(cat "${cygwinSshKey}/key.pub")
    PUBKEY
    ssh-host-config -y -c 'binmode ntsec' -w dummy
    cygrunsrv -S sshd
@ -21,6 +20,14 @@ let
    EOF
  '';

+  cygwinSshKey = stdenv.mkDerivation {
+    name = "snakeoil-ssh-cygwin";
+    buildCommand = ''
+      ensureDir "$out"
+      ${openssh}/bin/ssh-keygen -t ecdsa -f "$out/key" -N ""
+    '';
+  };
+
  packages = [ "openssh" ];

 in {
@ -36,4 +43,6 @@ in {
    cygwinPackages = packages;
    inherit productKey;
  };
+
+  sshKey = "${cygwinSshKey}/key";
 }