search

OpenVPN / tap-windows6

Windows TAP driver (NDIS 6)
Other
765 stars 238 forks source link

Extract-DriverSubmission.ps1 extracts i386 signed files in root of dist directory rather then create i386 folder inside dist #132

Open shkpk opened 3 years ago

shkpk commented 3 years ago

Following Release process and signing, at the step before extracting signed files, instructions are to rename dist directory

$ Move-Item dist dist.win7

and then run powershell script to extract signed files from Microsoft

$ Get-ChildItem -Path tempdir -Filter "*.zip"|sign\Extract-DriverSubmission.ps1

At this point, since dist folder is renamed with dist.win7, and there is no dist folder, Extract-DriverSubmission.ps1 script extracts first .zip file and renamed it with dist and then copy remaining signed artifact to dist directory.

I my case, i386 was copied and renamed to dist and remaining amd64|arm64 are copied inside dist, hence all 4 files of i386 architectures were in root of dist folder rather then inside i386 subdirectory.

Therefore running packaging with NSIS was failing.

mattock commented 3 years ago

Unless you typoed NSIS (meant MSI) you're following the wrong instructions. The renaming of dist folders is related to the MSM builds.

shkpk commented 3 years ago

Well in this case, instructions on readme needs to be updated. They ask to rename folder and then run buildtap.py with -p argument, which is for NSIS build, not MSM.

Next produce a driver submission cabinet files for attestation signing:

$ sign\Create-DriverSubmission.ps1
$ Get-ChildItem -Path disk1|sign\Sign-File.ps1
Three architecture-specific (i386, amd64, arm64) cabinet files are created. Submit these to Windows Dev Center for attestation signing. Note that unsigned cabinet files will be automatically rejected.

When submitting the drivers to Microsoft take care to only request signatures applicable for each architecture.

At this point move the cross-signed "dist" directory away:

$ Move-Item dist dist.win7
Download the attestation-signed drivers as zip files put them into a temporary directory (e.g. tap-windows6tempdir). Then run Extract-DriverSubmission.ps1:

$ Get-ChildItem -Path tempdir -Filter "*.zip"|sign\Extract-DriverSubmission.ps1
This extracts the drivers into the "dist" directory. Move that directory to dist.win10:

$ Move-Item dist dist.win10
After this you can start creating the installers and/or MSM packages.

If you're creating NSIS packages do:

$ Move-Item dist.win7 dist
$ python.exe buildtap.py -p --ti=devcon
$ Move-Item dist dist.win7
Followed by:

$ Move-Item dist.win10 dist
$ python.exe buildtap.py -p --ti=devcon
$ Move-Item dist dist.win10
Finally sign both installers:

$ Get-Item tap-windows*.exe|sign\Sign-File.ps1