Skip to content

Photon OS on WSL2

dcasota edited this page Jun 10, 2024 · 134 revisions

To make run various Nvidia tutorials directly on a user laptop, the idea came up to use Photon OS on WSL2. The initiative has been specified at https://github.com/vmware/photon/issues/1532.

The following recipe to accomplish the installation and configuration has been tested on

  • Lenovo Yoga Pro i9 with Nvidia RTX4070
  • Windows 11 Version 10.0.22631.3235
  • Powershell 5.1.22621.2506
  • WSL-Version: 2.1.5.0
    • Kernelversion: 5.15.146.1-2
    • WSLg-Version: 1.0.60
    • MSRDC-Version: 1.2.5105
    • Direct3D-Version: 1.611.1-81528511
    • DXCore-Version: 10.0.25131.1002-220531-1700.rs-onecore-base2-hyp
    • Windows-Version: 10.0.22631.3235
  • VMware Photon OS 5.0, PHOTON_BUILD_NUMBER=dde71ec57

Setup

  1. Ensure WSL2 is installed and configured.

    # Open a Powershell Terminal (Administrator) 
    # see https://learn.microsoft.com/en-us/windows/wsl/install-manual#step-1---enable-the-windows-subsystem-for-linux
    dism /Online /Enable-Feature /All /FeatureName:Microsoft-Windows-Subsystem-Linux /norestart
    # see https://learn.microsoft.com/en-us/windows/wsl/install-manual#step-3---enable-virtual-machine-feature
    dism.exe /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart
    # dism /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V /norestart # not necessary accordingly to prerequisites
    bcdedit /set hypervisorlaunchtype auto
    # reboot
    

    Optional: run wsl --update, install latest WSL2 release from https://github.com/microsoft/WSL/releases and WSL2 GUI (wslg) from https://github.com/microsoft/wslg/releases.

  2. Install Docker Desktop to make use of it importing Photon OS docker in WSL2 e.g. x86_64 version.

    invoke-webrequest https://desktop.docker.com/win/main/amd64/Docker%20Desktop%20Installer.exe -outfile "$env:userprofile\downloads\Docker Desktop Installer.exe"
    $oprocess = start-process "$env:userprofile\downloads\Docker Desktop Installer.exe" -passthru
    

    Start Docker Desktop and configure it initially.

    start-process "$env:ProgramFiles\Docker\Docker\Docker Desktop.exe"
    

    Close the Powershell window. Issue Docker Desktop releases 4.29, 4.30: If it does not start, stop WSL Service. In Docker Desktop remove WSL 2 integration, and restart Docker Desktop.

  3. Open a new Powershell Terminal (Administrator) and prepare Photon OS docker container

    docker pull photon:latest # docker pull photon release from https://hub.docker.com/_/photon/
    docker run -it -d photon:latest # run container in background
    
    # get docker container id
    $jsonstring = docker container list --format '{\"Image\":"\"{{.Image}}\",\"ID\":\"{{.ID}}\"}' 2>$NULL
    $ID = ($jsonstring | convertfrom-json | where-object -Property image -eq "photon:latest" | select ID).ID
    docker export -o "$env:userprofile\photon.tar" $ID # docker export
    docker container stop $ID # docker container stop and prune
    docker container prune --force # docker container stop and prune
    
  4. Import Photon OS docker container and configure as WSL2 distro.

    Importing or starting a WSL2 distribution under Windows 11, actually starts two distributions:

    • the user Linux distribution
    • a corresponding system distribution system distro for each "main" distribution. This distribution is actually Microsoft CBL-Mariner.

    Using the docker container method, the user Linux distribution can be configured. I haven't found out how to exchange the system distro.

    This scenario explicitly uses the default WSL networking setting NAT. The new networkingMode=mirrored isn't used because it caused more complexity for debugging and didn't solve a minor NAT issue (see workaround 2).

    $distroname="Ph5"
    $targetdirectory="$env:userprofile\$distroname"
    mkdir $targetdirectory
    
    # configure .wslconfig . If needed, change debugConsole=true
    echo "[wsl2]">"$env:userprofile\.wslconfig"
    echo "# Enable nested virtualization">>"$env:userprofile\.wslconfig"
    echo "nestedVirtualization=true">>"$env:userprofile\.wslconfig"
    echo "# networking mode">>"$env:userprofile\.wslconfig"
    echo "networkingMode=NAT">>"$env:userprofile\.wslconfig"
    echo "# Turn on default connection to bind WSL 2 localhost to Windows localhost">>"$env:userprofile\.wslconfig"
    echo "localhostforwarding=true">>"$env:userprofile\.wslconfig"
    echo "# turn off idle timeout">>"$env:userprofile\.wslconfig"
    echo "vmIdleTimeout = -1">>"$env:userprofile\.wslconfig"
    echo "# needed to start properly [email protected]">>"$env:userprofile\.wslconfig"
    echo "guiApplications = true">>"$env:userprofile\.wslconfig"
    echo "# debug console" >>"$env:userprofile\.wslconfig"
    echo "debugConsole=false">>"$env:userprofile\.wslconfig"
    # backup the global .wslconfig
    cp "$env:userprofile\.wslconfig" "$targetdirectory\.wslconfig.bkup"
    
    wsl --set-default-version 2 # set wsl version
    wsl --import $distroname $targetdirectory "$env:userprofile\photon.tar" # wsl import to a target directory
    # wsl --set-default $distroname # set wsl default
    
    # start and login as root
    wsl -d $distroname -u root -e /bin/bash # Keep calm as it starts with "ERROR: UtilTranslatePathList". time settings will fix this.
    
  5. With the first boot, configure the following steps.

    # this is a preparation to run Photon OS on WSL2 with a user. In addition, the user is used for docker rootless.
    # Change here.
    ROOTLESS_USER="dcaso"  
    
    # WORKAROUND 1
    # This snippet solves the issue "ERROR: UtilTranslatePathList".
    # ntpd does not work yet in WSL2 because systemd isn't the booted init system but ntpdate can be triggered at this time.
    tdnf install -y ntp tzdata
    ZONEINFO="Europe/Zurich"
    set $ZONEINFO timezone
    ln -sf /usr/share/zoneinfo/$ZONEINFO /etc/localtime
    ntpdate -u pool.ntp.org
    hwclock --systohc --localtime
    
    # install dbus as prerequisite to use systemd on boot
    tdnf install -y sudo dbus-user-session systemd-udev
    
    # install docker, also docker-rootless
    tdnf install -y runc containerd shadow fuse slirp4netns libslirp docker docker-rootless usbutils pciutils
    # disable docker for first boot to not conflict with system services
    systemctl disable docker
    
    # WORKAROUND 2
    # It's not clear why the wsl'ified Photon OS does not get a NAT dhcp ip with the next boot.
    # As workaround, the actual NAT dhcp ip address is saved and stored as static ip.
    # This seems to work as long as you don't reconfigure the vswitch settings for WSL.
    IPADDRESS=`ifconfig -S | grep eth0 | awk '{print $2}'`
    NAMESERVER=`cat /etc/resolv.conf | grep nameserver | awk '{print $2}'`
    echo "[Match]"> /etc/systemd/network/10-static-en.network
    echo "Name=eth0">> /etc/systemd/network/10-static-en.network
    echo "[Network]">> /etc/systemd/network/10-static-en.network
    echo "Address=$IPADDRESS">> /etc/systemd/network/10-static-en.network
    echo "Gateway=$NAMESERVER">> /etc/systemd/network/10-static-en.network
    echo "DNS=$NAMESERVER">> /etc/systemd/network/10-static-en.network
    chmod 644 /etc/systemd/network/10-static-en.network
    
    # WORKAROUND 3
    # see https://forums.developer.nvidia.com/t/wsl2-libcuda-so-and-libcuda-so-1-should-be-symlink/236301
    cd /usr/lib/wsl/lib
    rm libcuda.so libcuda.so.1
    ln -s libcuda.so.1.1 libcuda.so.1
    ln -s libcuda.so.1 libcuda.so
    /sbin/ldconfig
    
    # remove root password expiration
    chage -m 0 root
    
    # create and configure ROOTLESS_USER
    # systemd-managed see https://rootlesscontaine.rs/getting-started/common/subuid/
    uid="524288"
    useradd $ROOTLESS_USER --uid $uid -m -g users -G sudo,wheel
    echo "$ROOTLESS_USER:$uid:65536" >> /etc/subuid
    echo "$ROOTLESS_USER:$uid:65536" >> /etc/subgid
    echo "kernel.unprivileged_userns_clone = 1" >> /etc/sysctl.d/50-rootless.conf
    chmod 644 /etc/subuid /etc/subgid /etc/sysctl.d/50-rootless.conf
    
    # WORKAROUND
    mkdir -p /run/user/0 # seems a wsl2 bug
    mkdir -p /run/user/$uid # seems a wsl2 bug
    
    chage -m 0 $ROOTLESS_USER
    # add ROOTLESS_USE to visudo
    echo "$ROOTLESS_USER ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
    
    # /etc/wsl.conf contains the configuration to run Photon OS on WSL2 and to boot as systemd. 
    # In addition, to boot systemd it seems to be necessary to preserve the dhcp address as static ip with no new resolv.conf.
    echo "[user]"> /etc/wsl.conf
    echo "default = $ROOTLESS_USER">> /etc/wsl.conf
    echo "">> /etc/wsl.conf
    echo "[boot]">> /etc/wsl.conf
    echo "systemd=true">> /etc/wsl.conf
    echo "">> /etc/wsl.conf
    echo "[network]">> /etc/wsl.conf
    echo "generateResolvConf = false">> /etc/wsl.conf
    
    # see https://github.com/microsoft/wslg/wiki/WSLg-Configuration-Options-for-Debugging
    
    #  see https://github.com/microsoft/wslg/issues/43#issuecomment-826039096
    echo "#  This file is part of the debianisation of systemd."> /etc/tmpfiles.d/wslg.conf
    echo "#">> /etc/tmpfiles.d/wslg.conf
    echo "#  systemd is free software; you can redistribute it and/or modify it">> /etc/tmpfiles.d/wslg.conf
    echo "#  under the terms of the GNU General Public License as published by">> /etc/tmpfiles.d/wslg.conf
    echo "#  the Free Software Foundation; either version 2 of the License, or">> /etc/tmpfiles.d/wslg.conf
    echo "#  (at your option) any later version.">> /etc/tmpfiles.d/wslg.conf
    echo "">> /etc/tmpfiles.d/wslg.conf
    echo "# See tmpfiles.d(5) for details">> /etc/tmpfiles.d/wslg.conf
    echo "">> /etc/tmpfiles.d/wslg.conf
    echo "# Type Path           Mode UID  GID  Age Argument">> /etc/tmpfiles.d/wslg.conf
    echo "L+     /tmp/.X11-unix -    -    -    -   /mnt/wslg/.X11-unix">> /etc/tmpfiles.d/wslg.conf
    
    touch /mnt/wslg/.X11-unix
    chmod 777 /mnt/wslg/.X11-unix
    
    # change password of $ROOTLESS_USER
    passwd $ROOTLESS_USER
    
    exit
    
  6. Shutdown Photon OS on WSL2.

    wsl -d $distroname --shutdown
    

    Boot, and login as <ROOTLESS_USER>.

    # Change here
    $ROOTLESS_USER="dcaso"
    wsl -d $distroname -u $ROOTLESS_USER -e /bin/bash
    

    You can use this wsl'ified Photon OS now more or less like a typical installation.

  7. Option 1: Configure Photon OS system to make use of docker and ssh.

    sudo cat <<EOFInstall | sudo tee $HOME/install.sh
     
    # enable ntpd
    systemctl enable ntpd.service
    systemctl restart ntpd
    
    # install and configure openssh
    tdnf remove -y openssh openssh-server openssh-clients
    rm -r -f /etc/ssh
    sleep 5
    tdnf install -y openssh
    sleep 5
    sed -i "s/#PermitRootLogin no/PermitRootLogin yes/" /etc/ssh/sshd_config
    sed -i "s/#PermitRootLogin yes/PermitRootLogin yes/" /etc/ssh/sshd_config
    sed -i "s/PermitRootLogin no/PermitRootLogin yes/" /etc/ssh/sshd_config
    sed -i "s/#PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
    sed -i "s/#PasswordAuthentication yes/PasswordAuthentication yes/" /etc/ssh/sshd_config
    sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/" /etc/ssh/sshd_config
    sed -i "s/#LoginGraceTime/LoginGraceTime/" /etc/ssh/sshd_config
    sed -i "s/#Port /Port /" /etc/ssh/sshd_config
    sed -i "s/#ListenAddress 0.0.0.0/ListenAddress 0.0.0.0/" /etc/ssh/sshd_config
    systemctl restart sshd
    
    # docker neeeds iptables just installed. Configure docker.
    tdnf install -y iptables
    systemctl enable containerd.service
    systemctl restart containerd
    systemctl enable docker.socket
    systemctl enable docker
    systemctl restart docker
    # check docker
    docker run -it hello-world
    EOFInstall
    

    Run the install script.

    sudo chmod a+x $HOME/install.sh
    sudo /bin/bash $HOME/install.sh
     
    
  8. Option 2: Recompile kernel to make use of usb video connectivity. By default, usb video is not enabled. Hence, the first step is to recompile the kernel by using the kernel template e.g. this. It has been adopted from Ubuntu and works for Photon OS.

    # change here
    ROOTLESS_USER="dcaso"
    distroname="Ph5"
    
    # prerequisites
    sudo tdnf makecache
    sudo tdnf install -y git ncurses-devel dwarves openssl-devel bc build-essential unzip elfutils-devel rsync
    cd /usr/local/src
    
    # Unsure if needed or not
    sudo tdnf install -y sysdig linux-drivers-sound linux-drivers-gpu alsa-utils alsa-lib linux-devel linux-firmware
    sudo tdnf install -y grub2-efi grub2-efi-image dmidecode dracut
    
    # see https://github.com/microsoft/WSL2-Linux-Kernel/releases
    
    # For dockerized Photon OS 5.0 with Kernel 6.1
    tag="6.1.21.2"
    tagname=linux-msft-wsl-${tag}
    sudo git clone --depth 1 -b ${tagname} https://github.com/microsoft/WSL2-Linux-Kernel.git ${tag}-microsoft-standard
    sudo ln -s ${tag}-microsoft-standard ${tag}-microsoft-standard-WSL2+
    cd ${tag}-microsoft-standard-WSL2+
    
    # For dockerized Photon OS 5.0 with Kernel 5.15 e.g. "5.15.137.3", "5.15.146.1", "5.15.150.1", "5.15.153.1"
    # tag="5.15.137.3" 
    # tagname=linux-msft-wsl-${tag}
    # sudo git clone --depth 1 -b ${tagname} https://github.com/microsoft/WSL2-Linux-Kernel.git ${tag}-microsoft-standard
    # sudo ln -s ${tag}-microsoft-standard ${tag}-microsoft-standard-WSL2+
    # cd ${tag}-microsoft-standard-WSL2+
    
    # prepare
    export TERM=linux
    sudo make clean
    
    # Option1: use the kernel template Microsoft/config-wsl
    sudo cp Microsoft/config-wsl .config
    
    # Option2: use actual Photon OS kernel as template
    # sudo cp /proc/config.gz config.gz
    # sudo gunzip config.gz
    # sudo cp config .config
    
    # Option3: use the custom kernel template config-ubuntu22.04.txt
    # sudo curl -J -L -O https://github.com/dcasota/photonos-scripts/files/13948054/config-ubuntu22.04.txt
    # sudo mv config-ubuntu22.04.txt .config
    
    # configure kernel by `sudo make menuconfig` if necessary
    sudo chmod 777 .config
    sudo make prepare modules_prepare
    # sudo make menuconfig
    
    sudo make -j$(nproc --all)
    sudo make -j$(nproc --all) modules_install headers_install install
    
    cp /usr/local/src/${tag}-microsoft-standard/arch/x86_64/boot/bzImage /mnt/c/Users/$ROOTLESS_USER/$distroname/vmlinux
    # cp /usr/local/src/${tag}-microsoft-standard/vmlinux /mnt/c/Users/$ROOTLESS_USER/$distroname/vmlinux
    exit
    

    Shutdown wsl and make use of the new kernel in .wslconfig.

    wsl -d $distroname --shutdown
    # wait a few seconds
    # add vmlinux location to [wsl2] section in .wslconfig
    echo "kernel=C:\\Users\\$env:username\\$distroname\\vmlinux" >>"$env:userprofile\.wslconfig"
    

    Boot and login.

    wsl -d $distroname -u $ROOTLESS_USER -e /bin/bash
    

    Check the date of the kernel.

    uname -a
    Linux yourcomputer 5.15.137.3-microsoft-standard-WSL2+ #2 SMP Mon Jan 15 20:56:55 CET 2024 x86_64 GNU/Linux
    
    exit
    

    Install and configure usbip to redirect and use usb devices in wsl2.

    # update wsl
    wsl --update
    
    # installation of usbipd
    winget install usbipd --force
    # this seems to be necessary for the usbip client tool
    winget install --interactive --exact dorssel.usbipd-win --force
    
    # close Powershell Terminal (Administrator)
    

    If using Docker Desktop, in Docker Desktop > Settings > Resources > WSL integration > Enable integration with additional distros: Ph5 > Apply & restart, if needed.

    Reopen Powershell Terminal (Administrator).

    #change here
    $ROOTLESS_USER="dcaso"
    $distroname="Ph5"
    
    # find busid
    PS C:\Users\youruser> usbipd list
    Connected:
    BUSID  VID:PID    DEVICE                                                        STATE
    2-4    04f2:b7c1  Integrated Camera, Integrated IR Camera, APP Mode             Not shared
    2-10   8087:0033  Intel(R) Wireless Bluetooth(R)                                Not shared
    3-2    0bda:8153  Realtek USB GbE Family Controller                             Not shared
    4-1    046d:c046  USB-Eingabegerät                                              Not shared
    4-3    046d:c316  USB-Eingabegerät                                              Not shared
    
    Persisted:
    GUID                                  DEVICE
    
    # bind the preferred device by busid
    usbipd bind -b 2-4
    
    # start wsl and exit to background
    wsl -d $distroname -u $ROOTLESS_USER -e /bin/bash -c "echo 'wsl running in background..';exit"
    
    # attach
    usbipd attach --wsl -b 2-4
    
    # enter wsl again
    wsl -d $distroname -u $ROOTLESS_USER -e /bin/bash
    
    # install utils
    sudo tdnf install -y usbutils
    
    localuser [ /mnt/c/Users/youruser ]# lsusb
    Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
    Bus 001 Device 002: ID 04f2:b7c1 Chicony Electronics Co., Ltd Integrated Camera
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    
    # video0 must be present
    ls /dev/video0
    

    Option: Install video 4 linux.

    cd $HOME
    sudo tdnf install -y git meson build-essential which clang doxygen cmake libgssglue json-c systemd-devel libjpeg-turbo libjpeg-turbo-devel libgudev alsa-lib alsa-lib-devel alsa-utils json-c-devel libgssglue-devel libXcursor-devel libXi-devel libXinerama-devel libXrandr-devel ninja-build
    sudo tdnf install -y gstreamer gstreamer-devel gstreamer-plugins-base gstreamer-plugins-base-devel libtiff libtiff-devel lttng-tools lttng-ust lttng-ust-devel libglvnd-devel libglvnd-opengl mesa
    cd $HOME
    git clone https://github.com/gjasny/v4l-utils.git
    cd v4l-utils
    
    sudo meson setup build/ # sudo meson build/ --reconfigure
    sudo ninja -C build/
    sudo ninja -C build/ install
    cd ./build/utils/v4l2-ctl
    sudo ./v4l2-ctl --all
    

    You should get a similar sample output.

Additional information

Option: Prepare make use of vCenter Converter

WSL2 afaik isn't supported yet. The following steps are prerequisites.

On Photon OS, install additional packages for vCenter Converter Worker.
```
# install and configure openssh. See steps above.
# install additional prerequisites
sudo tdnf install -y grub2-efi grub2-efi-image dmidecode dracut
```

In Powershell Terminal (Administrator) configure the Hyperv firewall.
```
New-NetFirewallHyperVRule -Name SSH -DisplayName "SSH" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP -LocalPorts 22
New-NetFirewallHyperVRule -Name https -DisplayName "https" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP - 
LocalPorts 443
New-NetFirewallHyperVRule -Name Port9089 -DisplayName "Port9089" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP -LocalPorts 9089
```   

Hardening

DOES NOT WORK YET AS EXPECTED. DO NOT USE.
Hardening using Photon OS iptables and Hyperv firewall.

port proxy settings.  

```
netsh interface portproxy reset
# In Photon OS run ifconfig -S and determine the ipaddress
$connectaddress="172.19.160.222"
netsh interface portproxy set v4tov4 listenport=22 listenaddress=0.0.0.0 connectport=22 connectaddress=$connectaddress
netsh interface portproxy add v4tov4 listenport=443 listenaddress=0.0.0.0 connectport=443 connectaddress=$connectaddress
netsh interface portproxy add v4tov4 listenport=9089 listenaddress=0.0.0.0 connectport=9089 connectaddress=$connectaddress
```

Firewall Hyperv settings.

```
get-netfirewallhypervrule | where-object {$_.VMCreatorId -eq "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}"} | remove-netfirewallhypervrule
Set-NetFirewallHyperVVMSetting -Name "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -DefaultInboundAction Allow
Set-NetFirewallHyperVVMSetting -Name "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -DefaultOutboundAction Allow
Set-NetFirewallHyperVVMSetting -Name "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -LoopbackEnabled True
Set-NetFirewallHyperVVMSetting -Name "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -AllowHostPolicyMerge True
Set-NetFirewallHyperVVMSetting -Name "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Enabled True 
New-NetFirewallHyperVRule -Name SSH -DisplayName "SSH" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP -LocalPorts 22
New-NetFirewallHyperVRule -Name https -DisplayName "https" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP -LocalPorts 443
New-NetFirewallHyperVRule -Name Port9089 -DisplayName "vCenter Converter Port 9089" -Direction Inbound -VMCreatorId "{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}" -Protocol TCP -LocalPorts 9089
```   

On Photon OS install and configure iptables.
```
sudo cat <<EOFInstall2 | sudo tee $HOME/install2.sh

# Configure iptables
tdnf install -y iptables
systemctl enable iptables
systemctl restart iptables

# delete all of the rules in the INPUT,FORWARD and OUTPUT chain
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT

# set default in the INPUT,FORWARD and OUTPUT chain
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# ntp
iptables -A INPUT -i eth0 -p udp --dport 123 -j ACCEPT
# dns
iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
# dhcp
iptables -A INPUT -i eth0 -p udp --dport 67 -j ACCEPT

# ping
iptables -A INPUT -i eth0 -p icmp -j ACCEPT
# ssh and https
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT
# VMware vCenter Converter source Windows machine
iptables -A INPUT -i eth0 -p udp --dport 137 -j ACCEPT
iptables -A INPUT -i eth0 -p udp --dport 138 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 9089 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 445 -j ACCEPT
# VMware vCenter Converter connectivity
iptables -A INPUT -i eth0 -p tcp --dport 902 -j ACCEPT

iptables-save >/etc/systemd/scripts/ip4save
ip6tables-save >/etc/systemd/scripts/ip6save
EOFInstall2
```

Run the install script.
```
sudo chmod a+x $HOME/install2.sh
sudo /bin/bash $HOME/install2.sh
```

Known issues

ISSUE: simply starting wsl does not login.

Didn't find the cause. Use wsl -u $ROOTLESS_USER -e /bin/bash as workaround.

ISSUE: docker-rootless fails.

The setup above should be ready to allow docker-rootless, however it fails. See steps below.

  • Login as ROOTLESS_USER.

    $distroname="Ph5"
    $ROOTLESS_USER="dcaso"
    wsl -d $distroname -u $ROOTLESS_USER -e /bin/bash
    
  • Finish rootless setup.

    /usr/bin/dockerd-rootless-setuptool.sh install --skip-iptables # retry if it doesn't work the first time. docker daemon must be up and running.
    
    ROOTLESS_USER=localuser # same user as above.
    echo "export PATH=/usr/bin:\$PATH" >> $HOME/.bashrc
    echo export DOCKER_HOST=unix:///run/user/$ROOTLESS_USER/docker.sock >> $HOME/.bashrc
    
    docker run -it hello-world # does not work. docker daemon not detected
    

ISSUE: How to avoid check connection?

The debug log shows that on each boot there is a sort of connection test. I do not understand how to configure -> https://learn.microsoft.com/en-us/windows-server/networking/ncsi/ncsi-frequently-asked-questions#does-linux-have-its-own-ncsi

CheckConnection: resolving the name www.msftconnecttest.com [AF_INET]
CheckConnection: connecting to 80.67.82.217
CheckConnection: resolving the name www.msftconnecttest.com [AF_INET6]
Exception: CheckConnection: getaddrinfo() failed: -2
CheckConnection: arming select for 5 seconds
CheckConnection: v4 succeeded
CheckConnection: returning v4 (1) v6 (2)
LxGnsMessageConnectTestRequest (destination: www.msftconnecttest.com) returning: 0x20001
GNS: Processing Next Message Successful (0x20001)
Returning LxGnsMessageResult [131073 - ]

ISSUE: Sound does not work. ALSA lib confmisc.c:855:(parse_card) cannot find card '0'

sudo tdnf install sysdig linux-drivers-sound linux-drivers-gpu alsa-utils
speaker-test -t sine -f 1000 -l 1
# issue: ALSA lib confmisc.c:855:(parse_card) cannot find card '0'

In /mnt/wslg there are logs. stderr.log

[11:31:52.825] <3>WSLGd: LogException:75: Exception: No such file or directory @../FontMonitor.cpp:280 (Start)

[11:31:52.825] <5>WSLGd: Stop:330: FontMonitor: monitoring stopped.
dbus[16]: Unknown username "pulse" in message bus configuration file
glamor: 'wl_drm' not supported
Missing Wayland requirements for glamor GBM backend
Failed to initialize glamor, falling back to sw
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Warning:          Unsupported maximum keycode 569, clipping.
>                   X11 cannot support keycodes above 255.
Errors from xkbcomp are not fatal to the X server

pulseaudio.log

(   0.000|   0.000) W: [pulseaudio] authkey.c: Failed to open cookie file '/home/wslg/.config/pulse/cookie': No such file or directory
(   0.000|   0.000) W: [pulseaudio] authkey.c: Failed to load authentication key '/home/wslg/.config/pulse/cookie': No such file or directory
(   0.000|   0.000) W: [pulseaudio] authkey.c: Failed to open cookie file '/home/wslg/.pulse-cookie': No such file or directory
(   0.000|   0.000) W: [pulseaudio] authkey.c: Failed to load authentication key '/home/wslg/.pulse-cookie': No such file or directory
(   0.005|   0.005) E: [pulseaudio] module-console-kit.c: GetSessionsForUnixUser() call failed: org.freedesktop.DBus.Error.ServiceUnknown: The name    org.freedesktop.ConsoleKit was not provided by any .service files
(   0.005|   0.000) E: [pulseaudio] module.c: Failed to load module "module-console-kit" (argument: ""): initialization failed.
(   0.007|   0.001) W: [pulseaudio] cli-command.c: stat('/etc/pulse/default.pa.d'): No such file or directory
(   0.513|   0.506) E: [rdp-sink] module-rdp-sink.c: RDP Sink - Trying to connect to /mnt/wslg/PulseAudioRDPSink
(   0.513|   0.000) E: [rdp-sink] module-rdp-sink.c: Connected failed
(   5.514|   4.999) E: [rdp-sink] module-rdp-sink.c: RDP Sink - Trying to connect to /mnt/wslg/PulseAudioRDPSink
(   5.514|   0.000) E: [rdp-sink] module-rdp-sink.c: RDP Sink - Connected to fd 1

and two additional logs weston.log, wlog.log.

Research notes.

sudo tdnf install -y git meson build-essential which clang doxygen cmake libgssglue json-c systemd-devel libjpeg-turbo libjpeg-turbo-devel libgudev alsa-lib alsa-lib-devel alsa-utils json-c-devel libgssglue-devel libXcursor-devel libXi-devel libXinerama-devel libXrandr-devel ninja-build
 sudo tdnf install -y gstreamer gstreamer-devel gstreamer-plugins-base gstreamer-plugins-base-devel libtiff libtiff-devel lttng-tools lttng-ust lttng-ust-devel libglvnd-devel libglvnd-opengl mesa
sudo tdnf install -y dbus dbus-devel dbus-glib dbus-glib-devel dbus-broker libcap-devel valgrind autogen
sudo git clone https://github.com/microsoft/PulseAudio-mirror
cd PulseAudio-mirror

sudo git clone https://github.com/libsndfile/libsndfile
cd libsndfile
sudo autoreconf -vif
sudo ./configure --enable-werror
sudo make
sudo make install
cd ..

sudo meson build # FAILS
sudo meson compile -C build
sudo build/src/daemon/pulseaudio -n -F build/src/daemon/default.pa -p $(pwd)/build/src/modules/
autoreconv -vif
# libflac, libogg,
# configure: WARNING: *** libvorbis and libopus)
# "MPEG support selected but external Lame library cannot be found.

# 3rd attempt
sudo git clone https://github.com/xiph/ogg
cd ogg
sudo ./autogen.sh
sudo ./configure
sudo make
sudo make install
cd ..

export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH

sudo ldconfig

sudo git clone https://github.com/xiph/vorbis
cd vorbis
sudo ./autogen.sh
sudo ./configure
sudo make
sudo make install
cd ..

sudo ldconfig

sudo git clone https://github.com/xiph/flac
cd flac
sudo ./autogen.sh
sudo ./configure
sudo make
sudo make install

sudo ldconfig

sudo git clone https://github.com/xiph/opus
cd opus
sudo ./autogen.sh
sudo ./configure
sudo make
sudo make install

sudo ldconfig

cd $HOME
curl -J -L -O https://johnvansickle.com/ffmpeg/builds/ffmpeg-git-amd64-static.tar.xz
sudo tar -xvf ffmpeg-git-amd64-static.tar.xz
export PATH=$HOME/ffmpeg-git-20240504-amd64-static:$PATH


sudo tdnf install -y autoconf-archive
sudo git clone https://github.com/chirlu/sox.git
cd sox
sudo autoreconf -i
sudo ./configure --enable-pulseaudio

sudo git clone https://gitlab.freedesktop.org/pipewire/pipewire.git
cd pipewire
sudo tdnf install -y dbus dbus-glib dbus-glib-devel
sudo ./autogen.sh
sudo make
sudo make install

sudo tdnf remove alsa-lib
sudo rpm -ivh https://ftp.lysator.liu.se/pub/opensuse/distribution/leap/15.5/repo/oss/x86_64/libasound2-1.2.8-150500.1.1.x86_64.rpm

# another attempt
sudo tdnf install -y autogen
sudo git clone -b master https://github.com/libsndfile/libsndfile/
cd src
sudo curl -J -L -O https://raw.githubusercontent.com/libsndfile/libsndfile/master-evpobr/src/test_endswap.c
cd ..
cd tests
sudo git clone -b master-evpobr https://github.com/libsndfile/libsndfile/
sudo cp ./libsndfile/tests/*.c .
sudo rm -r -f libsndfile/
cd ..
sudo make install


sudo tdnf install -y wayland wayland-devel wayland-protocols wayland-protocols-devel
sudo tdnf install -y libxkbcommon libxkbcommon-devel libxkbcommon-x11 libxkbcommon-x11-devel
sudo groupadd audio
sudo useradd pulse -m -g users -G sudo,wheel
echo "pulse ALL=(ALL) NOPASSWD: ALL" | sudo tee -a /etc/sudoers
sudo usermod -a -G audio pulse

cd $HOME
git clone https://github.com/libsdl-org/SDL
cd SDL
sudo cmake -S . -B build
sudo cmake --build build
sudo cmake --install build


wsl -d Ph5 --system -u root
cp -vr /home/wslg/ /mnt/c/Users/dcaso
exit
wsl -d Ph5 -u dcaso -e /bin/bash
sudo cp -vr /mnt/c/Users/dcaso/wslg /home
sudo chmod 777 /home/wslg/.config/pulse/cookie
sudo mkdir -p /etc/pulse/default.pa.d


sudo tdnf install -y gstreamer gstreamer-devel gstreamer-plugins-base gstreamer-plugins-base-devel gst-plugins-bad gst-plugins-bad-devel
sudo tdnf install -y libdrm libdrm-devel mesa mesa-libgbm mesa-libgbm-devel mesa-vulkan-drivers vulkan-headers vulkan-loader-devel vulkan-tools 
sudo tdnf install -y python3-lxml python3-sphinx libapparmor-devel readline-devel
sudo tdnf install -y dbus-glib dbus-glib-devel glib-devel glibc-devel glibc-i18n glibc-tools glibmm-devel json-glib-devel linux-drivers-intel-i40e linux-drivers-intel-ice

ISSUE: dmesg and journalctl show a few error messages. How to avoid these?

PCI (not supported)
hv_vmbus (unknown guid)
libcuda.so.1 (not asymbolic link)
dxgk (dxgkio_query_adapter_info: Ioctl failed: -22)
potentially unexpected fatal signal 11
systemd-coredump (Failed to connect to coredump service: No such file or directory)
usr/lib/udev/rules.d/60-block-scheduler.rules (Failed to write ATTR), etc/udev/rules.d/60-ioschedulers.rules (Failed to write ATTR)
/proc/sys/fs/binfmt_misc/WSLInterop-late (Permission denied)
iptables (Module nf_conntrack not found in directory /lib/modules/5.15.133.1-microsoft-standard-WSL2
Module xt_LOG not found in directory /lib/modules/5.15.133.1-microsoft-standard-WSL2)
Kernel reports TIME_ERROR: 0x41 (Clock Unsynchronized)

dmesg.txt journal.txt

How to use Photon OS kernel?

How to use Photon OS kernel instead of cbl mariner as default ? (and not only the dockerized Photon OS distro.) The cbl-mariner system distribution can be explored started using

  • wsl --system which starts in context of the internal wslg user.
    wslg [ /mnt/c/Users/dcaso ]$ cat /etc/os-release
    NAME="Common Base Linux Mariner"
    VERSION="2.0.20231130"
    ID=mariner
    VERSION_ID="2.0"
    PRETTY_NAME="CBL-Mariner/Linux"
    ANSI_COLOR="1;34"
    HOME_URL="https://aka.ms/cbl-mariner"
    BUG_REPORT_URL="https://aka.ms/cbl-mariner"
    SUPPORT_URL="https://aka.ms/cbl-mariner"
    
  • wsl --system -u root /bin/bash which starts in context of the internal root user. cbl-mariner allows to make use of tdnf.
    tdnf update -y tdnf
    tdnf install -y rpm-build
    tdnf distro-sync -y
    
    The changes above aren't persistent, but allows to quickly test a newer release.
    root [ /mnt/c/Users/dcaso ]# cat /etc/os-release
    NAME="Common Base Linux Mariner"
    VERSION="2.0.20240223"
    ID=mariner
    VERSION_ID="2.0"
    PRETTY_NAME="CBL-Mariner/Linux"
    ANSI_COLOR="1;34"
    HOME_URL="https://aka.ms/cbl-mariner"
    BUG_REPORT_URL="https://aka.ms/cbl-mariner"
    SUPPORT_URL="https://aka.ms/cbl-mariner"
    

Various

Enable Docker Desktop WSL2 integration with Photon OS

In Docker Desktop > Settings > Resources > WSL integration > Enable integration with additional distros: Ph5 > Apply & restart

Cleanup Photon OS on WSL2

Run the following powershell commands.

wsl -d $distroname --shutdown
wsl --unregister $distroname
rm "$targetdirectory\.wslconfig"
rm "$targetdirectory\vmlinux"
rm "$targetdirectory\photon.tar"
# rm "$targetdirectory/.ssh/known_hosts"

Weblinks

How to recompile the Linux Kernel: - https://github.com/PINTO0309/wsl2_linux_kernel_usbcam_enable_conf/tree/main

Notes

For smartcard support, you need at least release 5.15.150.1, see https://github.com/microsoft/WSL/issues/10581

Clone this wiki locally