Updates to the tap-windows6 build system and documentation

README.rst

@@ -1,9 +1,8 @@
 TAP-Windows driver (NDIS 6)
 ===========================
 
-This is an NDIS 6 implementation of the TAP-Windows driver,
-used by OpenVPN and other apps.  NDIS 6 drivers can run on
-Windows Vista or higher.
+This is an NDIS 6 implementation of the TAP-Windows driver, used by OpenVPN and 
+other apps. NDIS 6 drivers can run on Windows Vista or higher.
 
 Build
 -----
@@ -13,11 +12,14 @@ To build, the following prerequisites are required:
 - Python 2.7
 - Microsoft Windows 7 WDK (Windows Driver Kit)
 - Windows code signing certificate
-- git (not strictly required, but useful for running commands using bundled bash shell)
+- Git (not strictly required, but useful for running commands using bundled bash shell)
 - Source code directory of **devcon** sample from WDK (optional)
 
-These instructions were tested on Windows 7 using the bash shell that is
-bundled with git.
+Make sure you add Python's install directory (usually c:\python27) to the PATH 
+environment variable.
+
+These instructions have been tested on Windows 7 using Git Bash, as well as on 
+Windows 2012 Server using Git Bash and Windows Powershell.
 
 View build script options::
 
@@ -26,38 +28,55 @@ View build script options::
 
   Options:
     -h, --help         show this help message and exit
-    -s SRC, --src=SRC  TAP-Windows top-level directory, default=c:\src\tap-
-                       windows6
+    -s SRC, --src=SRC  TAP-Windows top-level directory, default=<CWD>
     --ti=TAPINSTALL    tapinstall (i.e. devcon) source directory (optional)
     -d, --debug        enable debug build
     -c, --clean        do an nmake clean before build
     -b, --build        build TAP-Windows and possibly tapinstall (add -c to
                        clean before build)
     --cert=CERT        Common name of code signing certificate, default=openvpn
+    --crosscert=CERT   The cross-certificate file to use, default=MSCV-
+                       VSClass3.cer
+    --timestamp=URL    Timestamp URL to use, default=http://timestamp.verisign.c
+                       om/scripts/timstamp.dll
     -a, --oas          Build for OpenVPN Access Server clients
 
 Edit **version.m4** and **paths.py** as necessary then build::
 
   $ python buildtap.py -b
 
-On successful completion, all build products will be placed in
-the "dist" directory as well as tap6.tar.gz.
+On successful completion, all build products will be placed in the "dist" 
+directory as well as tap6.tar.gz.
 
 Install/Update/Remove
 ---------------------
 
+The driver can be installed using a command-line tool, devcon.exe, which is 
+bundled with OpenVPN and tap-windows installers. Note that in some versions of 
+OpenVPN devcon.exe is called tapinstall.exe. To install, update or remove the 
+tap-windows NDIS 6 driver follow these steps:
+
+- place devcon.exe/tapinstall.exe to your PATH
 - open an Administrator shell
 - cd to **dist**
 - cd to **amd64** or **i386** depending on your system's processor architecture.
 
 Install::
 
-  $ ./tapinstall install OemVista.inf TAP0901
+  $ tapinstall install OemVista.inf TAP0901
 
 Update::
 
-  $ ./tapinstall update OemVista.inf TAP0901
+  $ tapinstall update OemVista.inf TAP0901
 
 Remove::
 
-  $ ./tapinstall remove TAP0901
+  $ tapinstall remove TAP0901
+
+Notes on proxies
+----------------
+
+It is possible to build tap-windows6 without connectivity to the Internet but 
+any attempt to timestamp the driver will fail. For this reason configure your 
+outbound proxy server before starting the build. Note that the command prompt 
+also needs to be restarted to make use of new proxy settings.

buildtap.py

@@ -24,12 +24,12 @@ def __init__(self, opt):
 
         # driver signing options
         self.sign_cn = opt.cert
-        self.ms_cert = os.path.join(self.top, "MSCV-VSClass3.cer")
+        self.crosscert = os.path.join(self.top, opt.crosscert)
 
         self.inf2cat_cmd = os.path.join(self.ddk_path, 'bin', 'selfsign', 'Inf2Cat')
         self.signtool_cmd = os.path.join(self.ddk_path, 'bin', 'x86', 'SignTool')
 
-        self.timestamp_server="http://timestamp.verisign.com/scripts/timstamp.dll"
+        self.timestamp_server = opt.timestamp
 
     # split a path into a list of components
     @staticmethod
@@ -345,7 +345,7 @@ def inf2cat(self, x64):
     def sign(self, x64):
             self.system("%s sign /v /ac %s /s my /n %s /t %s %s" % (
                     self.signtool_cmd,
-                    self.ms_cert,
+                    self.crosscert,
                     self.sign_cn,
                     self.timestamp_server,
                     self.drvfile(x64, '.cat'),
@@ -374,8 +374,11 @@ def sign_verify(self, x64):
     # defaults
     src = os.path.dirname(os.path.realpath(__file__))
     cert = "openvpn"
+    crosscert = "MSCV-VSClass3.cer"
+    timestamp = "http://timestamp.verisign.com/scripts/timstamp.dll"
 
     op.add_option("-s", "--src", dest="src", metavar="SRC",
+
                   default=src,
                   help="TAP-Windows top-level directory, default=%s" % (src,))
     op.add_option("--ti", dest="tapinstall", metavar="TAPINSTALL",
@@ -389,6 +392,12 @@ def sign_verify(self, x64):
     op.add_option("--cert", dest="cert", metavar="CERT",
                   default=cert,
                   help="Common name of code signing certificate, default=%s" % (cert,))
+    op.add_option("--crosscert", dest="crosscert", metavar="CERT",
+	              default=crosscert,
+				  help="The cross-certificate file to use, default=%s" % (crosscert,))
+    op.add_option("--timestamp", dest="timestamp", metavar="URL",
+                  default=timestamp,
+                  help="Timestamp URL to use, default=%s" % (timestamp,))
     op.add_option("-a", "--oas", action="store_true", dest="oas",
                   help="Build for OpenVPN Access Server clients")
     (opt, args) = op.parse_args()