aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/installer (follow)
Commit message (Collapse)AuthorAgeFilesLines
* fetcher: add /noprompt switchHEADmasterSimon Rozman2023-01-231-2/+18
| | | | | | | | | | | | | | Deploying WireGuard MSI using Microsoft Endpoint Manager (aka MS Intune) falls short with poor Microsoft Endpoint Manager support: no ARM64 support, requires multiple per-architecture deployments... Fetcher proves super-useful for automating WireGuard install. It contains platform selection logic, MSI download, integrity check... However, automated installation is an unattended process and the wireguard-installer.exe must not block the process for any user prompts. Signed-off-by: Simon Rozman <simon@rozman.si>
* global: bump dateJason A. Donenfeld2022-01-0614-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: only write 32 bytes to hash outputJason A. Donenfeld2022-01-062-3/+3
| | | | | | | Current binaries overflow into `wchar_t total_bytes_str[22]`, which is not used anywhere after the overflow, so no harm done thankfully. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher,winhttp: force TLS 1.2 on Win 8.0 and 7Jason A. Donenfeld2021-10-293-0/+14
| | | | | | | | On ancient Windows, we must opt-in to using TLS 1.2. Otherwise it only allows for TLS 1.0. And of course there's no TLS 1.3 support there at all. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: stop building for arm32Jason A. Donenfeld2021-10-211-1/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: cast to farproc instead of other way aroundJason A. Donenfeld2021-10-162-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* driver: use new APIJason A. Donenfeld2021-10-051-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: do not require KB2921916Jason A. Donenfeld2021-08-022-96/+0
| | | | | | In anticipation of upcoming wintun changes. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: close winverifytrust handle after usageJason A. Donenfeld2021-08-021-1/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: sign custom actions dllJason A. Donenfeld2021-08-021-1/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: bump copyright dateJason A. Donenfeld2021-02-0114-15/+15
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use explicit A functionJason A. Donenfeld2020-12-141-4/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: enable HTTP/2.0 on systems that support itJason A. Donenfeld2020-11-291-1/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: make malleability checks work on big endianJason A. Donenfeld2020-11-271-2/+3
| | | | | | | Doesn't matter for us, but still probably a good idea. This has also been reported upstream. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use sha512 from bcryptJason A. Donenfeld2020-11-272-165/+13
| | | | | | Saves 4k in the binary. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: delay load anything with transitive dependencies outside of knowndllsJason A. Donenfeld2020-11-272-1/+4
| | | | | | | | | | | | | | | | It looks like advapi32.dll loads cryptbase.dll because RtlGenRandom is forwarded to it, and cryptbase.dll isn't in knowndlls. So, even though we haven't done anything wrong by importing advapi32.dll statically, the surprising forwarding behavior means that this is a disaster. At the same time, some UI-related system modules wind up calling loadlibraryex with default arguments, so again, even though linking to things like user32.dll and such statically is fine, microsoft is doing the wrong thing inside of them. Work around the first issue by loading advapi32.dll (and others, just for good measure) delayed, and work around the latter by gimping the dll search path. Reported-by: Stefan Kanthak <stefan.kanthak@nexgo.de> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: use formally verified cryptoJason A. Donenfeld2020-11-273-1042/+2257
| | | | | | Cleaner, better vetted, faster. Based on fiat. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: update headersJason A. Donenfeld2020-11-223-3/+3
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: remove admin knobs in cleanupJason A. Donenfeld2020-11-221-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: force modal if KB2921916 is missingJason A. Donenfeld2020-11-221-7/+19
| | | | | | | | This goes against user choice, but it's also required to get Windows 7 users upgrading again. Reported-by: /u/tarakan1983 on Reddit Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: remove memmemJason A. Donenfeld2020-11-201-116/+8
| | | | | | | There's only one 'h' in the search string, so the efficiency is about the same. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: regard KB2921916 exits when prompted to be USEREXIT so fetcher doesn't mindJason A. Donenfeld2020-11-181-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: check for KB2921916's setupapi.dll directlyJason A. Donenfeld2020-11-181-23/+144
| | | | | | | Some people might have the right setupapi.dll without actually having installed the quickfix. Search for a distinguishing feature instead. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: refactor custom actions to appear in chronological orderSimon Rozman2020-11-182-209/+209
| | | | | | ...in the source code. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: prevent the process killing on upgrade cleanupSimon Rozman2020-11-181-7/+13
| | | | | | | When MSI is upgrading previous version, the RemoveExistingProducts shouldn't kill our processes we just installed and started. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: ignore remove failuresSimon Rozman2020-11-181-1/+2
| | | | | | | | | | On upgrades from <=0.1.1 there's a short window, where new tunnel service may delete the Wintun 0.8 driver from the store, while 0.1.1 removal is about to do the same, and fails with "File not found". The computer ended up with the old WireGuard installed. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: disable ROLLBACKJason A. Donenfeld2020-11-171-0/+1
| | | | | | This causes more problems than it solves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: styleJason A. Donenfeld2020-11-171-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: do not append .msi to random filenameJason A. Donenfeld2020-11-171-2/+1
| | | | | | It's actually not required, and we don't do it in updater. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: check WinVerifyTrust before executionJason A. Donenfeld2020-11-172-5/+21
| | | | | | | | | | Our YubiHSM signature is much stronger than the junky authenticode one, but still, it can't hurt. This also hedges against anti-virus in the event that we forget to sign it -- A/V will inspect whatever code the fetcher executes, and so we only want to execute authenticode-signed MSIs, to avoid training their heuristics. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* fetcher: user exit is not a real errorJason A. Donenfeld2020-11-161-0/+1
| | | | | | | This is returned by our custom action's method to launch wireguard and abort. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: launch GUI before attempting a reinstallSimon Rozman2020-11-162-8/+34
| | | | | | | | | | | | | With the recently introduced wireguard-installer.exe an issue in MSI internal caching appeared. With the temporary MSI file used at install time gone, the MSI was unable to load our custom actions in the reinstall attempt. Rather than attempting to reinstall the product and fail, the MSI was upgraded to launch GUI early in the reinstall attempt and cancel the execute sequence then. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: add missing thread handle closeSimon Rozman2020-11-161-0/+1
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* fetcher: introduce downloader utilityJason A. Donenfeld2020-11-1614-0/+2024
| | | | | | This seems easier than having to juggle 4 different architectures. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: always pass program files via propertyJason A. Donenfeld2020-11-161-45/+30
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: use new path for wg.exeJason A. Donenfeld2020-11-161-3/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: do not check for Wow64 and KB when removingJason A. Donenfeld2020-11-161-2/+2
| | | | | | We want removal to be as frictionless as possible. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: require KB2921916 on Windows 7Jason A. Donenfeld2020-11-163-1/+71
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: prohibit Wow64 installsJason A. Donenfeld2020-11-162-1/+53
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: suppress ice03 errorsJason A. Donenfeld2020-11-131-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: clean-up adapters and Wintun driver on uninstallSimon Rozman2020-11-132-1/+137
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: updater: introduce ARM64 MSI packagesSimon Rozman2020-11-133-2/+6
| | | | | | Windows 10 ARM64 refuses to install ARM MSI. Signed-off-by: Simon Rozman <simon@rozman.si>
* installer: enable ARM MSI buildingSimon Rozman2020-11-133-4/+9
| | | | Signed-off-by: Simon Rozman <simon@rozman.si>
* build: remove cgoJason A. Donenfeld2020-11-131-1/+0
| | | | | | This doesn't yet build but we'll get there. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: move wg.exe to C:\Program Files\WireGuardSimon Rozman2020-11-132-14/+3
| | | | | | ...and append C:\Program Files\WireGuard to the path. Signed-off-by: Simon Rozman <simon@rozman.si>
* build: switch to using llvm compilerJason A. Donenfeld2020-11-131-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* version: make native GoSimon Rozman2020-11-131-1/+1
| | | | | | | Arm has no CGo support. Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* wintun: move to RCDATA resourceSimon Rozman2020-11-132-13/+0
| | | | | Signed-off-by: Simon Rozman <simon@rozman.si> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* build: bump wintun to 0.8.1Jason A. Donenfeld2020-03-011-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* installer: bump wintun versionJason A. Donenfeld2019-12-111-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>