Changes between Version 40 and Version 41 of BuildingTapWindows6
- Timestamp:
- 04/16/19 12:57:41 (5 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BuildingTapWindows6
v40 v41 22 22 * [https://docs.microsoft.com/en-us/windows-hardware/drivers/develop/using-the-enterprise-wdk Enterprise Windows Drive Kit] ISO image is installed and mounted as a system drive 23 23 * tap-windows6 build system is configured properly (file paths etc.) 24 * Clone [https://github.com/Microsoft/Windows-driver-samples/ Windows-driver-samples] somewhere (e.g. inside tap-windows6 directory)25 * A user- or kernel mode authenticode certificate is present for signing the tap-windows6 ''installer''24 * Clone [https://github.com/Microsoft/Windows-driver-samples/ Windows-driver-samples] under the tap-windows6 directory 25 * Clone [https://github.com/mattock/sign-tap6 sign-tap6] under the tap-windows6 directory 26 26 * On signing computer 27 27 * An EV token is visible in the Windows Certificate Store … … 34 34 In the documentation below it is assumed that all Windows commands are executed from within a Powershell session. 35 35 36 = Setting up the SMB share = 37 38 If the building and signing computers are separate you are ''strongly encouraged'' to share the build directory on the build computer with the signing computer, e.g. using SMB); this removes the need for doing error-prone file copying, archive extraction, etc. In the instructions below it is assumed that this is the case. 39 40 You can create new shares on the build computer in various ways. Here's an example on how to do it with Puppet using Powershell DSC resources: 41 42 {{{ 43 dsc_windowsfeature { 'File server': 44 dsc_ensure => 'present', 45 dsc_name => 'FS-FileServer', 46 } 47 48 dsc_xsmbshare { 'tap-windows6-build-directory': 49 dsc_ensure => 'present', 50 dsc_name => 'tap6build', 51 dsc_description => 'tap-windows6 build directory', 52 dsc_path => 'C:\\Users\\build\\opt\\tap-windows6', 53 dsc_folderenumerationmode => 'AccessBased', 54 dsc_fullaccess => 'tapbuilder\build', 55 } 56 }}} 57 58 This code can be mapped almost 1:1 to Powershell DSC. Alternatively you can use raw Powershell commands [https://ss64.com/ps/add-windowsfeature.html Add-Windowsfeature] and [https://docs.microsoft.com/en-us/powershell/module/smbshare/new-smbshare?view=win10-ps New-Smbshare] to do the same. Or just create the share via Windows GUI somehow. Remember to open port 445 in the firewall. 59 60 Once the share is up, mount it on a Powershell session: 61 62 {{{ 63 $ net use W: \\tapbuilder.example.org\tap6build /user:build 'password-here' 64 }}} 65 66 Note that this mount is session-specific, so you need to do it from the session you use to sign the files from. 67 36 68 = Building an unsigned driver and tapinstall.exe = 37 69 … … 42 74 {{{ 43 75 $ cd tap-windows6 44 $ python buildtap.py -c -b --ti=Windows-driver-samples\setup\devcon 45 }}} 46 47 This generates tap6.tar.gz which you will need to to copy to the signing computer. 76 $ python.exe buildtap.py -c -b --ti=Windows-driver-samples\setup\devcon 77 }}} 48 78 49 79 = Building for Windows Vista = … … 59 89 Build an unsigned driver (see above) 60 90 61 '''On workstation'''62 63 Copy the tap6.tar.gz from the build computer to the signing computer.64 65 91 '''On signing computer''' 66 92 67 {{{ 68 $ cd sign-tap6 69 $ tar -zxf tap6.tar.gz 70 $ Sign-Tap6.ps1 -SourceDir tap6 -Force 71 $ Move-Item tap6 tap6-signed 72 $ tar -zcf tap6-signed.tar.gz tap6-signed 93 Sign the build files using the EV token: 94 95 {{{ 96 $ cd W:\tap-windows6\sign-tap6 97 $ .\Sign-Tap6.ps1 -SourceDir ..\dist -Force 73 98 }}} 74 99 75 100 The EV dongle will probably prompt you twice per architecture (x86, x64, arm64) as it signs the catalog file and tapinstall.exe for each. Note that the -Force switch ''is required'' or the file hashes in the .cat files will be incorrect and the driver will not install. 76 101 77 '''On workstation''' 78 79 Copy tap6-signed.tar.gz from signing computer to the build computer for packaging. 80 81 '''On build computer''' 102 '''On build computer''' 103 104 Package the signed files: 105 106 {{{ 107 $ cd tap-windows6 108 $ python.exe buildtap.py -p --ti=Windows-driver-samples\setup\devcon 109 }}} 110 111 '''On signing computer''' 112 113 Sign the installer: 114 115 {{{ 116 $ ... 117 }}} 82 118 83 119 = Building and signing for Windows 10 =