diff options
Diffstat (limited to '')
-rw-r--r-- | installer/fetcher/fetcher.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/installer/fetcher/fetcher.c b/installer/fetcher/fetcher.c index ad392068..81c8d7e5 100644 --- a/installer/fetcher/fetcher.c +++ b/installer/fetcher/fetcher.c @@ -10,6 +10,8 @@ #include <ntsecapi.h> #include <sddl.h> #include <winhttp.h> +#include <wintrust.h> +#include <softpub.h> #include <msi.h> #include <stdio.h> #include <string.h> @@ -80,7 +82,16 @@ static DWORD __stdcall download_thread(void *param) size_t total_bytes, current_bytes; const char *arch; blake2b_ctx hasher; - SECURITY_ATTRIBUTES security_attributes = { .nLength = sizeof(SECURITY_ATTRIBUTES) }; + SECURITY_ATTRIBUTES security_attributes = { .nLength = sizeof(security_attributes) }; + WINTRUST_FILE_INFO wintrust_fileinfo = { .cbStruct = sizeof(wintrust_fileinfo) }; + WINTRUST_DATA wintrust_data = { + .cbStruct = sizeof(wintrust_data), + .dwUIChoice = WTD_UI_NONE, + .fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN, + .dwUnionChoice = WTD_CHOICE_FILE, + .dwStateAction = WTD_STATEACTION_VERIFY, + .pFile = &wintrust_fileinfo + }; (void)param; @@ -163,13 +174,18 @@ static DWORD __stdcall download_thread(void *param) goto out; set_progress(progress, current_bytes, total_bytes); } + + set_status(progress, "verifying installer"); blake2b_final(&hasher, computed_hash); if (memcmp(hash, computed_hash, sizeof(hash))) goto out; - - set_status(progress, "launching installer"); CloseHandle(filehandle); //TODO: I wish this wasn't required. filehandle = INVALID_HANDLE_VALUE; + wintrust_fileinfo.pcwszFilePath = L(msi_filename); + if (WinVerifyTrust(INVALID_HANDLE_VALUE, &(GUID)WINTRUST_ACTION_GENERIC_VERIFY_V2, &wintrust_data)) + goto out; + + set_status(progress, "launching installer"); ShowWindow(progress, SW_HIDE); ret = MsiInstallProductA(msi_filename, NULL); ret = ret == ERROR_INSTALL_USEREXIT ? ERROR_SUCCESS : ret; |