aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/installer (follow)
Commit message (Collapse)AuthorAgeFilesLines
* updater,fetcher: disable HTTP/3Jason A. Donenfeld2026-05-061-5/+2
| | | | | | | We had reports of it failing. Reported-by: Ben Yoder <byoder@moltzconstructors.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: reduce windows 7 disappointment emailJason A. Donenfeld2026-04-221-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: make sure we can delete files after killing processesJason A. Donenfeld2026-04-191-17/+62
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: don't follow reparse points when computing file IDsJason A. Donenfeld2026-04-191-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: fail if EnumServicesStatusEx failsJason A. Donenfeld2026-04-161-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: don't follow reparse points during recursive deleteJason A. Donenfeld2026-04-161-1/+7
| | | | | | Just seems a bit risky. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: include unmangled driver removal log messagesJason A. Donenfeld2026-04-161-1/+5
| | | | | | Otherwise, really long lines might mangle eachother mid-way. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: add missing COM initializationJason A. Donenfeld2026-04-161-0/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* docs: update signing keyJason A. Donenfeld2026-04-101-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater,fetcher: enable http/3 opportunisticallyJason A. Donenfeld2026-03-301-4/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: account for potentially mangled title bar textJason A. Donenfeld2026-03-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* updater: do not verify EV statusJason A. Donenfeld2026-03-232-23/+4
| | | | | | | | | We'll keep signing with EV. But this is not a security check. Anybody can add an EV signature. It's not very expensive to do. And we've never checked that it's actually _our_ signature. For that, there's the normal ed25519-based mechanism, which is a lot nicer and faster. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: forbid emulation of amd64 on arm64Jason A. Donenfeld2026-03-211-1/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: raise min windows version to 10Jason A. Donenfeld2026-03-219-35/+70
| | | | | | | | | | | | | | | Since we're also bumping the PE subsystem header to 10.0, this means we need a _load_config with the proper flags. So there's some work to be done here. This also means bumping LLVM and Go builds. In the case of Go, the patch is still pending: https://go-review.googlesource.com/c/go/+/756680 , so it's a custom build. Remove lots of compatibility code and hacks. Also update the installer to display a useful message. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump dateJason A. Donenfeld2026-03-1814-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: cmdline option need not be volatileJason A. Donenfeld2026-03-181-3/+4
| | | | | | | | Also, make the name more confusing, no match the option, so that it can initialize to false. This might be controversial; there are arguments on both sides. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: make code signing method configurableSimon Rozman2024-10-171-4/+4
| | | | | | | | | | Existing code signing was hard-coded to use a locally installed certificate (hardware security dongles included). However, signtool.exe is extensible to allow any kind of digest signing plugin with /dlib and /dmdf switches. This is used for cloud-based code signing (e.g. Microsoft Trusted Signing). Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: update WiX Toolset download URL and versionSimon Rozman2024-09-041-1/+1
| | | | | | | The version 3.14.0.4118 we were using is no longer available for download. Signed-off-by: Simon Rozman <simon@rozman.si>
* fetcher: add /noprompt switchSimon Rozman2023-01-231-2/+18
| | | | | | | | | | | | | | Deploying WireGuard MSI using Microsoft Endpoint Manager (aka MS Intune) falls short with poor Microsoft Endpoint Manager support: no ARM64 support, requires multiple per-architecture deployments... Fetcher proves super-useful for automating WireGuard install. It contains platform selection logic, MSI download, integrity check... However, automated installation is an unattended process and the wireguard-installer.exe must not block the process for any user prompts. Signed-off-by: Simon Rozman <simon@rozman.si>
* global: bump dateJason A. Donenfeld2022-01-0614-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: only write 32 bytes to hash outputJason A. Donenfeld2022-01-062-3/+3
| | | | | | | Current binaries overflow into `wchar_t total_bytes_str[22]`, which is not used anywhere after the overflow, so no harm done thankfully. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher,winhttp: force TLS 1.2 on Win 8.0 and 7Jason A. Donenfeld2021-10-293-0/+14
| | | | | | | | On ancient Windows, we must opt-in to using TLS 1.2. Otherwise it only allows for TLS 1.0. And of course there's no TLS 1.3 support there at all. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: stop building for arm32Jason A. Donenfeld2021-10-211-1/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: cast to farproc instead of other way aroundJason A. Donenfeld2021-10-162-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use new APIJason A. Donenfeld2021-10-051-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: do not require KB2921916Jason A. Donenfeld2021-08-022-96/+0
| | | | | | In anticipation of upcoming wintun changes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: close winverifytrust handle after usageJason A. Donenfeld2021-08-021-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: sign custom actions dllJason A. Donenfeld2021-08-021-1/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright dateJason A. Donenfeld2021-02-0114-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use explicit A functionJason A. Donenfeld2020-12-141-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: enable HTTP/2.0 on systems that support itJason A. Donenfeld2020-11-291-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: make malleability checks work on big endianJason A. Donenfeld2020-11-271-2/+3
| | | | | | | Doesn't matter for us, but still probably a good idea. This has also been reported upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use sha512 from bcryptJason A. Donenfeld2020-11-272-165/+13
| | | | | | Saves 4k in the binary. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: delay load anything with transitive dependencies outside of knowndllsJason A. Donenfeld2020-11-272-1/+4
| | | | | | | | | | | | | | | | It looks like advapi32.dll loads cryptbase.dll because RtlGenRandom is forwarded to it, and cryptbase.dll isn't in knowndlls. So, even though we haven't done anything wrong by importing advapi32.dll statically, the surprising forwarding behavior means that this is a disaster. At the same time, some UI-related system modules wind up calling loadlibraryex with default arguments, so again, even though linking to things like user32.dll and such statically is fine, microsoft is doing the wrong thing inside of them. Work around the first issue by loading advapi32.dll (and others, just for good measure) delayed, and work around the latter by gimping the dll search path. Reported-by: Stefan Kanthak <stefan.kanthak@nexgo.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use formally verified cryptoJason A. Donenfeld2020-11-273-986/+2201
| | | | | | Cleaner, better vetted, faster. Based on fiat. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update headersJason A. Donenfeld2020-11-223-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: remove admin knobs in cleanupJason A. Donenfeld2020-11-221-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: force modal if KB2921916 is missingJason A. Donenfeld2020-11-221-7/+19
| | | | | | | | This goes against user choice, but it's also required to get Windows 7 users upgrading again. Reported-by: /u/tarakan1983 on Reddit Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: remove memmemJason A. Donenfeld2020-11-201-116/+8
| | | | | | | There's only one 'h' in the search string, so the efficiency is about the same. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: regard KB2921916 exits when prompted to be USEREXIT so fetcher doesn't mindJason A. Donenfeld2020-11-181-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: check for KB2921916's setupapi.dll directlyJason A. Donenfeld2020-11-181-23/+144
| | | | | | | Some people might have the right setupapi.dll without actually having installed the quickfix. Search for a distinguishing feature instead. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: refactor custom actions to appear in chronological orderSimon Rozman2020-11-182-209/+209
| | | | | | ...in the source code. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: prevent the process killing on upgrade cleanupSimon Rozman2020-11-181-7/+13
| | | | | | | When MSI is upgrading previous version, the RemoveExistingProducts shouldn't kill our processes we just installed and started. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: ignore remove failuresSimon Rozman2020-11-181-1/+2
| | | | | | | | | | On upgrades from <=0.1.1 there's a short window, where new tunnel service may delete the Wintun 0.8 driver from the store, while 0.1.1 removal is about to do the same, and fails with "File not found". The computer ended up with the old WireGuard installed. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: disable ROLLBACKJason A. Donenfeld2020-11-171-0/+1
| | | | | | This causes more problems than it solves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: styleJason A. Donenfeld2020-11-171-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: do not append .msi to random filenameJason A. Donenfeld2020-11-171-2/+1
| | | | | | It's actually not required, and we don't do it in updater. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: check WinVerifyTrust before executionJason A. Donenfeld2020-11-172-5/+21
| | | | | | | | | | Our YubiHSM signature is much stronger than the junky authenticode one, but still, it can't hurt. This also hedges against anti-virus in the event that we forget to sign it -- A/V will inspect whatever code the fetcher executes, and so we only want to execute authenticode-signed MSIs, to avoid training their heuristics. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: user exit is not a real errorJason A. Donenfeld2020-11-161-0/+1
| | | | | | | This is returned by our custom action's method to launch wireguard and abort. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: launch GUI before attempting a reinstallSimon Rozman2020-11-162-8/+34
| | | | | | | | | | | | | With the recently introduced wireguard-installer.exe an issue in MSI internal caching appeared. With the temporary MSI file used at install time gone, the MSI was unable to load our custom actions in the reinstall attempt. Rather than attempting to reinstall the product and fail, the MSI was upgraded to launch GUI early in the reinstall attempt and cancel the execute sequence then. Signed-off-by: Simon Rozman <simon@rozman.si>