summaryrefslogtreecommitdiff
path: root/branding/templates
diff options
context:
space:
mode:
authorKali Kaneko (leap communications) <kali@leap.se>2019-07-10 17:12:00 +0200
committerRuben Pollan <meskio@sindominio.net>2019-08-05 11:46:12 -0400
commite635c5b43df0ed6f28c05429dae126d645ac8717 (patch)
tree5879cb4d24a00a357264196bcb5bf48bd3500bc7 /branding/templates
parent92ea8778813ddffe6187e0ce300638fdefe1bf5e (diff)
[feat] windows templates
Diffstat (limited to 'branding/templates')
-rwxr-xr-xbranding/templates/windows/generate.py47
-rwxr-xr-xbranding/templates/windows/payload/install9
-rwxr-xr-xbranding/templates/windows/payload/uninstall13
-rw-r--r--branding/templates/windows/sign.py25
-rwxr-xr-xbranding/templates/windows/template.nsi130
-rw-r--r--branding/templates/windows/tools/README-cert.txt1
-rw-r--r--branding/templates/windows/tools/README-signtool.txt17
-rw-r--r--branding/templates/windows/tools/windows10-signing.zipbin0 -> 1186278 bytes
8 files changed, 242 insertions, 0 deletions
diff --git a/branding/templates/windows/generate.py b/branding/templates/windows/generate.py
new file mode 100755
index 0000000..427b7a8
--- /dev/null
+++ b/branding/templates/windows/generate.py
@@ -0,0 +1,47 @@
+#!/usr/bin/env python3
+"""
+generate.py
+
+Generate a NSI installer for a given provider.
+"""
+
+import json
+import os
+from string import Template
+
+
+TEMPLATE = 'template.nsi'
+
+
+def get_files(which):
+ files = "\n"
+ if which == 'install':
+ action = "File "
+ elif which == 'uninstall':
+ action = "Delete $INSTDIR\\"
+ else:
+ action = ""
+
+ # TODO get relative path
+ for item in open('payload/' + which).readlines():
+ files += " {action}{item}".format(
+ action=action, item=item)
+ return files
+
+
+here = os.path.split(os.path.realpath(__file__))[0]
+data = json.load(open(os.path.join(here, 'data.json')))
+data['extra_install_files'] = get_files('install')
+data['extra_uninstall_files'] = get_files('uninstall')
+
+import pprint
+pprint.pprint(data)
+
+INSTALLER = data['applicationName'] + '-installer.nsi'
+
+
+template = Template(open(TEMPLATE).read())
+with open(INSTALLER, 'w') as output:
+ output.write(template.safe_substitute(data))
+
+print("[+] NSIS installer script written to {path}".format(path=INSTALLER))
diff --git a/branding/templates/windows/payload/install b/branding/templates/windows/payload/install
new file mode 100755
index 0000000..da9a195
--- /dev/null
+++ b/branding/templates/windows/payload/install
@@ -0,0 +1,9 @@
+..\staging\bitmask_helper.exe
+..\staging\bitmask-vpn.exe
+..\staging\libcrypto-1_1-x64.dll
+..\staging\liblzo2-2.dll
+..\staging\libpkcs11-helper-1.dll
+..\staging\libssl-1_1-x64.dll
+..\staging\padlock.dll
+..\staging\openvpn\openvpn.exe
+..\staging\openvpn\tap-windows.exe
diff --git a/branding/templates/windows/payload/uninstall b/branding/templates/windows/payload/uninstall
new file mode 100755
index 0000000..7c7df24
--- /dev/null
+++ b/branding/templates/windows/payload/uninstall
@@ -0,0 +1,13 @@
+icon.ico
+openssl.exe
+openvpn.exe
+ssleay32.dll
+libeay32.dll
+liblzo2-2.dll
+libpkcs11-helper-1.dll
+libcrypto-1_1-x64.dll
+libssl-1_1-x64.dll
+padlock.dll
+bitmask_helper.exe
+bitmask-vpn.exe
+tap-windows.exe
diff --git a/branding/templates/windows/sign.py b/branding/templates/windows/sign.py
new file mode 100644
index 0000000..5b6b2c6
--- /dev/null
+++ b/branding/templates/windows/sign.py
@@ -0,0 +1,25 @@
+#!/usr/bin/env python3
+"""
+This script is expected to be called from the main makefile, that should pass
+the content of the WIN_CERT_PASS variable as the second argument.
+
+Just make sure that $GOPATH is properly configured.
+"""
+import subprocess
+import os
+import sys
+
+WIN_CERT_PATH = sys.argv[1]
+WIN_CERT_PASS = sys.argv[2]
+SIGNTOOL = "signtool"
+
+GOPATH = os.environ.get('GOPATH')
+VERSION = subprocess.run(
+ 'git -C ' + GOPATH +
+ '\\src\\0xacab.org\\leap\\bitmask-vpn describe --tags',
+ stdout=subprocess.PIPE).stdout.strip()
+
+installer = "RiseupVPN-" + str(VERSION, 'utf-8') + '.exe'
+target = str(os.path.join(os.path.abspath('.'), 'dist', installer))
+cmd = [SIGNTOOL, "sign", "/f", WIN_CERT_PATH, "/p", WIN_CERT_PASS, target]
+subprocess.run(cmd)
diff --git a/branding/templates/windows/template.nsi b/branding/templates/windows/template.nsi
new file mode 100755
index 0000000..f644b89
--- /dev/null
+++ b/branding/templates/windows/template.nsi
@@ -0,0 +1,130 @@
+SetCompressor /SOLID lzma
+
+!define PRODUCT_PUBLISHER "LEAP Encryption Access Project"
+!include "MUI2.nsh"
+
+Name "$applicationName"
+Outfile "..\bin\$applicationName-$version.exe"
+;TODO make the installdir configurable - and set it in the registry.
+InstallDir "C:\Program Files\$applicationName\"
+RequestExecutionLevel admin
+
+!include FileFunc.nsh
+!insertmacro GetParameters
+!insertmacro GetOptions
+
+;Macros
+
+!macro SelectByParameter SECT PARAMETER DEFAULT
+ ${GetOptions} $R0 "/${PARAMETER}=" $0
+ ${If} ${DEFAULT} == 0
+ ${If} $0 == 1
+ !insertmacro SelectSection ${SECT}
+ ${EndIf}
+ ${Else}
+ ${If} $0 != 0
+ !insertmacro SelectSection ${SECT}
+ ${EndIf}
+ ${EndIf}
+!macroend
+
+
+
+!define BITMAP_FILE riseupvpn.bmp
+
+!define MUI_ICON "..\assets\$applicationNameLower.ico"
+!define MUI_UNICON "..\assets\$applicationNameLower.ico"
+
+!define MUI_WELCOMEPAGE_TITLE "$applicationName"
+!define MUI_WELCOMEPAGE_TEXT "This will install $applicationName in your computer. $applicationName is a simple, fast and secure VPN Client, powered by Bitmask. \n This VPN service is run by donations from people like you."
+#!define MUI_WELCOMEFINISHPAGE_BITMAP "riseup.png"
+
+!insertmacro MUI_PAGE_WELCOME
+!insertmacro MUI_PAGE_INSTFILES
+!insertmacro MUI_PAGE_FINISH
+
+
+
+Section "InstallFiles"
+ ; first we try to delete the systray, locked by the app.
+ ClearErrors
+ Delete 'C:\Program Files\$applicationName\bitmask-vpn.exe'
+ IfErrors 0 noError
+
+ ; Error handling
+ MessageBox MB_OK|MB_ICONEXCLAMATION "$applicationName is Running. Please close it, and then run this installer again."
+ Abort
+
+ noError:
+ ExecShellWait "runas" "$INSTDIR\nssm.exe" 'stop $applicationNameLower-helper'
+ ExecShellWait "runas" "$INSTDIR\nssm.exe" 'remove $applicationNameLower-helper confirm'
+
+ SetOutPath $INSTDIR
+ WriteUninstaller $INSTDIR\uninstall.exe
+
+ ; Add ourselves to Add/remove programs
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayName" "$applicationName"
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "UninstallString" '"$INSTDIR\uninstall.exe"'
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "InstallLocation" "$INSTDIR"
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayIcon" "$INSTDIR\icon.ico"
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "Readme" "$INSTDIR\readme.txt"
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "DisplayVersion" "$version"
+ WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "Publisher" "LEAP Encryption Access Project"
+ WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "NoModify" 1
+ WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower" "NoRepair" 1
+
+ ;Start Menu
+ createDirectory "$SMPROGRAMS\$applicationName\"
+ createShortCut "$SMPROGRAMS\$applicationName\$applicationName.lnk" "$INSTDIR\bitmask-vpn.exe" "" "$INSTDIR\icon.ico"
+
+ File "readme.txt"
+ File "..\staging\nssm.exe"
+ File "/oname=icon.ico" "..\assets\$applicationNameLower.ico"
+
+ $extra_install_files
+
+SectionEnd
+
+Section "InstallService"
+ ; Easy service management thanks to nssm
+ ExecWait '"$INSTDIR\nssm.exe" install $applicationNameLower-helper "$INSTDIR\bitmask_helper.exe"'
+ ExecWait '"$INSTDIR\nssm.exe" set $applicationNameLower-helper AppDirectory "$INSTDIR"'
+ ExecWait '"$INSTDIR\nssm.exe" start $applicationNameLower-helper'
+SectionEnd
+
+Section /o "TAP Virtual Ethernet Adapter" SecTAP
+ ; Adapted from the windows nsis installer from OpenVPN (openvpn-build repo).
+ DetailPrint "Installing TAP (may need confirmation)..."
+ ; The /S flag make it "silent", remove it if you want it explicit
+ ExecWait '"$INSTDIR\tap-windows.exe" /S /SELECT_UTILITIES=1'
+ Pop $R0 # return value/error/timeout
+ WriteRegStr HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$applicationName" "tap" "installed"
+ DetailPrint "TAP installed!"
+SectionEnd
+
+Section "Uninstall"
+ ExecShellWait "runas" "$INSTDIR\nssm.exe" 'stop $applicationNameLower-helper'
+ ExecShellWait "runas" "$INSTDIR\nssm.exe" 'remove $applicationNameLower-helper confirm'
+
+ Delete $INSTDIR\readme.txt
+ Delete $INSTDIR\nssm.exe
+ Delete $INSTDIR\helper.log
+ Delete "$SMPROGRAMS\$applicationName\$applicationName.lnk"
+ RMDir "$SMPROGRAMS\$applicationName\"
+
+ $extra_uninstall_files
+
+ DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\$applicationNameLower"
+ ; uninstaller must be always the last thing to remove
+ Delete $INSTDIR\uninstall.exe
+ RMDir $INSTDIR
+SectionEnd
+
+Function .onInit
+ !insertmacro SelectByParameter ${SecTAP} SELECT_TAP 1
+FunctionEnd
+
+;----------------------------------------
+;Languages
+
+!insertmacro MUI_LANGUAGE "English"
diff --git a/branding/templates/windows/tools/README-cert.txt b/branding/templates/windows/tools/README-cert.txt
new file mode 100644
index 0000000..e532997
--- /dev/null
+++ b/branding/templates/windows/tools/README-cert.txt
@@ -0,0 +1 @@
+openssl pkcs12 -inkey privatekey.pem -in signing_cert.pem -export -out LEAP.pfx
diff --git a/branding/templates/windows/tools/README-signtool.txt b/branding/templates/windows/tools/README-signtool.txt
new file mode 100644
index 0000000..51ebbf5
--- /dev/null
+++ b/branding/templates/windows/tools/README-signtool.txt
@@ -0,0 +1,17 @@
+Source: https://stackoverflow.com/questions/31869552/how-to-install-signtool-exe-for-windows-10
+-----------------------------------------------------------------------------------------------
+
+If you only want SignTool and really want to minimize the install, here is a way that I just reverse-engineered my way to:
+
+Download the .iso file from https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk (current download link is http://go.microsoft.com/fwlink/p/?LinkID=2022797) The .exe download will not work, since it's an online installer that pulls down its dependencies at runtime.
+Unpack the .iso with a tool such as 7-zip.
+Install the Installers/Windows SDK Signing Tools-x86_en-us.msi file - it's only 388 KiB large. For reference, it pulls in its files from the following .cab files, so these are also needed for a standalone install:
+4c3ef4b2b1dc72149f979f4243d2accf.cab (339 KiB)
+ 685f3d4691f444bc382762d603a99afc.cab (1002 KiB)
+ e5c4b31ff9997ac5603f4f28cd7df602.cab (389 KiB)
+ e98fa5eb5fee6ce17a7a69d585870b7c.cab (1.2 MiB)
+ There we go - you will now have the signtool.exe file and companions in C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64 (replace x64 with x86, arm or arm64 if you need it for another CPU architecture.)
+
+It is also possible to commit signtool.exe and the other files from this folder into your version control repository if want to use it in e.g. CI scenarios. I have tried and it seems to work fine.
+
+(All files are probably not necessary since there are also some other .exe tools in this folder that might be responsible for these dependencies, but I am not sure which ones could be removed to make the set of files even smaller. Someone else is free to investigate further in this area. :) I tried to just copy signtool.* and that didn't work, so at least some of the other files are needed.)
diff --git a/branding/templates/windows/tools/windows10-signing.zip b/branding/templates/windows/tools/windows10-signing.zip
new file mode 100644
index 0000000..2d1858d
--- /dev/null
+++ b/branding/templates/windows/tools/windows10-signing.zip
Binary files differ