[View] [Edit] [Attachments] [History] [Home] [Changes] [Search] [Help]
Squeakland for Windows Vista (prototype)
Latest stuff (as of 1 March 2007)
Downloadable files are located on here
Note that this is for Japanesed version of Squeakland2005.
While NSIS itself and script is basically capable of multi language,
you might want to do following if you build regular squeakland kit:
- Replace image
- Strip DLL unused for other language then Japanese.
- Binary: SqueakPluginInstallerJ-070301-bin.zip
- Sources (NSIS script, updated VM and OCX, and Japanese version specific stuff including localized image and DLL)
To compile, you need:
VM (enhancement to 3.7.1)
Browser plugin for IE7
This stuff is based on "SqueakOCX2" (squeak-svn/trunk/platforms/win32/vm/Plugin/SqueakOCX2/).
You need to have VisualStudio2005 and Vista Win32 SDK to compile this.
Known Problems/Outstanding Work
- Plugin for Firefox/Netscape
- User documentation
- Testing against as many editions of Vista as possible (I can test with only Vista Business right now)
Technical Notes
Adjusting File Layout
Until now Squeakland release is assuming that users have write access under %ProgramFiles%\Squeak\plugins:
- Files dynamically created on first run:
- squeak.ini.
- crypt key file "squeak.keys" under %USERNAME% folder.
- Image. write access isn't usually needed, but sometimes you want to have.
It seldom makes problem, because "admin user" is used in typical usage.
But this not the case with Windows Vista because of UAC (User Account Control) feature. In UAC enabled environment even users logged in as admin don't have write access to "system folder".
Adjusting file layout and make it comply to vista convention is needed, to make squeak work on Vista out of the box.
Note:
Some field folks experienced problems even with XP in security hardered setting where priviledges are stripped from users, and they did some workaround. So similar adjustment for even old versions of windows might make them happy.
To make it work in the protected mode of IE7 on Vista
IE7 on Vista have introduced new security feature "protected mode".
In that mode many restrictions are applied to ActiveX and our squeakocx.DLL don't work. So I have developed modified version for Vista, based on squeakocx2.
- Browser plugin and Squeak VM communicate each other by Windows message and unnamed pipe. To make that mechanism works in protected mode, plugin must launch VM with same integrity level as IE process. i.e. If browser is in protected mode, VM is launched as low integrity process.
- Only Writable location for "Low integrity process" in protected mode is under %APPDATA%\LocalLow = C:\Users\(user)\Application Data\Local"Low. This means for squeak that untrustedUserDirectory have to be changed dynamically according to mode of IE. The updated squeakocx2 uses "-lowRights" option for squeak.exe to switch untrsutedUserDirectory.
Notes:
- Because of this behavior, you might want to turn off protection mode even if squeak plugin works there.
- Other possible workaround might be always to use the "LocalLow" place even in non-plugin usage, but that place is too deep to be usefull.
Modification to Win32 VM (3.7.1)
- Environment variables in "SecureUserDirectory" of INI file will be expanded.
- By "IniFile" setting in [Grobal] section of INI file located at same place as VM (=root INI file), real settings can be delegated to INI file located in other place (=real INI file)
- By specifying "-lowRights" option in command line, untrustedUserDirectory is set as "UserDirectoryLow" setting in [Security] section of INI file. This option will be used only by browser OCX, so I think user documentation will not be needed (similar to hidden option like -browserWindow). Note environment variables in this setting will be expanded also.
- Change about how to treat image specified as command line argument
Modification to SqueakOCX2
- adjust project for VS2005
- sqWin32Plugin.c:
- HKLM\Software\Squeak is also used (for shared setting)
- "Image" setting is now assumed as full path.
- support for protected mode
- SqueakOCX2.rc: change version number
Modification to Installer
This stuff is based on japanese version of squeakland2005 installer
(http://metatoys.org/pub/sqland2005j/)
- "RequestExecutionLevel admin" is specified in NSIS script
- Installer understands windows version and do appropriate configuration. It will make exact same setting as traditional squeakland installer on pre-Vista.
- manifest is provided for squeak.exe. manifest is not embeded so that VM can be built without win32 SDK.
- INI file on Vista:
- install "real INI file" preconigured for vista file layout.
- install "root INI file" that forward to "real one".
- grant write access to "real INI file" to all users so that user can adjust setting easily. If you want to make security harder, you must adjust ACL setting explicitly.
- Registry Settings on Vista
- configure "Image" in HKLM\Software\Squeak and HKCU\Software\Squeak
- Image on Vista:
- file layout (see below)
- grant write access to all users. If you want to make security harder, you must adjust ACL setting explicitly.
- VM
- replaced with enhanced one. Its behavior is compatible to 3.7.1 and works OK for pre-Vista and will be installed commonly.
- Browser plugin DLL
- Updated squeakocx2.DLL will be installed for Vista. For pre-Vista, existing squeakocx.DLL will be installed.