10 WSL - Jubijub/arch-config GitHub Wiki

Post-installation

Table of Contents

This section contains any WSL specific configuration. I use Arch within WSL as well.

Install arch

wsl --update
wsl --install archlinux

You will end up with a minimal Archlinux, logged as root.

In Archlinux
pacman -S sudo neovim fish zsh sudo

User management

Set a root password

In Archlinux
passwd

Configure a normal non-root user

In Archlinux
useradd -m -g users -G wheel,storage,power,input -s /bin/zsh jubi
passwd jubi
EDITOR=nnvim visudo

Uncomment the line %wheel ALL=(ALL) ALL. Use Esc /%wheel Enter to find it.

In Powershell
wsl --manage archlinux --set-default-user <username>

GPG / SSH with Yubikey

Note
 from recent WSL version onwards (tested with WSL 2.5.9.0 with kernel 6.6.87.2-1), there is no need to compile a custom kernel as the base kernel contains HID and HIDRAW modules.

On windows

Create the USBIPD detection script

This script runs USBIPD, detect which USB device is the Yubikey, and "attaches" it to ArchLinux in WSL.

Create the script G:\My Drive\Documents\PowerShell\YubiKeyAttachToWSL.ps1 (whichever path works, this one is on my Google drive).

$yubiKeyBusId = (usbipd list | Select-String "xxxx:xxxx" | ForEach-Object { $_.Line.Split()[0] })

if ($yubiKeyBusId) {
    usbipd attach --wsl --busid $yubiKeyBusId
    Write-Host "YubiKey attached to WSL with busid $yubiKeyBusId."
} else {
    Write-Host "YubiKey not found."
}

Trigger the script at login / on key insertion

Create the task

  • Unplug / replug the YubiKey

  • Open the Event Viewer in Windows

  • In Event Viewer (Local)  Windows Logs  System, you should see Information level logs for WudfUsbccidDrv with an event ID 104 (also 105).

  • Create a task via Right click  Attach Task To This Event…​.

    • Name: Any name you want

    • When an Event is Logged : keep default values

      • Log: System

      • Source: WudfUsbccidDrv

      • Event ID: 104

    • Action: Start a program

      • Program/script: powershell.exe

      • Add arguments (optional) : -ExecutionPolicy Bypass -File "G:\My Drive\Documents\PowerShell\YubiKeyAttachToWSL.ps1"

    • Click on Open the property file dialog for this task when finished

Edit the task as follows : * Triggers Edit the existing trigger, and add * Delay task for: 5 seconds Add a new triger At logon * Specific user: <the current user> * Delay task for: 5 seconds * Settings Enable the following settings * ALlow task to be run on demand * Run task as soon as possible after a scheduled start is missed * Stop the task if it runs longer than 30 seconds * If the running task does not end when requested, force it to stop

Still on Windows, Open the Task scheduler : * Open Task Scheduler(local)  Task Scheduler Library  Event Viewer Tasks * You should see your newly created task there

Test the task manually

  • You can run it manually first:

    • After 5sec, You should see a shell window popping briefly

    • On the history of the task in the Task manager, you should see a Task completed event following a event 110 - Task triggered by user

Test the task automatically

  • Unplug the key and reinsert it

    • After 5sec, You should see a shell window popping briefly

    • On the history of the task in the Task manager, you should see a Task completed event following a event 108 - Task triggered on event

In WSL

Test that the key is visible as a USB device

paru -S usbutils (1)
lsusb

  1. provides lsusb

You should see something like

Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 008: ID 1050:0407 Yubico.com Yubikey 4/5 OTP+U2F+CCID
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub

Create UDEV rule

Rule for authorizing access for non-root users
Warning
 the 'non-root' rule has to have a name that comes before 73-seat-late.rules.in.
Create /etc/udev/rules.d/72-yubikey-non-root.rules
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", MODE="0666", TAG+="uaccess", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407" #(1)

  1. The rule should NOT add the device to the group plugdev, it uses correctly the udev uaccess tag instead, alongside the right mode.

Debugging the rules

  • Start by unpluging and replugging the key, then wait 10 sec.

  • Confirm that the key is visible as a USB device with lsusb

  • launch ykman info: if all worked it should output information about the Yubikey

If you get ERROR: No YubiKey detected!, something is wrong

Verify if the device is reachable by non-root users

Execute FIDO_DEBUG=1 fido2-token -L.

Expected output
run_manifest: found 1 hid device
run_manifest: found 0 nfc devices
Key being only accessible to root
fido_hid_unix_open: open /dev/hidraw0: Permission denied
fido_hid_unix_open: open /dev/hidraw1: Permission denied
Consult the udev logs

sudo journalctl -f -u systemd-udevd : there should be no errors.

Common issues

Jun 21 16:40:20 BlazinglyFast (udev-worker)[1130]: 1-1: Process '/home/jubi/scripts/yubikey.sh' failed with exit code 1. : the script is not executable.

Note
 From this point you can follow the 08.SSH-FIDO2 doc on how to use the FIDO keys themselves.

Webcam support (for OpenCV)

Configure webcam passthrough

Windows: Install usbipd

This tool allows to share a USB device with WSL.

winget install usbipd

Windows: List the USB devices

usbipd list

Windows: bind the specific USB device

Identify your webcam, and take note of the BUSID

You can do so directly with :

$logitechId = usbipd list | Where-Object { $_ -match "HD Pro Webcam C920" } | ForEach-Object { ($_ -split '\s+')[0] }

Bind the device to WSL :

usbipd bind -b $logitechId
usbipd attach -w -b $logitechId

Configure WSL

WSL2: allow access to the webcam

lsusb (1)

  1. should show the webcam in the list

sudo chmod 777 /dev/video*

WSL2: Configure X11 socket

The workaround is to use tmfiles service to re-create the symlink to /mnt/wslg/.X11-unix

sudo nvim /etc/tmpfiles.d/wslg.conf

Add the following content :

#  This file is part of the debianisation of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.

# See tmpfiles.d(5) for details

# Type Path           Mode UID  GID  Age Argument
L+     /tmp/.X11-unix -    -    -    -   /mnt/wslg/.X11-unix

Windows: restart WSL

wsl --shutdown

Test the setup

paru -S v4l-utils guvcview xorg-xeyes
xeyes & (1)

  1. should open a Windows window showing a pair of eyes that follow the cursor

sudo guvcview

How to recompile WSL kernel

WSL: check the kernel version

uname -r -v

  • Open C:\Users\<your_user>\.wslconfig

  • Comment the line starting with kernel=<path to custom kernel> if there is one

    • If there was one, restart WSL, restart Arch and repeat uname -r -v to see which standard kernel version your WSL is using.

Windows: Update and shutdown WSL

wsl --update
wsl --shutdown

Restart WSL.

WSL: install the kernel building pre-requisites

paru -S base-devel pahole

WSL: Configure the kernel before compilation

Warning
 run the following commands with ZSH

Check the tags available on Microsoft WSL kernel github, there should be one that matches your WSL version.

TAGVERNUM=5.15.153.1 \
  && TAGVER=linux-msft-wsl-${TAGVERNUM} \
  && WINUSERNAME=jubi

  1. TAGVERNUM should match your uname -r -v

  2. WINUSERNAME should match your windows user name, eg: c:\Users\jubi

cd /usr/src
sudo git clone --depth 1 -b ${TAGVER} \
    https://github.com/microsoft/WSL2-Linux-Kernel.git \
    ${TAGVERNUM}-microsoft-standard \
  && cd ${TAGVERNUM}-microsoft-standard
sudo cp /proc/config.gz config.gz
sudo gunzip config.gz
sudo mv config .config
sudo make menuconfig

Make sure to activate the following options by selecting them and hitting SPACE.

# Build WSL2 kernel with usb camera support
# menuconfig -> Device Drivers -> Multimedia support -> Filter media drivers
#            -> Device Drivers -> Multimedia support -> Media device types -> Cameras and video grabbers
#            -> Device Drivers -> Multimedia support -> Video4Linux options -> V4L2 sub-device userspace API
#            -> Device Drivers -> Multimedia support -> Media drivers -> Media USB Adapters -> USB Video Class (UVC)
#            -> Device Drivers -> Multimedia support -> Media drivers -> Media USB Adapters -> UVC input events device support
#            -> Device Drivers -> Multimedia support -> Media drivers -> Media USB Adapters -> GSPCA based webcams
Note
 other recommended options here. I didn’t need all of those.

WSL: Build the kernel

sudo make -j$(nproc) KCONFIG_CONFIG=.config \
  && sudo make modules_install -j$(nproc) \
  && sudo make install -j$(nproc)
Note
 you should end up with a large vmlinux file in the directory /usr/src/${TAGVERNUM}-microsoft-standard
Warning
 the make install will complain it doesn’t find lilo. You can ignore this message.

WSL: Install the kernel

Deploy the kernel

Arch is installed in C:\ArchWSL\ so I put the kernel there

sudo rm /mnt/c/ArchWSL/vmlinux
sudo cp /usr/src/${TAGVERNUM}-microsoft-standard/vmlinux /mnt/c/ArchWSL/
Note
 you don’t need to update any bootloader on WSL side.
Instruct WSL to use this kernel
cat << 'EOT' > /mnt/c/Users/${WINUSERNAME}/.wslconfig
[wsl2]
kernel=C:\\ArchWSL\\vmlinux
guiApplications=true
EOT

Windows: restart WSL

wsl --shutdown
wsl

in WSL:

uname -r -v

will show

5.15.153.1-microsoft-standard-WSL2+ (1)

  1. There is a + at this end

⚠️ **GitHub.com Fallback** ⚠️