From: David Pinedo Date: Fri, 18 Mar 2016 19:15:27 +0000 (-0600) Subject: winrtinstaller: Set up proper Access Control for install/temp dirs and files X-Git-Tag: upstream/1.1.92~3558 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a0f3a73c53f040f0e64037f63fd605f0030dc0ac;p=platform%2Fupstream%2FVulkan-Tools.git winrtinstaller: Set up proper Access Control for install/temp dirs and files This change addresses: https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers/issues/70 Also made a change to not require a reboot on uninstall if the install dir is not empty. This partially addresses: https://github.com/KhronosGroup/Vulkan-LoaderAndValidationLayers/issues/70 (A similar change needs to be made to the SDK installer.) --- diff --git a/windowsRuntimeInstaller/InstallerRT.nsi b/windowsRuntimeInstaller/InstallerRT.nsi index d35e146..a0291a7 100644 --- a/windowsRuntimeInstaller/InstallerRT.nsi +++ b/windowsRuntimeInstaller/InstallerRT.nsi @@ -245,6 +245,20 @@ Section ${Endif} + # Create our temp directory, with minimal permissions + SetOutPath "$TEMP\VulkanRT" + AccessControl::DisableFileInheritance $TEMP\VulkanRT + AccessControl::SetFileOwner $TEMP\VulkanRT "Administrators" + AccessControl::ClearOnFile $TEMP\VulkanRT "Administrators" "FullAccess" + AccessControl::SetOnFile $TEMP\VulkanRT "SYSTEM" "FullAccess" + AccessControl::GrantOnFile $TEMP\VulkanRT "Everyone" "ListDirectory" + AccessControl::GrantOnFile $TEMP\VulkanRT "Everyone" "GenericExecute" + AccessControl::GrantOnFile $TEMP\VulkanRT "Everyone" "GenericRead" + AccessControl::GrantOnFile $TEMP\VulkanRT "Everyone" "ReadAttributes" + StrCpy $1 10 + Call CheckForError + + # Check the registry to see if we are already installed ReadRegStr $0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCTNAME}${PRODUCTVERSION}" "InstallDir" # If the registry entry isn't there, it will throw an error as well as return a blank value. So, clear the errors. @@ -268,11 +282,19 @@ Section ${EndIf} SetOutPath "$INSTDIR" + AccessControl::DisableFileInheritance $INSTDIR + AccessControl::SetFileOwner $INSTDIR "Administrators" + AccessControl::ClearOnFile $INSTDIR "Administrators" "FullAccess" + AccessControl::SetOnFile $INSTDIR "SYSTEM" "FullAccess" + AccessControl::GrantOnFile $INSTDIR "Everyone" "ListDirectory" + AccessControl::GrantOnFile $INSTDIR "Everyone" "GenericExecute" + AccessControl::GrantOnFile $INSTDIR "Everyone" "GenericRead" + AccessControl::GrantOnFile $INSTDIR "Everyone" "ReadAttributes" File ${ICOFILE} File VULKANRT_LICENSE.RTF File LICENSE.txt File ConfigLayersAndVulkanDLL.ps1 - StrCpy $1 10 + StrCpy $1 15 Call CheckForError # Add the signed uninstaller @@ -281,7 +303,7 @@ Section File "Uninstall${PRODUCTNAME}.exe" !endif - StrCpy $1 11 + StrCpy $1 20 Call CheckForError # Reference count the number of times we have been installed. @@ -349,7 +371,7 @@ Section WriteRegDword HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCTNAME}${PRODUCTVERSION}" "SystemComponent" 0 ${EndIf} - StrCpy $1 12 + StrCpy $1 25 Call CheckForError # Set up version number for file names @@ -374,14 +396,14 @@ Section SetOutPath $WINDIR\SysWow64 File /oname=vulkan-$FileVersion.dll ..\build32\loader\Release\vulkan-${VERSION_ABI_MAJOR}.dll File /oname=vulkaninfo-$FileVersion.exe ..\build32\demos\Release\vulkaninfo.exe - StrCpy $1 13 + StrCpy $1 30 Call CheckForError # 64-bit DLLs/EXEs ########################################## SetOutPath $WINDIR\System32 File /oname=vulkan-$FileVersion.dll ..\build\loader\Release\vulkan-${VERSION_ABI_MAJOR}.dll - StrCpy $1 14 + StrCpy $1 35 Call CheckForError # vulkaninfo.exe @@ -389,7 +411,7 @@ Section SetOutPath "$INSTDIR" File ..\build\demos\Release\vulkaninfo.exe File /oname=vulkaninfo32.exe ..\build32\demos\Release\vulkaninfo.exe - StrCpy $1 15 + StrCpy $1 40 Call CheckForError # Run the ConfigLayersAndVulkanDLL.ps1 script to copy the most recent version of @@ -400,7 +422,7 @@ Section ${If} $PsErr != 0 SetErrors ${EndIf} - StrCpy $1 16 + StrCpy $1 45 Call CheckForError # Else, running on a 32-bit OS machine @@ -410,14 +432,14 @@ Section ########################################## SetOutPath $WINDIR\System32 File /oname=vulkan-$FileVersion.dll ..\build32\loader\Release\vulkan-${VERSION_ABI_MAJOR}.dll - StrCpy $1 17 + StrCpy $1 50 Call CheckForError # vulkaninfo.exe File /oname=vulkaninfo-$FileVersion.exe ..\build32\demos\Release\vulkaninfo.exe SetOutPath "$INSTDIR" File ..\build32\demos\Release\vulkaninfo.exe - StrCpy $1 18 + StrCpy $1 55 Call CheckForError # Run the ConfigLayersAndVulkanDLL.ps1 script to copy the most recent version of @@ -428,7 +450,7 @@ Section ${If} $PsErr != 0 SetErrors ${EndIf} - StrCpy $1 19 + StrCpy $1 60 Call CheckForError ${Endif} @@ -465,15 +487,15 @@ Section # If either x86 or x64 redistributables are not present, install redistributables. # We install both resdistributables because we have found that the x86 redist # will uninstall the x64 redist if the x64 redistrib is an old version. Amazing, isn't it? - SetOutPath "$TEMP" + SetOutPath "$TEMP\VulkanRT" ${If} ${RunningX64} File vcredist_x64.exe - ExecWait '"$TEMP\vcredist_x64.exe" /quiet /norestart' + ExecWait '"$TEMP\VulkanRT\vcredist_x64.exe" /quiet /norestart' ${Endif} File vcredist_x86.exe - ExecWait '"$TEMP\vcredist_x86.exe" /quiet /norestart' + ExecWait '"$TEMP\VulkanRT\vcredist_x86.exe" /quiet /norestart' ${Endif} - StrCpy $1 20 + StrCpy $1 65 Call CheckForError SectionEnd @@ -495,7 +517,7 @@ Section "uninstall" ReadRegStr $0 HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${PRODUCTNAME}${PRODUCTVERSION}" "InstallDir" StrCpy $IDir $0 - StrCpy $1 21 + StrCpy $1 70 Call un.CheckForError SetOutPath "$IDir" @@ -616,7 +638,7 @@ Section "uninstall" Delete /REBOOTOK "$IDir\vulkaninfo32.exe" ${EndIf} - StrCpy $1 22 + StrCpy $1 75 Call un.CheckForError # Need to do a SetOutPath to something outside of install dir, @@ -624,7 +646,8 @@ Section "uninstall" SetOutPath "$TEMP" # Remove install directories - Rmdir /REBOOTOK "$IDir" + StrCpy $0 "$IDir" + Call un.DeleteDirIfEmpty StrCpy $0 "$PROGRAMFILES\${PRODUCTNAME}" Call un.DeleteDirIfEmpty ClearErrors @@ -643,9 +666,13 @@ Section "uninstall" ${Endif} - StrCpy $1 23 + StrCpy $1 80 Call un.CheckForError + # Remove temp dir + SetOutPath "$TEMP" + RmDir /R "$TEMP\VulkanRT" + SectionEnd !endif @@ -688,15 +715,15 @@ Function CheckForError # Copy the uninstaller to a temp folder of our own creation so we can completely # delete the old contents. - SetOutPath "$TEMP\tempun" - CopyFiles "$INSTDIR\Uninstall${PRODUCTNAME}.exe" "$TEMP\tempun" + SetOutPath "$TEMP\VulkanRT" + CopyFiles "$INSTDIR\Uninstall${PRODUCTNAME}.exe" "$TEMP\VulkanRT" # No uninstall using the version in the temporary folder. - ExecWait '"$TEMP\tempun\Uninstall${PRODUCTNAME}.exe" /S _?=$INSTDIR' + ExecWait '"$TEMP\VulkanRT\Uninstall${PRODUCTNAME}.exe" /S _?=$INSTDIR' # Delete the copy of the uninstaller we ran - Delete /REBOOTOK "$TEMP\tempun\Uninstall${PRODUCTNAME}.exe" - RmDir /R /REBOOTOK "$TEMP\tempun" + Delete /REBOOTOK "$TEMP\VulkanRT\Uninstall${PRODUCTNAME}.exe" + RmDir /R /REBOOTOK "$TEMP\VulkanRT" # Set an error message to output SetErrorLevel $1 diff --git a/windowsRuntimeInstaller/README.txt b/windowsRuntimeInstaller/README.txt index 62fc02f..73f8254 100644 --- a/windowsRuntimeInstaller/README.txt +++ b/windowsRuntimeInstaller/README.txt @@ -1,14 +1,17 @@ This folder contains the files required for building the Windows Vulkan Runtime Installer Package. -To build the Installer: +To build the Vulkan Runtime Installer: 1. Install Nullsoft Install System version 3.0b1 or greater. (Available from http://nsis.sourceforge.net/Download.) - 2. Build Vulkan LoaderAndTools as described in ../BUILD.md. + 2. Install the NSIS AccessControl plug-in. (Available from + http://nsis.sourceforge.net/AccessControl_plug-in.) - 3. Edit the InstallerRT.nsi file in this folder and modify the following + 3. Build Vulkan-LoaderAndValidationLayers as described in ../BUILD.md. + + 4. Edit the InstallerRT.nsi file in this folder and modify the following lines to match the version of the Windows Vulkan Runtime you wish to build: @@ -19,14 +22,14 @@ To build the Installer: !define VERSION_BUILDNO !define PUBLISHER - 4. Edit the CreateInstaller.sh file and replace SIGNFILE with your + 5. Edit the CreateInstaller.sh file and replace SIGNFILE with your command and necessary args for signing an executable. If you don't wish to sign the uninstaller, you can comment out that line. - 5. Run the CreateInstaller.sh script from a Cygwin bash command prompt. - The Windows Vulkan Runtime Installer package file will be created in - this folder. The name of the installer file is - VulkanRT--Installer.exe. + 6. Run the CreateInstaller.sh script from a Cygwin bash command prompt. + The Cygwin bash shell must be running as Administrator. The Windows + Vulkan Runtime Installer package file will be created in this folder. + The name of the installer file is VulkanRT--Installer.exe. Some notes on the behavior of the Windows Vulkan Runtime Installer: