4
0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-01-18 04:19:21 +08:00
newlib-cygwin/winsup/doc/faq-setup.xml
David A. Wheeler f33e34f333 Add FAQ entry on how Cygwin counters install and update MITM attacks
* faq-setup.xml: Document how Cygwin secures installation and
	update against man-in-the-middle (MITM) attacks.  Note that
	setup embeds a public key to check the signature of setup.ini,
	and that setup.ini includes SHA-512 cryptographic hashes.

Signed-off-by: David A. Wheeler <dwheeler@dwheeler.com>
2015-04-23 21:57:11 +02:00

728 lines
33 KiB
XML

<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<qandadiv id="faq.setup">
<title>Setting up Cygwin</title>
<!-- faq-setup.xml -->
<qandaentry id="faq.setup.setup">
<question><para>What is the recommended installation procedure?</para></question>
<answer>
<para>There is only one recommended way to install Cygwin, which is to use the GUI
installer <command>setup-*.exe</command>. It is flexible and easy to use.
You can pick and choose the packages you wish to install, and update
them individually. Full source code is available for all packages and
tools. More information on using Cygwin Setup may be found at
<ulink url="https://cygwin.com/cygwin-ug-net/setup-net.html"/>.
</para>
<para>If you do it any other way, you're on your own!
If something doesn't work right for you, and
it's not covered here or in the latest development snapshot at
<ulink url="https://cygwin.com/snapshots/"/>, then by all means report it to the
mailing list.
</para>
<para>For a searchable list of packages that can be installed with Cygwin,
see <ulink url="https://cygwin.com/packages/"/>.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.automated">
<question><para>What about an automated Cygwin installation?</para></question>
<answer>
<para>The Cygwin Setup program is designed to be interactive, but there are
a few different ways to automate it. If you are deploying to multiple systems,
the best way is to run through a full installation once, saving the entire
downloaded package tree. Then, on target systems, run Cygwin Setup as a
"Local Install" pointed at your downloaded package tree. You could do this
non-interactively with the command line options
<literal>-q -L -l x:\cygwin-local\</literal>, where your downloaded
package tree is in <literal>x:\cygwin-local\</literal> (see the next FAQ for
an explanation of those options.)
</para>
<para>
For other options, search the mailing lists with terms such as
<ulink url="http://www.google.com/search?q=cygwin+automated+setup">cygwin automated setup</ulink> or
<ulink url="http://www.google.com/search?q=automated+cygwin+install">automated cygwin install</ulink>.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.cli">
<question><para>Does Setup accept command-line arguments?</para></question>
<answer>
<para>Yes, the full listing is written to the <literal>setup.log</literal> file
when you run <literal>setup-x86.exe --help</literal> or
<literal>setup-x86_64.exe --help</literal>. The current options are:
<screen>
Command Line Options:
-D --download Download from internet
-L --local-install Install from local directory
-s --site Download site
-O --only-site Ignore all sites except for -s
-R --root Root installation directory
-x --remove-packages Specify packages to uninstall
-c --remove-categories Specify categories to uninstall
-P --packages Specify packages to install
-C --categories Specify entire categories to install
-p --proxy HTTP/FTP proxy (host:port)
-a --arch architecture to install (x86_64 or x86)
-q --quiet-mode Unattended setup mode
-M --package-manager Semi-attended chooser-only mode
-B --no-admin Do not check for and enforce running as
Administrator
-h --help print help
-l --local-package-dir Local package directory
-r --no-replaceonreboot Disable replacing in-use files on next
reboot.
-X --no-verify Don't verify setup.ini signatures
-n --no-shortcuts Disable creation of desktop and start menu
shortcuts
-N --no-startmenu Disable creation of start menu shortcut
-d --no-desktop Disable creation of desktop shortcut
-K --pubkey URL of extra public key file (gpg format)
-S --sexpr-pubkey Extra public key in s-expr format
-u --untrusted-keys Use untrusted keys from last-extrakeys
-U --keep-untrusted-keys Use untrusted keys and retain all
-g --upgrade-also also upgrade installed packages
-o --delete-orphans remove orphaned packages
-A --disable-buggy-antivirus Disable known or suspected buggy anti virus
software packages during execution.
</screen>
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.noroot">
<question><para>Can I install Cygwin without administrator rights?</para></question>
<answer>
<para>Yes. The default installation requests administrator rights because
this allows to set up the Cygwin environment so that all users can start
a Cygwin shell out of the box. However, if you don't have administrator
rights for your machine, and the admins don't want to install it for you,
you can install Cygwin just for yourself by downloading
<command>setup-x86.exe</command> (for a 32 bit install) or
<command>setup-x86_64.exe</command> (for a 64 bit install) and then start
it from the command line or via the "Run..." dialog from the start menu
using the <literal>--no-admin</literal> option, for instance:</para>
<para>
<screen>
setup-x86.exe --no-admin
</screen>
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.c">
<question><para>Why not install in C:\?</para></question>
<answer>
<para>The Cygwin Setup program will prompt you for a "root" directory.
The default is <literal>C:\cygwin</literal>, but you can change it. You are urged not to
choose something like <literal>C:\</literal> (the root directory on the system drive) for
your Cygwin root. If you do, then critical Cygwin system directories
like <literal>etc</literal>, <literal>lib</literal> and <literal>bin</literal> could easily be corrupted by
other (non-Cygwin) applications or packages that use <literal>\etc</literal>,
<literal>\lib</literal> or <literal>\bin</literal>. Perhaps there is no conflict now, but who
knows what you might install in the future? It's also just good common
sense to segregate your Cygwin "filesystems" from the rest of your
Windows system disk.
</para>
<para>(In the past, there had been genuine bugs that would cause problems
for people who installed in <literal>C:\</literal>, but we believe those are gone
now.)
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.old-versions">
<question><para>Can I use Cygwin Setup to get old versions of packages (like gcc-2.95)?</para></question>
<answer>
<para>Cygwin Setup can be used to install any packages that are on a
Cygwin mirror, which usually includes one version previous to the
current one. The complete list may be searched at
<ulink url="https://cygwin.com/packages/"/>. There is no complete archive of
older packages. If you have a problem with the current version of
a Cygwin package, please report it to the mailing list using the
guidelines at <ulink url="https://cygwin.com/problems.html"/>.
</para>
<para>That said, if you really need an older package, you may be able to find
an outdated or archival mirror by searching the web for an old package
version (for example, <literal>gcc2-2.95.3-10-src.tar.bz2</literal>), but keep in
mind that this older version will not be supported by the mailing list
and that installing the older version will not help improve Cygwin.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.install-security">
<question><para>How does Cygwin secure the installation and update process?</para></question>
<answer>
<para>
Here is how Cygwin secures the installation and update process to counter
<ulink url="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">man-in-the-middle (MITM) attacks</ulink>:
</para>
<orderedlist>
<listitem><para>The Cygwin website provides the setup program
(<literal>setup-x86.exe</literal> or <literal>setup-x86_64.exe</literal>)
using HTTPS (SSL/TLS).
This authenticates that the setup program
came from the Cygwin website
(users simply use their web browsers to download the setup program).
You can use tools like Qualsys' SSL Server Test,
<ulink url="https://www.ssllabs.com/ssltest/"/>,
to check the HTTPS configuration of Cygwin.
The cygwin.com site supports HTTP Strict Transport Security (HSTS),
which forces the browser to keep using HTTPS once the browser has seen
it before (this counters many downgrade attacks).
</para></listitem>
<listitem><para>The setup program has the
Cygwin public key embedded in it.
The Cygwin public key is protected from attacker subversion
during transmission by the previous step, and this public
key is then used to protect all later steps.
You can confirm that the key is in setup by looking at the setup project
(<ulink url="http://sourceware.org/cygwin-apps/setup.html"/>)
source code file <literal>cyg-pubkey.h</literal>
(the key is automatically generated from file <literal>cygwin.pub</literal>).
</para></listitem>
<listitem><para>The setup program downloads
the package list <literal>setup.ini</literal> from a mirror
and checks its digital signature.
The package list is in the file
<literal>setup.bz2</literal> (compressed) or
<literal>setup.ini</literal> (uncompressed) on the selected mirror.
The package list includes for every official Cygwin package
the package name, cryptographic hash, and length (in bytes).
The setup program also gets the relevant <literal>.sig</literal>
(signature) file for that package list, and checks that the package list
is properly signed with the Cygwin public key embedded in the setup program.
A mirror could corrupt the package list and/or signature, but this
would be detected by setup program's signature detection
(unless you use the <literal>-X</literal> option to disable signature checking).
The setup program also checks the package list
timestamp/version and reports to the user if the file
goes backwards in time; that process detects downgrade attacks
(e.g., where an attacker subverts a mirror to send a signed package list
that is older than the currently-downloaded version).
</para></listitem>
<listitem><para>The packages to be installed
(which may be updates) are downloaded and both their
lengths and cryptographic hashes
(from the signed <literal>setup.{bz2,ini}</literal> file) are checked.
Non-matching packages are rejected, countering any attacker's
attempt to subvert the files on a mirror.
Cygwin currently uses the cryptographic hash function SHA-512
for the <literal>setup.ini</literal> files.
</para></listitem>
</orderedlist>
<para>
Cygwin uses the cryptographic hash algorithm SHA-512 as of 2015-03-23.
The earlier 2015-02-06 update of the setup program added support for SHA-512
(Cygwin previously used MD5).
There are no known practical exploits of SHA-512 (SHA-512 is part of the
widely-used SHA-2 suite of cryptographic hashes).
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.increase-install-security">
<question><para>What else can I do to ensure that my installation and updates are secure?</para></question>
<answer>
<para>
To best secure your installation and update process, download
the setup program <literal>setup-x86.exe</literal> (32-bit) or
<literal>setup-x86_64.exe</literal> (64-bit), and then
check its signature (using a signature-checking tool you trust)
using the Cygwin public key
(<ulink url="https://cygwin.com/key/pubring.asc"/>).
This was noted on the front page for installing and updating.
</para>
<para>
If you use the actual Cygwin public key, and have an existing secure
signature-checking process, you will counter many other
attacks such as subversion of the Cygwin website and
malicious certificates issued by untrustworthy certificate authorities (CAs).
One challenge, of course, is ensuring that
you have the actual Cygwin public key.
You can increase confidence in the Cygwin public key by checking older copies
of the Cygwin public key (to see if it's been the same over time).
Another challenge is having a secure signature-checking process.
You can use GnuPG to check signatures; if you have a trusted Cygwin
installation you can install GnuPG.
Otherwise, to check the signature you must use an existing trusted tool or
install a signature-checking tool you can trust.
</para>
<para>
Not everyone will go through this additional effort,
but we make it possible for those who want that extra confidence.
We also provide automatic mechanisms
(such as our use of HTTPS) for those with limited time and
do not want to perform the signature checking on the setup program itself.
Once the correct setup program is running, it will counter other attacks
as described in
<ulink url="https://cygwin.com/faq/faq.html#faq.setup.install-security"/>.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.virus">
<question><para>Is Cygwin Setup, or one of the packages, infected with a virus?</para></question>
<answer>
<para>Unlikely. Unless you can confirm it, please don't report it to the
mailing list. Anti-virus products have been known to detect false
positives when extracting compressed tar archives. If this causes
problems for you, consider disabling your anti-virus software when
running <literal>setup</literal>. Read the next entry for a fairly safe way to do
this.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.hang">
<question><para>My computer hangs when I run Cygwin Setup!</para></question>
<answer>
<para>Both Network Associates (formerly McAfee) and Norton anti-virus
products have been reported to "hang" when extracting Cygwin tar
archives. If this happens to you, consider disabling your anti-virus
software when running Cygwin Setup. The following procedure should be
a fairly safe way to do that:
</para>
<orderedlist><listitem><para>Download <literal>setup-x86.exe</literal> or
<literal>setup-x86_64.exe</literal> and scan it explicitly.
</para>
</listitem>
<listitem><para>Turn off the anti-virus software.
</para>
</listitem>
<listitem><para>Run setup to download and extract all the tar files.
</para>
</listitem>
<listitem><para>Re-activate your anti-virus software and scan everything
in C:\cygwin (or wherever you chose to install), or your entire hard
disk if you are paranoid.
</para>
</listitem>
</orderedlist>
<para>This should be safe, but only if Cygwin Setup is not substituted by
something malicious.
See also
<ulink url="https://cygwin.com/faq/faq.html#faq.setup.install-security"/>
for a description of how the
Cygwin project counters man-in-the-middle (MITM) attacks.
</para>
<para>See also <ulink url="https://cygwin.com/faq/faq.html#faq.using.bloda"/>
for a list of applications that have been known, at one time or another, to
interfere with the normal functioning of Cygwin.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.what-packages">
<question><para>What packages should I download? Where are 'make', 'gcc', 'vi', etc? </para></question>
<answer>
<para>When using Cygwin Setup for the first time, the default is to install
a minimal subset of all available packages. If you want anything beyond that,
you will have to select it explicitly. See
<ulink url="https://cygwin.com/packages/"/> for a searchable list of available
packages, or use <literal>cygcheck -p </literal> as described in the Cygwin
User's Guide at
<ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#cygcheck"/>.
</para>
<para>If you want to build programs, of course you'll need <literal>gcc</literal>,
<literal>binutils</literal>, <literal>make</literal> and probably other packages from the
``Devel'' category. Text editors can be found under ``Editors''.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.everything">
<question><para>How do I just get everything?</para></question>
<answer>
<para>Long ago, the default was to install everything, much to the
irritation of most users. Now the default is to install only a basic
core of packages. Cygwin Setup is designed to make it easy to browse
categories and select what you want to install or omit from those
categories. It's also easy to install everything:
</para>
<orderedlist>
<listitem><para>At the ``Select Packages'' screen, in ``Categories'' view, at the line
marked ``All'', click on the word ``default'' so that it changes to
``install''. (Be patient, there is some computing to do at this step.
It may take a second or two to register the change.) This tells Setup
to install <emphasis>everything</emphasis>, not just what it thinks you should have
by default.
</para>
</listitem>
<listitem><para>Now click on the ``View'' button (twice) until you get to the
``Pending'' view. This shows exactly which packages are about to be
downloaded and installed.
</para>
</listitem>
</orderedlist>
<para>This procedure only works for packages that are currently available.
There is no way to tell Cygwin Setup to install all packages by
default from now on. As new packages become available that would not
be installed by default, you have to repeat the above procedure to get
them.
</para>
<para>In general, a better method (in my opinion), is to:
</para>
<orderedlist>
<listitem><para>First download &amp; install all packages that would normally be
installed by default. This includes fundamental packages and any
updates to what you have already installed. Then...
</para>
</listitem>
<listitem><para>Run Cygwin Setup again, and apply the above technique to get all
new packages that would not be installed by default. You can check
the list in the ``Pending'' view before proceeding, in case there's
something you really <emphasis>don't</emphasis> want.
</para>
</listitem>
<listitem><para>In the latest version of Cygwin Setup, if you click the ``View''
button (twice) more, it shows packages not currently installed. You
ought to check whether you <emphasis>really</emphasis> want to install everything!
</para>
</listitem>
</orderedlist>
</answer></qandaentry>
<qandaentry id="faq.setup.disk-space">
<question><para>How much disk space does Cygwin require?</para></question>
<answer>
<para>That depends, obviously, on what you've chosen to download and
install. A full installation today is probably larger than 1 GB
installed, not including the package archives themselves nor the source
code.
</para>
<para>After installation, the package archives remain in your ``Local
Package Directory''. By default the location of
<literal>setup-x86{_64}.exe</literal>. You may conserve disk space by
deleting the subdirectories there. These directories will have very weird
looking names, being encoded with their URLs
(named <literal>ftp%3a%2f...</literal>).
</para>
<para>Of course, you can keep them around in case you want to reinstall a
package. If you want to clean out only the outdated packages, Michael Chase
has written a script called <literal>clean_setup.pl</literal>, available
at <ulink url="ftp://cygwin.com/pub/cygwin/unsupported/clean_setup.pl" />.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.what-upgraded">
<question><para>How do I know which version I upgraded from?</para></question>
<answer>
<para>Detailed logs of the most recent Cygwin Setup session can be found in
<literal>/var/log/setup.log.full</literal> and less verbose information about
prior actions is in <literal>/var/log/setup.log</literal>.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.setup-fails">
<question><para>What if setup fails?</para></question>
<answer>
<para>First, make sure that you are using the latest version of Cygwin Setup.
The latest version is always available from the Cygwin Home Page at
<ulink url="https://cygwin.com/"/>.
</para>
<para>If you are downloading from the Internet, setup will fail if it cannot
download the list of mirrors at <ulink url="https://cygwin.com/mirrors.html"/>.
It could be that the network is too busy. Something similar could be the
cause of a download site not working. Try another mirror, or try again
later.
</para>
<para>If setup refuses to download a package that you know needs to be
upgraded, try deleting that package's entry from /etc/setup. If you are
reacting quickly to an announcement on the mailing list, it could be
that the mirror you are using doesn't have the latest copy yet. Try
another mirror, or try again tomorrow.
</para>
<para>If setup has otherwise behaved strangely, check the files
<literal>setup.log</literal> and <literal>setup.log.full</literal> in
<literal>/var/log</literal> (<literal>C:\cygwin\var\log</literal> by
default). It may provide some clues as to what went wrong and why.
</para>
<para>If you're still baffled, search the Cygwin mailing list for clues.
Others may have the same problem, and a solution may be posted there.
If that search proves fruitless, send a query to the Cygwin mailing
list. You must provide complete details in your query: version of
setup, options you selected, contents of setup.log and setup.log.full,
what happened that wasn't supposed to happen, etc.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.name-with-space">
<question><para>My Windows logon name has a space in it, will this cause problems?</para></question>
<answer>
<para>Most definitely yes! UNIX shells (and thus Cygwin) use the space
character as a word delimiter. Under certain circumstances, it is
possible to get around this with various shell quoting mechanisms, but
you are much better off if you can avoid the problem entirely.
</para>
<para>You have two choices:
</para><orderedlist>
<listitem><para>You can rename the user in the Windows User Manager GUI.
</para>
</listitem>
<listitem><para>If that's not possible, you can create an /etc/passwd file
using the <command>mkpasswd</command> command. Then you can simply edit your
Cygwin user name (first field). It's also a good idea to avoid spaces in the
home directory.
</para>
</listitem>
</orderedlist>
</answer></qandaentry>
<qandaentry id="faq.setup.home">
<question><para>My <literal>HOME</literal> environment variable is not what I want.</para></question>
<answer>
<para>When starting Cygwin from Windows, <literal>HOME</literal> is determined
as follows:
</para>
<orderedlist>
<listitem><para>If <literal>HOME</literal> is set in the Windows environment,
translated to POSIX form.
</para>
</listitem>
<listitem><para>Otherwise, use the pw_home field from the passwd entry as
returned by <command>getent passwd</command>. If you want to learn how this
field is set by Cygwin and how you can change it, this is explained in great
detail in the Cygwin User's Guide at
<ulink url="https://cygwin.com/cygwin-ug-net/ntsec.html"/>.
</para>
</listitem>
</orderedlist>
<para>When using Cygwin from a network login (via ssh for instance),
<literal>HOME</literal> is always taken from the passwd entry.
</para>
<para>If your <literal>HOME</literal> is set to a value such as /cygdrive/c,
it is likely that it was set in Windows. Start a DOS Command Window and type
"set HOME" to verify if this is the case.
</para>
<para>Access to shared drives is often restricted when starting from the
network, thus Domain users may wish to have a different <literal>HOME</literal>
in the Windows environment (on shared drive) than in Cygwin (on local drive).
Note that ssh only considers the account information as retrieved by
getpwnam(3), disregarding <literal>HOME</literal>.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.uninstall-packages">
<question><para>How do I uninstall individual packages?</para></question>
<answer>
<para>Run Cygwin Setup as you would to install packages. In the list of
packages to install, browse the relevant category or click on the
``View'' button to get a full listing. Click on the cycle glyph until
the action reads ``Uninstall''. Proceed by clicking ``Next''.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.uninstall-service">
<question><para>How do I uninstall a Cygwin service?</para></question>
<answer>
<orderedlist>
<listitem><para>List all services you have installed with
<literal>cygrunsrv -L</literal>. If you do not have
<literal>cygrunsrv</literal> installed, skip this FAQ.
</para></listitem>
<listitem><para>Before removing the service, you should stop it with
<literal>cygrunsrv --stop <replaceable>service_name</replaceable></literal>.
If you have <literal>inetd</literal> configured to run as a standalone
service, it will not show up in the list, but
<literal>cygrunsrv --stop inetd</literal> will work to stop it as
well.
</para></listitem>
<listitem><para>Lastly, remove the service with
<literal>cygrunsrv --remove <replaceable>service_name</replaceable></literal>.
</para></listitem>
</orderedlist>
</answer></qandaentry>
<qandaentry id="faq.setup.uninstall-all">
<question><para>How do I uninstall <emphasis role='bold'>all</emphasis> of Cygwin?</para></question>
<answer>
<para>Setup has no automatic uninstall facility. The recommended method to remove all
of Cygwin is as follows:
</para>
<orderedlist>
<listitem><para>If you have any Cygwin services running, remove by repeating
the instructions in <ulink
url="https://cygwin.com/faq/faq.html#faq.setup.uninstall-service"/> for
all services that you installed. Common services that might have been
installed are <literal>sshd</literal>, <literal>cron</literal>,
<literal>cygserver</literal>, <literal>inetd</literal>, <literal>apache</literal>,
<literal>postgresql</literal>, and so on.
</para>
</listitem>
<listitem><para>Stop the X11 server if it is running, and terminate any Cygwin programs
that might be running in the background. Exit the command prompt and ensure
that no Cygwin processes remain. Note: If you want to save your mount points for a later
reinstall, first save the output of <literal>mount -m</literal> as described at
<ulink url="https://cygwin.com/cygwin-ug-net/using-utils.html#mount"/>.
</para>
</listitem>
<listitem><para>If you installed <literal>cyglsa.dll</literal> by running the
shell script <literal>/usr/bin/cyglsa-config</literal> as described in
<ulink url="https://cygwin.com/cygwin-ug-net/ntsec.html"/>, then you need to
configure Windows to stop using the LSA authentication package. You do so by
editing the registry and restoring
<literal>/HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa/Authentication Packages</literal>
back to it's original value of <literal>msv1_0</literal>, and then rebooting.
</para>
</listitem>
<listitem><para>Delete the Cygwin root folder and all subfolders. If you get an error
that an object is in use, then ensure that you've stopped all services and
closed all Cygwin programs. If you get a 'Permission Denied' error then you
will need to modify the permissions and/or ownership of the files or folders
that are causing the error. For example, sometimes files used by system
services end up owned by the SYSTEM account and not writable by regular users.
</para>
<para>The quickest way to delete the entire tree if you run into this problem is to
change the ownership of all files and folders to your account. To do this in
Windows Explorer, right click on the root Cygwin folder, choose Properties, then
the Security tab. If you are using Windows XP Home or Simple File Sharing,
you will need to boot into Safe Mode to access the Security tab. Select
Advanced, then go to the Owner tab and make sure your account is listed as
the owner. Select the 'Replace owner on subcontainers and objects' checkbox
and press Ok. After Explorer applies the changes you should be able to
delete the entire tree in one operation. Note that you can also achieve
this in Cygwin by typing <literal>chown -R user /</literal> or by using other
tools such as <literal>CACLS.EXE</literal>.
</para>
</listitem>
<listitem><para>Delete the Cygwin shortcuts on the Desktop and Start Menu, and
anything left by setup-x86{_64}.exe in the download directory. However, if you
plan to reinstall Cygwin it's a good idea to keep your setup-x86{_64}.exe
download directory since you can reinstall the packages left in its cache
without redownloading them.
</para>
</listitem>
<listitem><para>If you added Cygwin to your system path, you should remove it unless you
plan to reinstall Cygwin to the same location. Similarly, if you set your
CYGWIN environment variable system-wide and don't plan to reinstall, you should
remove it.
</para>
</listitem>
<listitem><para>Finally, if you want to be thorough you can delete the registry tree
<literal>Software\Cygwin</literal> under <literal>HKEY_LOCAL_MACHINE</literal> and/or
<literal>HKEY_CURRENT_USER</literal>. However, if you followed the directions above you
will have already removed everything important. Typically only the installation
directory has been stored in the registry at all.
</para>
</listitem>
</orderedlist>
</answer></qandaentry>
<qandaentry id="faq.setup.snapshots">
<question><para>How do I install snapshots?</para></question>
<answer>
<para>First, are you sure you want to do this? Snapshots are risky. They
have not been tested. Use them <emphasis role='bold'>only</emphasis> if there is a feature or
bugfix that you need to try, and you are willing to deal with any
problems, or at the request of a Cygwin developer.
</para>
<para>You cannot use Cygwin Setup to install a snapshot.
</para>
<para>First, you will need to download the snapshot from the snapshots
page at <ulink url="https://cygwin.com/snapshots/"/>. Note the directory where
you saved the snapshot tarball.
</para>
<para>Before installing a snapshot, you must first Close <emphasis role='bold'>all</emphasis> Cygwin
applications, including shells and services (e.g., <literal>inetd</literal>, <literal>sshd</literal>).
You will not be able to replace <literal>cygwin1.dll</literal> if any Cygwin process is
running. You may have to restart Windows to clear the DLL from memory
(beware of automatic service startup).
</para>
<para>Most of the downloaded snapshot can be installed using <literal>tar</literal>. Cygwin
<literal>tar</literal> won't be able to update <literal>/usr/bin/cygwin1.dll</literal> (because it's
used by <literal>tar</literal> itself), but it should succeed with everything else. If
you are only installing the DLL snapshot, skip the first tar command. Open
a <literal>bash</literal> shell (it should be the only running Cygwin process) and issue
the following commands:
<screen>
/bin/tar -C / -xvf /posix/path/to/cygwin-inst-YYYYMMDD.tar.* --exclude=usr/bin/cygwin1.dll
/bin/tar -C /tmp -xvf /posix/path/to/cygwin-inst-YYYYMMDD.tar.* usr/bin/cygwin1.dll
</screen>
</para>
<para>Exit the bash shell, and use Explorer or the Windows command shell to
first rename <literal>C:\cygwin\bin\cygwin1.dll</literal> to
<literal>C:\cygwin\bin\cygwin1-prev.dll</literal> and then move
<literal>C:\cygwin\tmp\usr\bin\cygwin1.dll</literal>
to <literal>C:\cygwin\bin\cygwin1.dll</literal> (assuming you installed Cygwin in
<literal>C:\cygwin</literal>).
</para>
<para>The operative word in trying the snapshots is "<emphasis>trying</emphasis>". If you
notice a problem with the snapshot that was not present in the release
DLL (what we call a "regression"), please report it to the Cygwin
mailing list (see <ulink url="https://cygwin.com/problems.html"/> for problem
reporting guidelines). If you wish to go back to the older version of the
DLL, again, close all Cygwin processes, delete
<literal>C:\cygwin\bin\cygwin1.dll</literal>, and
rename <literal>C:\cygwin\bin\cygwin1-prev.dll</literal> back to
<literal>C:\cygwin\bin\cygwin1.dll</literal> (again assuming that your "<literal>/</literal>" is
<literal>C:\cygwin</literal>). To restore the rest of the snapshot
files, reinstall the "<literal>cygwin</literal>" package using Setup.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.mirror">
<question><para>Can Cygwin Setup maintain a ``mirror''?</para></question>
<answer>
<para>NO. Cygwin Setup cannot do this for you. Use a tool designed for
this purpose. See <ulink url="http://rsync.samba.org/"/>,
<ulink url="http://www.gnu.org/software/wget/"/> for utilities that can do this for you.
For more information on setting up a custom Cygwin package server, see
the Cygwin Setup homepage at
<ulink url="https://sourceware.org/cygwin-apps/setup.html"/>.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.cd">
<question><para>How can I make my own portable Cygwin on CD?</para></question>
<answer>
<para>While some users have successfully done this, for example Indiana
University's XLiveCD <ulink url="http://xlivecd.indiana.edu/"/>, there is no
easy way to do it. Full instructions for constructing a portable Cygwin
on CD by hand can be found on the mailing list at
<ulink url="https://www.cygwin.com/ml/cygwin/2003-07/msg01117.html"/>
(Thanks to fergus at bonhard dot uklinux dot net for these instructions.)
Please note that these instructions are rather old and are referring to the
somewhat different setup of a Cygwin 1.5.x release. As soon as somebody set
this up for Cygwin 1.7, we might add this information here.
</para>
</answer></qandaentry>
<qandaentry id="faq.setup.registry">
<question><para>How do I save, restore, delete, or modify the Cygwin information stored in the registry?</para></question>
<answer>
<para>Since Cygwin 1.7, there's nothing important in the registry anymore,
except for the installation directory information stored there for the sake
of setup-x86{_64}.exe. There's nothing left to manipulate anymore.
</para></answer></qandaentry>
</qandadiv>