- package: tis-fix-windows-update-w7
- name: Fix Windows 7 Updates
- version: 1.1-5
- categories: System and network
- maintainer: WAPT Team,Tranquil IT,Jimmy PELÉ
- target_os: windows
- architecture: x64
- signature_date:
- size: 117.91 Mo
package : tis-fix-windows-update-w7
version : 1.1-5
architecture : x64
section : base
priority : optional
name : Fix Windows 7 Updates
categories : System and network
maintainer : WAPT Team,Tranquil IT,Jimmy PELÉ
description : Fix issues related to Windows Update on W7 and WS2008 - 2019 SHA-2 Code Signing Support - A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider
depends :
conflicts :
maturity : PROD
locale :
target_os : windows
min_os_version : 6.1
max_os_version : 6.2
min_wapt_version : 1.7
sources :
installed_size :
impacted_process :
description_fr : Correction des problèmes de mise à jour sur Windows 7 et Serveur 2008 - signature du code SHA-2 2019 - Une chaîne de certificats a été traitée mais s’est terminée par un certificat racine qui n’est pas approuvé par le fournisseur d’approbation.
description_pl :
description_de :
description_es :
description_pt :
description_it :
description_nl :
description_ru :
audit_schedule :
editor :
keywords :
licence :
homepage :
package_uuid : a91b0c55-3cae-4416-a2ec-207b5ed5f6f1
valid_from :
valid_until :
forced_install_on :
changelog :
signer : Tranquil IT
signer_fingerprint: 8c5127a75392be9cc9afd0dbae1222a673072c308c14d88ab246e23832e8c6bb
signature : hVp8tGmfJUeOc0qUOJHMRhlATAHub3DU5lPj8xQWt4N500ZvCgjqv5U9NlKv8PkGoB+A/lYpQwfShIZ+6XMRqOZ4+xCzRW4OQZfmgYCpcXAS7Yi1Bt2tbMJi7f/fOi+JmYGBy43ds0juHvXDs3R9mEcAeUkHf7q2SM3KOAxfm5c/CUyTbziuTDpZbMnqiL5a1bNtZDkFB0xS4B9P4sOwXqPC9uBmnaJ4GxrkTQs3Do+3jDi3GbQxEloqoTnOaIP1GB1c4bCAzAoxN/N3hwm+jZJ+Ijtr2JQQXWYov7LjOeLP2bcgFioWwtEFAyvPP8THmzjqG+w95Aq4qCkzcRRDjQ==
signature_date : 2020-11-13T12:02:47.411797
signed_attributes : package,version,architecture,section,priority,name,categories,maintainer,description,depends,conflicts,maturity,locale,target_os,min_os_version,max_os_version,min_wapt_version,sources,installed_size,impacted_process,description_fr,description_pl,description_de,description_es,description_pt,description_it,description_nl,description_ru,audit_schedule,editor,keywords,licence,homepage,package_uuid,valid_from,valid_until,forced_install_on,changelog,signer,signer_fingerprint,signature_date,signed_attributes# -*- coding: utf-8 -*-
from setuphelpers import *
import platform
uninstallkey = []
# https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
# 2019-03 Servicing Stack Update for Windows 7 (KB4490628)
# 2019-09 Security Update for Windows 7 (KB4474419)
# 2020-01 Update for Windows 7 (KB4539602)
# Defining variables
url_dl_kb_list = ("http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/03/windows6.1-kb4490628-x64_d3de52d6987f7c8bdc2c015dca69eac96047c76e.msu", "http://download.windowsupdate.com/c/msdownload/update/software/secu/2019/09/windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu",
"http://download.windowsupdate.com/c/msdownload/update/software/updt/2020/01/windows6.1-kb4539602-x64_977d8a5421d03ba7ddd992ddf79175dddcfb90d4.msu")
kb_list = ("windows6.1-kb4490628-x64_d3de52d6987f7c8bdc2c015dca69eac96047c76e.msu", "windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu","windows6.1-kb4539602-x64_977d8a5421d03ba7ddd992ddf79175dddcfb90d4.msu")
ms_cert = 'MicrosoftRootCertificateAuthority2011.cer'
def install():
# Installing the required KBs
if windows_version(members_count=2) == WindowsVersions.Windows7:
with EnsureWUAUServRunning():
for kb_file in kb_list:
kb_id = kb_file.split('-')[1].replace('kb','').replace('KB','')
if not is_kb_installed(kb_id):
print('Installing: %s' % kb_file)
run('wusa.exe "%s" /quiet /norestart' % (kb_file),accept_returncodes=[0,3010,2359302,-2145124329],timeout=3600)
else:
print('%s is already installed' % kb_file)
# Adding Microsoft Root Certificate Authority to fix WUA
try:
run('"%s" -addstore "Root" "%s"' % (makepath(system32,'certutil.exe'),makepath(basedir,ms_cert)))
except:
print("WARNING: The certificate did not apply, you may need to apply it manually or with a GPO")
if is_pending_reboot():
print("A reboot is required.")
def update_package():
print('Downloading/Updating package content from upstream binary sources')
# Initializing variables
proxies = get_proxies()
if not proxies:
proxies = get_proxies_from_wapt_console()
version = control.version.split('-')[0]
# Downloading latest KBs
for dl_kb in url_dl_kb_list:
file_name = dl_kb.split('/')[-1]
if not isfile(file_name):
print('Downloading: %s' % file_name)
wget(dl_kb,file_name,proxies=proxies)
# Downloading MS cert
if not isfile(ms_cert):
print('Downloading: %s' % ms_cert)
wget('https://download.microsoft.com/download/2/4/8/248D8A62-FCCD-475C-85E7-6ED59520FC0F/MicrosoftRootCertificateAuthority2011.cer',ms_cert,proxies=proxies)
# Incrementing version of the package
control.version = '%s-%s'%(version,int(control.version.split('-')[-1])+1)
control.save_control_to_wapt()
print('Changing package version to: %s in WAPT\\control' % control.version)
def get_proxies():
import platform
if platform.python_version_tuple()[0] == '3':
from urllib.request import getproxies
else:
from urllib import getproxies
return getproxies()
def get_proxies_from_wapt_console():
proxies = {}
if platform.system() == 'Windows':
waptconsole_ini_path = makepath(user_local_appdata(), 'waptconsole', 'waptconsole.ini')
else:
waptconsole_ini_path = makepath(user_home_directory(), '.config', 'waptconsole', 'waptconsole.ini')
if isfile(waptconsole_ini_path):
proxy_wapt = inifile_readstring(waptconsole_ini_path, 'global', 'http_proxy')
if proxy_wapt:
proxies = {'http': proxy_wapt, 'https': proxy_wapt}
return proxies
def is_kb_installed(hotfixid):
"""Return True or False depending if a Windows update KB is installed.
"""
installed_update = installed_windows_updates()
if installed_update:
if [kb for kb in installed_update if kb['HotFixID'].upper() == hotfixid.upper()]:
return True
return False
def is_pending_reboot():
"""Return True or False depending if Windows is waiting for a reboot.
"""
if reg_key_exists(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') or \
reg_key_exists(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending') or \
reg_key_exists(HKEY_LOCAL_MACHINE,r'SOFTWARE\Microsoft\Updates\UpdateExeVolatile'):
return True
return False
847df6a78497943f27fc72eb93f9a637320a02b561d0a91b09e87a7807ed7c61 : MicrosoftRootCertificateAuthority2011.cer
91449c648d4dd560adb92f4ac2323c8498879d8b0a3bdaab7bc6a419c26d5b3e : setup.py
99312df792b376f02e25607d2eb3355725c47d124d8da253193195515fe90213 : windows6.1-kb4474419-v3-x64_b5614c6cea5cb4e198717789633dca16308ef79c.msu
8075f6d889bcb27be6f52ed47081675e5bb8a5390f2f5bfe4ec27a2bb70cbf5e : windows6.1-kb4490628-x64_d3de52d6987f7c8bdc2c015dca69eac96047c76e.msu
dfab68be1e2fd059a31264eba02b59717e2c96deba196ae7e920a63e4784ecd7 : windows6.1-kb4539602-x64_977d8a5421d03ba7ddd992ddf79175dddcfb90d4.msu
a5a97261381e1d0ad46ee15916abec9c2631d0201f5cc50ceb0197a165a0bbbf : WAPT/certificate.crt
c978f0666e4b4b62b84237eecaa5e1d46c71db543f88254a72f375bfe4467b30 : WAPT/control