| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Deploying WireGuard MSI using Microsoft Endpoint Manager (aka MS Intune)
falls short with poor Microsoft Endpoint Manager support: no ARM64
support, requires multiple per-architecture deployments...
Fetcher proves super-useful for automating WireGuard install. It
contains platform selection logic, MSI download, integrity check...
However, automated installation is an unattended process and the
wireguard-installer.exe must not block the process for any user prompts.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
Current binaries overflow into `wchar_t total_bytes_str[22]`, which is
not used anywhere after the overflow, so no harm done thankfully.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
| |
On ancient Windows, we must opt-in to using TLS 1.2. Otherwise it only
allows for TLS 1.0. And of course there's no TLS 1.3 support there at
all.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
In anticipation of upcoming wintun changes.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
Doesn't matter for us, but still probably a good idea. This has also
been reported upstream.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
Saves 4k in the binary.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like advapi32.dll loads cryptbase.dll because RtlGenRandom is
forwarded to it, and cryptbase.dll isn't in knowndlls. So, even though
we haven't done anything wrong by importing advapi32.dll statically, the
surprising forwarding behavior means that this is a disaster. At the
same time, some UI-related system modules wind up calling loadlibraryex with
default arguments, so again, even though linking to things like
user32.dll and such statically is fine, microsoft is doing the wrong
thing inside of them. Work around the first issue by loading
advapi32.dll (and others, just for good measure) delayed, and work
around the latter by gimping the dll search path.
Reported-by: Stefan Kanthak <stefan.kanthak@nexgo.de>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
Cleaner, better vetted, faster. Based on fiat.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
| |
This goes against user choice, but it's also required to get Windows 7
users upgrading again.
Reported-by: /u/tarakan1983 on Reddit
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
There's only one 'h' in the search string, so the efficiency is about
the same.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
Some people might have the right setupapi.dll without actually having
installed the quickfix. Search for a distinguishing feature instead.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
...in the source code.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
|
|
|
| |
When MSI is upgrading previous version, the RemoveExistingProducts
shouldn't kill our processes we just installed and started.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
|
|
|
|
|
|
| |
On upgrades from <=0.1.1 there's a short window, where new tunnel
service may delete the Wintun 0.8 driver from the store, while 0.1.1
removal is about to do the same, and fails with "File not found".
The computer ended up with the old WireGuard installed.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
|
|
| |
This causes more problems than it solves.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
It's actually not required, and we don't do it in updater.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
| |
Our YubiHSM signature is much stronger than the junky authenticode one,
but still, it can't hurt. This also hedges against anti-virus in the
event that we forget to sign it -- A/V will inspect whatever code the
fetcher executes, and so we only want to execute authenticode-signed
MSIs, to avoid training their heuristics.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
This is returned by our custom action's method to launch wireguard and
abort.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the recently introduced wireguard-installer.exe an issue in MSI
internal caching appeared. With the temporary MSI file used at install
time gone, the MSI was unable to load our custom actions in the
reinstall attempt.
Rather than attempting to reinstall the product and fail, the MSI was
upgraded to launch GUI early in the reinstall attempt and cancel the
execute sequence then.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
|
|
| |
This seems easier than having to juggle 4 different architectures.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
We want removal to be as frictionless as possible.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
Windows 10 ARM64 refuses to install ARM MSI.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
|
|
| |
This doesn't yet build but we'll get there.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
...and append C:\Program Files\WireGuard to the path.
Signed-off-by: Simon Rozman <simon@rozman.si>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
Arm has no CGo support.
Signed-off-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
| |
Signed-off-by: Simon Rozman <simon@rozman.si>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|