Changes between Version 79 and Version 80 of BuildingOnWindows


Ignore:
Timestamp:
03/18/11 08:54:20 (13 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BuildingOnWindows

    v79 v80  
    256256You can also launch ''certmgr.exe'' without parameters and use the certificate import wizard. Although usage of ''certmgr.exe'' is straightforward, it is included (only?) in the massive [http://www.microsoft.com/downloads/en/details.aspx?FamilyID=71deb800-c591-4f97-a900-bea146e4fae1&displaylang=en Microsoft Windows SDK for Windows 7 and .NET Framework 3.5 SP1] package, which you need to install.
    257257
    258 === Creating and signing the catalog file ===
    259 
    260 In order to sign the TAP-driver, you need to do three things:
    261 
    262  * Build OpenVPN and the TAP-driver
    263  * Create a catalog definition (.cdf) file with a text editor
    264  * Create a catalog file (.cat) from the .cdf with [http://msdn.microsoft.com/en-us/library/aa386967%28v=vs.85%29.aspx MakeCat.exe]
    265  * Sign the catalog file (.cat) with [http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx Signtool.exe]
    266 
    267 After building OpenVPN and TAP-drivers go to ''<openvpn-sources>/dist/amd64''. There you'll find ''tap0901.sys'' and ''OemWin2k.inf'' files. Create a catalog definition file (e.g. ''tap.cdf'') that look like this:
     258=== Creating the catalog file using makecat ===
     259
     260There are two ways to create the catalog file that contains hashes of the TAP-driver files. It is this ''catalog'' file that is signed and verified by Windows kernel. The first option is to create a catalog definition file (.cdf) with a text editor and generate the real catalog file from it using [http://msdn.microsoft.com/en-us/library/aa386967%28v=vs.85%29.aspx MakeCat.exe]. The problem with this approach is that ''makecat'' does not warn about errors in the .cdf file. This results in everything looking just fine, but failing when loading the driver into the kernel.
     261
     262Nevertheless, if you want to try this approach, go to ''<openvpn-sources>/dist/amd64'' after building  There you'll find ''tap0901.sys'' and ''OemWin2k.inf'' files. Create a catalog definition file (e.g. ''tap.cdf'') with a text editor; it contents should be ''similar'' to the one below:
    268263
    269264{{{
     
    280275}}}
    281276
    282 Make sure you have a linefeed at the end. Next generate the real catalog file using ''makecat'':
     277Make sure you have a linefeed at the end. Please note that this file did not work properly for unknown reasons, and the .cdf file format seems mostly undocumented. Once the catalog definition file is finished you can create the real catalog file using ''makecat'':
    283278
    284279{{{
    285280makecat -v tap.cdf
    286281}}}
     282
     283=== Creating the catalog file using inf2cat ===
     284
     285[http://msdn.microsoft.com/en-us/library/ff547089%28v=vs.85%29.aspx Inf2Cat.exe] is a tool used to generate an unsigned catalog file from driver's INF file. It should be more easier to use than ''makecat'', as it can automatically generate a .cat file with correct syntax. This tool is included in the ''Windows Driver Kit'', which you have to install. Use it like this:
     286
     287{{{
     288cd C:\WINDDK\\7600.16385.1\bin\selfsign
     289Inf2Cat.exe /driver:<openvpn-sources>\dist\i386 /os:XP_X86
     290Inf2Cat.exe /driver:<openvpn-sources>\dist\amd64 /os:Vista_X64
     291}}}
     292
     293Where <openvpn-sources> is something like ''C:\openvpn-build\openvpn-macbook''.
     294
     295=== Signing the catalog file ===
     296 
     297 * Sign the catalog file (.cat) with [http://msdn.microsoft.com/en-us/library/8s9b9yaz%28v=vs.80%29.aspx Signtool.exe]
    287298
    288299Now sign the catalog file with ''signtool'':