sync: auto-sync from GURU-5070 at 2026-06-13 12:10:56
Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-06-13 12:10:56
This commit is contained in:
@@ -0,0 +1,89 @@
|
||||
# Session 2026-06-13 — GuruRMM legacy native-SCM MSRV probe + SMB1 client enable
|
||||
|
||||
## User
|
||||
- **User:** Mike Swanson (mike)
|
||||
- **Machine:** GURU-5070
|
||||
- **Role:** admin
|
||||
|
||||
## Summary
|
||||
Two threads:
|
||||
1. **GuruRMM legacy 32-bit installer decision (due-today item).** Investigated whether the
|
||||
legacy tier can adopt native SCM (the multi-AI recommendation in `installer/legacy/README.md`
|
||||
/ SPEC-029 §12), which was documented as blocked on a Rust-1.77 / i686 MSRV check for the
|
||||
`windows-service` crate. **Result: GREEN, end-to-end.** The MSRV wall does not exist, and the
|
||||
`legacy` and `native-service` Cargo features are orthogonal (TLS gates on `legacy` alone).
|
||||
2. **SMB1 client enable** on this Win11 box to reach `192.168.0.20` over the VWP VPN. Staged;
|
||||
reboot pending.
|
||||
|
||||
## Thread 1 — GuruRMM legacy native-SCM (GREEN)
|
||||
|
||||
### Findings
|
||||
- **Isolated MSRV probe** (throwaway crate, `windows-service = "0.7"` + `windows = "0.58"` with
|
||||
the agent's exact feature set): compiles clean on Rust 1.77 -> `i686-pc-windows-msvc`. Run on
|
||||
Beast (`guru@100.101.122.4`). Resolved to 1.77-safe versions (windows-sys 0.52.0,
|
||||
windows-targets 0.52.6). GURU-5070 itself has NO MSVC build tools, so the probe was run on Beast.
|
||||
- **README premise was wrong on two counts:** (a) the crates DO build on 1.77/i686; (b) the legacy
|
||||
rustls TLS-1.2 path gates on the `legacy` feature ONLY (`agent/src/transport/tls.rs` header says
|
||||
so) — NOT on the absence of `native-service`. So `--features legacy,native-service` gives both
|
||||
Win7 rustls TLS 1.2 AND native SCM. The `legacy` feature is purely additive
|
||||
(rustls/webpki/zeroize); zero overlap with `native-service` (`agent/Cargo.toml`).
|
||||
- **End-to-end build (the confirmation Mike approved):** real agent crate,
|
||||
`cargo +1.77 build --ignore-rust-version --release --no-default-features --features legacy,native-service
|
||||
--target i686-pc-windows-msvc`, built in an **isolated git worktree** on Beast
|
||||
(`C:\Temp\gururmm-nsvc`, detached at `fad54ed`) with a separate target dir
|
||||
(`C:\Temp\gururmm-nsvc-target`), lock moved aside so 1.77 re-resolves scoped to the feature set
|
||||
(mirrors the pipeline's legacy wave). **Full-graph lock resolution SUCCEEDED** (the edition-2024
|
||||
transitive-dep fear did not materialize). Built in 2m39s, exit 0, 17 warnings (incl. the
|
||||
already-tracked unused `TrayLauncher::terminate_all`).
|
||||
|
||||
### Artifact
|
||||
- **Path (GURU-5070):** `C:\Users\guru\Downloads\gururmm-agent-legacy-nativeSCM-x86-0.6.66.exe`
|
||||
- **SHA256:** `b0a25e17401c4c16a1334a65c75c6fde7a2ac26d1b60a8cfbca8d13b65e891d3`
|
||||
- Confirmed 32-bit PE (machine `0x014C`), 5.29 MB. **Unsigned** (isolated build — not via pipeline).
|
||||
- Compiled-in endpoints (production): `wss://rmm-api.azcomputerguru.com/ws` /
|
||||
`https://rmm-api.azcomputerguru.com`. Will enroll as a real device.
|
||||
|
||||
### Enrollment gotcha (traced for the Valleywide test)
|
||||
- Native `install()` (`agent/src/service.rs:476`) writes the input into `agent.toml`'s `api_key`;
|
||||
it does NOT set registry `SiteId`. The runtime resolver `resolve_windows_config()`
|
||||
(`agent/src/main.rs`) only ENROLLS when `HKLM\SOFTWARE\GuruRMM\SiteId` is set (enrolls via
|
||||
`/api/enroll` with the site UUID; a friendly code 422s). With only a TOML `api_key` it uses the
|
||||
value verbatim and the server rejects a site code.
|
||||
- **Bulletproof test procedure (elevated):**
|
||||
1. `reg add HKLM\SOFTWARE\GuruRMM /v SiteId /t REG_SZ /d <VALLEYWIDE-SITE-UUID> /f` (UUID, not code; FIRST)
|
||||
2. `gururmm-agent-...exe install --api-key <UUID> --skip-legacy-check`
|
||||
3. `gururmm-agent-...exe start` (service name `GuruRMMAgent`, install dir `C:\Program Files\GuruRMM`)
|
||||
- Verify: `sc query GuruRMMAgent` = RUNNING (real SCM, no NSSM); `reg query HKLM\SOFTWARE\GuruRMM /v AgentKey`
|
||||
appears within ~120s (enrolled over rustls TLS 1.2); device online in dashboard.
|
||||
- Teardown: `gururmm-agent-...exe uninstall`.
|
||||
|
||||
### Beast cleanup pending
|
||||
- Leftover on Beast: `C:\Temp\gururmm-nsvc` (git worktree — remove with
|
||||
`git -C C:\gururmm worktree remove --force C:\Temp\gururmm-nsvc`) and `C:\Temp\gururmm-nsvc-target`,
|
||||
`C:\Temp\nsvc-build.bat`, `C:\Temp\nsvc-build.log`. Left in place in case signing/rebuild needed.
|
||||
|
||||
### Next
|
||||
- Mike validates the binary on a Valleywide machine. On runtime-PASS, correct the SPEC-029 §12 /
|
||||
`installer/legacy/README.md` "blocked / ship NSIS+NSSM" note and pursue the unified x86-MSI +
|
||||
native-SCM direction (drops NSIS + NSSM). Optional: sign the test exe via `sign-windows.sh`.
|
||||
|
||||
## Thread 2 — SMB1 client enable (GURU-5070, Win11)
|
||||
- Goal: reach `192.168.0.20` over VWP VPN (Tailscale off). Both SMB ports reachable (TCP 445 + 139
|
||||
open; ICMP blocked, normal). No per-connection SMB1 switch exists — must install the SMB1 client
|
||||
optional feature.
|
||||
- **Done:** `SMB1Protocol` (parent) + `SMB1Protocol-Client` ENABLED; `SMB1Protocol-Server` left
|
||||
DISABLED (client-only). Payload was present (state was `Disabled`, not payload-removed).
|
||||
- **Reboot REQUIRED** — `mrxsmb10` driver registers only on restart. (This /scc ends with a reboot.)
|
||||
- After reboot: reconnect VWP VPN; `net use \\192.168.0.20\<share> ...`; verify with
|
||||
`Get-SmbConnection` Dialect = 1.5.
|
||||
- **Caveat:** `EnableInsecureGuestLogons` = False. If `.20` is a guest/NAS share, also need
|
||||
`Set-SmbClientConfiguration -EnableInsecureGuestLogons $true`.
|
||||
- **REVERT when done (security):** disable `SMB1Protocol-Client` + parent (+ insecure-guest if set),
|
||||
reboot to unload driver. SMB1 = EternalBlue-class exposure; do not leave on.
|
||||
|
||||
## Pending tasks
|
||||
- [ ] Mike: validate native-SCM legacy agent on a Valleywide machine (artifact + procedure above).
|
||||
- [ ] On PASS: correct SPEC-029 §12 / legacy README; pursue unified x86-MSI + native-SCM.
|
||||
- [ ] Clean up Beast `C:\Temp\gururmm-nsvc*` worktree/target/bat/log.
|
||||
- [ ] After SMB1 task: revert SMB1 client enable on GURU-5070 + reboot.
|
||||
- [ ] Other due-today item still open: SPEC-030 Phase 1 (failed-install visibility) — not started.
|
||||
Reference in New Issue
Block a user