Changeset 64936 in vbox

Timestamp:

Dec 17, 2016 12:04:43 AM (8 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

112349

Message:

Additions/win: Don't depend on the checked in certificate, but rather extract the code signing certificates from VBoxGuest.sys and VBoxCertUtil.exe.

Location:

trunk

Files:

• doc/manual/en_US/user_GuestAdditions.xml (modified) (3 diffs)
• src/VBox/Additions/Makefile.kmk (modified) (1 diff)
• src/VBox/Additions/WINNT/tools/Makefile.kmk (modified) (1 diff)

trunk/doc/manual/en_US/user_GuestAdditions.xml

@@ -360 +360 @@
         <title>Unattended Installation</title>
 
-        <para>As a prerequisite for performing an unattended installation of the
-        VirtualBox Guest Additions on a Windows guest, there need to be
-        Oracle CA (Certificate Authority)
-        certificates installed in order to prevent user intervention popups which
-        will undermine a silent installation.</para>
+        <para>As a prerequisite for avoid popups during performing an
+        unattended installation of the VirtualBox Guest Additions, the code
+        signing certificates used to sign the drivers needs to be installed in
+        the right certificates stores in the guest system.  Failing to do this
+        will cause a typical windows installation to pop up a dialog asking
+        whether its allowable to install each driver.</para>
 
         <note><para>On some Windows versions like Windows 2000 and Windows XP the user intervention
         popups mentioned above always will be displayed, even after importing the Oracle certificates.</para></note>
 
-        <para>Since VirtualBox 4.2 installing those CA certificates on a Windows
-        guest can be done in an automated fashion using the
+        <para>Since VirtualBox 4.2 installing those code signing certificates
+        on a Windows guest can be done in an automated fashion using the
         <computeroutput>VBoxCertUtil.exe</computeroutput> utility found on the Guest
         Additions installation CD in the <computeroutput>cert</computeroutput>
@@ -391 +392 @@
 
           <listitem>
-            <para>Do<screen>VBoxCertUtil add-trusted-publisher oracle-vbox.cer --root oracle-vbox.cer</screen></para>
+            <para>Do<screen>for %i in (vbox*.cer) do VBoxCertUtil add-trusted-publisher %i --root %i</screen></para>
             <para>This will install the certificates to the certificate store. When installing the same certificate
             more than once, an appropriate error will be displayed.</para>
@@ -397 +398 @@
         </itemizedlist>
 
-        <para>Prior to VirtualBox 4.2 the Oracle CA certificates need to be imported in more manual style
+        <para>Prior to VirtualBox 4.2 the code signing certificates need to be imported in more manual style
         using the <computeroutput>certutil.exe</computeroutput> utility, which is shipped since Windows
-        Vista. For Windows versions before Vista you need to download and install <computeroutput>certutil.exe</computeroutput>
+        Vista.  For Windows versions before Vista you need to download and install <computeroutput>certutil.exe</computeroutput>
         manually. Since the certificates are not accompanied on the VirtualBox Guest Additions CD-ROM
         prior to 4.2, these need to get extracted from a signed VirtualBox executable first.</para>

trunk/src/VBox/Additions/Makefile.kmk

@@ -264 +264 @@
 
 if defined(VBOX_WITH_ADDITIONS_ISO.win.amd64) || defined(VBOX_WITH_ADDITIONS_ISO.win.x86)
- ifndef VBOX_SIGNING_MODE
- GUESTADDITIONS_FILESPEC.win = cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS_SRC)/WINNT/tools/oracle-vbox.cer
+ ifdef VBOX_SIGNING_MODE
+  GUESTADDITIONS_FILESPEC.win =
  else if "$(VBOX_WITH_CORP_CODE_SIGNING)" == "all" || (!defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && !defined(VBOX_WITH_CORP_CODE_SIGNING))
- GUESTADDITIONS_FILESPEC.win = cert/oracle-vbox.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox.cer
+  GUESTADDITIONS_FILESPEC.win = cert/vbox.cer=$(VBOX_PATH_ADDITIONS.win)/vbox.cer
  else
   GUESTADDITIONS_FILESPEC.win = \
-        cert/oracle-vbox1.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox1.cer \
-        cert/oracle-vbox256.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox256.cer
+        cert/vbox-sha1.cer=$(VBOX_PATH_ADDITIONS.win)/vbox-sha1.cer \
+        cert/vbox-sha256.cer=$(VBOX_PATH_ADDITIONS.win)/vbox-sha256.cer
   if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && defined(VBOX_WITH_CORP_CODE_SIGNING)
-   GUESTADDITIONS_FILESPEC.win += cert/oracle-vbox256-r3.cer=$(VBOX_PATH_ADDITIONS.win)/oracle-vbox256-r3.cer
+   GUESTADDITIONS_FILESPEC.win += cert/vbox-sha256-r3.cer=$(VBOX_PATH_ADDITIONS.win)/vbox-sha256-r3.cer
   endif
  endif
-
-endif
-  $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h:  | $$(dir $$@) $(VBOX_RTSIGNTOOL) $(PATH_STAGE_SYS)/VBoxDrv.sys
-        $(RM) -f -- "$@" "[email protected]" "[email protected]" "[email protected]" "[email protected]"
-
-        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 0 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "[email protected]" --der
-        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert0 "[email protected]" $@
-        $(APPEND) "[email protected]" "    { g_abVBoxStubTrustedCert0, sizeof(g_abVBoxStubTrustedCert0) }, "
-  if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && (!defined(VBOX_WITH_CORP_CODE_SIGNING) || "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all")
-        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(PATH_STAGE_SYS)/VBoxDrv.sys" --output "[email protected]" --der
-        $(VBOX_BIN2C) -ascii --append VBoxStubTrustedCert1 "[email protected]" $@
-        $(APPEND) "[email protected]" "    { g_abVBoxStubTrustedCert1, sizeof(g_abVBoxStubTrustedCert1) }, "
-  endif
-  if defined(VBOX_WITH_CORP_CODE_SIGNING) && "$(VBOX_WITH_CORP_CODE_SIGNING)" != "all" && "$(VBOX_SIGNING_MODE)" == "release"
-        $(VBOX_RTSIGNTOOL) extract-exe-signer-cert --signature-index 1 --exe "$(VBOX_RTSIGNTOOL)" --output "[email protected]" --der
-        $(VBOX_BIN2C) -ascii --append g_abVBoxStubTrustedCert2 "[email protected]" $@
-        $(APPEND) "[email protected]" "    { g_abVBoxStubTrustedCert2, sizeof(g_abVBoxStubTrustedCert2) }, "
-  endif
-        $(APPEND) -n "$@" \
-                "" \
-                "struct { uint8_t const *pab; uint32_t cb; }" "g_aVBoxStubTrustedCerts[] = " \
-               "{"
-        $(SED) --append "$@" -e "" "[email protected]"
-        $(APPEND) -n "$@" \
-               "};"
-        $(RM) -f -- "[email protected]" "[email protected]" "[email protected]" "[email protected]"
-
-  VBoxStubPublicCert.h:: $$(VBoxStub_0_OUTDIR)/VBoxStubPublicCert.h
-
+endif
 
 # haiku

trunk/src/VBox/Additions/WINNT/tools/Makefile.kmk

@@ -58 +58 @@
 
  if "$(VBOX_WITH_CORP_CODE_SIGNING)" == "all" || (!defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && !defined(VBOX_WITH_CORP_CODE_SIGNING))
-  $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0)
+  $(evalcall2 def_VBoxAdditionsInstCertFiles,vbox.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0)
  else
-  $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha1.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0)
-  $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha256.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,1)
+  $(evalcall2 def_VBoxAdditionsInstCertFiles,vbox-sha1.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,0)
+  $(evalcall2 def_VBoxAdditionsInstCertFiles,vbox-sha256.cer,$(VBOX_PATH_ADDITIONS)/VBoxGuest.sys,1)
   if defined(VBOX_CERTIFICATE_SHA2_SUBJECT_NAME) && defined(VBOX_WITH_CORP_CODE_SIGNING)
-   $(evalcall2 def_VBoxAdditionsInstCertFiles,oracle-vbox-sha256-r3.cer,$(VBOX_PATH_ADDITIONS)/VBoxCertUtil.exe,1)
+   $(evalcall2 def_VBoxAdditionsInstCertFiles,vbox-sha256-r3.cer,$(VBOX_PATH_ADDITIONS)/VBoxCertUtil.exe,1)
   endif
  endif