diff options
| author | Zeeshan Ali (Khattak) <zeeshanak@gnome.org> | 2013-02-25 15:17:48 +0100 |
|---|---|---|
| committer | Zeeshan Ali (Khattak) <zeeshanak@gnome.org> | 2013-03-01 17:44:19 +0200 |
| commit | 00f1b82b0ed3bf48028983080508895a0a460a08 (patch) | |
| tree | 48b4b25042a23938e561d6f5343db86ae1169fd9 | |
| parent | eecebe90b2e1fd0d68d11aaffd7b96fffe7d6a54 (diff) | |
installer,win7: Adapt windows-cmd.xml for Windows 7
On Windows 7, we need to make use of integrated bcdedit.exe to enable
test signing and disable integrity checks before we could attempt to
install (possibly) unsigned drivers. We use the same app to disable test
signing and enable integrity checks after installing drivers.
Since bcdedit.exe does not exist in Window XP, we don't use it on that
OS. Moreover, since the registry key manipulation on Windows 7 does not
help anything, we better not fiddle with those on Windows 7 as doing so
is always discouraged.
Also since the certutil.exe thats used by driver's .cmd file to add
driver publisher to trusted list does not exist on Windows XP, we have to
continue resorting to registry fiddling to enable installation of drivers
from untrusted publishers for Windows XP.
While we are talking about win7, you'll note that the checks are for
vista (6.0 rather than 6.1). This is because the same changes will also
be most probably needed for vista:
http://www.overclock.net/t/187919/how-to-disable-driver-signature-enforcement-in-vista
| -rw-r--r-- | data/install-scripts/windows-cmd.xml | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/data/install-scripts/windows-cmd.xml b/data/install-scripts/windows-cmd.xml index 7a56846..e8ffc35 100644 --- a/data/install-scripts/windows-cmd.xml +++ b/data/install-scripts/windows-cmd.xml @@ -61,16 +61,37 @@ </xsl:template> <xsl:template match="/install-script-config"> +<xsl:if test="os/version < 6.0"> sc config TlntSvr start= auto net user <xsl:value-of select="config/user-realname"/> <xsl:text> </xsl:text> <xsl:value-of select="config/admin-password"/> /add /passwordreq:no net localgroup administrators <xsl:value-of select="config/user-realname"/> /add net accounts /maxpwage:unlimited if not "<xsl:value-of select="config/avatar-location"/>"=="" copy "<xsl:value-of select="config/avatar-disk"/>:<xsl:value-of select="config/avatar-location"/>" "<xsl:call-template name="target-disk"/>:\Documents and Settings\All Users\Application Data\Microsoft\User Account Pictures\<xsl:value-of select="config/user-realname"/>.bmp" REGEDIT /S <xsl:call-template name="script-disk"/>:\windows.reg +</xsl:if> + <xsl:call-template name="post-install-drivers-disk"/>: +<xsl:choose> + <xsl:when test="os/version < 6.0"> reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000000 /f + </xsl:when> + <xsl:otherwise> +bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS +bcdedit.exe -set TESTSIGNING ON + </xsl:otherwise> +</xsl:choose> + for %%i in ("<xsl:call-template name="post-install-drivers-disk"/>:<xsl:value-of select="config/post-install-drivers-location"/>\*.cmd") do cmd /c %%i + +<xsl:choose> + <xsl:when test="os/version < 6.0"> reg add "HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing" /v BehaviorOnFailedVerify /t reg_dword /d 00000001 /f + </xsl:when> + <xsl:otherwise> +bcdedit.exe -set loadoptions EENABLE_INTEGRITY_CHECKS +bcdedit.exe -set TESTSIGNING OFF + </xsl:otherwise> +</xsl:choose> EXIT </xsl:template> </xsl:stylesheet> |