aboutsummaryrefslogtreecommitdiff
path: root/qga/installer
AgeCommit message (Collapse)Author
2023-08-02qga/win32: Use rundll for VSS installationKonstantin Kostiuk
The custom action uses cmd.exe to run VSS Service installation and removal which causes an interactive command shell to spawn. This shell can be used to execute any commands as a SYSTEM user. Even if call qemu-ga.exe directly the interactive command shell will be spawned as qemu-ga.exe is a console application and used by users from the console as well as a service. As VSS Service runs from DLL which contains the installer and uninstaller code, it can be run directly by rundll32.exe without any interactive command shell. Add specific entry points for rundll which is just a wrapper for COMRegister/COMUnregister functions with proper arguments. resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 fixes: CVE-2023-0664 (part 2 of 2) Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Reported-by: Brian Wiltse <brian.wiltse@live.com> (cherry picked from commit 07ce178a2b0768eb9e712bb5ad0cf6dc7fcf0158) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2023-03-30qga/win32: Remove change action from MSI installerKonstantin Kostiuk
Remove the 'change' button from "Programs and Features" because it does not checks if a user is an admin or not. The installer has no components to choose from and always installs everything. So the 'change' button is not obviously needed but can create a security issue. resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423 fixes: CVE-2023-0664 (part 1 of 2) Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com> Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com> Reported-by: Brian Wiltse <brian.wiltse@live.com> (cherry picked from commit 88288c2a51faa7c795f053fc8b31b1c16ff804c5) Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
2022-05-28qga/wixl: replace QEMU_GA_MSI_MINGW_BIN_PATH with glib bindirMarc-André Lureau
Use more conventional variables to set the location of pre-built DLL/bin. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com> Message-Id: <20220525144140.591926-15-marcandre.lureau@redhat.com>
2022-05-28qga/wixl: simplify some pre-processingMarc-André Lureau
Sadly, wixl doesn't have 'elif'. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com> Message-Id: <20220525144140.591926-14-marcandre.lureau@redhat.com>
2022-05-28qga/wixl: require Mingw_binMarc-André Lureau
No clear reason to make guesses here. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com> Message-Id: <20220525144140.591926-13-marcandre.lureau@redhat.com>
2022-05-28qga/wixl: prefer variables over environmentMarc-André Lureau
No need to setup an environment or to check if the variable is undefined manually. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com> Message-Id: <20220525144140.591926-12-marcandre.lureau@redhat.com>
2021-08-03qga-win/msi: fix missing libstdc++-6 DLL in MSI installerMichael Roth
libstdc++ is required for the qga-vss.dll that provides fsfreeze functionality. Currently it is not provided by the MSI installer, resulting in fsfreeze being disabled in guest environments where it has not been installed by other means. In the future this would be better handled via gcc-cpp ComponentGroup provided by msitools, but that would be better handled with a general rework of DLL dependency handling in the installer build. Keep it simple for now to fix this regression. Tested with Fedora 34 mingw build environment. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Kostiantyn Kostiuk <konstantin@daynix.com> Cc: Marc-André Lureau <marcandre.lureau@redhat.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02qemu-ga/msi: fix w32 libgcc nameGerd Hoffmann
This is what I find on my Fedora 34 mingw install. Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-08-21meson: convert qemu-gaPaolo Bonzini
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-03-24qga: Installer: Wait for installation to finishBasil Salman
Installation might fail if we don't wait for the provider unregisteration process to finish. Signed-off-by: Sameeh Jubran <sjubran@redhat.com> Signed-off-by: Basil Salman <basil@daynix.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2018-10-31qga-win: install service with --retry-path set by defaultMichael Roth
It's nicer from a management perspective that the agent can survive hotplug/unplug of the channel device, or be started prior to the installation of the channel device's driver without and still be able to resume normal function afterward. On linux there are alternatives like systemd to support this, but on w32 --retry-path is the only option so it makes sense to set it by default when installed as a w32 service. Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2018-07-03qga-win: Fixing msi upgrade disallow in WiX fileBishara AbuHattoum
Issue: When upgrading qemu-ga using the msi from an old version to a newer one, the upgrade is not allowed by the msi showing this error message "Another version of this product is already installed." BZ# 1536331: https://bugzilla.redhat.com/show_bug.cgi?id=1536331 Fix: For the upgrade to be allowed by the msi the WiX file must provide three things: 1. Changing product's Id. (assigning it to "*") 2. Constant product's UpgradeId. (exists) 3. Changing version. (exists) Reference: http://wixtoolset.org/documentation/manual/v3/howtos/updates/major_upgrade.html Signed-off-by: Bishara AbuHattoum <bishara@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2017-07-17qemu-ga: add missing libpcre to MSI buildThomas Lamprecht
glib depends on libpcre which was not shipped with the MSI, thus starting of the qemu-ga.exe failed with the respective error message. Tell WIXL to ship this library with the MSI to avoid this problem. Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com> CC: Stefan Weil <sw@weilnetz.de> CC: Michael Roth <mdroth@linux.vnet.ibm.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-04-07qga: Workaround for console redirection from non-interactive qemu-ga serviceYuri Pudgorodskiy
mingw-glib uses helper process to assist gspawn() api. There are two versions of helpers, one with main() and another with WinMain() startup routines. Whenever gspawn() detects consoleless environment (and qemu-ga is running in such environment as Win32 service), it chooses helper with main() instead of WinMain. It is done by name, e.g. gspawn-win32-helper-console.exe vs gspawn-win32-helper.exe Running console-aware application like any win32 console apps from main() crt initalized process results in redirection of stdout to console created in crt startup instead of parent-provided handle connected to subprocess pipe. Thus, stdout/stderr redirection do not work correctly. The patch makes WinMain()'s version of helper be used as the only helper shipped with qemu-ga package. Using only win32 helper ensures console is created before any redirection and fixes stdout/stderr redirection issue. Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2016-02-25qemu-ga: Fixed minor version switch issueLeonid Bloch
With automatically generated GUID, on minor version changes, an error occurred, stating that there is a problem with the installer. Now, a notification is shown, warning the user that another version of this product is already installed, and that configuration or removal of the existing version is possible through Add/Remove Programs on the Control Panel (expected behavior). Signed-off-by: Leonid Bloch <leonid@daynix.com> Reviewed-by: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-11-25qga: added another non-interactive gspawn() helper file.Yuri Pudgorodskiy
With previous commit we added gspawn-win64-helper-console.exe, required for gspawn() mingw implementation. Unfortunatly when running as a service without interactive desktop, gspawn() also requires another helper app. Added gspawn-win64-helper.exe and gspawn-win32-helper.exe for corresponding architectures. Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Michael Roth <mdroth@linux.vnet.ibm.com> * remove trailing whitespace Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-11-25qga: gspawn() console helper to Windows guest agent msi buildYuri Pudgorodskiy
This helper, gspawn-win64-helper-console.exe for 64-bit and gspawn-win32-helper-console.exe for 32-bit environment, is needed for gspawn() mingw implementation, used by guest-exec command. Without these files guest-exec command on Windows will not work with "file not found" diagnostic message. Signed-off-by: Yuri Pudgorodskiy <yur@virtuozzo.com> Signed-off-by: Denis V. Lunev <den@openvz.org> CC: Michael Roth <mdroth@linux.vnet.ibm.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01qemu-ga: Fixed paths issue with MSI buildLeonid Bloch
Previously, if building out-of-tree, the MSI build would fail since it wasn't able to find the needed files. Signed-off-by: Leonid Bloch <leonid@daynix.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> * fixed up commit msg formating Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01qemu-ga: Prevent QEMU-GA VSS provider from being unregistered on MSI reinstallLeonid Bloch
Previously, running the .msi would unregister the QEMU GA VSS service if QEMU GA was already installed on the machine, and then register it only if QEMU GA was NOT previously installed. This behavior caused the service to be registered only after the INITIAL installation, and any subsequent run of the .msi (to redo, repair, or upgrade the installation) ended in the service being unregistered. Now, the VSS service is still unregistered if QEMU GA is already installed (so that a fix or an update could be performed) but then it is registered again (if the GA is not being uninstalled) thus finishing the repair/upgrade correctly. Additionally, downgrading is now prevented. If a user would like to downgrade a version, he/she must uninstall the newer version first. Signed-off-by: Leonid Bloch <leonid@daynix.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01qemu-ga: Created a separate component for each installed file in the MSILeonid Bloch
This is done to follow the recommendations given here: https://msdn.microsoft.com/en-us/library/aa368269%28VS.85%29.aspx Signed-off-by: Leonid Bloch <leonid@daynix.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01qemu-ga: Minor cosmetic changes to the WXS fileLeonid Bloch
Signed-off-by: Leonid Bloch <leonid@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01qemu-ga: Fixed GUID capitalizationLeonid Bloch
For compatibility, all the letters in GUID should be capital. Signed-off-by: Leonid Bloch <leonid@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-09-01qemu-ga: Two MSI related cosmetic changesLeonid Bloch
Signed-off-by: Leonid Bloch <leonid@daynix.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
2015-06-17qemu-ga: Introduce Windows MSI scriptYossi Hindin
The script enables building Windows MSI installation package on Linux with wixl tool. Signed-off-by: Yossi Hindin <yhindin@redhat.com> Message-Id: <1430913460-13174-4-git-send-email-yhindin@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>