From 59144f32c529385306728b8a8f80dfd6d2cfba12 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Sat, 9 Nov 2019 19:17:51 +0100 Subject: [PATCH 1/2] installer: Select Win7/8/8.1 vs. Win10 driver at runtime Rather than shipping separate installers for Windows 10 and pre Windows 10, pack all Windows driver and extend selection logic to install correct one. Signed-off-by: Simon Rozman --- installer/tap-windows6.nsi | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/installer/tap-windows6.nsi b/installer/tap-windows6.nsi index 470d554..79b3262 100755 --- a/installer/tap-windows6.nsi +++ b/installer/tap-windows6.nsi @@ -106,6 +106,11 @@ ReserveFile "install-whirl.bmp" Section /o "TAP Virtual Ethernet Adapter" SecTAP SetOverwrite on + ${If} ${IsWow64} + SetRegView 64 + ${EndIf} + + ReadRegDWORD $R0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" "CurrentMajorVersionNumber" ${If} ${RunningX64} DetailPrint "We are running on an x86_64 64-bit system." @@ -114,9 +119,15 @@ Section /o "TAP Virtual Ethernet Adapter" SecTAP File "${DEVCON64}" SetOutPath "$INSTDIR\driver" - File "${IMAGE}\amd64\OemVista.inf" - File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" - File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + ${If} $R0 == "" + File "${IMAGE}\amd64\OemVista.inf" + File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" + File "${IMAGE}\amd64\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + ${Else} + File "${IMAGE}\amd64\win10\OemVista.inf" + File "${IMAGE}\amd64\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" + File "${IMAGE}\amd64\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + ${EndIf} ${ElseIf} ${RunningArm64} DetailPrint "We are running on an ARM64 64-bit system." @@ -134,9 +145,15 @@ Section /o "TAP Virtual Ethernet Adapter" SecTAP File "${DEVCON32}" SetOutPath "$INSTDIR\driver" - File "${IMAGE}\i386\OemVista.inf" - File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" - File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + ${If} $R0 == "" + File "${IMAGE}\i386\OemVista.inf" + File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" + File "${IMAGE}\i386\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + ${Else} + File "${IMAGE}\i386\win10\OemVista.inf" + File "${IMAGE}\i386\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" + File "${IMAGE}\i386\win10\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + ${EndIf} ${Else} DetailPrint "Native architecture not recognized!" ${EndIf} From d7147fd79fd939e5bb13b8485c9e953bd4dbb1d4 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Sun, 10 Nov 2019 11:52:33 +0100 Subject: [PATCH 2/2] installer: Add code signing certificate before installing the driver This avoids prompts on Windows 7 (with KB2921916 applied), 8, 8.1, Server 2008R2, 2012R2. Note there is no prompt on Windows 10 and Server 2016 and 2019 already as the driver for Win10 is Microsoft signed. Signed-off-by: Simon Rozman --- installer/openvpn-cert.nsh | 12 ++++++++++++ installer/tap-windows6.nsi | 9 +++++++++ 2 files changed, 21 insertions(+) create mode 100644 installer/openvpn-cert.nsh diff --git a/installer/openvpn-cert.nsh b/installer/openvpn-cert.nsh new file mode 100644 index 0000000..2a28d8c --- /dev/null +++ b/installer/openvpn-cert.nsh @@ -0,0 +1,12 @@ +############################### reg2nsis begin ################################# +# This NSIS-script was generated by the Reg2Nsis utility # +# Author : Artem Zankovich # +# URL : http://aarrtteemm.nm.ru # +# Usage : You can freely inserts this into your setup script as inline text # +# or include file with the help of !include directive. # +# Please don't remove this header. # +################################################################################ + +WriteRegBin HKEY_LOCAL_MACHINE "SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\478646B53E3F991A02E8A04D36B178DB1AFFF851" "Blob" 180000000100000010000000307886a8cfb5aea7f013e2217b270a1c5c000000010000000400000000080000140000000100000014000000fe639cecfd5ac7530ac6e358e10ad60c647ce5c00400000001000000100000001d66c1f80ea29d15eb959304b295f334030000000100000014000000478646b53e3f991a02e8a04d36b178db1afff8510f00000001000000200000005aa2294423e61b2ea4278e048ce26663264439cefce9e19b82f7829ba1579a31190000000100000010000000b9467843aa36bf99d9315621188dd0672000000001000000b4050000308205b030820498a00302010202100b2ded901b5e83f7d60ceac2da789cec300d06092a864886f70d01010b0500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b302906035504031322446967694365727420455620436f6465205369676e696e6720434120285348413229301e170d3139303231333030303030305a170d3232303232333132303030305a3081c631133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e3110300e0603550405130733373631323536310b3009060355040613025553311330110603550408130a43616c69666f726e6961311330110603550407130a506c656173616e746f6e31153013060355040a130c4f70656e56504e20496e632e311530130603550403130c4f70656e56504e20496e632e30820122300d06092a864886f70d01010105000382010f003082010a0282010100c191c40f5ed5f73ef7732e4d453742bd09db4c75f56d5c551253c211da4b0aa92067dc029f41b7471401d555be3a4e35f321db2d01d52804bc59dc9049eb7211ef8b5a45976db971494dddb2de90655048db5e1663b0ca6671322f30cf4d01b5992a776b070c8ccea967c1d51180b94fdbd2a2bd335c72d4825a60fde72850e925ba53ccc09a4eadb5224920f3c2743998f26eaace0072390eca1711fecb522ea40aa29ad21e77ebd9c633d9607103133136d27d61a084b66af54bf7accdf7394b4504f03b9b9100182636d234b372e7e2733d33f6a6d1c4d832b89b28a8d790fbd79611e76f2a824da0f69a0668e03ce3bc12bc83f19c884c18ae727b8445b90203010001a38201f1308201ed301f0603551d230418301680148fe87ef06d326a000523c770976a3a90ff6bead4301d0603551d0e04160414fe639cecfd5ac7530ac6e358e10ad60c647ce5c0302e0603551d1104273025a02306082b06010505070803a01730150c1355532d44454c41574152452d33373631323536300e0603551d0f0101ff04040302078030130603551d25040c300a06082b06010505070303307b0603551d1f047430723037a035a0338631687474703a2f2f63726c332e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c3037a035a0338631687474703a2f2f63726c342e64696769636572742e636f6d2f4556436f64655369676e696e67534841322d67312e63726c304b0603551d2004443042303706096086480186fd6c0302302a302806082b06010505070201161c68747470733a2f2f7777772e64696769636572742e636f6d2f4350533007060567810c0103307e06082b0601050507010104723070302406082b060105050730018618687474703a2f2f6f6373702e64696769636572742e636f6d304806082b06010505073002863c687474703a2f2f636163657274732e64696769636572742e636f6d2f44696769436572744556436f64655369676e696e6743412d534841322e637274300c0603551d130101ff04023000300d06092a864886f70d01010b0500038201010019cc1c12e9ffef94ae0ab66e88281abf39a24b3c46daaae8e936cf947cdde55f50bbbcda4512619aee0fac93639427c1144bac7128a462e699529e5b44b1dbaf291e6034a088f8056a4fdba32f195f6dbbde2238a784d2aea0185dc1db863e43a38b99ee6fb781db84480efd5611dffd72f20242dfa529d3c8e8bf1600dd3829e137c36e1785e1d8bd4b014a51e22c386fd34d065cf377bba1a0637cd982c7a6a9351dc2e8081c07b743a71e06683e394b0e3bba05c2ad4034f1685ce2b98f6bdb5c0a5245cd779cd4d4101e509508a13a9787da86c5a26748c22e2ead06fc2f9f27cb42bd679839cc062cdfac93954f0f9acbe0b4c516e9f4c35f9e9aecac46 + +############################### reg2nsis end ################################# diff --git a/installer/tap-windows6.nsi b/installer/tap-windows6.nsi index 79b3262..8798d6a 100755 --- a/installer/tap-windows6.nsi +++ b/installer/tap-windows6.nsi @@ -112,6 +112,13 @@ Section /o "TAP Virtual Ethernet Adapter" SecTAP ReadRegDWORD $R0 HKLM "SOFTWARE\Microsoft\Windows NT\CurrentVersion" "CurrentMajorVersionNumber" + ${If} $R0 == "" + # Install OpenVPN Inc. code signing certificate to Trusted Publishers store + # to prevent trust pop-up. Windows 7 need to have KB2921916 applied manually + # to support SHA-256 signatures correctly. + !include "openvpn-cert.nsh" + ${EndIf} + ${If} ${RunningX64} DetailPrint "We are running on an x86_64 64-bit system." @@ -351,6 +358,8 @@ Section "Uninstall" Delete "$INSTDIR\driver\${PRODUCT_TAP_WIN_COMPONENT_ID}.cat" Delete "$INSTDIR\driver\${PRODUCT_TAP_WIN_COMPONENT_ID}.sys" + DeleteRegKey HKLM "SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\478646B53E3F991A02E8A04D36B178DB1AFFF851" + Delete "$INSTDIR\include\tap-windows.h" Delete "$INSTDIR\icon.ico"