vikarti.anatra/safing-portmaster
1
0
Fork 0
mirror of https://github.com/safing/portmaster synced 2025-09-02 10:39:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[windows_kext] Finalize building kext and cab for MS signing

Browse source
This commit is contained in:
Daniel 2024-05-27 16:40:46 +02:00
parent e78630e516
commit bcd834c4da
8 changed files with 42 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
Earthfile
View file

@ -461,82 +461,26 @@ tauri-release:
BUILD +tauri-build --target="${arch}" --bundle="${bundle}" BUILD +tauri-build --target="${arch}" --bundle="${bundle}"
END END
kext-base: kext-build:
FROM ${rust_builder_image} FROM ${rust_builder_image}
RUN apt-get update -qq
# Tools and libraries required for cross-compilation
RUN apt-get install --no-install-recommends -qq \
autoconf \
autotools-dev \
libtool-bin \
clang \
cmake \
bsdmainutils \
gcc-multilib \
linux-libc-dev \
linux-libc-dev-amd64-cross \
linux-libc-dev-arm64-cross \
linux-libc-dev-armel-cross \
linux-libc-dev-armhf-cross \
build-essential \
curl \
wget \
file \
mingw-w64
# Install architecture target # Install architecture target
RUN rustup target add x86_64-pc-windows-msvc
DO rust+INIT --keep_fingerprints=true DO rust+INIT --keep_fingerprints=true
# Add some required rustup components
RUN rustup component add cargo
RUN rustup component add rust-std
RUN rustup component add rustc
# Required for cross compilation to work.
ENV PKG_CONFIG_ALLOW_CROSS=1
ENV PKG_CONFIG_PATH=/usr/x86_64-w64-mingw32/lib/pkgconfig
# Explicitly cache here.
SAVE IMAGE --cache-hint
kext-build:
FROM +kext-base
WORKDIR /app/kext
# Pull and build dependencies.
# wdk package
COPY --keep-ts ./windows_kext/wdk/Cargo.toml ./wdk/Cargo.toml
COPY --keep-ts ./windows_kext/wdk/Cargo.lock ./wdk/Cargo.lock
COPY --keep-ts ./windows_kext/wdk/src/lib.rs ./wdk/src/lib.rs
# release package
COPY --keep-ts ./windows_kext/release/Cargo.toml ./release/Cargo.toml
COPY --keep-ts ./windows_kext/release/Cargo.lock ./release/Cargo.lock
COPY --keep-ts ./windows_kext/release/src/main.rs ./release/src/main.rs
# protocol package
COPY --keep-ts ./windows_kext/protocol/Cargo.toml ./protocol/Cargo.toml
COPY --keep-ts ./windows_kext/protocol/Cargo.lock ./protocol/Cargo.lock
COPY --keep-ts ./windows_kext/protocol/src/lib.rs ./protocol/src/lib.rs
# driver package
COPY --keep-ts ./windows_kext/driver/Cargo.toml ./driver/Cargo.toml
COPY --keep-ts ./windows_kext/driver/Cargo.lock ./driver/Cargo.lock
COPY --keep-ts ./windows_kext/driver/src/lib.rs ./driver/src/lib.rs
# driver cargo config
COPY --keep-ts ./windows_kext/driver/.cargo ./driver/.cargo
# fetch
DO rust+CARGO --args="fetch --manifest-path ./driver/Cargo.toml --target x86_64-pc-windows-msvc"
# Build kext # Build kext
WORKDIR /app/kext
# --keep-ts is necessary to ensure that the timestamps of the source files # --keep-ts is necessary to ensure that the timestamps of the source files
# are preserved such that Rust's incremental compilation works correctly. # are preserved such that Rust's incremental compilation works correctly.
COPY --keep-ts ./windows_kext/ . COPY --keep-ts ./windows_kext/ .
WORKDIR /app/kext/driver # Add target architecture
DO rust+CARGO --args="build" RUN rustup target add x86_64-pc-windows-msvc
# Build using special earthly lib
WORKDIR /app/kext/release
DO rust+CARGO --args="run"
SAVE ARTIFACT --keep-ts "portmaster-kext-release-bundle.zip" AS LOCAL "${outputDir}/windows_amd64/portmaster-kext-release-bundle.zip"
build: build:
BUILD +go-release BUILD +go-release

3
windows_kext/release/README.md
View file

@ -21,7 +21,8 @@ cd kext_release_v.../
- Enter "PortmasterKext vX.X.X #1" as the product name - Enter "PortmasterKext vX.X.X #1" as the product name
- Upload `portmaster-kext_vX-X-X.cab` - Upload `portmaster-kext_vX-X-X.cab`
- Select the Windows 10 versions that you compiled and tested on - Select the Windows 10 versions that you compiled and tested on
- Currently: Windows 11 Client, version 22H2 x64 (Ni)
- Wait for the process to finish, download the `.zip`. - Wait for the process to finish, download the `.zip`.
The zip will contain the release files. The zip will contain the release files.
> Optionally sign the .sys file. > Optionally sign the .sys file.

27
windows_kext/release/src/main.rs
View file

@ -16,18 +16,9 @@ fn main() {
); );
// Create Zip that will hold all the release files and scripts. // Create Zip that will hold all the release files and scripts.
let file = File::create(format!( let file = File::create("portmaster-kext-release-bundle.zip").unwrap();
"kext_release_v{}-{}-{}.zip",
VERSION[0], VERSION[1], VERSION[2]
))
.unwrap();
let mut zip = zip::ZipWriter::new(file); let mut zip = zip::ZipWriter::new(file);
let version_file = format!(
"portmaster-kext_v{}-{}-{}",
VERSION[0], VERSION[1], VERSION[2]
);
// Write files to zip // Write files to zip
zip.add_directory("cab", FileOptions::default()).unwrap(); zip.add_directory("cab", FileOptions::default()).unwrap();
// Write driver.lib // Write driver.lib
@ -35,7 +26,7 @@ fn main() {
// Write ddf file // Write ddf file
write_to_zip( write_to_zip(
&mut zip, &mut zip,
&format!("{}.ddf", version_file), "PortmasterKext.ddf",
get_ddf_content(), get_ddf_content(),
); );
// Write build cab script // Write build cab script
@ -44,7 +35,7 @@ fn main() {
// Write inf file // Write inf file
write_to_zip( write_to_zip(
&mut zip, &mut zip,
&format!("cab/{}.inf", version_file), "cab/PortmasterKext64.inf",
get_inf_content(), get_inf_content(),
); );
@ -82,28 +73,28 @@ fn get_inf_content() -> String {
fn get_ddf_content() -> String { fn get_ddf_content() -> String {
let reg = Handlebars::new(); let reg = Handlebars::new();
let version_file = format!( let cab_file = format!(
"portmaster-kext_v{}-{}-{}", "PortmasterKext_v{}-{}-{}.cab",
VERSION[0], VERSION[1], VERSION[2] VERSION[0], VERSION[1], VERSION[2]
); );
reg.render_template( reg.render_template(
include_str!("../templates/PortmasterKext.ddf"), include_str!("../templates/PortmasterKext.ddf"),
&json!({"version_file": version_file}), &json!({"cab_file": cab_file}),
) )
.unwrap() .unwrap()
} }
fn get_build_cab_script_content() -> String { fn get_build_cab_script_content() -> String {
let reg = Handlebars::new(); let reg = Handlebars::new();
let version_file = format!( let cab_file = format!(
"portmaster-kext_v{}-{}-{}", "PortmasterKext_v{}-{}-{}.cab",
VERSION[0], VERSION[1], VERSION[2] VERSION[0], VERSION[1], VERSION[2]
); );
reg reg
.render_template( .render_template(
include_str!("../templates/build_cab.ps1"), include_str!("../templates/build_cab.ps1"),
&json!({"sys_file": format!("{}.sys", version_file), "pdb_file": format!("{}.pdb", version_file), "lib_file": "driver.lib", "version_file": &version_file }), &json!({"sys_file": "PortmasterKext64.sys", "pdb_file": "PortmasterKext64.pdb", "lib_file": "driver.lib", "cab_file": &cab_file }),
) )
.unwrap() .unwrap()
} }

10
windows_kext/release/templates/PortmasterKext.ddf
View file

@ -1,4 +1,4 @@
;*** {{version_file}}.ddf ;*** PortmasterKext.ddf
.OPTION EXPLICIT ; Generate errors .OPTION EXPLICIT ; Generate errors
.Set CabinetFileCountThreshold=0 .Set CabinetFileCountThreshold=0
.Set FolderFileCountThreshold=0 .Set FolderFileCountThreshold=0
@ -11,7 +11,7 @@
.Set Compress=on .Set Compress=on
;Specify file name for new cab file ;Specify file name for new cab file
.Set CabinetNameTemplate={{version_file}}.cab .Set CabinetNameTemplate={{cab_file}}
; Specify the subdirectory for the files. ; Specify the subdirectory for the files.
; Your cab file should not have files at the root level, ; Your cab file should not have files at the root level,
@ -19,6 +19,6 @@
.Set DestinationDir=PortmasterKext .Set DestinationDir=PortmasterKext
;Specify files to be included in cab file ;Specify files to be included in cab file
.\cab\\{{version_file}}.inf .\cab\\PortmasterKext64.inf
.\cab\\{{version_file}}.sys .\cab\\PortmasterKext64.sys
.\cab\\{{version_file}}.pdb .\cab\\PortmasterKext64.pdb

6
windows_kext/release/templates/PortmasterKext64.inf
View file

@ -43,12 +43,6 @@ CopyFiles = PortmasterKext.DriverFiles
[DefaultInstall.NTamd64.Services] [DefaultInstall.NTamd64.Services]
AddService = %ServiceName%,,PortmasterKext.Service AddService = %ServiceName%,,PortmasterKext.Service
[DefaultUninstall]
DelFiles = PortmasterKext.DriverFiles
[DefaultUninstall.Services]
DelService = PortmasterKext,0x200 ; SPSVCINST_STOPSERVICE
[PortmasterKext.DriverFiles] [PortmasterKext.DriverFiles]
PortmasterKext64.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY PortmasterKext64.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY

28
windows_kext/release/templates/build_cab.ps1
View file

@ -1,5 +1,7 @@
del {{version_file}}.cab # Remove previous cab build
Remove-Item -Path "PortmasterKext_v2-0-0.cab" -ErrorAction SilentlyContinue
# Link the driver.
link.exe /OUT:{{sys_file}} ` link.exe /OUT:{{sys_file}} `
/MANIFEST:NO /PROFILE /Driver ` /MANIFEST:NO /PROFILE /Driver `
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wdmsec.lib" ` "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wdmsec.lib" `
@ -14,35 +16,37 @@ link.exe /OUT:{{sys_file}} `
"C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib" ` "C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib" `
"{{lib_file}}" ` "{{lib_file}}" `
/RELEASE /VERSION:"10.0" /DEBUG /MACHINE:X64 /ENTRY:"FxDriverEntry" /OPT:REF /INCREMENTAL:NO /SUBSYSTEM:NATIVE",6.01" /OPT:ICF /ERRORREPORT:PROMPT /MERGE:"_TEXT=.text;_PAGE=PAGE" /NOLOGO /NODEFAULTLIB /SECTION:"INIT,d" /RELEASE /VERSION:"10.0" /DEBUG /MACHINE:X64 /ENTRY:"FxDriverEntry" /OPT:REF /INCREMENTAL:NO /SUBSYSTEM:NATIVE",6.01" /OPT:ICF /ERRORREPORT:PROMPT /MERGE:"_TEXT=.text;_PAGE=PAGE" /NOLOGO /NODEFAULTLIB /SECTION:"INIT,d"
if(!$?) { if(!$?) {
Exit $LASTEXITCODE Exit $LASTEXITCODE
} }
move {{sys_file}} cab\\{{sys_file}} # Move the driver and debug symbolds into the cab directory.
move {{pdb_file}} cab\\{{pdb_file}} move {{sys_file}} cab\\PortmasterKext64.sys
move {{pdb_file}} cab\\PortmasterKext64.pdb
# Create the cab.
Write-Host Write-Host
Write-Host ===== Write-Host =====
Write-Host creating .cab ... Write-Host creating .cab ...
MakeCab /f {{version_file}}.ddf MakeCab /f PortmasterKext.ddf
if(!$?) { if(!$?) {
Exit $LASTEXITCODE Exit $LASTEXITCODE
} }
# Clean up after cab creation.
Write-Host Write-Host
Write-Host ===== Write-Host =====
Write-Host cleaning up ... Write-Host cleaning up ...
del setup.inf Remove-Item -Path "setup.inf" -ErrorAction SilentlyContinue
del setup.rpt Remove-Item -Path "setup.rpt" -ErrorAction SilentlyContinue
move disk1\\{{version_file}}.cab {{version_file}}.cab Move-Item disk1\\{{cab_file}} {{cab_file}}
rmdir disk1 Remove-Item disk1
# Print signing instructions.
Write-Host Write-Host
Write-Host ===== Write-Host =====
Write-Host YOUR TURN: sign the .cab Write-Host YOUR TURN: sign the .cab
Write-Host use something along the lines of: Write-Host "(If the sha1 fingerprint of the cert has changed, you can find it in the cert properties on Windows as Thumbprint)"
Write-Host Write-Host
Write-Host signtool sign /sha1 C2CBB3A0256A157FEB08B661D72BF490B68724C4 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a {{version_file}}.cab Write-Host signtool sign /sha1 69ADFEACD5AC42D0DB5698E38CA917B9C60FBFA6 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a {{cab_file}}
Write-Host Write-Host

25
windows_kext/release/templates/finalize.bat
View file

@ -1,25 +0,0 @@
@echo off
set DISTDIR=dist\windows_amd64\kext
set SIGNEDDIR=Signed\drivers\PortmasterKext
echo.
echo =====
echo copying files ...
mkdir %DISTDIR%
echo copy %SIGNEDDIR%\PortmasterKext64.sys %DISTDIR%\portmaster-kext_vX-X-X.sys
copy %SIGNEDDIR%\PortmasterKext64.sys %DISTDIR%\portmaster-kext_vX-X-X.sys
echo.
echo =====
echo OPTIONAL:
echo YOUR TURN: sign .sys (add your sig for additional transparency)
echo use something along the lines of:
echo.
echo signtool sign /sha1 C2CBB3A0256A157FEB08B661D72BF490B68724C4 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a /as %DISTDIR%\portmaster-kext_vX-X-X.sys
echo.
echo.
echo =====
echo YOUR TURN: rename %DISTDIR%\portmaster-kext-vX-X-X.sys to correct versions!
echo DONE!
echo.

27
windows_kext/release/templates/link.ps1
View file

@ -1,4 +1,3 @@
link.exe /OUT:{{sys_file}} ` link.exe /OUT:{{sys_file}} `
/MANIFEST:NO /PROFILE /Driver ` /MANIFEST:NO /PROFILE /Driver `
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wdmsec.lib" ` "C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wdmsec.lib" `
@ -13,29 +12,3 @@ link.exe /OUT:{{sys_file}} `
"C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib" ` "C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib" `
"{{lib_file}}" ` "{{lib_file}}" `
/RELEASE /VERSION:"10.0" /DEBUG /MACHINE:X64 /ENTRY:"FxDriverEntry" /OPT:REF /INCREMENTAL:NO /SUBSYSTEM:NATIVE",6.01" /OPT:ICF /ERRORREPORT:PROMPT /MERGE:"_TEXT=.text;_PAGE=PAGE" /NOLOGO /NODEFAULTLIB /SECTION:"INIT,d" /RELEASE /VERSION:"10.0" /DEBUG /MACHINE:X64 /ENTRY:"FxDriverEntry" /OPT:REF /INCREMENTAL:NO /SUBSYSTEM:NATIVE",6.01" /OPT:ICF /ERRORREPORT:PROMPT /MERGE:"_TEXT=.text;_PAGE=PAGE" /NOLOGO /NODEFAULTLIB /SECTION:"INIT,d"
if(!$?) { Exit $LASTEXITCODE }
move {{sys_file}} cab\\{{sys_file}}
move {{pdb_file}} cab\\{{pdb_file}}
Write-Host
Write-Host =====
Write-Host creating .cab ...
MakeCab /f {{version_file}}.ddf
Write-Host
Write-Host =====
Write-Host cleaning up ...
del setup.inf
del setup.rpt
move disk1\\{{version_file}}.cab {{version_file}}.cab
rmdir disk1
Write-Host
Write-Host =====
Write-Host YOUR TURN: sign the .cab
Write-Host use something along the lines of:
Write-Host
Write-Host signtool sign /sha1 C2CBB3A0256A157FEB08B661D72BF490B68724C4 /tr http://timestamp.digicert.com /td sha256 /fd sha256 /a {{version_file}}.cab
Write-Host