f33e34f333
* faq-setup.xml: Document how Cygwin secures installation and update against man-in-the-middle (MITM) attacks. Note that setup embeds a public key to check the signature of setup.ini, and that setup.ini includes SHA-512 cryptographic hashes. Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
728 lines
33 KiB
XML
728 lines
33 KiB
XML
<?xml version="1.0" encoding='UTF-8'?>
|
|
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
|
|
|
|
<qandadiv id="faq.setup">
|
|
<title>Setting up Cygwin</title>
|
|
|
|
<!-- faq-setup.xml -->
|
|
<qandaentry id="faq.setup.setup">
|
|
<question><para>What is the recommended installation procedure?</para></question>
|
|
<answer>
|
|
|
|
<para>There is only one recommended way to install Cygwin, which is to use the GUI
|
|
installer <command>setup-*.exe</command>. It is flexible and easy to use.
|
|
You can pick and choose the packages you wish to install, and update
|
|
them individually. Full source code is available for all packages and
|
|
tools. More information on using Cygwin Setup may be found at
|
|
<ulink url="https://cygwin.com/cygwin-ug-net/setup-net.html"/>.
|
|
</para>
|
|
<para>If you do it any other way, you're on your own!
|
|
If something doesn't work right for you, and
|
|
it's not covered here or in the latest development snapshot at
|
|
<ulink url="https://cygwin.com/snapshots/"/>, then by all means report it to the
|
|
mailing list.
|
|
</para>
|
|
<para>For a searchable list of packages that can be installed with Cygwin,
|
|
see <ulink url="https://cygwin.com/packages/"/>.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.automated">
|
|
<question><para>What about an automated Cygwin installation?</para></question>
|
|
<answer>
|
|
|
|
<para>The Cygwin Setup program is designed to be interactive, but there are
|
|
a few different ways to automate it. If you are deploying to multiple systems,
|
|
the best way is to run through a full installation once, saving the entire
|
|
downloaded package tree. Then, on target systems, run Cygwin Setup as a
|
|
"Local Install" pointed at your downloaded package tree. You could do this
|
|
non-interactively with the command line options
|
|
<literal>-q -L -l x:\cygwin-local\</literal>, where your downloaded
|
|
package tree is in <literal>x:\cygwin-local\</literal> (see the next FAQ for
|
|
an explanation of those options.)
|
|
</para>
|
|
<para>
|
|
For other options, search the mailing lists with terms such as
|
|
<ulink url="http://www.google.com/search?q=cygwin+automated+setup">cygwin automated setup</ulink> or
|
|
<ulink url="http://www.google.com/search?q=automated+cygwin+install">automated cygwin install</ulink>.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.cli">
|
|
<question><para>Does Setup accept command-line arguments?</para></question>
|
|
<answer>
|
|
|
|
<para>Yes, the full listing is written to the <literal>setup.log</literal> file
|
|
when you run <literal>setup-x86.exe --help</literal> or
|
|
<literal>setup-x86_64.exe --help</literal>. The current options are:
|
|
<screen>
|
|
Command Line Options:
|
|
-D --download Download from internet
|
|
-L --local-install Install from local directory
|
|
-s --site Download site
|
|
-O --only-site Ignore all sites except for -s
|
|
-R --root Root installation directory
|
|
-x --remove-packages Specify packages to uninstall
|
|
-c --remove-categories Specify categories to uninstall
|
|
-P --packages Specify packages to install
|
|
-C --categories Specify entire categories to install
|
|
-p --proxy HTTP/FTP proxy (host:port)
|
|
-a --arch architecture to install (x86_64 or x86)
|
|
-q --quiet-mode Unattended setup mode
|
|
-M --package-manager Semi-attended chooser-only mode
|
|
-B --no-admin Do not check for and enforce running as
|
|
Administrator
|
|
-h --help print help
|
|
-l --local-package-dir Local package directory
|
|
-r --no-replaceonreboot Disable replacing in-use files on next
|
|
reboot.
|
|
-X --no-verify Don't verify setup.ini signatures
|
|
-n --no-shortcuts Disable creation of desktop and start menu
|
|
shortcuts
|
|
-N --no-startmenu Disable creation of start menu shortcut
|
|
-d --no-desktop Disable creation of desktop shortcut
|
|
-K --pubkey URL of extra public key file (gpg format)
|
|
-S --sexpr-pubkey Extra public key in s-expr format
|
|
-u --untrusted-keys Use untrusted keys from last-extrakeys
|
|
-U --keep-untrusted-keys Use untrusted keys and retain all
|
|
-g --upgrade-also also upgrade installed packages
|
|
-o --delete-orphans remove orphaned packages
|
|
-A --disable-buggy-antivirus Disable known or suspected buggy anti virus
|
|
software packages during execution.
|
|
</screen>
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.noroot">
|
|
<question><para>Can I install Cygwin without administrator rights?</para></question>
|
|
<answer>
|
|
|
|
<para>Yes. The default installation requests administrator rights because
|
|
this allows to set up the Cygwin environment so that all users can start
|
|
a Cygwin shell out of the box. However, if you don't have administrator
|
|
rights for your machine, and the admins don't want to install it for you,
|
|
you can install Cygwin just for yourself by downloading
|
|
<command>setup-x86.exe</command> (for a 32 bit install) or
|
|
<command>setup-x86_64.exe</command> (for a 64 bit install) and then start
|
|
it from the command line or via the "Run..." dialog from the start menu
|
|
using the <literal>--no-admin</literal> option, for instance:</para>
|
|
|
|
<para>
|
|
<screen>
|
|
setup-x86.exe --no-admin
|
|
</screen>
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.c">
|
|
<question><para>Why not install in C:\?</para></question>
|
|
<answer>
|
|
|
|
<para>The Cygwin Setup program will prompt you for a "root" directory.
|
|
The default is <literal>C:\cygwin</literal>, but you can change it. You are urged not to
|
|
choose something like <literal>C:\</literal> (the root directory on the system drive) for
|
|
your Cygwin root. If you do, then critical Cygwin system directories
|
|
like <literal>etc</literal>, <literal>lib</literal> and <literal>bin</literal> could easily be corrupted by
|
|
other (non-Cygwin) applications or packages that use <literal>\etc</literal>,
|
|
<literal>\lib</literal> or <literal>\bin</literal>. Perhaps there is no conflict now, but who
|
|
knows what you might install in the future? It's also just good common
|
|
sense to segregate your Cygwin "filesystems" from the rest of your
|
|
Windows system disk.
|
|
</para>
|
|
<para>(In the past, there had been genuine bugs that would cause problems
|
|
for people who installed in <literal>C:\</literal>, but we believe those are gone
|
|
now.)
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.old-versions">
|
|
<question><para>Can I use Cygwin Setup to get old versions of packages (like gcc-2.95)?</para></question>
|
|
<answer>
|
|
|
|
<para>Cygwin Setup can be used to install any packages that are on a
|
|
Cygwin mirror, which usually includes one version previous to the
|
|
current one. The complete list may be searched at
|
|
<ulink url="https://cygwin.com/packages/"/>. There is no complete archive of
|
|
older packages. If you have a problem with the current version of
|
|
a Cygwin package, please report it to the mailing list using the
|
|
guidelines at <ulink url="https://cygwin.com/problems.html"/>.
|
|
</para>
|
|
<para>That said, if you really need an older package, you may be able to find
|
|
an outdated or archival mirror by searching the web for an old package
|
|
version (for example, <literal>gcc2-2.95.3-10-src.tar.bz2</literal>), but keep in
|
|
mind that this older version will not be supported by the mailing list
|
|
and that installing the older version will not help improve Cygwin.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.install-security">
|
|
<question><para>How does Cygwin secure the installation and update process?</para></question>
|
|
<answer>
|
|
|
|
<para>
|
|
Here is how Cygwin secures the installation and update process to counter
|
|
<ulink url="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">man-in-the-middle (MITM) attacks</ulink>:
|
|
</para>
|
|
|
|
<orderedlist>
|
|
<listitem><para>The Cygwin website provides the setup program
|
|
(<literal>setup-x86.exe</literal> or <literal>setup-x86_64.exe</literal>)
|
|
using HTTPS (SSL/TLS).
|
|
This authenticates that the setup program
|
|
came from the Cygwin website
|
|
(users simply use their web browsers to download the setup program).
|
|
You can use tools like Qualsys' SSL Server Test,
|
|
<ulink url="https://www.ssllabs.com/ssltest/"/>,
|
|
to check the HTTPS configuration of Cygwin.
|
|
The cygwin.com site supports HTTP Strict Transport Security (HSTS),
|
|
which forces the browser to keep using HTTPS once the browser has seen
|
|
it before (this counters many downgrade attacks).
|
|
</para></listitem>
|
|
<listitem><para>The setup program has the
|
|
Cygwin public key embedded in it.
|
|
The Cygwin public key is protected from attacker subversion
|
|
during transmission by the previous step, and this public
|
|
key is then used to protect all later steps.
|
|
You can confirm that the key is in setup by looking at the setup project
|
|
(<ulink url="http://sourceware.org/cygwin-apps/setup.html"/>)
|
|
source code file <literal>cyg-pubkey.h</literal>
|
|
(the key is automatically generated from file <literal>cygwin.pub</literal>).
|
|
</para></listitem>
|
|
<listitem><para>The setup program downloads
|
|
the package list <literal>setup.ini</literal> from a mirror
|
|
and checks its digital signature.
|
|
The package list is in the file
|
|
<literal>setup.bz2</literal> (compressed) or
|
|
<literal>setup.ini</literal> (uncompressed) on the selected mirror.
|
|
The package list includes for every official Cygwin package
|
|
the package name, cryptographic hash, and length (in bytes).
|
|
The setup program also gets the relevant <literal>.sig</literal>
|
|
(signature) file for that package list, and checks that the package list
|
|
is properly signed with the Cygwin public key embedded in the setup program.
|
|
A mirror could corrupt the package list and/or signature, but this
|
|
would be detected by setup program's signature detection
|
|
(unless you use the <literal>-X</literal> option to disable signature checking).
|
|
The setup program also checks the package list
|
|
timestamp/version and reports to the user if the file
|
|
goes backwards in time; that process detects downgrade attacks
|
|
(e.g., where an attacker subverts a mirror to send a signed package list
|
|
that is older than the currently-downloaded version).
|
|
</para></listitem>
|
|
<listitem><para>The packages to be installed
|
|
(which may be updates) are downloaded and both their
|
|
lengths and cryptographic hashes
|
|
(from the signed <literal>setup.{bz2,ini}</literal> file) are checked.
|
|
Non-matching packages are rejected, countering any attacker's
|
|
attempt to subvert the files on a mirror.
|
|
Cygwin currently uses the cryptographic hash function SHA-512
|
|
for the <literal>setup.ini</literal> files.
|
|
</para></listitem>
|
|
</orderedlist>
|
|
|
|
<para>
|
|
Cygwin uses the cryptographic hash algorithm SHA-512 as of 2015-03-23.
|
|
The earlier 2015-02-06 update of the setup program added support for SHA-512
|
|
(Cygwin previously used MD5).
|
|
There are no known practical exploits of SHA-512 (SHA-512 is part of the
|
|
widely-used SHA-2 suite of cryptographic hashes).
|
|
</para>
|
|
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.increase-install-security">
|
|
<question><para>What else can I do to ensure that my installation and updates are secure?</para></question>
|
|
<answer>
|
|
|
|
<para>
|
|
To best secure your installation and update process, download
|
|
the setup program <literal>setup-x86.exe</literal> (32-bit) or
|
|
<literal>setup-x86_64.exe</literal> (64-bit), and then
|
|
check its signature (using a signature-checking tool you trust)
|
|
using the Cygwin public key
|
|
(<ulink url="https://cygwin.com/key/pubring.asc"/>).
|
|
This was noted on the front page for installing and updating.
|
|
</para>
|
|
<para>
|
|
If you use the actual Cygwin public key, and have an existing secure
|
|
signature-checking process, you will counter many other
|
|
attacks such as subversion of the Cygwin website and
|
|
malicious certificates issued by untrustworthy certificate authorities (CAs).
|
|
One challenge, of course, is ensuring that
|
|
you have the actual Cygwin public key.
|
|
You can increase confidence in the Cygwin public key by checking older copies
|
|
of the Cygwin public key (to see if it's been the same over time).
|
|
Another challenge is having a secure signature-checking process.
|
|
You can use GnuPG to check signatures; if you have a trusted Cygwin
|
|
installation you can install GnuPG.
|
|
Otherwise, to check the signature you must use an existing trusted tool or
|
|
install a signature-checking tool you can trust.
|
|
</para>
|
|
<para>
|
|
Not everyone will go through this additional effort,
|
|
but we make it possible for those who want that extra confidence.
|
|
We also provide automatic mechanisms
|
|
(such as our use of HTTPS) for those with limited time and
|
|
do not want to perform the signature checking on the setup program itself.
|
|
Once the correct setup program is running, it will counter other attacks
|
|
as described in
|
|
<ulink url="https://cygwin.com/faq/faq.html#faq.setup.install-security"/>.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.virus">
|
|
<question><para>Is Cygwin Setup, or one of the packages, infected with a virus?</para></question>
|
|
<answer>
|
|
|
|
<para>Unlikely. Unless you can confirm it, please don't report it to the
|
|
mailing list. Anti-virus products have been known to detect false
|
|
positives when extracting compressed tar archives. If this causes
|
|
problems for you, consider disabling your anti-virus software when
|
|
running <literal>setup</literal>. Read the next entry for a fairly safe way to do
|
|
this.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.hang">
|
|
<question><para>My computer hangs when I run Cygwin Setup!</para></question>
|
|
<answer>
|
|
|
|
<para>Both Network Associates (formerly McAfee) and Norton anti-virus
|
|
products have been reported to "hang" when extracting Cygwin tar
|
|
archives. If this happens to you, consider disabling your anti-virus
|
|
software when running Cygwin Setup. The following procedure should be
|
|
a fairly safe way to do that:
|
|
</para>
|
|
<orderedlist><listitem><para>Download <literal>setup-x86.exe</literal> or
|
|
<literal>setup-x86_64.exe</literal> and scan it explicitly.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Turn off the anti-virus software.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Run setup to download and extract all the tar files.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Re-activate your anti-virus software and scan everything
|
|
in C:\cygwin (or wherever you chose to install), or your entire hard
|
|
disk if you are paranoid.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
<para>This should be safe, but only if Cygwin Setup is not substituted by
|
|
something malicious.
|
|
See also
|
|
<ulink url="https://cygwin.com/faq/faq.html#faq.setup.install-security"/>
|
|
for a description of how the
|
|
Cygwin project counters man-in-the-middle (MITM) attacks.
|
|
</para>
|
|
|
|
<para>See also <ulink url="https://cygwin.com/faq/faq.html#faq.using.bloda"/>
|
|
for a list of applications that have been known, at one time or another, to
|
|
interfere with the normal functioning of Cygwin.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.what-packages">
|
|
<question><para>What packages should I download? Where are 'make', 'gcc', 'vi', etc? </para></question>
|
|
<answer>
|
|
<para>When using Cygwin Setup for the first time, the default is to install
|
|
a minimal subset of all available packages. If you want anything beyond that,
|
|
you will have to select it explicitly. See
|
|
<ulink url="https://cygwin.com/packages/"/> for a searchable list of available
|
|
packages, or use <literal>cygcheck -p </literal> as described in the Cygwin
|
|
User's Guide at
|
|
<ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#cygcheck"/>.
|
|
</para>
|
|
<para>If you want to build programs, of course you'll need <literal>gcc</literal>,
|
|
<literal>binutils</literal>, <literal>make</literal> and probably other packages from the
|
|
``Devel'' category. Text editors can be found under ``Editors''.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.everything">
|
|
<question><para>How do I just get everything?</para></question>
|
|
<answer>
|
|
|
|
<para>Long ago, the default was to install everything, much to the
|
|
irritation of most users. Now the default is to install only a basic
|
|
core of packages. Cygwin Setup is designed to make it easy to browse
|
|
categories and select what you want to install or omit from those
|
|
categories. It's also easy to install everything:
|
|
</para>
|
|
<orderedlist>
|
|
<listitem><para>At the ``Select Packages'' screen, in ``Categories'' view, at the line
|
|
marked ``All'', click on the word ``default'' so that it changes to
|
|
``install''. (Be patient, there is some computing to do at this step.
|
|
It may take a second or two to register the change.) This tells Setup
|
|
to install <emphasis>everything</emphasis>, not just what it thinks you should have
|
|
by default.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Now click on the ``View'' button (twice) until you get to the
|
|
``Pending'' view. This shows exactly which packages are about to be
|
|
downloaded and installed.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
<para>This procedure only works for packages that are currently available.
|
|
There is no way to tell Cygwin Setup to install all packages by
|
|
default from now on. As new packages become available that would not
|
|
be installed by default, you have to repeat the above procedure to get
|
|
them.
|
|
</para>
|
|
<para>In general, a better method (in my opinion), is to:
|
|
</para>
|
|
<orderedlist>
|
|
<listitem><para>First download & install all packages that would normally be
|
|
installed by default. This includes fundamental packages and any
|
|
updates to what you have already installed. Then...
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Run Cygwin Setup again, and apply the above technique to get all
|
|
new packages that would not be installed by default. You can check
|
|
the list in the ``Pending'' view before proceeding, in case there's
|
|
something you really <emphasis>don't</emphasis> want.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>In the latest version of Cygwin Setup, if you click the ``View''
|
|
button (twice) more, it shows packages not currently installed. You
|
|
ought to check whether you <emphasis>really</emphasis> want to install everything!
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.disk-space">
|
|
<question><para>How much disk space does Cygwin require?</para></question>
|
|
<answer>
|
|
|
|
<para>That depends, obviously, on what you've chosen to download and
|
|
install. A full installation today is probably larger than 1 GB
|
|
installed, not including the package archives themselves nor the source
|
|
code.
|
|
</para>
|
|
<para>After installation, the package archives remain in your ``Local
|
|
Package Directory''. By default the location of
|
|
<literal>setup-x86{_64}.exe</literal>. You may conserve disk space by
|
|
deleting the subdirectories there. These directories will have very weird
|
|
looking names, being encoded with their URLs
|
|
(named <literal>ftp%3a%2f...</literal>).
|
|
</para>
|
|
<para>Of course, you can keep them around in case you want to reinstall a
|
|
package. If you want to clean out only the outdated packages, Michael Chase
|
|
has written a script called <literal>clean_setup.pl</literal>, available
|
|
at <ulink url="ftp://cygwin.com/pub/cygwin/unsupported/clean_setup.pl" />.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.what-upgraded">
|
|
<question><para>How do I know which version I upgraded from?</para></question>
|
|
<answer>
|
|
|
|
<para>Detailed logs of the most recent Cygwin Setup session can be found in
|
|
<literal>/var/log/setup.log.full</literal> and less verbose information about
|
|
prior actions is in <literal>/var/log/setup.log</literal>.
|
|
</para>
|
|
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.setup-fails">
|
|
<question><para>What if setup fails?</para></question>
|
|
<answer>
|
|
|
|
<para>First, make sure that you are using the latest version of Cygwin Setup.
|
|
The latest version is always available from the Cygwin Home Page at
|
|
<ulink url="https://cygwin.com/"/>.
|
|
</para>
|
|
<para>If you are downloading from the Internet, setup will fail if it cannot
|
|
download the list of mirrors at <ulink url="https://cygwin.com/mirrors.html"/>.
|
|
It could be that the network is too busy. Something similar could be the
|
|
cause of a download site not working. Try another mirror, or try again
|
|
later.
|
|
</para>
|
|
<para>If setup refuses to download a package that you know needs to be
|
|
upgraded, try deleting that package's entry from /etc/setup. If you are
|
|
reacting quickly to an announcement on the mailing list, it could be
|
|
that the mirror you are using doesn't have the latest copy yet. Try
|
|
another mirror, or try again tomorrow.
|
|
</para>
|
|
<para>If setup has otherwise behaved strangely, check the files
|
|
<literal>setup.log</literal> and <literal>setup.log.full</literal> in
|
|
<literal>/var/log</literal> (<literal>C:\cygwin\var\log</literal> by
|
|
default). It may provide some clues as to what went wrong and why.
|
|
</para>
|
|
<para>If you're still baffled, search the Cygwin mailing list for clues.
|
|
Others may have the same problem, and a solution may be posted there.
|
|
If that search proves fruitless, send a query to the Cygwin mailing
|
|
list. You must provide complete details in your query: version of
|
|
setup, options you selected, contents of setup.log and setup.log.full,
|
|
what happened that wasn't supposed to happen, etc.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.name-with-space">
|
|
<question><para>My Windows logon name has a space in it, will this cause problems?</para></question>
|
|
<answer>
|
|
|
|
<para>Most definitely yes! UNIX shells (and thus Cygwin) use the space
|
|
character as a word delimiter. Under certain circumstances, it is
|
|
possible to get around this with various shell quoting mechanisms, but
|
|
you are much better off if you can avoid the problem entirely.
|
|
</para>
|
|
<para>You have two choices:
|
|
</para><orderedlist>
|
|
<listitem><para>You can rename the user in the Windows User Manager GUI.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>If that's not possible, you can create an /etc/passwd file
|
|
using the <command>mkpasswd</command> command. Then you can simply edit your
|
|
Cygwin user name (first field). It's also a good idea to avoid spaces in the
|
|
home directory.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.home">
|
|
<question><para>My <literal>HOME</literal> environment variable is not what I want.</para></question>
|
|
<answer>
|
|
|
|
<para>When starting Cygwin from Windows, <literal>HOME</literal> is determined
|
|
as follows:
|
|
</para>
|
|
<orderedlist>
|
|
<listitem><para>If <literal>HOME</literal> is set in the Windows environment,
|
|
translated to POSIX form.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Otherwise, use the pw_home field from the passwd entry as
|
|
returned by <command>getent passwd</command>. If you want to learn how this
|
|
field is set by Cygwin and how you can change it, this is explained in great
|
|
detail in the Cygwin User's Guide at
|
|
<ulink url="https://cygwin.com/cygwin-ug-net/ntsec.html"/>.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
<para>When using Cygwin from a network login (via ssh for instance),
|
|
<literal>HOME</literal> is always taken from the passwd entry.
|
|
</para>
|
|
<para>If your <literal>HOME</literal> is set to a value such as /cygdrive/c,
|
|
it is likely that it was set in Windows. Start a DOS Command Window and type
|
|
"set HOME" to verify if this is the case.
|
|
</para>
|
|
<para>Access to shared drives is often restricted when starting from the
|
|
network, thus Domain users may wish to have a different <literal>HOME</literal>
|
|
in the Windows environment (on shared drive) than in Cygwin (on local drive).
|
|
Note that ssh only considers the account information as retrieved by
|
|
getpwnam(3), disregarding <literal>HOME</literal>.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.uninstall-packages">
|
|
<question><para>How do I uninstall individual packages?</para></question>
|
|
<answer>
|
|
|
|
<para>Run Cygwin Setup as you would to install packages. In the list of
|
|
packages to install, browse the relevant category or click on the
|
|
``View'' button to get a full listing. Click on the cycle glyph until
|
|
the action reads ``Uninstall''. Proceed by clicking ``Next''.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.uninstall-service">
|
|
<question><para>How do I uninstall a Cygwin service?</para></question>
|
|
<answer>
|
|
<orderedlist>
|
|
<listitem><para>List all services you have installed with
|
|
<literal>cygrunsrv -L</literal>. If you do not have
|
|
<literal>cygrunsrv</literal> installed, skip this FAQ.
|
|
</para></listitem>
|
|
<listitem><para>Before removing the service, you should stop it with
|
|
<literal>cygrunsrv --stop <replaceable>service_name</replaceable></literal>.
|
|
If you have <literal>inetd</literal> configured to run as a standalone
|
|
service, it will not show up in the list, but
|
|
<literal>cygrunsrv --stop inetd</literal> will work to stop it as
|
|
well.
|
|
</para></listitem>
|
|
<listitem><para>Lastly, remove the service with
|
|
<literal>cygrunsrv --remove <replaceable>service_name</replaceable></literal>.
|
|
</para></listitem>
|
|
</orderedlist>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.uninstall-all">
|
|
<question><para>How do I uninstall <emphasis role='bold'>all</emphasis> of Cygwin?</para></question>
|
|
<answer>
|
|
<para>Setup has no automatic uninstall facility. The recommended method to remove all
|
|
of Cygwin is as follows:
|
|
</para>
|
|
<orderedlist>
|
|
<listitem><para>If you have any Cygwin services running, remove by repeating
|
|
the instructions in <ulink
|
|
url="https://cygwin.com/faq/faq.html#faq.setup.uninstall-service"/> for
|
|
all services that you installed. Common services that might have been
|
|
installed are <literal>sshd</literal>, <literal>cron</literal>,
|
|
<literal>cygserver</literal>, <literal>inetd</literal>, <literal>apache</literal>,
|
|
<literal>postgresql</literal>, and so on.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Stop the X11 server if it is running, and terminate any Cygwin programs
|
|
that might be running in the background. Exit the command prompt and ensure
|
|
that no Cygwin processes remain. Note: If you want to save your mount points for a later
|
|
reinstall, first save the output of <literal>mount -m</literal> as described at
|
|
<ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#mount"/>.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>If you installed <literal>cyglsa.dll</literal> by running the
|
|
shell script <literal>/usr/bin/cyglsa-config</literal> as described in
|
|
<ulink url="https://cygwin.com/cygwin-ug-net/ntsec.html"/>, then you need to
|
|
configure Windows to stop using the LSA authentication package. You do so by
|
|
editing the registry and restoring
|
|
<literal>/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages</literal>
|
|
back to it's original value of <literal>msv1_0</literal>, and then rebooting.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Delete the Cygwin root folder and all subfolders. If you get an error
|
|
that an object is in use, then ensure that you've stopped all services and
|
|
closed all Cygwin programs. If you get a 'Permission Denied' error then you
|
|
will need to modify the permissions and/or ownership of the files or folders
|
|
that are causing the error. For example, sometimes files used by system
|
|
services end up owned by the SYSTEM account and not writable by regular users.
|
|
</para>
|
|
<para>The quickest way to delete the entire tree if you run into this problem is to
|
|
change the ownership of all files and folders to your account. To do this in
|
|
Windows Explorer, right click on the root Cygwin folder, choose Properties, then
|
|
the Security tab. If you are using Windows XP Home or Simple File Sharing,
|
|
you will need to boot into Safe Mode to access the Security tab. Select
|
|
Advanced, then go to the Owner tab and make sure your account is listed as
|
|
the owner. Select the 'Replace owner on subcontainers and objects' checkbox
|
|
and press Ok. After Explorer applies the changes you should be able to
|
|
delete the entire tree in one operation. Note that you can also achieve
|
|
this in Cygwin by typing <literal>chown -R user /</literal> or by using other
|
|
tools such as <literal>CACLS.EXE</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Delete the Cygwin shortcuts on the Desktop and Start Menu, and
|
|
anything left by setup-x86{_64}.exe in the download directory. However, if you
|
|
plan to reinstall Cygwin it's a good idea to keep your setup-x86{_64}.exe
|
|
download directory since you can reinstall the packages left in its cache
|
|
without redownloading them.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>If you added Cygwin to your system path, you should remove it unless you
|
|
plan to reinstall Cygwin to the same location. Similarly, if you set your
|
|
CYGWIN environment variable system-wide and don't plan to reinstall, you should
|
|
remove it.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>Finally, if you want to be thorough you can delete the registry tree
|
|
<literal>Software\Cygwin</literal> under <literal>HKEY_LOCAL_MACHINE</literal> and/or
|
|
<literal>HKEY_CURRENT_USER</literal>. However, if you followed the directions above you
|
|
will have already removed everything important. Typically only the installation
|
|
directory has been stored in the registry at all.
|
|
</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.snapshots">
|
|
<question><para>How do I install snapshots?</para></question>
|
|
<answer>
|
|
|
|
<para>First, are you sure you want to do this? Snapshots are risky. They
|
|
have not been tested. Use them <emphasis role='bold'>only</emphasis> if there is a feature or
|
|
bugfix that you need to try, and you are willing to deal with any
|
|
problems, or at the request of a Cygwin developer.
|
|
</para>
|
|
<para>You cannot use Cygwin Setup to install a snapshot.
|
|
</para>
|
|
<para>First, you will need to download the snapshot from the snapshots
|
|
page at <ulink url="https://cygwin.com/snapshots/"/>. Note the directory where
|
|
you saved the snapshot tarball.
|
|
</para>
|
|
<para>Before installing a snapshot, you must first Close <emphasis role='bold'>all</emphasis> Cygwin
|
|
applications, including shells and services (e.g., <literal>inetd</literal>, <literal>sshd</literal>).
|
|
You will not be able to replace <literal>cygwin1.dll</literal> if any Cygwin process is
|
|
running. You may have to restart Windows to clear the DLL from memory
|
|
(beware of automatic service startup).
|
|
</para>
|
|
<para>Most of the downloaded snapshot can be installed using <literal>tar</literal>. Cygwin
|
|
<literal>tar</literal> won't be able to update <literal>/usr/bin/cygwin1.dll</literal> (because it's
|
|
used by <literal>tar</literal> itself), but it should succeed with everything else. If
|
|
you are only installing the DLL snapshot, skip the first tar command. Open
|
|
a <literal>bash</literal> shell (it should be the only running Cygwin process) and issue
|
|
the following commands:
|
|
<screen>
|
|
/bin/tar -C / -xvf /posix/path/to/cygwin-inst-YYYYMMDD.tar.* --exclude=usr/bin/cygwin1.dll
|
|
/bin/tar -C /tmp -xvf /posix/path/to/cygwin-inst-YYYYMMDD.tar.* usr/bin/cygwin1.dll
|
|
</screen>
|
|
</para>
|
|
<para>Exit the bash shell, and use Explorer or the Windows command shell to
|
|
first rename <literal>C:\cygwin\bin\cygwin1.dll</literal> to
|
|
<literal>C:\cygwin\bin\cygwin1-prev.dll</literal> and then move
|
|
<literal>C:\cygwin\tmp\usr\bin\cygwin1.dll</literal>
|
|
to <literal>C:\cygwin\bin\cygwin1.dll</literal> (assuming you installed Cygwin in
|
|
<literal>C:\cygwin</literal>).
|
|
</para>
|
|
<para>The operative word in trying the snapshots is "<emphasis>trying</emphasis>". If you
|
|
notice a problem with the snapshot that was not present in the release
|
|
DLL (what we call a "regression"), please report it to the Cygwin
|
|
mailing list (see <ulink url="https://cygwin.com/problems.html"/> for problem
|
|
reporting guidelines). If you wish to go back to the older version of the
|
|
DLL, again, close all Cygwin processes, delete
|
|
<literal>C:\cygwin\bin\cygwin1.dll</literal>, and
|
|
rename <literal>C:\cygwin\bin\cygwin1-prev.dll</literal> back to
|
|
<literal>C:\cygwin\bin\cygwin1.dll</literal> (again assuming that your "<literal>/</literal>" is
|
|
<literal>C:\cygwin</literal>). To restore the rest of the snapshot
|
|
files, reinstall the "<literal>cygwin</literal>" package using Setup.
|
|
</para>
|
|
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.mirror">
|
|
<question><para>Can Cygwin Setup maintain a ``mirror''?</para></question>
|
|
<answer>
|
|
|
|
<para>NO. Cygwin Setup cannot do this for you. Use a tool designed for
|
|
this purpose. See <ulink url="http://rsync.samba.org/"/>,
|
|
<ulink url="http://www.gnu.org/software/wget/"/> for utilities that can do this for you.
|
|
For more information on setting up a custom Cygwin package server, see
|
|
the Cygwin Setup homepage at
|
|
<ulink url="https://sourceware.org/cygwin-apps/setup.html"/>.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.cd">
|
|
<question><para>How can I make my own portable Cygwin on CD?</para></question>
|
|
<answer>
|
|
|
|
<para>While some users have successfully done this, for example Indiana
|
|
University's XLiveCD <ulink url="http://xlivecd.indiana.edu/"/>, there is no
|
|
easy way to do it. Full instructions for constructing a portable Cygwin
|
|
on CD by hand can be found on the mailing list at
|
|
<ulink url="https://www.cygwin.com/ml/cygwin/2003-07/msg01117.html"/>
|
|
(Thanks to fergus at bonhard dot uklinux dot net for these instructions.)
|
|
Please note that these instructions are rather old and are referring to the
|
|
somewhat different setup of a Cygwin 1.5.x release. As soon as somebody set
|
|
this up for Cygwin 1.7, we might add this information here.
|
|
</para>
|
|
</answer></qandaentry>
|
|
|
|
<qandaentry id="faq.setup.registry">
|
|
<question><para>How do I save, restore, delete, or modify the Cygwin information stored in the registry?</para></question>
|
|
<answer>
|
|
|
|
<para>Since Cygwin 1.7, there's nothing important in the registry anymore,
|
|
except for the installation directory information stored there for the sake
|
|
of setup-x86{_64}.exe. There's nothing left to manipulate anymore.
|
|
</para></answer></qandaentry>
|
|
</qandadiv>
|
|
|