rms/win-split-tunnel
1
0
Fork 0
mirror of https://github.com/amnezia-vpn/win-split-tunnel.git synced 2026-05-17 00:06:00 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'remove-legacy-support'

Browse Source
This commit is contained in:
Odd Stranne
2022-01-10 12:58:10 +01:00
parent b9a1a6d583 d6f345a9d2
commit 520e0ea36e
9 changed files with 104 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -20,6 +20,9 @@ Line wrap the file at 100 chars. Th
* **Security**: in case of vulnerabilities.
## [Unreleased]
### Changed
- Update build and release procedure to remove support for pre-Windows 10 systems.
### Fixed
- Ensure IOCTL requests are always processed on worker thread to prevent client from getting stuck
inside DeviceIoControl API call.

15
RELEASE.md
View File

@@ -33,18 +33,17 @@ Configure signing in Microsoft partner portal:
1. `cd` into driver repository.
1. Run `build.bat <certificate-sha1-thumbprint>` to build and sign the driver.
1. Artifacts are prepared under `bin/dist/`:
1. `bin/dist/legacy/` contains the final artifacts for Windows 7/8/8.1.
1. `bin/dist/win10/` contains an intermediate driver package for Windows 10.
1. `bin/dist/meta/` currently, only holds the shared PDB file.
1. Upload Windows 10 intermediate driver package (`mullvad-split-tunnel-amd64.cab`) to Microsoft for attestation signing.
1. Download attestation signed driver for Windows 10.
1. `mullvad-split-tunnel-amd64.cab` is an intermediate driver package for Windows 10.
1. `mullvad-split-tunnel.pdb` contains debug information.
1. Upload intermediate driver package to Microsoft for attestation signing.
1. Download attestation signed driver package.
## Updating dependent repositories
1. In the `mullvadvpn-app-binaries` repository:
1. Update legacy driver package in `x86_64-pc-windows-msvc/split-tunnel/legacy/`.
1. Extract attestation signed driver and related files into `x86_64-pc-windows-msvc/split-tunnel/win10/`.
1. Update driver PDB file in `x86_64-pc-windows-msvc/split-tunnel/meta/`.
1. In subfolder `x86_64-pc-windows-msvc/split-tunnel/`:
1. Extract attestation signed driver package.
1. Update driver PDB file.
1. Merge file updates into `master`.
1. In the `mullvadvpn-app` repository:
1. Update the `mullvadvpn-app-binaries` submodule reference.

52
build.bat
View File

@@ -8,7 +8,6 @@ if [%VisualStudioVersion%]==[] (
if [%1]==[] goto USAGE
set CERT_THUMBPRINT=%1
set CROSSCERT=digicert-high-assurance-ev.crt
set TIMESTAMP_SERVER=http://timestamp.digicert.com
set ROOT=%~dp0
@@ -26,41 +25,28 @@ IF %ERRORLEVEL% NEQ 0 goto ERROR
:: Sign driver
signtool sign /tr %TIMESTAMP_SERVER% /td sha256 /fd sha256 /sha1 "%1" /v /ac %ROOT%resources\%CROSSCERT% %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.sys
signtool sign /tr %TIMESTAMP_SERVER% /td sha256 /fd sha256 /sha1 "%CERT_THUMBPRINT%" /v %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.sys
IF %ERRORLEVEL% NEQ 0 goto ERROR
:: Re-generate catalog file now that driver binary has changed
del %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.cat
"%WindowsSdkVerBinPath%x86\inf2cat.exe" /driver:%ROOT%bin\x64-Release\mullvad-split-tunnel /os:"7_x64" /verbose
"%WindowsSdkBinPath%x86\inf2cat.exe" /driver:%ROOT%bin\x64-Release\mullvad-split-tunnel /os:"10_x64" /verbose
IF %ERRORLEVEL% NEQ 0 goto ERROR
:: Sign catalog
signtool sign /tr %TIMESTAMP_SERVER% /td sha256 /fd sha256 /sha1 "%1" /v /ac %ROOT%resources\%CROSSCERT% %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.cat
signtool sign /tr %TIMESTAMP_SERVER% /td sha256 /fd sha256 /sha1 "%CERT_THUMBPRINT%" /v %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.cat
IF %ERRORLEVEL% NEQ 0 goto ERROR
:: Copy artifacts
rmdir /s /q %ROOT%bin\dist
mkdir %ROOT%bin\dist\legacy
copy /b %ROOT%bin\x64-Release\mullvad-split-tunnel\* %ROOT%bin\dist\legacy\
mkdir %ROOT%bin\dist\meta
move %ROOT%bin\dist\legacy\mullvad-split-tunnel.pdb %ROOT%bin\dist\meta\
::
:: Build a CAB file for submission to the MS Hardware Dev Center
:: The co-installer has to be included (?) because it's referenced in the inf file
::
mkdir %ROOT%bin\dist\win10
mkdir %ROOT%bin\temp\cab
>"%ROOT%bin\dist\win10\mullvad-split-tunnel-amd64.ddf" (
>"%ROOT%bin\temp\cab\mullvad-split-tunnel-amd64.ddf" (
echo .OPTION EXPLICIT ; Generate errors
echo .Set CabinetFileCountThreshold=0
echo .Set FolderFileCountThreshold=0
@@ -73,32 +59,38 @@ mkdir %ROOT%bin\dist\win10
echo .Set Compress=on
echo .Set CabinetNameTemplate=mullvad-split-tunnel-amd64.cab
echo .Set DestinationDir=Package
echo .Set DiskDirectoryTemplate=%ROOT%bin\dist\win10
echo %ROOT%bin\dist\legacy\mullvad-split-tunnel.cat
echo %ROOT%bin\dist\legacy\mullvad-split-tunnel.inf
echo %ROOT%bin\dist\legacy\mullvad-split-tunnel.sys
echo %ROOT%bin\dist\legacy\WdfCoinstaller01011.dll
echo .Set DiskDirectoryTemplate=%ROOT%bin\temp\cab
echo %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.cat
echo %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.inf
echo %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.sys
echo %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.pdb
)
::
:: makecab produces several garbage files
:: force current working directory to prevent spreading them out
::
:: Force current working directory to prevent spreading them out
pushd %ROOT%bin\dist\win10
pushd %ROOT%bin\temp\cab
makecab /f "%ROOT%bin\dist\win10\mullvad-split-tunnel-amd64.ddf"
makecab /f "%ROOT%bin\temp\cab\mullvad-split-tunnel-amd64.ddf"
popd
IF %ERRORLEVEL% NEQ 0 goto ERROR
signtool sign /tr %TIMESTAMP_SERVER% /td sha256 /fd sha256 /sha1 "%1" /v /ac %ROOT%resources\%CROSSCERT% %ROOT%bin\dist\win10\mullvad-split-tunnel-amd64.cab
signtool sign /tr %TIMESTAMP_SERVER% /td sha256 /fd sha256 /sha1 "%CERT_THUMBPRINT%" /v %ROOT%bin\temp\cab\mullvad-split-tunnel-amd64.cab
IF %ERRORLEVEL% NEQ 0 goto ERROR
:: Collect artifacts
mkdir %ROOT%bin\dist
copy /b %ROOT%bin\x64-Release\mullvad-split-tunnel\mullvad-split-tunnel.pdb %ROOT%bin\dist\
copy /b %ROOT%bin\temp\cab\mullvad-split-tunnel-amd64.cab %ROOT%bin\dist\
echo;
echo BUILD COMPLETED SUCCESSFULLY
echo ARTIFACTS ARE IN --^> bin/dist/ ^<--
echo;
exit /b 0

30
resources/digicert-high-assurance-ev.crt
View File

@@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIFOzCCAyOgAwIBAgIKYSBNtAAAAAAAJzANBgkqhkiG9w0BAQUFADB/MQswCQYD
VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQDEyBNaWNyb3Nv
ZnQgQ29kZSBWZXJpZmljYXRpb24gUm9vdDAeFw0xMTA0MTUxOTQ1MzNaFw0yMTA0
MTUxOTU1MzNaMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx
GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhp
Z2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDGzOVz5vvUu+UtLTKm3+WBP8nNJUm2cSrD1ZQ0Z6IKHLBfaaZAscS3
so/QmKSpQVk609yU1jzbdDikSsxNJYL3SqVTEjju80ltcZF+Y7arpl/DpIT4T2JR
vvjF7Ns4kuMG5QiRDMQoQVX7y1qJFX5x6DW/TXIJPb46OFBbdzEbjbPHJEWap6xt
ABRaBLe6E+tRCphBQSJOZWGHgUFQpnlcid4ZSlfVLuZdHFMsfpjNGgYWpGhz0DQE
E1yhcdNafFXbXmThN4cwVgTlEbQpgBLxeTmIogIRfCdmt4i3ePLKCqg4qwpkwr9m
XZWEwaElHoddGlALIBLMQbtuC1E4uEvLAgMBAAGjgcswgcgwEQYDVR0gBAowCDAG
BgRVHSAAMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSx
PsNpA/i/RwHUmCYaCALvY2QrwzAfBgNVHSMEGDAWgBRi+wohW39DbhHaCVRQa/XS
lnHxnjBVBgNVHR8ETjBMMEqgSKBGhkRodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v
cGtpL2NybC9wcm9kdWN0cy9NaWNyb3NvZnRDb2RlVmVyaWZSb290LmNybDANBgkq
hkiG9w0BAQUFAAOCAgEAIIzBWe1vnGstwUo+dR1FTEFQHL2A6tmwkosGKhM/Uxae
VjlqimO2eCR59X24uUehCpbC9su9omafBuGs0nkJDv083KwCDHCvPxvseH7U60sF
YCbZc2GRIe2waGPglxKrb6AS7dmf0tonPLPkVvnR1IEPcb1CfKaJ3M3VvZWiq/GT
EX3orDEpqF1mcEGd/HXJ1bMaOSrQhQVQi6yRysSTy3GlnaSUb1gM+m4gxAgxtYWd
foH50j3KWxiFbAqG7CIJG6V0NE9/KLyVSqsdtpiwXQmkd3Z+76eOXYT2GCTL0W2m
w6GcwhB1gP+dMv3mz0M6gvfOj+FyKptit1/tlRo5XC+UbUi3AV8zL7vcLXM0iQRC
ChyLefmj+hfv+qEaEN/gssGV61wMBZc7NT4YiE3bbL8kiY3Ivdifezk6JKDV39Hz
ShqX9qZveh+wkKmzrAE5kdNht2TxPlc4A6/OetK1kPWu3DmZ1bY8l+2myxbHfWsq
TJCU5kxU/R7NIOzOaJyHWOlhYL7rDsnVGX2f6Xi9DqwhdQePqW7gjGoqa5zj52W8
vC08bdwE3GdFNjKvBIG8qABuYUyVxVzUjo6fL8EydL29EWUDB83vt14CV9qG1Boo
NK+ISbLPpd2CVm9oqhTiWVT+/+ru7+qScCJggeMlI8CfzA9JsjWqWMM6w9kWlBA=
-----END CERTIFICATE-----

25
src/mullvad-split-tunnel.inf
View File

@@ -13,7 +13,6 @@ DriverVer=
[DestinationDirs]
DefaultDestDir = 12
mullvad-split-tunnel_Device_CoInstaller_CopyFiles = 11
; ================= Class section =====================
@@ -29,16 +28,15 @@ HKR,,Icon,,-5
[SourceDisksFiles]
mullvad-split-tunnel.sys = 1,,
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1
;*****************************************
; Install Section
;*****************************************
[Manufacturer]
%ManufacturerName%=Standard,NT$ARCH$
%ManufacturerName%=Standard,NT$ARCH$.10.0
[Standard.NT$ARCH$]
[Standard.NT$ARCH$.10.0]
%mullvad-split-tunnel.DeviceDesc%=mullvad-split-tunnel_Device, Root\mullvad-split-tunnel
[mullvad-split-tunnel_Device.NT]
@@ -59,25 +57,6 @@ StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\mullvad-split-tunnel.sys
;
;--- mullvad-split-tunnel_Device Coinstaller installation ------
;
[mullvad-split-tunnel_Device.NT.CoInstallers]
AddReg=mullvad-split-tunnel_Device_CoInstaller_AddReg
CopyFiles=mullvad-split-tunnel_Device_CoInstaller_CopyFiles
[mullvad-split-tunnel_Device_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
[mullvad-split-tunnel_Device_CoInstaller_CopyFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
[mullvad-split-tunnel_Device.NT.Wdf]
KmdfService = mullvad-split-tunnel, mullvad-split-tunnel_wdfsect
[mullvad-split-tunnel_wdfsect]
KmdfLibraryVersion = $KMDFVERSION$
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="Mullvad AB"

24
src/mullvad-split-tunnel.vcxproj
View File

@@ -30,7 +30,7 @@
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
@@ -42,7 +42,7 @@
</KMDF_MINIMUM_VERSION_REQUIRED>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
@@ -54,7 +54,7 @@
</KMDF_MINIMUM_VERSION_REQUIRED>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
@@ -66,7 +66,7 @@
</KMDF_MINIMUM_VERSION_REQUIRED>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<TargetVersion>Windows7</TargetVersion>
<TargetVersion>Windows10</TargetVersion>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>WindowsKernelModeDriver10.0</PlatformToolset>
<ConfigurationType>Driver</ConfigurationType>
@@ -125,10 +125,10 @@
<TimeStamp>0.0.0.1</TimeStamp>
</Inf>
<PostBuildEvent>
<Command>copy /y $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel.pdb $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel\mullvad-split-tunnel.pdb</Command>
<Command>scripts\fixup-driver-package.bat "$(OutDir)"</Command>
</PostBuildEvent>
<PreBuildEvent>
<Command>custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
<Command>scripts\clean-driver-package.bat "$(OutDir)" &amp;&amp; scripts\custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
</PreBuildEvent>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'">
@@ -143,10 +143,10 @@
<AdditionalOptions>/INTEGRITYCHECK %(AdditionalOptions)</AdditionalOptions>
</Link>
<PostBuildEvent>
<Command>copy /y $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel.pdb $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel\mullvad-split-tunnel.pdb</Command>
<Command>scripts\fixup-driver-package.bat "$(OutDir)"</Command>
</PostBuildEvent>
<PreBuildEvent>
<Command>custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
<Command>scripts\clean-driver-package.bat "$(OutDir)" &amp;&amp; scripts\custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
</PreBuildEvent>
<Inf>
<TimeStamp>0.0.0.1</TimeStamp>
@@ -163,10 +163,10 @@
<WppScanConfigurationData>trace.h</WppScanConfigurationData>
</ClCompile>
<PostBuildEvent>
<Command>copy /y $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel.pdb $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel\mullvad-split-tunnel.pdb</Command>
<Command>scripts\fixup-driver-package.bat "$(OutDir)"</Command>
</PostBuildEvent>
<PreBuildEvent>
<Command>custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
<Command>scripts\clean-driver-package.bat "$(OutDir)" &amp;&amp; scripts\custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
</PreBuildEvent>
<Inf>
<TimeStamp>0.0.0.1</TimeStamp>
@@ -188,10 +188,10 @@
<TimeStamp>0.0.0.1</TimeStamp>
</Inf>
<PostBuildEvent>
<Command>copy /y $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel.pdb $(SolutionDir)\..\bin\$(Platform)-$(Configuration)\mullvad-split-tunnel\mullvad-split-tunnel.pdb</Command>
<Command>scripts\fixup-driver-package.bat "$(OutDir)"</Command>
</PostBuildEvent>
<PreBuildEvent>
<Command>custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
<Command>scripts\clean-driver-package.bat "$(OutDir)" &amp;&amp; scripts\custom-stampinf.bat "$(InfToolPath)stampinf.exe" $(InfArch) $(KMDF_VERSION_MAJOR).$(KMDF_VERSION_MINOR) "$(IntDir)mullvad-split-tunnel.inf" "$(OutDir)mullvad-split-tunnel.inf"</Command>
</PreBuildEvent>
</ItemDefinitionGroup>
<ItemGroup>

26
src/scripts/clean-driver-package.bat Normal file
View File

@@ -0,0 +1,26 @@
@echo off
:: Visual studio will only clean the driver package directory when making a rebuild of the project
:: So for a regular build the directory could contain all kinds of old cruft.
if [%1]==[] goto ABORT_ARGUMENTS
:: Argument 1 is a quoted string containing an absolute path.
set OUTPUT_DIR=%1
pushd %OUTPUT_DIR%
echo Cleaning driver package of old cruft
rmdir /s /q mullvad-split-tunnel
popd
exit /b 0
:ABORT_ARGUMENTS
echo ERROR: %0 invoked without enough arguments
exit /b 1

2
src/custom-stampinf.bat → src/scripts/custom-stampinf.bat
View File

@@ -25,7 +25,7 @@ setlocal enabledelayedexpansion
:: Import version defines into environment
for /f "tokens=1-3 delims= " %%i in (%~dp0\version.h) do (
for /f "tokens=1-3 delims= " %%i in (%~dp0\..\version.h) do (
if /i "%%i"=="#define" (
set %%j=%%k
)

31
src/scripts/fixup-driver-package.bat Normal file
View File

@@ -0,0 +1,31 @@
@echo off
if [%1]==[] goto ABORT_ARGUMENTS
:: Argument 1 is a quoted string containing an absolute path.
set OUTPUT_DIR=%1
pushd %OUTPUT_DIR%
echo Copying debug info into driver package
copy /y /b mullvad-split-tunnel.pdb mullvad-split-tunnel\
:: Some silly component somewhere will insist on always including the KMDF Co-installer.
:: There appears to be no way of suppressing this using configuration changes.
:: So we'll just remove the file after-the-fact.
echo Removing WDF Co-installer from driver package
del "mullvad-split-tunnel\wdfcoinstaller*.dll"
popd
exit /b 0
:ABORT_ARGUMENTS
echo ERROR: %0 invoked without enough arguments
exit /b 1