From bcd834c4da5c292b3600a07c0d63009acaed8455 Mon Sep 17 00:00:00 2001 From: Daniel Date: Mon, 27 May 2024 16:40:46 +0200 Subject: [PATCH] [windows_kext] Finalize building kext and cab for MS signing --- Earthfile | 76 +++---------------- windows_kext/release/README.md | 3 +- windows_kext/release/src/main.rs | 27 +++---- .../release/templates/PortmasterKext.ddf | 10 +-- .../release/templates/PortmasterKext64.inf | 6 -- windows_kext/release/templates/build_cab.ps1 | 28 ++++--- windows_kext/release/templates/finalize.bat | 25 ------ windows_kext/release/templates/link.ps1 | 27 ------- 8 files changed, 42 insertions(+), 160 deletions(-) delete mode 100644 windows_kext/release/templates/finalize.bat diff --git a/Earthfile b/Earthfile index 75eb3034..d691fc37 100644 --- a/Earthfile +++ b/Earthfile @@ -461,82 +461,26 @@ tauri-release: BUILD +tauri-build --target="${arch}" --bundle="${bundle}" END -kext-base: +kext-build: FROM ${rust_builder_image} - RUN apt-get update -qq - - # Tools and libraries required for cross-compilation - RUN apt-get install --no-install-recommends -qq \ - autoconf \ - autotools-dev \ - libtool-bin \ - clang \ - cmake \ - bsdmainutils \ - gcc-multilib \ - linux-libc-dev \ - linux-libc-dev-amd64-cross \ - linux-libc-dev-arm64-cross \ - linux-libc-dev-armel-cross \ - linux-libc-dev-armhf-cross \ - build-essential \ - curl \ - wget \ - file \ - mingw-w64 - # Install architecture target - RUN rustup target add x86_64-pc-windows-msvc - DO rust+INIT --keep_fingerprints=true - # Add some required rustup components - RUN rustup component add cargo - RUN rustup component add rust-std - RUN rustup component add rustc - - # Required for cross compilation to work. - ENV PKG_CONFIG_ALLOW_CROSS=1 - ENV PKG_CONFIG_PATH=/usr/x86_64-w64-mingw32/lib/pkgconfig - - # Explicitly cache here. - SAVE IMAGE --cache-hint - -kext-build: - FROM +kext-base - WORKDIR /app/kext - - # Pull and build dependencies. - # wdk package - COPY --keep-ts ./windows_kext/wdk/Cargo.toml ./wdk/Cargo.toml - COPY --keep-ts ./windows_kext/wdk/Cargo.lock ./wdk/Cargo.lock - COPY --keep-ts ./windows_kext/wdk/src/lib.rs ./wdk/src/lib.rs - # release package - COPY --keep-ts ./windows_kext/release/Cargo.toml ./release/Cargo.toml - COPY --keep-ts ./windows_kext/release/Cargo.lock ./release/Cargo.lock - COPY --keep-ts ./windows_kext/release/src/main.rs ./release/src/main.rs - # protocol package - COPY --keep-ts ./windows_kext/protocol/Cargo.toml ./protocol/Cargo.toml - COPY --keep-ts ./windows_kext/protocol/Cargo.lock ./protocol/Cargo.lock - COPY --keep-ts ./windows_kext/protocol/src/lib.rs ./protocol/src/lib.rs - # driver package - COPY --keep-ts ./windows_kext/driver/Cargo.toml ./driver/Cargo.toml - COPY --keep-ts ./windows_kext/driver/Cargo.lock ./driver/Cargo.lock - COPY --keep-ts ./windows_kext/driver/src/lib.rs ./driver/src/lib.rs - # driver cargo config - COPY --keep-ts ./windows_kext/driver/.cargo ./driver/.cargo - # fetch - DO rust+CARGO --args="fetch --manifest-path ./driver/Cargo.toml --target x86_64-pc-windows-msvc" - # Build kext - + WORKDIR /app/kext # --keep-ts is necessary to ensure that the timestamps of the source files # are preserved such that Rust's incremental compilation works correctly. COPY --keep-ts ./windows_kext/ . - WORKDIR /app/kext/driver - DO rust+CARGO --args="build" + # Add target architecture + RUN rustup target add x86_64-pc-windows-msvc + + # Build using special earthly lib + WORKDIR /app/kext/release + DO rust+CARGO --args="run" + + SAVE ARTIFACT --keep-ts "portmaster-kext-release-bundle.zip" AS LOCAL "${outputDir}/windows_amd64/portmaster-kext-release-bundle.zip" build: BUILD +go-release diff --git a/windows_kext/release/README.md b/windows_kext/release/README.md index 7060c52a..939f88d6 100644 --- a/windows_kext/release/README.md +++ b/windows_kext/release/README.md @@ -21,7 +21,8 @@ cd kext_release_v.../ - Enter "PortmasterKext vX.X.X #1" as the product name - Upload `portmaster-kext_vX-X-X.cab` - Select the Windows 10 versions that you compiled and tested on + - Currently: Windows 11 Client, version 22H2 x64 (Ni) - Wait for the process to finish, download the `.zip`. The zip will contain the release files. -> Optionally sign the .sys file. \ No newline at end of file +> Optionally sign the .sys file. diff --git a/windows_kext/release/src/main.rs b/windows_kext/release/src/main.rs index c1e76a4e..af72ea61 100644 --- a/windows_kext/release/src/main.rs +++ b/windows_kext/release/src/main.rs @@ -16,18 +16,9 @@ fn main() { ); // Create Zip that will hold all the release files and scripts. - let file = File::create(format!( - "kext_release_v{}-{}-{}.zip", - VERSION[0], VERSION[1], VERSION[2] - )) - .unwrap(); + let file = File::create("portmaster-kext-release-bundle.zip").unwrap(); let mut zip = zip::ZipWriter::new(file); - let version_file = format!( - "portmaster-kext_v{}-{}-{}", - VERSION[0], VERSION[1], VERSION[2] - ); - // Write files to zip zip.add_directory("cab", FileOptions::default()).unwrap(); // Write driver.lib @@ -35,7 +26,7 @@ fn main() { // Write ddf file write_to_zip( &mut zip, - &format!("{}.ddf", version_file), + "PortmasterKext.ddf", get_ddf_content(), ); // Write build cab script @@ -44,7 +35,7 @@ fn main() { // Write inf file write_to_zip( &mut zip, - &format!("cab/{}.inf", version_file), + "cab/PortmasterKext64.inf", get_inf_content(), ); @@ -82,28 +73,28 @@ fn get_inf_content() -> String { fn get_ddf_content() -> String { let reg = Handlebars::new(); - let version_file = format!( - "portmaster-kext_v{}-{}-{}", + let cab_file = format!( + "PortmasterKext_v{}-{}-{}.cab", VERSION[0], VERSION[1], VERSION[2] ); reg.render_template( include_str!("../templates/PortmasterKext.ddf"), - &json!({"version_file": version_file}), + &json!({"cab_file": cab_file}), ) .unwrap() } fn get_build_cab_script_content() -> String { let reg = Handlebars::new(); - let version_file = format!( - "portmaster-kext_v{}-{}-{}", + let cab_file = format!( + "PortmasterKext_v{}-{}-{}.cab", VERSION[0], VERSION[1], VERSION[2] ); reg .render_template( include_str!("../templates/build_cab.ps1"), - &json!({"sys_file": format!("{}.sys", version_file), "pdb_file": format!("{}.pdb", version_file), "lib_file": "driver.lib", "version_file": &version_file }), + &json!({"sys_file": "PortmasterKext64.sys", "pdb_file": "PortmasterKext64.pdb", "lib_file": "driver.lib", "cab_file": &cab_file }), ) .unwrap() } diff --git a/windows_kext/release/templates/PortmasterKext.ddf b/windows_kext/release/templates/PortmasterKext.ddf index 246885bc..41732d22 100644 --- a/windows_kext/release/templates/PortmasterKext.ddf +++ b/windows_kext/release/templates/PortmasterKext.ddf @@ -1,4 +1,4 @@ -;*** {{version_file}}.ddf +;*** PortmasterKext.ddf .OPTION EXPLICIT ; Generate errors .Set CabinetFileCountThreshold=0 .Set FolderFileCountThreshold=0 @@ -11,7 +11,7 @@ .Set Compress=on ;Specify file name for new cab file -.Set CabinetNameTemplate={{version_file}}.cab +.Set CabinetNameTemplate={{cab_file}} ; Specify the subdirectory for the files. ; Your cab file should not have files at the root level, @@ -19,6 +19,6 @@ .Set DestinationDir=PortmasterKext ;Specify files to be included in cab file -.\cab\\{{version_file}}.inf -.\cab\\{{version_file}}.sys -.\cab\\{{version_file}}.pdb \ No newline at end of file +.\cab\\PortmasterKext64.inf +.\cab\\PortmasterKext64.sys +.\cab\\PortmasterKext64.pdb diff --git a/windows_kext/release/templates/PortmasterKext64.inf b/windows_kext/release/templates/PortmasterKext64.inf index baf0d7c4..796e46f8 100644 --- a/windows_kext/release/templates/PortmasterKext64.inf +++ b/windows_kext/release/templates/PortmasterKext64.inf @@ -43,12 +43,6 @@ CopyFiles = PortmasterKext.DriverFiles [DefaultInstall.NTamd64.Services] AddService = %ServiceName%,,PortmasterKext.Service -[DefaultUninstall] -DelFiles = PortmasterKext.DriverFiles - -[DefaultUninstall.Services] -DelService = PortmasterKext,0x200 ; SPSVCINST_STOPSERVICE - [PortmasterKext.DriverFiles] PortmasterKext64.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY diff --git a/windows_kext/release/templates/build_cab.ps1 b/windows_kext/release/templates/build_cab.ps1 index 920bc823..0c3e7e04 100644 --- a/windows_kext/release/templates/build_cab.ps1 +++ b/windows_kext/release/templates/build_cab.ps1 @@ -1,5 +1,7 @@ -del {{version_file}}.cab +# Remove previous cab build +Remove-Item -Path "PortmasterKext_v2-0-0.cab" -ErrorAction SilentlyContinue +# Link the driver. link.exe /OUT:{{sys_file}} ` /MANIFEST:NO /PROFILE /Driver ` "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wdmsec.lib" ` @@ -14,35 +16,37 @@ link.exe /OUT:{{sys_file}} ` "C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib" ` "{{lib_file}}" ` /RELEASE /VERSION:"10.0" /DEBUG /MACHINE:X64 /ENTRY:"FxDriverEntry" /OPT:REF /INCREMENTAL:NO /SUBSYSTEM:NATIVE",6.01" /OPT:ICF /ERRORREPORT:PROMPT /MERGE:"_TEXT=.text;_PAGE=PAGE" /NOLOGO /NODEFAULTLIB /SECTION:"INIT,d" - if(!$?) { Exit $LASTEXITCODE } -move {{sys_file}} cab\\{{sys_file}} -move {{pdb_file}} cab\\{{pdb_file}} +# Move the driver and debug symbolds into the cab directory. +move {{sys_file}} cab\\PortmasterKext64.sys +move {{pdb_file}} cab\\PortmasterKext64.pdb +# Create the cab. Write-Host Write-Host ===== Write-Host creating .cab ... -MakeCab /f {{version_file}}.ddf - +MakeCab /f PortmasterKext.ddf if(!$?) { Exit $LASTEXITCODE } +# Clean up after cab creation. Write-Host Write-Host ===== Write-Host cleaning up ... -del setup.inf -del setup.rpt -move disk1\\{{version_file}}.cab {{version_file}}.cab -rmdir disk1 +Remove-Item -Path "setup.inf" -ErrorAction SilentlyContinue +Remove-Item -Path "setup.rpt" -ErrorAction SilentlyContinue +Move-Item disk1\\{{cab_file}} {{cab_file}} +Remove-Item disk1 +# Print signing instructions. Write-Host Write-Host ===== Write-Host YOUR TURN: sign the .cab -Write-Host use something along the lines of: +Write-Host "(If the sha1 fingerprint of the cert has changed, you can find it in the cert properties on Windows as Thumbprint)" Write-Host -Write-Host signtool sign /sha1 C2CBB3A0256A157FEB08B661D72BF490B68724C4 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a {{version_file}}.cab +Write-Host signtool sign /sha1 69ADFEACD5AC42D0DB5698E38CA917B9C60FBFA6 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a {{cab_file}} Write-Host diff --git a/windows_kext/release/templates/finalize.bat b/windows_kext/release/templates/finalize.bat deleted file mode 100644 index 74939ecd..00000000 --- a/windows_kext/release/templates/finalize.bat +++ /dev/null @@ -1,25 +0,0 @@ -@echo off -set DISTDIR=dist\windows_amd64\kext -set SIGNEDDIR=Signed\drivers\PortmasterKext - -echo. -echo ===== -echo copying files ... -mkdir %DISTDIR% -echo copy %SIGNEDDIR%\PortmasterKext64.sys %DISTDIR%\portmaster-kext_vX-X-X.sys -copy %SIGNEDDIR%\PortmasterKext64.sys %DISTDIR%\portmaster-kext_vX-X-X.sys - -echo. -echo ===== -echo OPTIONAL: -echo YOUR TURN: sign .sys (add your sig for additional transparency) -echo use something along the lines of: -echo. -echo signtool sign /sha1 C2CBB3A0256A157FEB08B661D72BF490B68724C4 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a /as %DISTDIR%\portmaster-kext_vX-X-X.sys -echo. - -echo. -echo ===== -echo YOUR TURN: rename %DISTDIR%\portmaster-kext-vX-X-X.sys to correct versions! -echo DONE! -echo. diff --git a/windows_kext/release/templates/link.ps1 b/windows_kext/release/templates/link.ps1 index aaa9b1b3..74213dc7 100644 --- a/windows_kext/release/templates/link.ps1 +++ b/windows_kext/release/templates/link.ps1 @@ -1,4 +1,3 @@ - link.exe /OUT:{{sys_file}} ` /MANIFEST:NO /PROFILE /Driver ` "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wdmsec.lib" ` @@ -13,29 +12,3 @@ link.exe /OUT:{{sys_file}} ` "C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib" ` "{{lib_file}}" ` /RELEASE /VERSION:"10.0" /DEBUG /MACHINE:X64 /ENTRY:"FxDriverEntry" /OPT:REF /INCREMENTAL:NO /SUBSYSTEM:NATIVE",6.01" /OPT:ICF /ERRORREPORT:PROMPT /MERGE:"_TEXT=.text;_PAGE=PAGE" /NOLOGO /NODEFAULTLIB /SECTION:"INIT,d" - -if(!$?) { Exit $LASTEXITCODE } - -move {{sys_file}} cab\\{{sys_file}} -move {{pdb_file}} cab\\{{pdb_file}} - -Write-Host -Write-Host ===== -Write-Host creating .cab ... -MakeCab /f {{version_file}}.ddf - -Write-Host -Write-Host ===== -Write-Host cleaning up ... -del setup.inf -del setup.rpt -move disk1\\{{version_file}}.cab {{version_file}}.cab -rmdir disk1 - -Write-Host -Write-Host ===== -Write-Host YOUR TURN: sign the .cab -Write-Host use something along the lines of: -Write-Host -Write-Host signtool sign /sha1 C2CBB3A0256A157FEB08B661D72BF490B68724C4 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a {{version_file}}.cab -Write-Host