[feat] windows templates

17 files changed, 362 insertions, 37 deletions

diff --git a/.gitignore b/.gitignore
index 4c21651..acc2769 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
+__pycache__
+build
+dist
 /bitmask-vpn
 cmd/bitmask-vpn/bitmask-vpn
 /bitmask-helper
diff --git a/Makefile b/Makefile
index 6f54daf..8f4d836 100644
--- a/Makefile
+++ b/Makefile
@@ -5,6 +5,7 @@ TAGS ?= gtk_3_18
 PROVIDER ?= $(shell grep ^'provider =' branding/config/vendor.conf | cut -d '=' -f 2 | tr -d "[:space:]")
 PROVIDER_CONFIG ?= branding/config/vendor.conf
 DEFAULT_PROVIDER = branding/assets/default/
+VERSION ?= $(shell git describe)
 
 all: icon locales get build
 
@@ -22,13 +23,35 @@ endif
 	cd branding/assets && ln -s ${PROVIDER} default
 
 prepare: generate relink_default
+	mkdir -p build/${PROVIDER}/bin/
 	branding/scripts/check-ca-crt.py ${PROVIDER} ${PROVIDER_CONFIG}
 
+prepare_win:
+	mkdir -p build/${PROVIDER}/windows/
+	cp -r branding/templates/windows build/${PROVIDER}
+	VERSION=${VERSION} PROVIDER_CONFIG=${PROVIDER_CONFIG} branding/scripts/generate-win.py build/${PROVIDER}/windows/data.json
+	cd build/${PROVIDER}/windows && python3 generate.py
+	# TODO create build/PROVIDER/assets/
+	# TODO create build/PROVIDER/staging/
+
+prepare_osx:
+	echo "osx..."
+
+prepare_snap:
+	echo "snap..."
+
+prepare_debian:
+	echo "debian..."
+
+prepare_all: prepare prepare_win prepare_osx prepare_snap
+
 build: $(foreach path,$(wildcard cmd/*),build_$(patsubst cmd/%,%,$(path)))
 
 build_%:
 	go build -tags $(TAGS) -ldflags "-X main.version=`git describe --tags`" -o $* ./cmd/$*
 	strip $*
+	mkdir -p build/bin
+	mv $* build/bin/
 
 test:
 	go test -tags "integration $(TAGS)" ./...
@@ -41,7 +64,7 @@ build_win:
 
 clean:
 	make -C icon clean
-	rm bitmask-vpn
+	rm build/bitmask-vpn
 
 icon:
 	make -C icon
diff --git a/branding/config/vendor.conf b/branding/config/vendor.conf
index 12fca4e..f0f42c1 100644
--- a/branding/config/vendor.conf
+++ b/branding/config/vendor.conf
@@ -13,6 +13,7 @@ providerURL         = riseup.net
 apiURL              = https://api.black.riseup.net/
 caURL               = https://black.riseup.net/ca.crt
 
+infoURL             = https://riseup.net/vpn
 tosURL              = https://riseup.net/tos
 helpURL             = https://riseup.net/support
 
@@ -27,11 +28,15 @@ donateURL           = https://riseup.net/donate
 name                = Calyx
 applicationName     = CalyxVPN
 binaryName          = calyx-vpn
+
 providerURL         = https://calyx.net
-tosURL              = https://calyx.net/tos
-helpURL             = https://calyx.net/support
 apiURL              = https://api.calyx.net:4430/
 caURL               = https://calyx.net/ca.crt
+
+infoURL             = https://calyx.net/
+tosURL              = https://calyx.net/tos
+helpURL             = https://calyx.net/support
+
 geolocationAPI      = https://api.black.riseup.net:9001/json
 
 askForDonations     = true
diff --git a/branding/scripts/TODO b/branding/scripts/TODO
new file mode 100644
index 0000000..95ca345
--- /dev/null
+++ b/branding/scripts/TODO
@@ -0,0 +1,2 @@
+-[ ] sanity check scrit
+-[ ] assets convertion script
diff --git a/branding/scripts/__init__.py b/branding/scripts/__init__.py
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/branding/scripts/__init__.py
diff --git a/branding/scripts/generate-win.py b/branding/scripts/generate-win.py
new file mode 100755
index 0000000..fb15f22
--- /dev/null
+++ b/branding/scripts/generate-win.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python3
+
+import json
+import os
+import sys
+
+import configparser
+
+from provider import getDefaultProvider
+from provider import getProviderData
+
+
+VERSION = os.environ.get('VERSION', 'unknown')
+
+
+def writeOutput(data, outfile):
+
+    with open(outfile, 'w') as outf:
+        outf.write(json.dumps(data))
+
+
+if __name__ == "__main__":
+    env_provider_conf = os.environ.get('PROVIDER_CONFIG')
+    if env_provider_conf:
+        if os.path.isfile(env_provider_conf):
+            print("[+] Overriding provider config per "
+                  "PROVIDER_CONFIG variable")
+            configfile = env_provider_conf
+
+    config = configparser.ConfigParser()
+    config.read(configfile)
+    provider = getDefaultProvider(config)
+    data = getProviderData(provider, config)
+
+    if len(sys.argv) != 2:
+        print('Usage: generate-win.py <output_file>')
+        sys.exit(1)
+
+    outputf = sys.argv[1]
+
+    data['applicationNameLower'] = data.get('applicationName').lower()
+    data['URL'] = data.get('infoURL')
+    data['version'] = VERSION
+    writeOutput(data, outputf)
diff --git a/branding/scripts/provider.py b/branding/scripts/provider.py
new file mode 100644
index 0000000..867007e
--- /dev/null
+++ b/branding/scripts/provider.py
@@ -0,0 +1,32 @@
+import datetime
+import os
+
+
+def getDefaultProvider(config):
+    provider = os.environ.get('PROVIDER')
+    if provider:
+        print('[+] Got provider {} from environemnt'.format(provider))
+    else:
+        print('[+] Using default provider from config file')
+        provider = config['default']['provider']
+    return provider
+
+
+def getProviderData(provider, config):
+    print("[+] Configured provider:", provider)
+
+    c = config[provider]
+    d = dict()
+
+    keys = ('name', 'applicationName', 'binaryName',
+            'providerURL', 'tosURL', 'helpURL',
+            'donateURL', 'apiURL', 'geolocationAPI', 'caCertString')
+
+    for value in keys:
+        d[value] = c.get(value)
+
+    d['timeStamp'] = '{:%Y-%m-%d %H:%M:%S}'.format(
+        datetime.datetime.now())
+
+    return d
+
diff --git a/branding/scripts/vendorize.py b/branding/scripts/vendorize.py
index dc19952..59edae0 100755
--- a/branding/scripts/vendorize.py
+++ b/branding/scripts/vendorize.py
@@ -1,47 +1,20 @@
 #!/usr/bin/env python3
 
-import datetime
 import os
 import sys
 
 from string import Template
 import configparser
 
+from provider import getDefaultProvider
+from provider import getProviderData
+
 OUTFILE = 'config.go'
-INFILE = 'config.go.tmpl'
-CONFIGFILE = 'config/vendor.conf'
+INFILE = '../templates/golang/config.go'
+CONFIGFILE = '../config/vendor.conf'
 SCRIPT_NAME = 'vendorize'
 
 
-def getDefaultProvider(config):
-    provider = os.environ.get('PROVIDER')
-    if provider:
-        print('[+] Got provider {} from environemnt'.format(provider))
-    else:
-        print('[+] Using default provider from config file')
-        provider = config['default']['provider']
-    return provider
-
-
-def getProviderData(provider, config):
-    print("[+] Configured provider:", provider)
-
-    c = config[provider]
-    d = dict()
-
-    keys = ('name', 'applicationName', 'binaryName',
-            'providerURL', 'tosURL', 'helpURL',
-            'donateURL', 'apiURL', 'geolocationAPI', 'caCertString')
-
-    for value in keys:
-        d[value] = c.get(value)
-
-    d['timeStamp'] = '{:%Y-%m-%d %H:%M:%S}'.format(
-        datetime.datetime.now())
-
-    return d
-
-
 def addCaData(data, configfile):
     provider = data.get('name').lower()
     folder, f = os.path.split(configfile)
@@ -91,7 +64,8 @@ if __name__ == "__main__":
     env_provider_conf = os.environ.get('PROVIDER_CONFIG')
     if env_provider_conf:
         if os.path.isfile(env_provider_conf):
-            print("[+] Overriding provider config per PROVIDER_CONFIG variable")
+            print("[+] Overriding provider config per "
+                  "PROVIDER_CONFIG variable")
             configfile = env_provider_conf
 
     if not os.path.isfile(infile):
diff --git a/branding/templates/windows/generate.py b/branding/templates/windows/generate.py
new file mode 100755
index 0000000..427b7a8
--- /dev/null
+++ b/branding/templates/windows/generate.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3

+"""

+generate.py

+

+Generate a NSI installer for a given provider.

+"""

+

+import json

+import os

+from string import Template

+

+

+TEMPLATE = 'template.nsi'

+

+

+def get_files(which):

+    files = "\n"

+    if which == 'install':

+        action = "File "

+    elif which == 'uninstall':

+        action = "Delete $INSTDIR\\"

+    else:

+        action = ""

+

+    # TODO get relative path

+    for item in open('payload/' + which).readlines():

+        files += "  {action}{item}".format(

+            action=action, item=item)

+    return files

+

+

+here = os.path.split(os.path.realpath(__file__))[0]

+data = json.load(open(os.path.join(here, 'data.json')))

+data['extra_install_files'] = get_files('install')

+data['extra_uninstall_files'] = get_files('uninstall')

+

+import pprint

+pprint.pprint(data)

+

+INSTALLER = data['applicationName'] + '-installer.nsi'

+

+

+template = Template(open(TEMPLATE).read())

+with open(INSTALLER, 'w') as output:

+    output.write(template.safe_substitute(data))

+

+print("[+] NSIS installer script written to {path}".format(path=INSTALLER))

diff --git a/branding/templates/windows/payload/install b/branding/templates/windows/payload/install
new file mode 100755
index 0000000..da9a195
--- /dev/null
+++ b/branding/templates/windows/payload/install
@@ -0,0 +1,9 @@
+..\staging\bitmask_helper.exe

+..\staging\bitmask-vpn.exe

+..\staging\libcrypto-1_1-x64.dll
+..\staging\liblzo2-2.dll

+..\staging\libpkcs11-helper-1.dll

+..\staging\libssl-1_1-x64.dll
+..\staging\padlock.dll
+..\staging\openvpn\openvpn.exe
+..\staging\openvpn\tap-windows.exe
diff --git a/branding/templates/windows/payload/uninstall b/branding/templates/windows/payload/uninstall
new file mode 100755
index 0000000..7c7df24
--- /dev/null
+++ b/branding/templates/windows/payload/uninstall
@@ -0,0 +1,13 @@
+icon.ico
+openssl.exe

+openvpn.exe

+ssleay32.dll

+libeay32.dll

+liblzo2-2.dll

+libpkcs11-helper-1.dll

+libcrypto-1_1-x64.dll
+libssl-1_1-x64.dll
+padlock.dll
+bitmask_helper.exe
+bitmask-vpn.exe
+tap-windows.exe
diff --git a/branding/templates/windows/sign.py b/branding/templates/windows/sign.py
new file mode 100644
index 0000000..5b6b2c6
--- /dev/null
+++ b/branding/templates/windows/sign.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+"""
+This script is expected to be called from the main makefile, that should pass
+the content of the WIN_CERT_PASS variable as the second argument.
+
+Just make sure that $GOPATH is properly configured.
+"""
+import subprocess
+import os
+import sys
+
+WIN_CERT_PATH = sys.argv[1]
+WIN_CERT_PASS = sys.argv[2]
+SIGNTOOL = "signtool"
+
+GOPATH = os.environ.get('GOPATH')
+VERSION = subprocess.run(
+    'git -C ' + GOPATH +
+    '\\src\\0xacab.org\\leap\\bitmask-vpn describe --tags',
+    stdout=subprocess.PIPE).stdout.strip()
+
+installer = "RiseupVPN-" + str(VERSION, 'utf-8') + '.exe'
+target = str(os.path.join(os.path.abspath('.'), 'dist', installer))
+cmd = [SIGNTOOL, "sign", "/f", WIN_CERT_PATH, "/p", WIN_CERT_PASS, target]
+subprocess.run(cmd)
diff --git a/branding/templates/windows/template.nsi b/branding/templates/windows/template.nsi
new file mode 100755
index 0000000..f644b89
--- /dev/null
+++ b/branding/templates/windows/template.nsi
@@ -0,0 +1,130 @@
+SetCompressor /SOLID lzma
+
+!define PRODUCT_PUBLISHER "LEAP Encryption Access Project"
+!include "MUI2.nsh"
+
+Name "$applicationName"
+Outfile "..\bin\$applicationName-$version.exe"
+;TODO make the installdir configurable - and set it in the registry.
+InstallDir "C:\Program Files\$applicationName\"
+RequestExecutionLevel admin
+
+!include FileFunc.nsh
+!insertmacro GetParameters
+!insertmacro GetOptions
+
+;Macros
+
+!macro SelectByParameter SECT PARAMETER DEFAULT
+	${GetOptions} $R0 "/${PARAMETER}=" $0
+	${If} ${DEFAULT} == 0
+		${If} $0 == 1
+			!insertmacro SelectSection ${SECT}
+		${EndIf}
+	${Else}
+		${If} $0 != 0
+			!insertmacro SelectSection ${SECT}
+		${EndIf}
+	${EndIf}
+!macroend
+
+
+
+!define BITMAP_FILE riseupvpn.bmp
+
+!define MUI_ICON "..\assets\$applicationNameLower.ico"
+!define MUI_UNICON "..\assets\$applicationNameLower.ico"
+
+!define MUI_WELCOMEPAGE_TITLE "$applicationName"
+!define MUI_WELCOMEPAGE_TEXT "This will install $applicationName in your computer. $applicationName is a simple, fast and secure VPN Client, powered by Bitmask. \n This VPN service is run by donations from people like you."
+#!define MUI_WELCOMEFINISHPAGE_BITMAP "riseup.png"
+
+!insertmacro MUI_PAGE_WELCOME
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_PAGE_FINISH
+ 
+ 
+
+Section "InstallFiles"
+  ; first we try to delete the systray, locked by the app.
+  ClearErrors
+  Delete 'C:\Program Files\$applicationName\bitmask-vpn.exe'
+  IfErrors 0 noError
+
+  ; Error handling
+  MessageBox MB_OK|MB_ICONEXCLAMATION "$applicationName is Running. Please close it, and then run this installer again."
+  Abort
+
+  noError:
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'stop $applicationNameLower-helper'
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'remove $applicationNameLower-helper confirm'
+
+  SetOutPath $INSTDIR 
+  WriteUninstaller $INSTDIR\uninstall.exe
+
+  ; Add ourselves to Add/remove programs
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayName" "$applicationName"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "UninstallString" '"$INSTDIR\uninstall.exe"'
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "InstallLocation" "$INSTDIR"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayIcon" "$INSTDIR\icon.ico"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "Readme" "$INSTDIR\readme.txt"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayVersion" "$version"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "Publisher" "LEAP Encryption Access Project"
+  WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "NoModify" 1
+  WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "NoRepair" 1
+
+  ;Start Menu
+  createDirectory "$SMPROGRAMS\$applicationName\"
+  createShortCut "$SMPROGRAMS\$applicationName\$applicationName.lnk" "$INSTDIR\bitmask-vpn.exe" "" "$INSTDIR\icon.ico"
+
+  File "readme.txt"
+  File "..\staging\nssm.exe"
+  File "/oname=icon.ico" "..\assets\$applicationNameLower.ico"
+
+  $extra_install_files
+
+SectionEnd
+
+Section "InstallService"
+  ; Easy service management thanks to nssm
+  ExecWait '"$INSTDIR\nssm.exe" install $applicationNameLower-helper "$INSTDIR\bitmask_helper.exe"'
+  ExecWait '"$INSTDIR\nssm.exe" set $applicationNameLower-helper AppDirectory "$INSTDIR"'
+  ExecWait '"$INSTDIR\nssm.exe" start $applicationNameLower-helper'
+SectionEnd
+
+Section /o "TAP Virtual Ethernet Adapter" SecTAP
+	; Adapted from the windows nsis installer from OpenVPN (openvpn-build repo).
+	DetailPrint "Installing TAP (may need confirmation)..."
+	; The /S flag make it "silent", remove it if you want it explicit
+  	ExecWait '"$INSTDIR\tap-windows.exe" /S /SELECT_UTILITIES=1'
+	Pop $R0 # return value/error/timeout
+	WriteRegStr HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$applicationName" "tap" "installed"
+	DetailPrint "TAP installed!"
+SectionEnd
+
+Section "Uninstall"
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'stop $applicationNameLower-helper'
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'remove $applicationNameLower-helper confirm'
+
+  Delete $INSTDIR\readme.txt
+  Delete $INSTDIR\nssm.exe
+  Delete $INSTDIR\helper.log
+  Delete "$SMPROGRAMS\$applicationName\$applicationName.lnk"
+  RMDir "$SMPROGRAMS\$applicationName\"
+
+  $extra_uninstall_files
+
+  DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower"
+  ; uninstaller must be always the last thing to remove
+  Delete $INSTDIR\uninstall.exe
+  RMDir $INSTDIR
+SectionEnd
+
+Function .onInit
+	!insertmacro SelectByParameter ${SecTAP} SELECT_TAP 1
+FunctionEnd
+
+;----------------------------------------
+;Languages
+ 
+!insertmacro MUI_LANGUAGE "English"
diff --git a/branding/templates/windows/tools/README-cert.txt b/branding/templates/windows/tools/README-cert.txt
new file mode 100644
index 0000000..e532997
--- /dev/null
+++ b/branding/templates/windows/tools/README-cert.txt
@@ -0,0 +1 @@
+openssl pkcs12 -inkey privatekey.pem -in signing_cert.pem -export -out LEAP.pfx
diff --git a/branding/templates/windows/tools/README-signtool.txt b/branding/templates/windows/tools/README-signtool.txt
new file mode 100644
index 0000000..51ebbf5
--- /dev/null
+++ b/branding/templates/windows/tools/README-signtool.txt
@@ -0,0 +1,17 @@
+Source: https://stackoverflow.com/questions/31869552/how-to-install-signtool-exe-for-windows-10
+-----------------------------------------------------------------------------------------------
+
+If you only want SignTool and really want to minimize the install, here is a way that I just reverse-engineered my way to:
+
+Download the .iso file from https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk (current download link is http://go.microsoft.com/fwlink/p/?LinkID=2022797) The .exe download will not work, since it's an online installer that pulls down its dependencies at runtime.
+Unpack the .iso with a tool such as 7-zip.
+Install the Installers/Windows SDK Signing Tools-x86_en-us.msi file - it's only 388 KiB large. For reference, it pulls in its files from the following .cab files, so these are also needed for a standalone install:
+4c3ef4b2b1dc72149f979f4243d2accf.cab (339 KiB)
+    685f3d4691f444bc382762d603a99afc.cab (1002 KiB)
+    e5c4b31ff9997ac5603f4f28cd7df602.cab (389 KiB)
+    e98fa5eb5fee6ce17a7a69d585870b7c.cab (1.2 MiB)
+    There we go - you will now have the signtool.exe file and companions in C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64 (replace x64 with x86, arm or arm64 if you need it for another CPU architecture.)
+
+It is also possible to commit  signtool.exe and the other files from this folder into your version control repository if want to use it in e.g. CI scenarios. I have tried and it seems to work fine.
+
+(All files are probably not necessary since there are also some other .exe tools in this folder that might be responsible for these dependencies, but I am not sure which ones could be removed to make the set of files even smaller. Someone else is free to investigate further in this area. :) I tried to just copy signtool.* and that didn't work, so at least some of the other files are needed.)
diff --git a/branding/templates/windows/tools/windows10-signing.zip b/branding/templates/windows/tools/windows10-signing.zip
new file mode 100644
index 0000000..2d1858d
--- /dev/null
+++ b/branding/templates/windows/tools/windows10-signing.zip
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 682ce9c..18f6667 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -1,6 +1,6 @@
 // Code generated by go generate; DO NOT EDIT.
 // This file was generated by vendorize.py
-// At 2019-07-09 18:27:17
+// At 2019-07-09 18:54:26
 
 package config