[feat] windows templates

8 files changed, 242 insertions, 0 deletions

diff --git a/branding/templates/windows/generate.py b/branding/templates/windows/generate.py
new file mode 100755
index 0000000..427b7a8
--- /dev/null
+++ b/branding/templates/windows/generate.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3

+"""

+generate.py

+

+Generate a NSI installer for a given provider.

+"""

+

+import json

+import os

+from string import Template

+

+

+TEMPLATE = 'template.nsi'

+

+

+def get_files(which):

+    files = "\n"

+    if which == 'install':

+        action = "File "

+    elif which == 'uninstall':

+        action = "Delete $INSTDIR\\"

+    else:

+        action = ""

+

+    # TODO get relative path

+    for item in open('payload/' + which).readlines():

+        files += "  {action}{item}".format(

+            action=action, item=item)

+    return files

+

+

+here = os.path.split(os.path.realpath(__file__))[0]

+data = json.load(open(os.path.join(here, 'data.json')))

+data['extra_install_files'] = get_files('install')

+data['extra_uninstall_files'] = get_files('uninstall')

+

+import pprint

+pprint.pprint(data)

+

+INSTALLER = data['applicationName'] + '-installer.nsi'

+

+

+template = Template(open(TEMPLATE).read())

+with open(INSTALLER, 'w') as output:

+    output.write(template.safe_substitute(data))

+

+print("[+] NSIS installer script written to {path}".format(path=INSTALLER))

diff --git a/branding/templates/windows/payload/install b/branding/templates/windows/payload/install
new file mode 100755
index 0000000..da9a195
--- /dev/null
+++ b/branding/templates/windows/payload/install
@@ -0,0 +1,9 @@
+..\staging\bitmask_helper.exe

+..\staging\bitmask-vpn.exe

+..\staging\libcrypto-1_1-x64.dll
+..\staging\liblzo2-2.dll

+..\staging\libpkcs11-helper-1.dll

+..\staging\libssl-1_1-x64.dll
+..\staging\padlock.dll
+..\staging\openvpn\openvpn.exe
+..\staging\openvpn\tap-windows.exe
diff --git a/branding/templates/windows/payload/uninstall b/branding/templates/windows/payload/uninstall
new file mode 100755
index 0000000..7c7df24
--- /dev/null
+++ b/branding/templates/windows/payload/uninstall
@@ -0,0 +1,13 @@
+icon.ico
+openssl.exe

+openvpn.exe

+ssleay32.dll

+libeay32.dll

+liblzo2-2.dll

+libpkcs11-helper-1.dll

+libcrypto-1_1-x64.dll
+libssl-1_1-x64.dll
+padlock.dll
+bitmask_helper.exe
+bitmask-vpn.exe
+tap-windows.exe
diff --git a/branding/templates/windows/sign.py b/branding/templates/windows/sign.py
new file mode 100644
index 0000000..5b6b2c6
--- /dev/null
+++ b/branding/templates/windows/sign.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+"""
+This script is expected to be called from the main makefile, that should pass
+the content of the WIN_CERT_PASS variable as the second argument.
+
+Just make sure that $GOPATH is properly configured.
+"""
+import subprocess
+import os
+import sys
+
+WIN_CERT_PATH = sys.argv[1]
+WIN_CERT_PASS = sys.argv[2]
+SIGNTOOL = "signtool"
+
+GOPATH = os.environ.get('GOPATH')
+VERSION = subprocess.run(
+    'git -C ' + GOPATH +
+    '\\src\\0xacab.org\\leap\\bitmask-vpn describe --tags',
+    stdout=subprocess.PIPE).stdout.strip()
+
+installer = "RiseupVPN-" + str(VERSION, 'utf-8') + '.exe'
+target = str(os.path.join(os.path.abspath('.'), 'dist', installer))
+cmd = [SIGNTOOL, "sign", "/f", WIN_CERT_PATH, "/p", WIN_CERT_PASS, target]
+subprocess.run(cmd)
diff --git a/branding/templates/windows/template.nsi b/branding/templates/windows/template.nsi
new file mode 100755
index 0000000..f644b89
--- /dev/null
+++ b/branding/templates/windows/template.nsi
@@ -0,0 +1,130 @@
+SetCompressor /SOLID lzma
+
+!define PRODUCT_PUBLISHER "LEAP Encryption Access Project"
+!include "MUI2.nsh"
+
+Name "$applicationName"
+Outfile "..\bin\$applicationName-$version.exe"
+;TODO make the installdir configurable - and set it in the registry.
+InstallDir "C:\Program Files\$applicationName\"
+RequestExecutionLevel admin
+
+!include FileFunc.nsh
+!insertmacro GetParameters
+!insertmacro GetOptions
+
+;Macros
+
+!macro SelectByParameter SECT PARAMETER DEFAULT
+	${GetOptions} $R0 "/${PARAMETER}=" $0
+	${If} ${DEFAULT} == 0
+		${If} $0 == 1
+			!insertmacro SelectSection ${SECT}
+		${EndIf}
+	${Else}
+		${If} $0 != 0
+			!insertmacro SelectSection ${SECT}
+		${EndIf}
+	${EndIf}
+!macroend
+
+
+
+!define BITMAP_FILE riseupvpn.bmp
+
+!define MUI_ICON "..\assets\$applicationNameLower.ico"
+!define MUI_UNICON "..\assets\$applicationNameLower.ico"
+
+!define MUI_WELCOMEPAGE_TITLE "$applicationName"
+!define MUI_WELCOMEPAGE_TEXT "This will install $applicationName in your computer. $applicationName is a simple, fast and secure VPN Client, powered by Bitmask. \n This VPN service is run by donations from people like you."
+#!define MUI_WELCOMEFINISHPAGE_BITMAP "riseup.png"
+
+!insertmacro MUI_PAGE_WELCOME
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_PAGE_FINISH
+ 
+ 
+
+Section "InstallFiles"
+  ; first we try to delete the systray, locked by the app.
+  ClearErrors
+  Delete 'C:\Program Files\$applicationName\bitmask-vpn.exe'
+  IfErrors 0 noError
+
+  ; Error handling
+  MessageBox MB_OK|MB_ICONEXCLAMATION "$applicationName is Running. Please close it, and then run this installer again."
+  Abort
+
+  noError:
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'stop $applicationNameLower-helper'
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'remove $applicationNameLower-helper confirm'
+
+  SetOutPath $INSTDIR 
+  WriteUninstaller $INSTDIR\uninstall.exe
+
+  ; Add ourselves to Add/remove programs
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayName" "$applicationName"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "UninstallString" '"$INSTDIR\uninstall.exe"'
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "InstallLocation" "$INSTDIR"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayIcon" "$INSTDIR\icon.ico"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "Readme" "$INSTDIR\readme.txt"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayVersion" "$version"
+  WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "Publisher" "LEAP Encryption Access Project"
+  WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "NoModify" 1
+  WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "NoRepair" 1
+
+  ;Start Menu
+  createDirectory "$SMPROGRAMS\$applicationName\"
+  createShortCut "$SMPROGRAMS\$applicationName\$applicationName.lnk" "$INSTDIR\bitmask-vpn.exe" "" "$INSTDIR\icon.ico"
+
+  File "readme.txt"
+  File "..\staging\nssm.exe"
+  File "/oname=icon.ico" "..\assets\$applicationNameLower.ico"
+
+  $extra_install_files
+
+SectionEnd
+
+Section "InstallService"
+  ; Easy service management thanks to nssm
+  ExecWait '"$INSTDIR\nssm.exe" install $applicationNameLower-helper "$INSTDIR\bitmask_helper.exe"'
+  ExecWait '"$INSTDIR\nssm.exe" set $applicationNameLower-helper AppDirectory "$INSTDIR"'
+  ExecWait '"$INSTDIR\nssm.exe" start $applicationNameLower-helper'
+SectionEnd
+
+Section /o "TAP Virtual Ethernet Adapter" SecTAP
+	; Adapted from the windows nsis installer from OpenVPN (openvpn-build repo).
+	DetailPrint "Installing TAP (may need confirmation)..."
+	; The /S flag make it "silent", remove it if you want it explicit
+  	ExecWait '"$INSTDIR\tap-windows.exe" /S /SELECT_UTILITIES=1'
+	Pop $R0 # return value/error/timeout
+	WriteRegStr HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$applicationName" "tap" "installed"
+	DetailPrint "TAP installed!"
+SectionEnd
+
+Section "Uninstall"
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'stop $applicationNameLower-helper'
+  ExecShellWait "runas" "$INSTDIR\nssm.exe" 'remove $applicationNameLower-helper confirm'
+
+  Delete $INSTDIR\readme.txt
+  Delete $INSTDIR\nssm.exe
+  Delete $INSTDIR\helper.log
+  Delete "$SMPROGRAMS\$applicationName\$applicationName.lnk"
+  RMDir "$SMPROGRAMS\$applicationName\"
+
+  $extra_uninstall_files
+
+  DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower"
+  ; uninstaller must be always the last thing to remove
+  Delete $INSTDIR\uninstall.exe
+  RMDir $INSTDIR
+SectionEnd
+
+Function .onInit
+	!insertmacro SelectByParameter ${SecTAP} SELECT_TAP 1
+FunctionEnd
+
+;----------------------------------------
+;Languages
+ 
+!insertmacro MUI_LANGUAGE "English"
diff --git a/branding/templates/windows/tools/README-cert.txt b/branding/templates/windows/tools/README-cert.txt
new file mode 100644
index 0000000..e532997
--- /dev/null
+++ b/branding/templates/windows/tools/README-cert.txt
@@ -0,0 +1 @@
+openssl pkcs12 -inkey privatekey.pem -in signing_cert.pem -export -out LEAP.pfx
diff --git a/branding/templates/windows/tools/README-signtool.txt b/branding/templates/windows/tools/README-signtool.txt
new file mode 100644
index 0000000..51ebbf5
--- /dev/null
+++ b/branding/templates/windows/tools/README-signtool.txt
@@ -0,0 +1,17 @@
+Source: https://stackoverflow.com/questions/31869552/how-to-install-signtool-exe-for-windows-10
+-----------------------------------------------------------------------------------------------
+
+If you only want SignTool and really want to minimize the install, here is a way that I just reverse-engineered my way to:
+
+Download the .iso file from https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk (current download link is http://go.microsoft.com/fwlink/p/?LinkID=2022797) The .exe download will not work, since it's an online installer that pulls down its dependencies at runtime.
+Unpack the .iso with a tool such as 7-zip.
+Install the Installers/Windows SDK Signing Tools-x86_en-us.msi file - it's only 388 KiB large. For reference, it pulls in its files from the following .cab files, so these are also needed for a standalone install:
+4c3ef4b2b1dc72149f979f4243d2accf.cab (339 KiB)
+    685f3d4691f444bc382762d603a99afc.cab (1002 KiB)
+    e5c4b31ff9997ac5603f4f28cd7df602.cab (389 KiB)
+    e98fa5eb5fee6ce17a7a69d585870b7c.cab (1.2 MiB)
+    There we go - you will now have the signtool.exe file and companions in C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64 (replace x64 with x86, arm or arm64 if you need it for another CPU architecture.)
+
+It is also possible to commit  signtool.exe and the other files from this folder into your version control repository if want to use it in e.g. CI scenarios. I have tried and it seems to work fine.
+
+(All files are probably not necessary since there are also some other .exe tools in this folder that might be responsible for these dependencies, but I am not sure which ones could be removed to make the set of files even smaller. Someone else is free to investigate further in this area. :) I tried to just copy signtool.* and that didn't work, so at least some of the other files are needed.)
diff --git a/branding/templates/windows/tools/windows10-signing.zip b/branding/templates/windows/tools/windows10-signing.zip
new file mode 100644
index 0000000..2d1858d
--- /dev/null
+++ b/branding/templates/windows/tools/windows10-signing.zip