Site logo
Stories around the Genode Operating System RSS feed
Josef Söntgen avatarJosef Söntgen
Genode Labs

Josef is a Genode craftsman mostly focused on drivers, tooling and sometimes the POSIX-side of things.

Codeberg jsoentgen

GitHub cnuke

Company Genode Labs

Josef Söntgen avatar

Manually installing wsman(1)

January 5 2024 by Josef Söntgen

For convenience and to some degree also necessity most of our x86-based test machines feature AMT to power-cycle the system and also gain serial console access via SOL. On recent systems the controlling part is done via WS-MAN, for which a package is not always readily available on Linux distributions. The following post gives short instructions on how to build it manually and illustrates one or the other pitfall.

Edit 2026-03-26: update for use with recent machines that require TLS.

Please skim the complete post first before following the instructions.

Two ingredients are required: libwsman from openwsman that implements the protocol and wsman from wsmancli that provides the console interface.

libwsman

First we build libwsman with a minimal configuration - suited for our use-case at hand - that in return requires the following dependencies: 

 cmake
 libcurl-devel
 libxml2-devel
 openssl-devel

Depending on the used Linux distribution the packages may be named differently.

Next we download the source-code, other means like using git directly work as well, and extract the archive. 

 $ wget -O openwsman-2.8.1.tar.gz https://github.com/Openwsman/openwsman/archive/refs/tags/v2.8.1.tar.gz
 $ tar xzf openwsman-2.8.1.tar.gz
 $ cd openwsman-2.7.2

The cmake configuration contains options, mainly for interfacing with the library, that are not necessary for our use-case and will be disabled.

Then we configure, compile and install the library to a location, /usr/local, that does not interfere with the Linux distributions own package management. 

 $ cmake -S . -B build -DCMAKE_INSTALL_PREFIX=/usr/local -DBUILD_LIBCIM=NO -DBUILD_EXAMPLES=NO -DBUILD_BINDINGS=NO -DBUILD_PYTHON3=NO -DBUILD_PYTHON=NO -DBUILD_RUBY=NO -DBUILD_PERL=NO -DBUILD_JAVA=NO -DBUILD_CSHARP=NO -DBUILD_SWIG_PLUGIN=NO -DDISABLE_SERVER=YES -DENABLE_EVENTING_SUPPORT=NO -DBUILD_TESTS=NO -DUSE_PAM=NO
 $ cd build
 $ make -j8
 $ make install DESTDIR=`pwd`/install # optional to collect a list for later removal
 # make install

Cmake will print its results during the configuration step, pay close attention to install location 

 -- […]
 -- Building for x86_64
 -- Libraries will be installed in /usr/local/lib
 -- Configuration will be installed in /usr/local/etc/openwsman
 -- Disabling PAM authentication
 -- Found OpenSSL: /usr/lib/libcrypto.so (found version "3.1.4")
 -- […]

as on glibc-based systems, managing the dynamic-linker cache via ldconfig (and /etc/ld.so.conf) may be necessary.

You can further refine the install location by setting LIB: 

 $ cmake -S . -B -DLIB=lib -D…

wsman

Next we install the wsman client, which has the following build dependencies: 

 automake
 autoconf
 libtool

We clone the wsmancli repository (working HEAD 3f57ee0b): 

 $ git clone https://github.com/Openwsman/wsmancli.git
 $ cd wsmancli

Then we generate the usual auto-tools related files, namely the infamous configure script, use it to generate the Makefiles and compile and install wsman. 

 $ ./bootstrap
 $ PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure
 $ make install DESTDIR=`pwd`/install # optional to collect a list for later removal
 # make install

Depending on your distribution the pkg-config files from libwsman might not be picked up by the configure script since they are not installed in a regular location. Setting the PKG_CONFIG_PATH to the location solves that problem.

If wsman cannot be executed because libwsman.so.1 is not found, check the ld cache first via 

 $ ldconfig -N -X -v

and update the cache if the libraries are indeed missing. 

 # ldconfig

(Of course you are free to use other means, setting the rpath and so on to achieve the same goal.)

In case using wsman(1) shows an error like follows when employing TLS 

 Connection failed. response code = 0
 SSL connect error

using the --debug=6 option might point to the cause. On one machine this revealed the following problem: 

 […]
 * Host host.in.question:16993 was resolved.
 * IPv6: (none)
 * IPv4: 100.64.0.233
 *   Trying 100.64.0.233:16993...
 * ALPN: curl offers h2,http/1.1
 * TLS connect error: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
 * closing connection #0
 […]

One (dangerous) way to circumvent this particular failure would be to add 

 Options = UnsafeLegacyRenegotiation

to /etc/ssl/openssl.cnf in [system_default_sect] (in Ubuntu 22.04, YMMV).

amtterm

Since amtterm is required for accessing the AMT's SOL and might also not be available on any given Linux distribution, here are additional instructions to build that and install it to /usr/local as well: 

 $ git clone https://gitlab.com/kraxel/amtterm.git
 $ cd amtterm
 $ make SHELL=bash USE_OPENSSL=1 -j8  # make sure to use bash if current shell is different and enable TLS via OpenSSL
 $ make install DESTDIR=`pwd`/install # optional to collect a list for later removal
 # make install

Using TLS with amtterm normally requires the use of a certificate specified with option -C. One way to obtain the machine's ceritificate is via openssl(1): 

 openssl s_client -connect <host>:16993 < /dev/null | openssl x509 > <host>.cert

should do the trick.

By now there is one or the other post available on genodians.org that illustrates how these tool are utilized by Genode's testing infrastructure, using site:genodians.org wsman amtterm in your preferred search-engine will point you the way.

Discuss at reddit.com/r/genode
External Links