5.4 KiB
Purpose
We're going to be looking at how to create a server setup file that doesn't trigger any prompts that aren't user friendly. This setup file will contain another signed file that will launch a basic web server. The setup file will create the server file and a firewall rule for the server file. We will be building two files (setup.go
and server.go
) separately .
The Server File
We're creating our web server file, building it and signing the application.
Creating the Server File
First of all, you'll want to install Golang: https://golang.org/dl/ Then you'll want to install goversioninfo by running the following in a command prompt:
go get github.com/josephspurrier/goversioninfo/cmd/goversioninfo
This will allow us to set the name of the program, version, publisher name, etc.
Download server.go
by running the following in a command prompt:
# Download the server file.
powershell -Command Invoke-WebRequest -OutFile server.go https://git.rootprojects.org/josh/code-signing-final/raw/branch/master/All/server.go
# Then generate the configuration by running the following in a command prompt:
go generate
This will create a configuration file named versioninfo.json
in the current directory. There are three things you will want to edit: 1. The version of the application, 2. The "publisher" or company name and 3. The product name.
Near the top of the file, you will see FileVersion
and ProductVersion
.
You can set normal major, minor, patch and build versions for those values. The FileVersion
is the version of the file and ProductVersion
is the version of the application as a whole. You can most likely use the same version for both unless you're doing something unusual. You will set the same values again under StringFileInfo
.
Next, you can set the "publisher name" by filling in the CompanyName
value with the name of your organization.
Lastly, you can give your application a name, like "Go Web Server" under the ProductName
value.
# Next, build your server app.
go build -o server.exe -ldflags "-s -w -H=windowsgui"
You will want to sign your application, the next section will show you how.
Signing the Setup File
Getting a Code Signing Certificate
Be aware that you will likely need to create a Dun & Bradstreet listing to get an "organization" code-signing certificate: https://www.dandb.com/businessdirectory/products/ (this is free)
You can purchase a code-signing certificate here: https://cheapsslsecurity.com/comodo/codesigningcertificate.html The validation process will take 1-3 business days if your information is correct and you give them your D-U-N-S (Dun & Bradstreet) number. After you receive an email containing a link to the certificate, follow these directions in the exact same browser as the one you used to request the certificate : https://cheapsslsecurity.com/downloads.aspx?ispdf=true&iscs=true&filenm=Comodo_Code_Signing_Collection_Guide.pdf
Signing the File
Next, you will need to install Visual Studio. You can download Visual Studio here: https://visualstudio.microsoft.com/thank-you-downloading-visual-studio/?sku=Community
In the install process, you will be greeted with this screen:
Choose the "Universal Windows Platform Development" workload. After you have finished installing Visual Studio, open a "Developer Command Prompt for VS".
# Sign a file with your certificate.
SignTool sign /t http://timestamp.comodoca.com /f codesigning.p12 /p <Password> server.exe
You should see something like this:
The Setup File
Now we're going to create the setup file that will create the firewall rule we need and "create" the server file for us.
Firewall Rule
# Download the server file.
powershell -Command Invoke-WebRequest -OutFile setup.go https://git.rootprojects.org/josh/code-signing-final/raw/branch/master/All/setup.go
# And the manifest file to allow it to have administrator privileges.
powershell -Command Invoke-WebRequest -OutFile setup.exe.manifest https://git.rootprojects.org/josh/code-signing-final/raw/branch/master/All/setup.exe.manifest
Rename server.go
to server.go_
Put the Server File In the Setup File
We need to install fileb0x
to be able to store our server file (server.exe
) in our setup file (setup.exe
).
# Install fileb0x
go get -u github.com/UnnoTed/fileb0x
Download a pre-made configuration file by running this in the command prompt:
# Download the config file.
powershell -Command Invoke-WebRequest -OutFile b0x.json https://git.rootprojects.org/josh/code-signing-final/raw/branch/master/All/b0x.json
# Create a fileb0x
fileb0x b0x.json
This will create a folder named static
with a file in it. You will then need to copy that folder to your $GOPATH/src/
(usually C:\Users\<Username>\go\src\
).
# Build the setup application.
go build -o setup.exe -ldflags "-s -w -H=windowsgui"
Refer back to the instructions on How to Sign a File to sign your setup file as well. Then you're done! Just run setup.exe
.
WIP: Service
Service: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/new-service?view=powershell-6 Credential seems to be what makes it admin or not: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.management/set-service?view=powershell-6