Commit a6e0ae25 authored by Nikos Skalkotos's avatar Nikos Skalkotos

windows: Only install validated VirtIO drivers

Only install the drivers that where previously validated by
_fetch_virtio_drivers()
parent 704b890a
......@@ -24,7 +24,7 @@ from image_creator.os_type.windows.vm import VM, RANDOM_TOKEN as TOKEN
from image_creator.os_type.windows.registry import Registry
from image_creator.os_type.windows.winexe import WinEXE
from image_creator.os_type.windows.powershell import DRVINST_HEAD, SAFEBOOT, \
DRVINST_TAIL, DRVUNINST
DRVINST_TAIL, ADD_CERTIFICATE, ADD_DRIVER, INSTALL_DRIVER, REMOVE_DRIVER
import tempfile
import re
......@@ -704,9 +704,14 @@ class Windows(OSBase):
"""
collection = self._virtio_state(dirname)
files = set([f.lower() for f in os.listdir(dirname)
if os.path.isfile(dirname + os.sep + f)])
num = 0
self.out.output('Checking new drivers:')
for drv_type, drvs in collection.items():
for inf, content in drvs.items():
valid = True
found_match = False
# Check if the driver is suitable for the input media
for target in content['TargetOSVersions']:
......@@ -719,14 +724,26 @@ class Windows(OSBase):
if not found_match: # Wrong Target
self.out.warn(
'Ignoring %s. Not suitable for this OS version.' % inf)
'Ignoring %s. Driver not targeted for this OS.' % inf)
valid = False
elif 'CatalogFile' not in content:
self.out.warn(
'Ignoring %s. CatalogFile entry missing.' % inf)
valid = False
elif content['CatalogFile'].lower() not in files:
self.out.warn('Ignoring %s. Catalog File not found.' % inf)
valid = False
if not valid:
del collection[drv_type][inf]
else:
self.out.output('Found %s driver: %s' % (drv_type, inf))
continue
num += 1
if len(drvs) == 0:
del collection[drv_type]
self.out.output('Found %d valid driver%s' %
(num, "s" if num != 1 else ""))
return collection
def install_virtio_drivers(self, upgrade=True):
......@@ -738,13 +755,14 @@ class Windows(OSBase):
if not dirname:
raise FatalError('No directory hosting the VirtIO drivers defined')
self.out.output('Installing VirtIO drivers:')
new_drvs = self._fetch_virtio_drivers(dirname)
if not len(new_drvs):
self.out.warn('No suitable driver found to install!')
return
self.out.output('Installing VirtIO drivers:')
with self.mount(readonly=False, silent=True):
admin = self.sysprep_params['admin'].value
......@@ -754,11 +772,17 @@ class Windows(OSBase):
drvs_install = DRVINST_HEAD
for dtype in new_drvs:
drvs_install += "".join([ADD_CERTIFICATE % d['CatalogFile']
for d in new_drvs[dtype].values()])
cmd = ADD_DRIVER if dtype != 'viostor' else INSTALL_DRIVER
drvs_install += "".join([cmd % i for i in new_drvs[dtype]])
if upgrade:
# Add code to remove the old drivers
for drv in new_drvs:
for oem in self.virtio_state[drv]:
drvs_install += DRVUNINST % oem
for dtype in new_drvs:
for oem in self.virtio_state[dtype]:
drvs_install += REMOVE_DRIVER % oem
if self.check_version(6, 1) <= 0:
self._install_viostor_driver(dirname)
......
......@@ -40,27 +40,36 @@ if (!(Test-Path -PathType Container "$dirName")) {
Exit
}
""" + COM1_WRITE + """
""" + COM1_WRITE + r"""
foreach ($file in Get-ChildItem "$dirName" -Filter *.cat) {
$cert = (Get-AuthenticodeSignature $file.FullName).SignerCertificate
$certFile = $dirName + "\" + $file.BaseName + ".cer"
function Cat2Cert
{
$catFile = Get-Item $args[0]
$cert = (Get-AuthenticodeSignature $catFile.FullName).SignerCertificate
$certFile = "$dirName" + "\" + $catFile.BaseName + ".cer"
[System.IO.File]::WriteAllBytes($certFile, $cert.Export("Cert"))
CertUtil -addstore TrustedPublisher "$certFile"
return $certFile
}
"""
if (Test-Path "$dirName/viostor.inf") {
pnputil.exe -i -a "$dirName/viostor.inf"
}
ADD_CERTIFICATE = r"""
CertUtil -addstore TrustedPublisher "$(Cat2Cert "$dirName\%s")"
"""
pnputil.exe -a "$dirname\*.inf"
ADD_DRIVER = r"""
PnPUtil -a "$dirName\%s"
"""
INSTALL_DRIVER = r"""
PnPUtil -i -a "$dirName\%s"
"""
DRVINST_TAIL = COM1_WRITE + """
REMOVE_DRIVER = r"""
PnPUtil -f -d %s
"""
DRVINST_TAIL = COM1_WRITE + """
shutdown /s /t 0
"""
# Reboots system in safe mode
......@@ -70,9 +79,6 @@ New-ItemProperty `
-Path HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce `
-Name *snf-image-creator-restart -PropertyType String `
-Value 'cmd /q /c "bcdedit /deletevalue safeboot & shutdown /s /t 0"'
"""
DRVUNINST = 'pnputil.exe -f -d %s\n'
# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment