aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Yonan <james@openvpn.net>2010-08-20 20:24:42 +0000
committerJames Yonan <james@openvpn.net>2010-08-20 20:24:42 +0000
commit5f866d914c71f010988fd85d5b178f3b8c3e2987 (patch)
tree88c2699ab799ac3270e0e8510867e89b60dc233c
parentWindows security issue: (diff)
downloadopenvpn-5f866d914c71f010988fd85d5b178f3b8c3e2987.tar.xz
Attempt to fix issue where domake-win build system was not properlyv2.1.3
signing drivers and .exe files. Added win/tap_span.py for building multiple versions of the TAP driver and tapinstall binaries using different DDK versions to span from Win2K to Win7 and beyond. Version 2.1.3 git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6404 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r--install-win32/buildinstaller2
-rw-r--r--install-win32/getgui3
-rw-r--r--install-win32/getxgui6
-rw-r--r--install-win32/maketap100
-rw-r--r--install-win32/maketapinstall72
-rw-r--r--install-win32/settings.in37
-rw-r--r--version.m42
-rw-r--r--win/build_ddk.py8
-rw-r--r--win/settings.in3
-rw-r--r--win/tap_span.py129
-rw-r--r--win/wb.py32
11 files changed, 191 insertions, 203 deletions
diff --git a/install-win32/buildinstaller b/install-win32/buildinstaller
index 83057bb..a17a027 100644
--- a/install-win32/buildinstaller
+++ b/install-win32/buildinstaller
@@ -10,5 +10,5 @@ tail -20 makensis.log
# sign the installer
if [ -d "$SIGNTOOL" ]; then
- TARGET_EXE="$(echo $(pwd)/$GENOUT/*.exe)" $SIGNTOOL/signexe
+ python $SIGNTOOL/signapp.py "$(echo $(pwd)/$GENOUT/*.exe)"
fi
diff --git a/install-win32/getgui b/install-win32/getgui
index b53a8f7..aa83e85 100644
--- a/install-win32/getgui
+++ b/install-win32/getgui
@@ -10,9 +10,6 @@ GUI="$OPENVPN_GUI_DIR/$OPENVPN_GUI"
if [ -f "$GUI" ]; then
mkdir -p $GENOUT/bin &>/dev/null
cp $GUI $GENOUT/bin
- if [ -d "$SIGNTOOL" ]; then
- TARGET_EXE="$GENOUT/bin/$OPENVPN_GUI" $SIGNTOOL/signexe
- fi
fi
if [ -f "$GENOUT/bin/$OPENVPN_GUI" ]; then
diff --git a/install-win32/getxgui b/install-win32/getxgui
index d3a21b8..3a1e626 100644
--- a/install-win32/getxgui
+++ b/install-win32/getxgui
@@ -19,12 +19,6 @@ if [ -d "$OPENVPN_XGUI_DIR" ]; then
done
fi
- for f in $SIGNED_EXES; do
- if [ -d "$SIGNTOOL" ]; then
- TARGET_EXE="$GENOUT/bin/`basename $f`" $SIGNTOOL/signexe
- fi
- done
-
rm -rf $GENOUT/htdocs
cp -a $OPENVPN_XGUI_DIR/ajax/htdocs $GENOUT/htdocs
diff --git a/install-win32/maketap b/install-win32/maketap
index 0d33329..b9c4070 100644
--- a/install-win32/maketap
+++ b/install-win32/maketap
@@ -1,101 +1,17 @@
#!/bin/sh
-# Build the x86 and x64 versions of the TAP driver
-# Requires the Windows DDK
+# Get the x86 and x64 versions of the TAP driver
# get version.nsi definitions
. autodefs/defs.sh
-if [ -n "$DDKVER" ] && [ -d "/c/WINDDK/$DDKVER" ] ; then
-
-# common declarations for all DDK build targets
-. install-win32/ddk-common
-
-# configure tap driver sources
-MACRO="perl install-win32/macro.pl autodefs/defs.in"
-IFDEF="perl install-win32/ifdef.pl"
-rm -rf tap-win32/amd64
-mkdir tap-win32/amd64
-$MACRO <tap-win32/SOURCES.in >tap-win32/SOURCES
-$MACRO <tap-win32/i386/OemWin2k.inf.in | $IFDEF >tap-win32/i386/OemWin2k.inf
-$MACRO <tap-win32/i386/OemWin2k.inf.in | $IFDEF -DAMD64 >tap-win32/amd64/OemWin2k.inf
-
-if [ -n "$PRODUCT_TAP_DEBUG" ] ; then
- w2ktarget="w2k c"
- amdtarget="chk $x64_tag WNET"
-else
- w2ktarget="w2k f"
- amdtarget="fre $x64_tag WNET"
-fi
-
-if [ -z "$DRVBINSRC" ] ; then
- if [ -n "$TAP_BIN_AMD64" ]; then
- amdtarget=""
- fi
-
- cd tap-win32
- t=`pwd`
- cd ..
-
- for mode in "$w2ktarget" "$amdtarget"; do
- echo '**********' build TAP $mode
- cmd //c "C:\\WINDDK\\$DDKVER\\bin\\setenv.bat C:\\WINDDK\\$DDKVER $mode && cd `perl install-win32/dosname.pl $t` && build -cef"
- mv tap-win32/tapdrvr.cod "tap-win32/tapdrvr-$(echo $mode | tr ' ' '-').cod"
+if [ -d "$TAPBINSRC" ]; then
+ mkdir -p $GENOUT/driver/i386 &>/dev/null
+ mkdir -p $GENOUT/driver/amd64 &>/dev/null
+ for arch in i386 amd64; do
+ s=$TAPBINSRC/$arch
+ cp $s/*.sys $s/*.cat $s/*.inf $GENOUT/driver/$arch
done
-
- title openvpn-build &>/dev/null
-
- if [ -n "$TAP_BIN_AMD64" ]; then
- mkdir -p $t/amd64
- cp "$TAP_BIN_AMD64" $t/amd64
- fi
-
- # copy driver files into tap-win32/dist
- cd tap-win32
- rm -rf dist
- mkdir dist
- cd dist
- mkdir i386
- mkdir amd64
- cd i386
- x86=`pwd`
- cd ../amd64
- x64=`pwd`
- cd ../..
- cp i386/OemWin2k.inf $x86
- cp i386/*.sys $x86
- cp amd64/OemWin2k.inf $x64
- cp amd64/*.sys $x64
- out="TAP driver catalog file is undefined";
- echo "$out" >$x86/$PRODUCT_TAP_ID.cat
- echo "$out" >$x64/$PRODUCT_TAP_ID.cat
- cd ..
-fi
-
-# $DRVBINSRC, if defined, points to prebuilt TAP driver and
-# tapinstall.exe.
-mkdir $GENOUT &>/dev/null
-rm -rf $GENOUT/driver
-if [ -z "$DRVBINSRC" ] ; then
- # Get TAP drivers
- cp -a tap-win32/dist $GENOUT/driver
-
- # Sign TAP drivers
- if [ -d "$SIGNTOOL" ]; then
- $SIGNTOOL/signtap
- fi
-else
- cp -a $DRVBINSRC/driver $GENOUT/driver
-fi
-
-# $DRVBINDEST, if defined, points to a destination directory
-# where TAP driver and tapinstall.exe will be saved, to be used
-# as a $DRVBINSRC in future builds.
-if [ -n "$DRVBINDEST" ] ; then
- mkdir $DRVBINDEST &>/dev/null
- cp -a $GENOUT/driver $DRVBINDEST
-fi
-
else
- echo Not building TAP driver -- DDK version $DDKVER NOT FOUND
+ echo Cannot find pre-built tap drivers
fi
diff --git a/install-win32/maketapinstall b/install-win32/maketapinstall
index eae4471..9fe0470 100644
--- a/install-win32/maketapinstall
+++ b/install-win32/maketapinstall
@@ -1,77 +1,15 @@
#!/bin/sh
-# Build the x86 and x64 versions of the tapinstall tool
-# Requires the Windows DDK.
-# TISRC should be set to directory containing
-# tapinstall source code.
+# Get the x86 and x64 versions of the tapinstall tool
# get version.nsi definitions
. autodefs/defs.sh
-if [ -n "$DDKVER" ] && [ -d "/c/WINDDK/$DDKVER" ] ; then
-
-if ! [ -d "$TISRC" ] ; then
- echo "$TISRC" NOT INSTALLED
- exit 1
-fi
-
-# common declarations for all DDK build targets
-. install-win32/ddk-common
-
-amdtarget=""
-if [ -z "$TI_BIN_AMD64" ]; then
- amdtarget="fre $x64_tag WNET"
-fi
-
-if [ -z "$DRVBINSRC" ] ; then
- rm -rf tapinstall
- cp -a "$TISRC" tapinstall
-
- if [ -e tapinstall/sources.in ]; then
- perl install-win32/ifdef.pl autodefs/defs.in <tapinstall/sources.in >tapinstall/sources
- fi
-
- cd tapinstall
- t=`pwd`
- cd ..
-
- for mode in "w2k f" "$amdtarget"; do
- if [ -n "$mode" ]; then
- echo '**********' build TAPINSTALL $mode
- cmd //c "C:\\WINDDK\\$DDKVER\\bin\\setenv.bat C:\\WINDDK\\$DDKVER $mode && cd `perl install-win32/dosname.pl $t` && build -cef"
- fi
- done
-fi
-
-if [ -n "$TI_BIN_AMD64" ]; then
- mkdir -p $t/objfre_wnet_amd64/amd64
- cp "$TI_BIN_AMD64" $t/objfre_wnet_amd64/amd64
-fi
-
-# $DRVBINSRC, if defined, points to prebuilt TAP driver and
-# tapinstall.exe.
-if [ -z "$DRVBINSRC" ] ; then
- # Get tapinstall
+if [ -d "$TAPBINSRC" ]; then
mkdir -p $GENOUT/tapinstall/i386 &>/dev/null
mkdir -p $GENOUT/tapinstall/amd64 &>/dev/null
- cp tapinstall/objfre_w2k_x86/i386/tapinstall.exe $GENOUT/tapinstall/i386
- cp tapinstall/objfre_wnet_amd64/amd64/tapinstall.exe $GENOUT/tapinstall/amd64
-else
- mkdir $GENOUT &>/dev/null
- cp -a $DRVBINSRC/tapinstall $GENOUT/tapinstall
-fi
-
-# $DRVBINDEST, if defined, points to a destination directory
-# where TAP driver and tapinstall.exe will be saved, to be used
-# as a $DRVBINSRC in future builds.
-if [ -n "$DRVBINDEST" ] ; then
- mkdir $DRVBINDEST &>/dev/null
- cp -a $GENOUT/driver $DRVBINDEST
- cp -a $GENOUT/tapinstall $DRVBINDEST
-fi
-
-title openvpn-build &>/dev/null
-
+ cp $TAPBINSRC/i386/tapinstall.exe $GENOUT/tapinstall/i386
+ cp $TAPBINSRC/amd64/tapinstall.exe $GENOUT/tapinstall/amd64
else
- echo Not building tapinstall -- DDK version $DDKVER NOT BUILT
+ echo Cannot find pre-built tapinstall
fi
diff --git a/install-win32/settings.in b/install-win32/settings.in
index 21ea0a7..4a0a564 100644
--- a/install-win32/settings.in
+++ b/install-win32/settings.in
@@ -27,42 +27,19 @@
!define PKCS11_HELPER_DIR "../pkcs11-helper"
;!define DMALLOC_DIR "../dmalloc-5.4.2"
+# Prebuilt TAP drivers and tapinstall
+!define TAPBINSRC "../tap_dist"
+
+# Directory containing python script for signing .exe files
+!define SIGNTOOL "../signtool"
+
# Optional directory of prebuilt OpenVPN binary components,
# to be used as a source when build-from-scratch prerequisites
# are not met.
;!define GENOUT_PREBUILT "../gen-prebuilt"
-# tapinstall.exe source code.
-# Not needed if DRVBINSRC is defined
-# (or if using pre-built mode).
-!define TISRC "../tapinstall/5600"
-
-# TAP Adapter parameters. Note that PRODUCT_TAP_ID is
-# defined in version.m4.
-!define PRODUCT_TAP_DEVICE_DESCRIPTION "TAP-Win32 Adapter V9"
-!define PRODUCT_TAP_PROVIDER "TAP-Win32 Provider V9"
-!define PRODUCT_TAP_MAJOR_VER 9
-!define PRODUCT_TAP_MINOR_VER 7
-!define PRODUCT_TAP_RELDATE "04/19/2010"
-
-# TAP adapter icon -- visible=0x81 or hidden=0x89
-!define PRODUCT_TAP_CHARACTERISTICS 0x81
-
-# Build debugging version of TAP driver
-;!define PRODUCT_TAP_DEBUG
-
-# DDK Version.
-# DDK distribution is assumed to be in C:\WINDDK\${DDKVER}
-!define DDKVER 6001.18002
-!define DDKVER_MAJOR 6001
-
-# Code Signing.
-# If undefined, don't sign any files.
-!define SIGNTOOL "../signtool.old"
-!define PRODUCT_SIGN_CN "openvpn"
-
# -j parameter passed to make
-!define MAKE_JOBS 2
+!define MAKE_JOBS 1
# output directory for built binaries
# and other generated files
diff --git a/version.m4 b/version.m4
index 06d526f..f37e1c2 100644
--- a/version.m4
+++ b/version.m4
@@ -1,5 +1,5 @@
dnl define the OpenVPN version
-define(PRODUCT_VERSION,[2.1.2])
+define(PRODUCT_VERSION,[2.1.3])
dnl define the TAP version
define(PRODUCT_TAP_ID,[tap0901])
define(PRODUCT_TAP_WIN32_MIN_MAJOR,[9])
diff --git a/win/build_ddk.py b/win/build_ddk.py
index ca68e81..1a0cf82 100644
--- a/win/build_ddk.py
+++ b/win/build_ddk.py
@@ -2,9 +2,13 @@ import os
from wb import system, home_fn, choose_arch
def build_ddk(config, dir, x64):
- setenv_bat = os.path.realpath(os.path.join(config['DDK_PATH'], 'bin/setenv.bat'))
+ ddk_path = config['DDK_PATH']
ddk_major = int(config['DDKVER_MAJOR'])
debug = 'PRODUCT_TAP_DEBUG' in config
+ return build_tap(ddk_path, ddk_major, debug, dir, x64)
+
+def build_tap(ddk_path, ddk_major, debug, dir, x64):
+ setenv_bat = os.path.realpath(os.path.join(ddk_path, 'bin/setenv.bat'))
target = 'chk' if debug else 'fre'
if x64:
target += ' x64'
@@ -23,7 +27,7 @@ def build_ddk(config, dir, x64):
system('cmd /c "%s %s %s && cd %s && build -cef"' % (
setenv_bat,
- os.path.realpath(config['DDK_PATH']),
+ os.path.realpath(ddk_path),
target,
dir
))
diff --git a/win/settings.in b/win/settings.in
index 0e1bb1c..f8eeb20 100644
--- a/win/settings.in
+++ b/win/settings.in
@@ -47,6 +47,9 @@
!define DDK_PATH "c:/winddk/7600.16385.1"
;!define DDK_PATH "c:/winddk/6001.18002"
+# output path for tap_span.py
+!define TAP_DIST "tap_dist"
+
# Visual studio path
!define MSVC "C:/Program Files/Microsoft Visual Studio 9.0"
diff --git a/win/tap_span.py b/win/tap_span.py
new file mode 100644
index 0000000..9cd127b
--- /dev/null
+++ b/win/tap_span.py
@@ -0,0 +1,129 @@
+import sys, os, shutil
+from wb import config, home_fn, mod_fn, preprocess, autogen, dict_def, build_autodefs, rm_rf, mkdir_silent, cp
+if 'SIGNTOOL' in config:
+ sys.path.append(home_fn(config['SIGNTOOL']))
+from signtool import SignTool
+from build_ddk import build_tap
+
+ti_dir = "c:/src/tapinstall"
+hi = ("c:/winddk/7600.16385.1", 7600, 7600, ("i386", "amd64"))
+low = ("c:/winddk/6001.18002", 6001, 5600, ("win2k",))
+dest_top = home_fn('tap_build')
+dist = home_fn(config['TAP_DIST'])
+
+def copy_tap(src, dest, x64):
+ dir = os.path.join(src, { False : 'i386', True: 'amd64' }[x64])
+ mkdir_silent(dest)
+ for dirpath, dirnames, filenames in os.walk(dir):
+ for f in filenames:
+ root, ext = os.path.splitext(f)
+ if ext in ('.inf', '.cat', '.sys'):
+ cp(os.path.join(dir, f), dest)
+ break
+
+def copy_tapinstall(src, dest, x64):
+ base = { False : 'i386', True: 'amd64' }[x64]
+ mkdir_silent(dest)
+ for dirpath, dirnames, filenames in os.walk(home_fn(src)):
+ for f in filenames:
+ if f == 'tapinstall.exe':
+ dir_name = os.path.basename(dirpath)
+ s = os.path.join(dirpath, f)
+ if dir_name == base:
+ cp(s, dest)
+
+def main():
+ rm_rf(dest_top)
+ os.mkdir(dest_top)
+
+ rm_rf(dist)
+ os.mkdir(dist)
+
+ for ver in hi, low:
+ top = os.path.join(dest_top, str(ver[1]))
+ os.mkdir(top)
+ tap_dest = os.path.join(top, "tap-win32")
+ ti_dest = os.path.join(top, "tapinstall")
+ ti_src = os.path.join(ti_dir, str(ver[2]))
+ shutil.copytree(home_fn("tap-win32"), tap_dest)
+ shutil.copytree(ti_src, ti_dest)
+
+ i386 = os.path.join(tap_dest, "i386")
+ amd64 = os.path.join(tap_dest, "amd64")
+
+ build_amd64 = (len(ver[3]) >= 2)
+
+ build_autodefs(config, mod_fn('autodefs.h.in'), os.path.join(top, 'autodefs.h'))
+
+ st = SignTool(config, tap_dest)
+
+ preprocess(config,
+ in_fn=os.path.join(tap_dest, 'SOURCES.in'),
+ out_fn=os.path.join(tap_dest, 'SOURCES'),
+ quote_begin='@@',
+ quote_end='@@',
+ head_comment='# %s\n\n' % autogen)
+
+ preprocess(config,
+ in_fn=os.path.join(i386, 'OemWin2k.inf.in'),
+ out_fn=os.path.join(i386, 'OemWin2k.inf'),
+ quote_begin='@@',
+ quote_end='@@',
+ if_prefix='!',
+ head_comment='; %s\n\n' % autogen)
+
+ preprocess(config,
+ in_fn=os.path.join(ti_dest, 'sources.in'),
+ out_fn=os.path.join(ti_dest, 'sources'),
+ if_prefix='!',
+ head_comment='# %s\n\n' % autogen)
+
+ build_tap(ddk_path=ver[0],
+ ddk_major=ver[1],
+ debug=False,
+ dir=tap_dest,
+ x64=False)
+
+ st.sign_verify(x64=False)
+
+ build_tap(ddk_path=ver[0],
+ ddk_major=ver[1],
+ debug=False,
+ dir=ti_dest,
+ x64=False)
+
+ tap_dist = os.path.join(dist, ver[3][0])
+
+ copy_tap(tap_dest, tap_dist, x64=False)
+ copy_tapinstall(ti_dest, tap_dist, x64=False)
+
+ if build_amd64:
+ os.mkdir(amd64)
+ preprocess(dict_def(config, [('AMD64', '1')]),
+ in_fn=os.path.join(i386, 'OemWin2k.inf.in'),
+ out_fn=os.path.join(amd64, 'OemWin2k.inf'),
+ quote_begin='@@',
+ quote_end='@@',
+ if_prefix='!',
+ head_comment='; %s\n\n' % autogen)
+
+ build_tap(ddk_path=ver[0],
+ ddk_major=ver[1],
+ debug=False,
+ dir=tap_dest,
+ x64=True)
+
+ build_tap(ddk_path=ver[0],
+ ddk_major=ver[1],
+ debug=False,
+ dir=ti_dest,
+ x64=True)
+
+ st.sign_verify(x64=True)
+
+ tap_dist_x64 = os.path.join(dist, ver[3][1])
+
+ copy_tap(tap_dest, tap_dist_x64, x64=True)
+ copy_tapinstall(ti_dest, tap_dist_x64, x64=True)
+
+main()
diff --git a/win/wb.py b/win/wb.py
index 7c2c8b9..8e23684 100644
--- a/win/wb.py
+++ b/win/wb.py
@@ -1,7 +1,7 @@
# Python module containing general build functions
# for OpenVPN on Windows
-import os, re, shutil
+import os, re, shutil, stat
autogen = "Automatically generated by OpenVPN Windows build system"
@@ -182,4 +182,34 @@ def cp(src, dest, dest_is_dir=True):
print "COPY %s %s" % (src, dest)
shutil.copyfile(src, dest)
+def rm_rf(path):
+ try:
+ shutil.rmtree(path, onerror=onerror)
+ except:
+ pass
+
+def onerror(func, path, exc_info):
+ """
+ Error handler for ``shutil.rmtree``.
+
+ If the error is due to an access error (read only file)
+ it attempts to add write permission and then retries.
+
+ If the error is for another reason it re-raises the error.
+
+ Usage : ``shutil.rmtree(path, onerror=onerror)``
+ """
+ if not os.access(path, os.W_OK):
+ # Is the error an access error ?
+ os.chmod(path, stat.S_IWUSR)
+ func(path)
+ else:
+ raise
+
+def mkdir_silent(dir):
+ try:
+ os.mkdir(dir)
+ except:
+ pass
+
config = get_config()