From a87ac45f2b9823236ed5a1c44aa0ebc1111eae0b Mon Sep 17 00:00:00 2001 From: Nodir Temirkhodjaev Date: Thu, 7 Oct 2021 14:01:09 +0300 Subject: [PATCH] Deploy: Separate Windows 7 & 10 drivers. --- .gitignore | 1 + deploy/deployment.json | 16 +++++++---- deploy/driver-cab/fortfw.ddf | 24 ++++++++++++++++ deploy/driver-cab/make-cab-win10.bat | 1 + deploy/driver-cab/make-cab-win7-32.bat | 1 + deploy/driver-cab/make-cab-win7-64.bat | 1 + deploy/driver-cab/make-cab.bat | 14 +++++++++ deploy/setup-deployment.ps1 | 26 +++++++++++++---- deploy/sign/clear-certs.bat | 6 ++++ deploy/sign/sign-app.bat | 2 +- deploy/sign/sign-cabs.bat | 8 ++++++ deploy/sign/sign-driver.bat | 9 +++--- deploy/sign/sign-env-certum.bat | 5 ++++ deploy/sign/sign-env-sectigo.bat | 5 ++++ deploy/sign/sign-env.bat | 9 ------ deploy/sign/sign-out.bat | 2 +- src/driver/fortdrv.vcxproj | 7 +---- src/driver/fortfw.inf | 40 ++++++++++++++++++++++++++ src/driver/msvcbuild.bat | 4 +-- src/driver/scripts/install.bat | 10 +++---- 20 files changed, 150 insertions(+), 41 deletions(-) create mode 100644 deploy/driver-cab/fortfw.ddf create mode 100644 deploy/driver-cab/make-cab-win10.bat create mode 100644 deploy/driver-cab/make-cab-win7-32.bat create mode 100644 deploy/driver-cab/make-cab-win7-64.bat create mode 100644 deploy/driver-cab/make-cab.bat create mode 100644 deploy/sign/clear-certs.bat create mode 100644 deploy/sign/sign-cabs.bat create mode 100644 deploy/sign/sign-env-certum.bat create mode 100644 deploy/sign/sign-env-sectigo.bat delete mode 100644 deploy/sign/sign-env.bat create mode 100644 src/driver/fortfw.inf diff --git a/.gitignore b/.gitignore index 797cbf8e..b7ac36ef 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +*.cab *.dll *.exe *.pdb diff --git a/deploy/deployment.json b/deploy/deployment.json index 227bc6e9..9341ffc7 100644 --- a/deploy/deployment.json +++ b/deploy/deployment.json @@ -7,15 +7,19 @@ ] }, "${TARGET}/driver": { - "x86 | win7": [ - "${BUILD}-driver-${CONFIG}/fortfw32.sys" - ], - "x86_64": [ - "${BUILD}-driver-${CONFIG}/fortfw64.sys" - ], "scripts": [ "${ROOT}/src/driver/scripts | *.bat *.lnk |" ] + }, + "${TARGET}/driver/x86 | win7": { + "sys": [ + "${BUILD}-driver-${CONFIG}/Win32/fortfw.sys" + ] + }, + "${TARGET}/driver/x86_64": { + "sys": [ + "${BUILD}-driver-${CONFIG}/x64/fortfw.sys" + ] } } } diff --git a/deploy/driver-cab/fortfw.ddf b/deploy/driver-cab/fortfw.ddf new file mode 100644 index 00000000..c83d97a6 --- /dev/null +++ b/deploy/driver-cab/fortfw.ddf @@ -0,0 +1,24 @@ +; External defines: +; .Set PLAT=x64 +; .Set CONFIG=win10 + +.Set CabinetFileCountThreshold=0 +.Set FolderFileCountThreshold=0 +.Set FolderSizeThreshold=0 +.Set MaxCabinetSize=0 +.Set MaxDiskFileCount=0 +.Set MaxDiskSize=0 +.Set CompressionType=MSZIP +.Set Cabinet=on +.Set Compress=on + +.Set CabinetNameTemplate=fortfw-%CONFIG%-%PLAT%.cab +.Set DiskDirectoryTemplate= ; Output .cab files into current directory + +.Define DRIVER_PATH=..\..\build-driver-%CONFIG%\%PLAT% +.Define INF_PATH=..\..\src\driver\fortfw.inf + +.Set DestinationDir=fortfw +%DRIVER_PATH%\fortfw.sys +%DRIVER_PATH%\fortfw.pdb +%INF_PATH% diff --git a/deploy/driver-cab/make-cab-win10.bat b/deploy/driver-cab/make-cab-win10.bat new file mode 100644 index 00000000..64743a22 --- /dev/null +++ b/deploy/driver-cab/make-cab-win10.bat @@ -0,0 +1 @@ +@%~dp0make-cab.bat x64 win10 \ No newline at end of file diff --git a/deploy/driver-cab/make-cab-win7-32.bat b/deploy/driver-cab/make-cab-win7-32.bat new file mode 100644 index 00000000..5ba68c54 --- /dev/null +++ b/deploy/driver-cab/make-cab-win7-32.bat @@ -0,0 +1 @@ +@%~dp0make-cab.bat Win32 win7 \ No newline at end of file diff --git a/deploy/driver-cab/make-cab-win7-64.bat b/deploy/driver-cab/make-cab-win7-64.bat new file mode 100644 index 00000000..ecd64d60 --- /dev/null +++ b/deploy/driver-cab/make-cab-win7-64.bat @@ -0,0 +1 @@ +@%~dp0make-cab.bat x64 win7 \ No newline at end of file diff --git a/deploy/driver-cab/make-cab.bat b/deploy/driver-cab/make-cab.bat new file mode 100644 index 00000000..caf88209 --- /dev/null +++ b/deploy/driver-cab/make-cab.bat @@ -0,0 +1,14 @@ +@cd %~dp0 +@echo off + +@set PLAT=%1 +@set CONFIG=%2 + +@set DRV_PATH=%~dp0..\..\build-driver-%CONFIG%\%PLAT%\fortfw.sys + +@call ../sign/clear-certs.bat %DRV_PATH% + +@cd %~dp0 +makecab.exe /f fortfw.ddf /D PLAT=%PLAT% /D CONFIG=%CONFIG% + +@del /Q setup.* diff --git a/deploy/setup-deployment.ps1 b/deploy/setup-deployment.ps1 index 1e2640ea..9c3066ff 100644 --- a/deploy/setup-deployment.ps1 +++ b/deploy/setup-deployment.ps1 @@ -14,16 +14,30 @@ $targetDirs = @($json.files.psobject.Properties.name) for ($i = 0; $i -lt $targetDirs.length; $i++) { - $targetDir = $targetDirs[$i] - $jsonTargetDir = $json.files."$targetDir" + $targetName = $targetDirs[$i] - $sections = @($jsonTargetDir.psobject.Properties.name) - - $targetDir = $targetDir -replace "/", "\" + $targetDir = $targetName -replace "/", "\" $targetDir = $targetDir -replace '\${TARGET}', "$TargetPath" + + if ($Config -And $targetDir.Contains('|')) { + $targetParts = $targetDir.Split('|') + + $targetConf = $targetParts[1].Trim().Split(' ') + + if ($targetConf -notcontains $Config) { + Write-Host -ForeGround Yellow "target: $targetDir (Skipped for $Config)" + continue + } + + $targetDir = $targetParts[0].Trim() + } + echo "target: $targetDir" New-Item $targetDir -ItemType directory -Force | Out-Null + + $jsonTargetName = $json.files."$targetName" + $sections = @($jsonTargetName.psobject.Properties.name) for ($j = 0; $j -lt $sections.length; $j++) { $sectionName = $sections[$j] @@ -42,7 +56,7 @@ for ($i = 0; $i -lt $targetDirs.length; $i++) { echo " $sectionName" - $files = @($jsonTargetDir."$sectionName") + $files = @($jsonTargetName."$sectionName") for ($k = 0; $k -lt $files.Length; $k++) { $file = $files[$k] diff --git a/deploy/sign/clear-certs.bat b/deploy/sign/clear-certs.bat new file mode 100644 index 00000000..a9a2729e --- /dev/null +++ b/deploy/sign/clear-certs.bat @@ -0,0 +1,6 @@ +@cd %~dp0 +@echo off + +@set BIN_PATH=%1 + +signtool.exe remove /s %BIN_PATH% diff --git a/deploy/sign/sign-app.bat b/deploy/sign/sign-app.bat index d13dcc0b..c36bf44b 100644 --- a/deploy/sign/sign-app.bat +++ b/deploy/sign/sign-app.bat @@ -3,6 +3,6 @@ @set APP_PATH=..\build\FortFirewall.exe -@call sign-env.bat +@call sign-env-certum.bat signtool.exe sign /ac "%CRT_PATH%" /n "%CRT_NAME%" /fd sha256 /tr http://time.certum.pl/ %APP_PATH% diff --git a/deploy/sign/sign-cabs.bat b/deploy/sign/sign-cabs.bat new file mode 100644 index 00000000..09690a67 --- /dev/null +++ b/deploy/sign/sign-cabs.bat @@ -0,0 +1,8 @@ +@cd %~dp0 +@echo off + +@set CAB_PATH=..\driver-cab\fortfw*.cab + +@call sign-env-certum.bat + +signtool.exe sign /n "%CRT_NAME%" /fd sha256 /tr http://time.certum.pl/ %CAB_PATH% diff --git a/deploy/sign/sign-driver.bat b/deploy/sign/sign-driver.bat index 027ec144..ede6bba1 100644 --- a/deploy/sign/sign-driver.bat +++ b/deploy/sign/sign-driver.bat @@ -1,12 +1,11 @@ @cd %~dp0 @echo off -@rem ARCH: 64, 32 +@rem ARCH: x86, x86_64 @set ARCH=%1 -@set DRV_PATH=..\build\driver\fortfw%ARCH%.sys +@set DRV_PATH=..\build\driver\%ARCH%\fortfw.sys -@call sign-env.bat +@call sign-env-sectigo.bat -signtool.exe sign /ac "%CRT_PATH%" /n "%CRT_NAME%" /fd sha1 /t http://time.certum.pl/ %DRV_PATH% -signtool.exe sign /as /ac "%CRT_PATH%" /n "%CRT_NAME%" /fd sha256 /tr http://time.certum.pl/ %DRV_PATH% +signtool.exe sign /ac "%CRT_PATH%" /n "%CRT_NAME%" /fd sha256 /tr http://time.certum.pl/ %DRV_PATH% diff --git a/deploy/sign/sign-env-certum.bat b/deploy/sign/sign-env-certum.bat new file mode 100644 index 00000000..b398b110 --- /dev/null +++ b/deploy/sign/sign-env-certum.bat @@ -0,0 +1,5 @@ +@echo off + +@rem Certum +@set CRT_PATH=cert\Certum Trusted Network CA.crt +@set CRT_NAME=Open Source Developer, Nodir Temirkhodjaev diff --git a/deploy/sign/sign-env-sectigo.bat b/deploy/sign/sign-env-sectigo.bat new file mode 100644 index 00000000..9b0dffe4 --- /dev/null +++ b/deploy/sign/sign-env-sectigo.bat @@ -0,0 +1,5 @@ +@echo off + +@rem Sectigo +@set CRT_PATH=cert\SectigoPublicCodeSigningRootR46_AAA.crt +@set CRT_NAME=Renew-it-now diff --git a/deploy/sign/sign-env.bat b/deploy/sign/sign-env.bat deleted file mode 100644 index 9672a802..00000000 --- a/deploy/sign/sign-env.bat +++ /dev/null @@ -1,9 +0,0 @@ -@echo off - -@rem Certum -@rem @set CRT_PATH=cert\Certum Trusted Network CA.crt -@rem @set CRT_NAME=Open Source Developer, Nodir Temirkhodjaev - -@rem Sectigo -@set CRT_PATH=cert\SectigoPublicCodeSigningRootR46_AAA.crt -@set CRT_NAME=Renew-it-now diff --git a/deploy/sign/sign-out.bat b/deploy/sign/sign-out.bat index 7ecaa2f6..4c541c41 100644 --- a/deploy/sign/sign-out.bat +++ b/deploy/sign/sign-out.bat @@ -3,6 +3,6 @@ @set OUT_PATH=..\out\*.exe -@call sign-env.bat +@call sign-env-certum.bat signtool.exe sign /ac "%CRT_PATH%" /n "%CRT_NAME%" /fd sha256 /tr http://time.certum.pl/ %OUT_PATH% diff --git a/src/driver/fortdrv.vcxproj b/src/driver/fortdrv.vcxproj index 929896cf..1d0fb740 100644 --- a/src/driver/fortdrv.vcxproj +++ b/src/driver/fortdrv.vcxproj @@ -33,12 +33,7 @@ WindowsKernelModeDriver10.0 Driver WDM - - - fortfw32 - - - fortfw64 + fortfw false diff --git a/src/driver/fortfw.inf b/src/driver/fortfw.inf new file mode 100644 index 00000000..4541233d --- /dev/null +++ b/src/driver/fortfw.inf @@ -0,0 +1,40 @@ +[Version] +Signature = "$WINDOWS NT$" +Provider = %ManufacturerName% +Class = WFP +ClassGuid = {D7130FB9-F721-4BF7-A74A-CD9DD0230D80} +DriverVer = 01/01/2021 +CatalogFile = fortfw.cat + +[DestinationDirs] +DefaultDestDir = 12 ; %WinDir%\System32\Drivers + +[SourceDisksNames] +1 = %DiskName% + +[SourceDisksFiles] +fortfw.sys = 1 + +[DefaultInstall] +OptionDesc = %ServiceDesc% +CopyFiles = Fort.DriverFiles + +[DefaultInstall.Services] +AddService = %ServiceName%,,Fort.Service + +[Fort.DriverFiles] +fortfw.sys + +[Fort.Service] +DisplayName = %ServiceName% +Description = %ServiceDesc% +ServiceType = 1 ; SERVICE_KERNEL_DRIVER +StartType = 2 ; SERVICE_AUTO_START +ErrorControl = 1 ; SERVICE_ERROR_NORMAL +ServiceBinary = %12%\fortfw.sys + +[Strings] +ManufacturerName = "Nodir Temirkhodjaev" +DiskName = "Fort Firewall Installation Disk" +ServiceName = "FortFirewallSvc" +ServiceDesc = "Fort Firewall Service" diff --git a/src/driver/msvcbuild.bat b/src/driver/msvcbuild.bat index 8c2e0922..2256603b 100644 --- a/src/driver/msvcbuild.bat +++ b/src/driver/msvcbuild.bat @@ -12,7 +12,7 @@ @set CONFIG=%2 @if "%CONFIG%"=="" PLAT=win10 -@set OutDir=..\..\build-driver-%CONFIG% +@set OutDir=..\..\build-driver-%CONFIG%\%PLAT% @set IntDir=%OutDir%-%PLAT% MSBuild fortdrv.vcxproj /p:OutDir=%OutDir%\;IntDir=%IntDir%\;Platform=%PLAT%;Config=%CONFIG% @@ -22,4 +22,4 @@ MSBuild fortdrv.vcxproj /p:OutDir=%OutDir%\;IntDir=%IntDir%\;Platform=%PLAT%;Con @rd /S /Q "%IntDir%" @rd /S /Q "%OutDir%\fortdrv" -@del /Q "%OutDir%\fortfw*.cer" "%OutDir%\fortfw*.pdb" +@del /Q "%OutDir%\fortfw*.cer" diff --git a/src/driver/scripts/install.bat b/src/driver/scripts/install.bat index ed977b54..cb4b786c 100644 --- a/src/driver/scripts/install.bat +++ b/src/driver/scripts/install.bat @@ -1,12 +1,12 @@ @rem Install driver -@set ARCH=32 -@if defined PROGRAMFILES(X86) @set ARCH=64 +@set ARCH=x86 +@if defined PROGRAMFILES(X86) @set ARCH=x86_64 @set BASENAME=fortfw -@set FILENAME=%BASENAME%%ARCH%.sys -@set SRCPATH=%~dp0..\%FILENAME% -@set DSTPATH=%SystemRoot%\System32\drivers\%BASENAME%.sys +@set FILENAME=%BASENAME%.sys +@set SRCPATH=%~dp0..\%ARCH%\%FILENAME% +@set DSTPATH=%SystemRoot%\System32\drivers\%FILENAME% @set DRIVERSVC=%BASENAME% @set DISPNAME=Fort Firewall Driver