You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First build the binaries, obvi. Pay close attention here to the Cmake invocation flags. We specify the MultiThreaded to ensure there's no requirement on a linkage of MSVCRT, and further build the tests to ensure they're mostly passing locally.
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> cmake -DCMAKE_MSVC_RUNTIME_LIBRARY=MultiThreaded -DOSQUERY_BUILD_TESTS=ON -G "Visual Studio 16 2019" -A x64 -T v141 ..\..\ -- Selecting Windows SDK version 10.0.18362.0 to target Windows 10.0.19041.
-- osquery version: 4.4.0
-- Build type:
-- Shared libraries: OFF
-- Importing: source/boost
-- Importing: source/bzip2
-- Importing: source/gflags
...
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> cmake --build . --config Release -j24
...
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> cmake --build . --config Release -j24 --target run_tests
...
Next up, for the MSI, we can sign the binaries:
# "Dot source" the `osquery_utils.ps1` script:
PS C:\Users\Nicholas\work\repos\osquery> . .\tools\deployment\chocolatey\tools\osquery_utils.ps1
# I use a helper function for setting the authenticode signature:
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> function Set-AuthenticodeSignature() {
param(
[string] $binpath = '',
[string] $certpath = '',
[string] $certpw = ''
)
if (-not (Get-Command 'signtool.exe' -ErrorAction SilentlyContinue)) {
Write-Host '[-] signtool.exe was not found in system path' -ForegroundColor Red
exit
}
$signtool = (Get-Command 'signtool.exe').Source
$signtool_args = @(
'sign',
"/f $certpath",
"/p `"$certpw`"",
'/tr http://timestamp.digicert.com',
'/td sha256',
'/fd sha256',
"$binpath"
)
$null = Start-OsqueryProcess $signtool $signtool_args $false
}
# Now you can actually sign the binaries. I have my certs on a bitlocker encrypted thumb drive:
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> Set-AuthenticodeSignature 'C:\Users\Nicholas\work\repos\osquery\build\windows10\osquery\Release\osqueryd.exe' F:\Path\To\signing_cert.p12 '<CODE SIGNING CERT PW>'
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> Set-AuthenticodeSignature 'C:\Users\Nicholas\work\repos\osquery\build\windows10\osquery\Release\osqueryi.exe' F:\Path\To\signing_cert.p12 '<CODE SIGNING CERT PW>'
# Next, build the MSI and sign it:
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> cmake --build . --config Release -j24 --target package
Microsoft (R) Build Engine version 16.3.2+e481bbf88 for .NET Framework
Copyright (C) Microsoft Corporation. All rights reserved.
Generating ../../test_configs/aws
Generating ../test_configs/specs/darwin
Generating .
Generating ../../test_configs/test.config.d
...
PS C:\Users\Nicholas\work\repos\osquery\build\windows10> Set-AuthenticodeSignature 'C:\Users\Nicholas\work\repos\osquery\build\windows10\osquery-4.4.0.msi' F:\Path\To\signing_cert.p12 '<CODE SIGNING CERT PW>'
# That's it, distribute the signed MSI
# You can check your work by verifying that the MSI has a digital signature
# and further that after you install from said MSI, both the osqueryd.exe and osqueryi.exe
# binaries have digital signatures. I like to do this process both from an upgrade
# and clean install stand point.
Building and signing the osquery Chocolatey packages:
Run the cmake generation with the nupkg build target, again pay attention to cmake variables, and build the binaries:
Lastly, verify the install by installing the choco package. Again I like to verify both the clean install and upgrade workflows:
PS C:\Users\Nicholas\Desktop\osquery-release-bins\osquery-4.4.0> choco install -yf --version 4.4.0 osquery -s . --params='/InstallService'
Chocolatey v0.10.15
Installing the following packages:
osquery
By installing you accept licenses for the packages.
osquery v4.4.0 (forced)
osquery package files install completed. Performing other installation steps.
C:\Program Files\osquery\log
True
osqueryd
PATH environment variable does not have C:\Program Files\osquery in it. Adding...
Environment Vars (like PATH) have changed. Close/reopen your shell to
see the changes (or in powershell/cmd.exe just type `refreshenv`).
ShimGen has successfully created a shim for osqueryi.exe
ShimGen has successfully created a shim for osqueryd.exe
The install of osquery was successful.
Software install location not explicitly set, could be in package or
default install location if installer.
Chocolatey installed 1/1 packages.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).
This should install osquery as a system service, and you should see the digital signature on both the osqueryi and osqueryd binaries, and the service should be running
PS C:\Users\Nicholas\Desktop\osquery-release-bins\osquery-4.4.0> Get-service osqueryd
Status Name DisplayName
------ ---- -----------
Running osqueryd osqueryd
Nice. I updated added this to https://gist.github.com/directionless/767825510afc3cce99dfeb1d4eadb67a