Skip to content

Commit 0668244

Browse files
CMGSCMGS
committed
a version to test qcow2
1 parent 3ac4ede commit 0668244

3 files changed

Lines changed: 79 additions & 43 deletions

File tree

autounattend.xml

Lines changed: 58 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -8,14 +8,13 @@
88
</component>
99
<component name="Microsoft-Windows-PnpCustomizationsWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
1010
<DriverPaths>
11-
<!-- attestation drivers: Win11/amd64/{driver} structure -->
11+
<!-- virtio-win ISO: try both attestation and standard layout, on D: and E: -->
1212
<PathAndCredentials wcm:action="add" wcm:keyValue="1"><Path>D:\Win11\amd64\viostor</Path></PathAndCredentials>
1313
<PathAndCredentials wcm:action="add" wcm:keyValue="2"><Path>E:\Win11\amd64\viostor</Path></PathAndCredentials>
1414
<PathAndCredentials wcm:action="add" wcm:keyValue="3"><Path>D:\Win11\amd64\NetKvm</Path></PathAndCredentials>
1515
<PathAndCredentials wcm:action="add" wcm:keyValue="4"><Path>E:\Win11\amd64\NetKvm</Path></PathAndCredentials>
1616
<PathAndCredentials wcm:action="add" wcm:keyValue="5"><Path>D:\Win11\amd64\Balloon</Path></PathAndCredentials>
1717
<PathAndCredentials wcm:action="add" wcm:keyValue="6"><Path>E:\Win11\amd64\Balloon</Path></PathAndCredentials>
18-
<!-- fallback: standard virtio-win ISO paths -->
1918
<PathAndCredentials wcm:action="add" wcm:keyValue="7"><Path>D:\viostor\w11\amd64</Path></PathAndCredentials>
2019
<PathAndCredentials wcm:action="add" wcm:keyValue="8"><Path>E:\viostor\w11\amd64</Path></PathAndCredentials>
2120
<PathAndCredentials wcm:action="add" wcm:keyValue="9"><Path>D:\NetKVM\w11\amd64</Path></PathAndCredentials>
@@ -42,6 +41,7 @@
4241
<UserData><AcceptEula>true</AcceptEula><ProductKey><Key>VK7JG-NPHTM-C97JM-9MPGT-3V66T</Key><WillShowUI>OnError</WillShowUI></ProductKey></UserData>
4342
</component>
4443
</settings>
44+
4545
<settings pass="specialize">
4646
<component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
4747
<RunSynchronous>
@@ -55,8 +55,8 @@
5555
<InputLocale>0409:00000409</InputLocale>
5656
</component>
5757
</settings>
58+
5859
<settings pass="oobeSystem">
59-
<!-- V11: Force US keyboard in oobeSystem; locale untouched so image default is used -->
6060
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
6161
<InputLocale>0409:00000409</InputLocale>
6262
</component>
@@ -65,46 +65,61 @@
6565
<UserAccounts><LocalAccounts><LocalAccount wcm:action="add"><Name>cocoon</Name><Group>Administrators</Group><Password><Value>QwBAAGMAIwBvAG4AMQA2ADAAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></Password></LocalAccount></LocalAccounts></UserAccounts>
6666
<AutoLogon><Enabled>true</Enabled><Username>cocoon</Username><Password><Value>QwBAAGMAIwBvAG4AMQA2ADAAUABhAHMAcwB3AG8AcgBkAA==</Value><PlainText>false</PlainText></Password><LogonCount>9999</LogonCount></AutoLogon>
6767
<FirstLogonCommands>
68-
<SynchronousCommand wcm:action="add"><Order>1</Order><CommandLine>powershell -Command "Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0"</CommandLine></SynchronousCommand>
69-
<SynchronousCommand wcm:action="add"><Order>2</Order><CommandLine>powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'"</CommandLine></SynchronousCommand>
70-
<SynchronousCommand wcm:action="add"><Order>3</Order><CommandLine>powershell -Command "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0; Start-Service sshd; Set-Service -Name sshd -StartupType Automatic"</CommandLine></SynchronousCommand>
71-
<SynchronousCommand wcm:action="add"><Order>4</Order><CommandLine>powershell -Command "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22"</CommandLine></SynchronousCommand>
72-
<SynchronousCommand wcm:action="add"><Order>5</Order><CommandLine>netsh advfirewall firewall add rule name="Allow ICMPv4" protocol=icmpv4:8,any dir=in action=allow</CommandLine></SynchronousCommand>
73-
<SynchronousCommand wcm:action="add"><Order>6</Order><CommandLine>netsh advfirewall set allprofiles state off</CommandLine></SynchronousCommand>
74-
<SynchronousCommand wcm:action="add"><Order>7</Order><CommandLine>powercfg /h off</CommandLine></SynchronousCommand>
75-
<SynchronousCommand wcm:action="add"><Order>8</Order><CommandLine>bcdedit /emssettings emsport:1 emsbaudrate:115200</CommandLine></SynchronousCommand>
76-
<SynchronousCommand wcm:action="add"><Order>9</Order><CommandLine>bcdedit /ems on</CommandLine></SynchronousCommand>
77-
<SynchronousCommand wcm:action="add"><Order>10</Order><CommandLine>bcdedit /bootems on</CommandLine></SynchronousCommand>
78-
<SynchronousCommand wcm:action="add"><Order>11</Order><CommandLine>sc config TermService start=auto</CommandLine></SynchronousCommand>
79-
<!-- V13: True SAC on Win11 client requires the EMS-SAC FoD; bcdedit flags alone are not enough. -->
80-
<SynchronousCommand wcm:action="add"><Order>12</Order><CommandLine>powershell -Command "$cap = Get-WindowsCapability -Online -Name Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0; if ($cap.State -ne 'Installed') { Add-WindowsCapability -Online -Name Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0 }"</CommandLine></SynchronousCommand>
81-
<!-- V10: Set network Private (required before WinRM AllowUnencrypted) -->
82-
<SynchronousCommand wcm:action="add"><Order>13</Order><CommandLine>powershell -Command "Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private"</CommandLine></SynchronousCommand>
83-
<!-- V10: WinRM for remote management -->
84-
<SynchronousCommand wcm:action="add"><Order>14</Order><CommandLine>powershell -Command "Enable-PSRemoting -Force -SkipNetworkProfileCheck"</CommandLine></SynchronousCommand>
85-
<SynchronousCommand wcm:action="add"><Order>15</Order><CommandLine>powershell -Command "Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True"</CommandLine></SynchronousCommand>
86-
<SynchronousCommand wcm:action="add"><Order>16</Order><CommandLine>powershell -Command "Set-Item WSMan:\localhost\Service\Auth\Basic -Value True"</CommandLine></SynchronousCommand>
87-
<SynchronousCommand wcm:action="add"><Order>17</Order><CommandLine>powershell -Command "New-NetFirewallRule -Name winrm -DisplayName 'WinRM HTTP' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 5985"</CommandLine></SynchronousCommand>
88-
<!-- V10: Force hostname (specialize ComputerName unreliable on 25H2) -->
89-
<SynchronousCommand wcm:action="add"><Order>18</Order><CommandLine>powershell -Command "Rename-Computer -NewName 'COCOON-VM' -Force"</CommandLine></SynchronousCommand>
90-
<!-- V10: Silent install virtio-win guest tools (drivers + QEMU Guest Agent + spice agent) -->
91-
<SynchronousCommand wcm:action="add"><Order>19</Order><CommandLine>cmd /c "if exist D:\virtio-win-guest-tools.exe (D:\virtio-win-guest-tools.exe /S) else if exist E:\virtio-win-guest-tools.exe (E:\virtio-win-guest-tools.exe /S)"</CommandLine></SynchronousCommand>
92-
<!-- V12: Set ACPI power button action to "Shut down" (default is Sleep/Do nothing).
93-
On Win11 25H2 the PBUTTONACTION setting is hidden by default (Attributes=1),
94-
so powercfg /setacvalueindex silently no-ops when using the friendly alias.
95-
Fix: unhide it first, then reference by full GUID (the alias resolver also
96-
fails for hidden settings). -->
97-
<SynchronousCommand wcm:action="add"><Order>20</Order><CommandLine>powercfg /attributes 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 -ATTRIB_HIDE</CommandLine></SynchronousCommand>
98-
<SynchronousCommand wcm:action="add"><Order>21</Order><CommandLine>powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS 7648efa3-dd9c-4e3e-b566-50f929386280 3</CommandLine></SynchronousCommand>
99-
<SynchronousCommand wcm:action="add"><Order>22</Order><CommandLine>powercfg /setdcvalueindex SCHEME_CURRENT SUB_BUTTONS 7648efa3-dd9c-4e3e-b566-50f929386280 3</CommandLine></SynchronousCommand>
100-
<SynchronousCommand wcm:action="add"><Order>23</Order><CommandLine>powercfg /setactive SCHEME_CURRENT</CommandLine></SynchronousCommand>
101-
<!-- V10: Speed up shutdown via SSH/WinRM -->
102-
<SynchronousCommand wcm:action="add"><Order>24</Order><CommandLine>reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 5000 /f</CommandLine></SynchronousCommand>
103-
<SynchronousCommand wcm:action="add"><Order>25</Order><CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableShutdownNamedPipeCheck /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
104-
<!-- V10: Allow shutdown without logged-on user (required for SSH/WinRM remote shutdown) -->
105-
<SynchronousCommand wcm:action="add"><Order>26</Order><CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v shutdownwithoutlogon /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
106-
<!-- V10: Mark FirstLogonCommands completion -->
107-
<SynchronousCommand wcm:action="add"><Order>27</Order><CommandLine>cmd /c "echo %date% %time% > C:\install.success"</CommandLine></SynchronousCommand>
68+
<!-- Disable QuickEdit so VNC mouse events cannot freeze the console during install -->
69+
<SynchronousCommand wcm:action="add"><Order>1</Order><CommandLine>reg add "HKCU\Console" /v QuickEdit /t REG_DWORD /d 0 /f</CommandLine></SynchronousCommand>
70+
71+
<!-- RDP -->
72+
<SynchronousCommand wcm:action="add"><Order>2</Order><CommandLine>powershell -Command "Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0"</CommandLine></SynchronousCommand>
73+
<SynchronousCommand wcm:action="add"><Order>3</Order><CommandLine>powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'"</CommandLine></SynchronousCommand>
74+
75+
<!-- SSH (FoD via WU) -->
76+
<SynchronousCommand wcm:action="add"><Order>4</Order><CommandLine>powershell -Command "Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 | Out-Null; Start-Service sshd; Set-Service -Name sshd -StartupType Automatic"</CommandLine></SynchronousCommand>
77+
<SynchronousCommand wcm:action="add"><Order>5</Order><CommandLine>powershell -Command "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22"</CommandLine></SynchronousCommand>
78+
79+
<!-- Firewall / ICMP -->
80+
<SynchronousCommand wcm:action="add"><Order>6</Order><CommandLine>netsh advfirewall firewall add rule name="Allow ICMPv4" protocol=icmpv4:8,any dir=in action=allow</CommandLine></SynchronousCommand>
81+
<SynchronousCommand wcm:action="add"><Order>7</Order><CommandLine>netsh advfirewall set allprofiles state off</CommandLine></SynchronousCommand>
82+
83+
<!-- Power / hibernate -->
84+
<SynchronousCommand wcm:action="add"><Order>8</Order><CommandLine>powercfg /h off</CommandLine></SynchronousCommand>
85+
86+
<!-- EMS boot flags -->
87+
<SynchronousCommand wcm:action="add"><Order>9</Order><CommandLine>bcdedit /emssettings emsport:1 emsbaudrate:115200</CommandLine></SynchronousCommand>
88+
<SynchronousCommand wcm:action="add"><Order>10</Order><CommandLine>bcdedit /ems on</CommandLine></SynchronousCommand>
89+
<SynchronousCommand wcm:action="add"><Order>11</Order><CommandLine>bcdedit /bootems on</CommandLine></SynchronousCommand>
90+
<SynchronousCommand wcm:action="add"><Order>12</Order><CommandLine>sc config TermService start=auto</CommandLine></SynchronousCommand>
91+
92+
<!-- EMS-SAC FoD (required for real SAC on Win11 client; bcdedit alone is not enough) -->
93+
<SynchronousCommand wcm:action="add"><Order>13</Order><CommandLine>powershell -Command "$cap = Get-WindowsCapability -Online -Name Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0; if ($cap.State -ne 'Installed') { Add-WindowsCapability -Online -Name Windows.Desktop.EMS-SAC.Tools~~~~0.0.1.0 | Out-Null }"</CommandLine></SynchronousCommand>
94+
95+
<!-- WinRM (Enable-PSRemoting sets Delayed Start; override to plain Automatic) -->
96+
<SynchronousCommand wcm:action="add"><Order>14</Order><CommandLine>powershell -Command "Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private"</CommandLine></SynchronousCommand>
97+
<SynchronousCommand wcm:action="add"><Order>15</Order><CommandLine>powershell -Command "Enable-PSRemoting -Force -SkipNetworkProfileCheck"</CommandLine></SynchronousCommand>
98+
<SynchronousCommand wcm:action="add"><Order>16</Order><CommandLine>sc.exe config WinRM start= auto</CommandLine></SynchronousCommand>
99+
<SynchronousCommand wcm:action="add"><Order>17</Order><CommandLine>powershell -Command "Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True"</CommandLine></SynchronousCommand>
100+
<SynchronousCommand wcm:action="add"><Order>18</Order><CommandLine>powershell -Command "Set-Item WSMan:\localhost\Service\Auth\Basic -Value True"</CommandLine></SynchronousCommand>
101+
<SynchronousCommand wcm:action="add"><Order>19</Order><CommandLine>powershell -Command "New-NetFirewallRule -Name winrm -DisplayName 'WinRM HTTP' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 5985"</CommandLine></SynchronousCommand>
102+
103+
<!-- Hostname (specialize ComputerName unreliable on 25H2) -->
104+
<SynchronousCommand wcm:action="add"><Order>20</Order><CommandLine>powershell -Command "Rename-Computer -NewName 'COCOON-VM' -Force"</CommandLine></SynchronousCommand>
105+
106+
<!-- virtio-win guest tools -->
107+
<SynchronousCommand wcm:action="add"><Order>21</Order><CommandLine>cmd /c "if exist D:\virtio-win-guest-tools.exe (D:\virtio-win-guest-tools.exe /S) else if exist E:\virtio-win-guest-tools.exe (E:\virtio-win-guest-tools.exe /S)"</CommandLine></SynchronousCommand>
108+
109+
<!-- ACPI power button = Shut down (unhide first, then set by GUID) -->
110+
<SynchronousCommand wcm:action="add"><Order>22</Order><CommandLine>powercfg /attributes 4f971e89-eebd-4455-a8de-9e59040e7347 7648efa3-dd9c-4e3e-b566-50f929386280 -ATTRIB_HIDE</CommandLine></SynchronousCommand>
111+
<SynchronousCommand wcm:action="add"><Order>23</Order><CommandLine>powercfg /setacvalueindex SCHEME_CURRENT SUB_BUTTONS 7648efa3-dd9c-4e3e-b566-50f929386280 3</CommandLine></SynchronousCommand>
112+
<SynchronousCommand wcm:action="add"><Order>24</Order><CommandLine>powercfg /setdcvalueindex SCHEME_CURRENT SUB_BUTTONS 7648efa3-dd9c-4e3e-b566-50f929386280 3</CommandLine></SynchronousCommand>
113+
<SynchronousCommand wcm:action="add"><Order>25</Order><CommandLine>powercfg /setactive SCHEME_CURRENT</CommandLine></SynchronousCommand>
114+
115+
<!-- Shutdown optimization -->
116+
<SynchronousCommand wcm:action="add"><Order>26</Order><CommandLine>reg add "HKLM\SYSTEM\CurrentControlSet\Control" /v WaitToKillServiceTimeout /t REG_SZ /d 5000 /f</CommandLine></SynchronousCommand>
117+
<SynchronousCommand wcm:action="add"><Order>27</Order><CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableShutdownNamedPipeCheck /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
118+
<SynchronousCommand wcm:action="add"><Order>28</Order><CommandLine>reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v shutdownwithoutlogon /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
119+
120+
<!-- Restore QuickEdit and mark completion -->
121+
<SynchronousCommand wcm:action="add"><Order>29</Order><CommandLine>reg add "HKCU\Console" /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine></SynchronousCommand>
122+
<SynchronousCommand wcm:action="add"><Order>30</Order><CommandLine>cmd /c "echo %date% %time% > C:\install.success"</CommandLine></SynchronousCommand>
108123
</FirstLogonCommands>
109124
</component>
110125
</settings>

scripts/build-qemu.sh

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,7 @@ wait_for_firstboot_settle() {
9494
local timeout_s=$2
9595
local log_file="$ARTIFACT_DIR/${phase}-firstboot-state.log"
9696
local waited=0
97+
local stale_count=0
9798

9899
: >"$log_file"
99100

@@ -127,6 +128,23 @@ wait_for_firstboot_settle() {
127128
if [[ "$sacdrv_present" == "True" && "$sacsess_present" == "True" && "$sacdrv_registered" == "True" && "$servicing_count" == "0" ]]; then
128129
return 0
129130
fi
131+
132+
# FoD may be Staged/InstallPending — needs a reboot to finalize.
133+
# If servicing is done but SAC files are still absent after several
134+
# consecutive probes, trigger a guest reboot and keep waiting.
135+
if [[ "$servicing_count" == "0" && "$sacdrv_present" != "True" ]]; then
136+
stale_count=$((stale_count + 1))
137+
if (( stale_count >= 3 )); then
138+
log "$phase settle: SAC absent after servicing done, rebooting to finalize FoD"
139+
ssh_run "shutdown /r /t 5 /f" >/dev/null 2>&1 || true
140+
sleep 30
141+
wait_for_ssh "$REBOOT_SSH_WAIT_TRIES" "$phase FoD-finalize SSH"
142+
sleep 15
143+
stale_count=0
144+
fi
145+
else
146+
stale_count=0
147+
fi
130148
else
131149
log "$phase settle probe failed (rc=$rc), retrying"
132150
fi

scripts/remediate.ps1

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,9 @@ Get-NetConnectionProfile | Set-NetConnectionProfile -NetworkCategory Private
5151
# --- WinRM ---
5252
Write-Output "Configuring WinRM..."
5353
Enable-PSRemoting -Force -SkipNetworkProfileCheck 2>$null
54+
# Enable-PSRemoting sets WinRM to Delayed Start; override to plain Automatic
55+
# so the service is available immediately after reboot.
56+
sc.exe config WinRM start= auto | Out-Null
5457
Set-Item WSMan:\localhost\Service\AllowUnencrypted -Value True
5558
Set-Item WSMan:\localhost\Service\Auth\Basic -Value True
5659
$rule = Get-NetFirewallRule -Name winrm -ErrorAction SilentlyContinue

0 commit comments

Comments
 (0)