ā¬†ļø ā¬‡ļø

We collect VirtualBox under Windows



Introduction



As most users of the Windows version of VirtualBox know (hereinafter - VB , not to be confused with Visual Basic), in release 4.3.14 the developers of this program added an additional protection mechanism called ā€œhardeningā€ (which can be translated as ā€œhardeningā€), which led to numerous VB compatibility issues with antivirus, crypto module drivers, and even individual updates of Windows itself, as a result of which virtual machines simply refuse to start. At best, the user has to wait about a month until the problem program, which he informs the developers, is taken into account in the next VB release. In the worst case, you will have to either delete the conflicting program (or system update), or roll back VB to version 4.3.12 - the last one that did not have this protection. Numerous suggestions to the developers to add a custom list of exceptions or an option that disables the entire protection are ignored. The only intelligible answer from their side is: ā€œif you don’t want protection, compile yourself from the sourcesā€. Well, have to do it.



Despite the fact that the assembly procedure is described on the official wiki, it is incomplete and in some ways outdated, and the assembly itself tries to give out strange errors. So when I finally made my way to the end of this procedure, I decided that its description deserves a separate article. The instruction is updated from time to time and is currently adapted for VB version 6.0.2, but if someone is interested in building an earlier version of VB or libraries, the information can be scratched from the revision history .



Content

Ā» Problem statement

Ā» A pair of warnings

Ā» Cooking environment

Ā» Features of installing programs

Ā» Finishing Touches

Ā» Putting VirtualBox

Ā» Epilogue

Ā» Add-ons



Formulation of the problem



Initially, I planned to simplify my task and get away with a minimal reassembly in order to install the official distribution and simply replace the binary files in it. However, it turned out that this approach will not work, since it does not take into account the use of system mechanisms for installing and registering drivers and COM components. It would be possible to try to understand the details and write an automating script, but I decided to aim a bigger game: to assemble a full-fledged distribution kit, as close as possible to the official one and differing from it only by the lack of hardening.

')

At once I will say that it was not possible to solve the problem 100%. The weak link was the guest add-ons, which in the official package are compiled under Windows (32-bit and 64-bit), Linux, Solaris and OS / 2. In the comments of the relevant Makefile it is indicated that the assembly is carried out remotely on different machines, and I did not smile at configuring such a set of virtual women. As a result, I decided to collect everything from the source codes, except for the add-ons, the ISO image of which I will just download from the Oracle server. I have not yet investigated the issue of the presence of hardening in the supplements, but even if it is there, I have not yet come across reports of the problems caused by it.



A pair of warnings



• security issues


About hardening it is known that they added it for a reason, and to close a certain VB vulnerability. Clearly talk about the essence of the vulnerability of Oracle flatly refuses, despite the fact that more than two years have passed since the fixation. Limited to only hints of "a very vulnerable Windows architecture, allowing the loading of third-party modules into foreign processes." The question of how other virtualization systems manage to work without such tricks (and indeed all programs in general) also remains unanswered. From the individual stingy phrases on the official forum, it was possible to extract information that the problem is connected with the elevation of privileges on the host machine, and that for this vulnerability VB there are actually used exploits. If this does not scare you, you can continue reading, but I warned you.



• Signing drivers


As you know, 64-bit Windows in the normal mode prohibits the loading of drivers that are not signed by a certificate with a trust chain leading to the Microsoft root certificate (and in Windows 10, drivers must be signed directly by Microsoft itself). Therefore, before compiling VB even for personal use, you need to think through a solution to this problem: either buy a certificate, or try to use driver signing services for Open Source developers (if they, of course, agree to sign a known vulnerable driver), or switch their Windows to test mode and use a self-signed test certificate.



Further, I will be guided by this last option, but I will indicate in the right places how the procedure will change if there is a full certificate (although I have not yet been able to figure out how to build with signing for Windows 10).



Cooking environment



Officially, Windows XP from XP SP3 to 7 is recommended as an assembly system. I did all the work in Windows 7 SP1 x64, but I think that there shouldn't be any problems with more modern versions. If you allocate a separate machine for assembly (real or virtual), keep in mind that it needs Internet access.



To create an assembly environment will require a rather large set of programs. If the program has a portable version, I use it, not the installer.



The following set of programs is supplied only as installers (at least officially). For Visual Studio and SDK / WDK, it is important to follow the installation procedure as outlined below. After installation, it is highly desirable to install updates via Windows Update with the option to support all Microsoft products enabled.



The remaining programs are downloaded as archives or source codes:



You will also need two archives:



Why is it all?
If you do not plan to build the same package as me, then some of the listed tools may not be required. Here I will briefly list the role they play.



  • SDK 8.1

    SDK version 7.1 will be used for the build, version 8.1 is required only for the SignTool utility: 7.1 does not support SHA-1 / SHA-256 double signing. If you have a computer with SDK version 8.1 or later installed, you can simply copy the signtool.exe utility from there (with all dependencies) and specify the appropriate path in the LocalConfig.kmk file (see below).
  • WiX

    This is a tool for creating MSI-installers. Although the final installer is an EXE file, inside it contains two MSI, so WiX is needed here. If you simply compile binaries, then this package is not needed.
  • SDL

    The front-end VBoxSDL.exe , a minimalist alternative to the standard VirtualBox.exe shell, is based on this library. If you do not need VBoxSDL, then maybe you can do without the SDL library, but I did not check it.
  • gSOAP

    This component is required to build the VB remote control service: VBoxWebSrv.exe . The absence of gSOAP is not a critical error, VB will successfully assemble without this service.
  • libvpx , libopus

    Video and audio codec used to record video from the virtual machine screen. If they are not available, VirtualBox is assembled and working correctly, and the recording function is simply ignored (although it shows the animation as if the recording is in progress).
  • Cygwin

    Required for building libvpx.
  • MiKTeX

    Using MiKTeX, the reference book is compiled in PDF format ( doc\UserManual.pdf ). The absence of MiKTeX is not a critical error; VB will successfully assemble without PDF documentation.
  • NASM

    This assembler will be used to build OpenSSL. An assembly without an external assembler is also supported, but with it a more optimal code will be created.


To make it easier to track potential sources of assembly problems, here is a summary table of all the tools with their versions and installation paths in the environment created by me. The designation ā€œ {x32|x64} ā€ indicates that the package is installed in two different directories for the 32-bit and 64-bit versions.
ProgramVersionInstallation path
Visual studio2010 ProfessionalC:\Program Files (x86)\Microsoft Visual Studio 10.0\
Sdk7.1C:\Program Files\Microsoft SDKs\Windows\v7.1\
Sdk8.1C:\Programs\DevKits\8.1\
WDK7.1.0C:\WinDDK\7600.16385.1\
ActivePerl5.26.1 Build 2601 x64C:\Programs\Perl\
ActivePython2.7.14.2717 x64C:\Programs\Python\
WiX3.11.1.2318C:\Programs\WiX\
Qt5.6.3C:\Programs\Qt\5.6.3-{x32|x64}\
MinGW-324.5.4C:\Programs\mingw32\
MinGW-644.5.4C:\Programs\mingw64\
Cygwin-C:\Programs\cygwin64\
SDL1.2.15C:\Programs\SDL\{x32|x64}\
cURL7.63.0C:\Programs\curl\{x32|x64}\
Openssl1.1.1aC:\Programs\OpenSSL\{x32|x64}\
gSOAP2.8.77C:\Programs\gSOAP\
libvpx1.7.0C:\Programs\libvpx\
libopus1.3C:\Programs\libopus\
MiKTeX Portable2.9.5719C:\Programs\MiKTeX\
NASM2.13.03 x64C:\Programs\nasm\
DocBook XML DTD4.5C:\Programs\DocBook\xml\
DocBook XSL Stylesheets1.69.1C:\Programs\DocBook\xsl\

Features of installation of programs



In this section, I provide instructions or instructions for individual packages where the procedure is not obvious or requires additional steps.



• Windows SDK v7.1
Installation may cause problems due to outdated versions of compilers and runtime: they cannot be installed on top of newer versions installed with VS 2010, and the installer considers this a critical error. You must either disable the corresponding checkboxes, or first remove packages from the system with names like "Microsoft Visual C ++ 2010 <arch> Redistributable" , "Microsoft Visual C ++ 2010 <arch> Runtime" , "Microsoft Visual C ++ Compilers ..." (SDK installs old versions of packages , and Windows Update will then update them to the latest).



Also note that for the final assembly of MSI packages you will need to install sample programs (Windows Native Code Development -> Samples): they include scripts that are used by assembly rules.



• Windows SDK v8.1
Just install the development tools (Windows Software Development Kit).



• WDK v7.1
It is enough to install only build environments (Build Environments).



• Perl
After installation, you need to install the Text::Template module, which is needed to build OpenSSL. This is done by the command:
 ppm install Text::Template 


• Qt 5.6.3
Beginning with Qt 5.7.0, support for assembling in MSVC versions below 2012 has been discontinued, so we use 5.6.x.

There are no official builds for Visual Studio 2010, so you must first build the library from the source code.



  1. Unpack the Qt source code archive into the C:\Programs\Qt\ directory and rename the resulting qt-everywhere-opensource-src-5.6.3 subdirectory to 5.6.3-src .
  2. Next we create the build-x32 directory in which the build will take place.
  3. Open the console, execute the following commands:
     cd /d C:\Programs\Qt\build-x32 SET QTVER=5.6.3 "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x86 /win7 COLOR 07 SET QTDIR=C:\Programs\Qt\%QTVER%-x32 SET PATH=%QTDIR%\bin;%PATH% SET QMAKESPEC=win32-msvc2010 
    The color command disables the green font color set by the SetEnv.Cmd script.
  4. Now run configure.bat from the 5.6.3-src directory. Since most Qt is not used in VB, you can speed up the build by disabling unnecessary components, but be aware that some VB options are very scrupulous. In particular, I came across the following:
    • OpenGL ES 2 is not supported (VB compilation cannot see some header files).
    • FreeType support must be enabled (without it, the qoffscreen plugin used in VB is not built).
    Here is the final team I used for myself:
     ..\5.6.3-src\configure.bat -prefix c:\Programs\Qt\5.6.3-x32 -mp -opensource -confirm-license -nomake tests -nomake examples -no-compile-examples -release -shared -pch -no-ltcg -accessibility -no-sql-sqlite -opengl desktop -no-openvg -no-nis -no-iconv -no-evdev -no-mtdev -no-inotify -no-eventfd -largefile -no-system-proxies -qt-zlib -qt-pcre -no-icu -qt-libpng -qt-libjpeg -qt-freetype -no-fontconfig -qt-harfbuzz -no-angle -incredibuild-xge -no-plugin-manifests -qmake -qreal double -rtti -strip -no-ssl -no-openssl -no-libproxy -no-dbus -no-audio-backend -no-wmf-backend -no-qml-debug -no-direct2d -directwrite -no-style-fusion -native-gestures -skip qt3d -skip qtactiveqt -skip qtandroidextras -skip qtcanvas3d -skip qtconnectivity -skip qtdeclarative -skip qtdoc -skip qtenginio -skip qtgraphicaleffects -skip qtlocation -skip qtmacextras -skip qtmultimedia -skip qtquickcontrols -skip qtquickcontrols2 -skip qtscript -skip qtsensors -skip qtserialbus -skip qtserialport -skip qtwayland -skip qtwebchannel -skip qtwebengine -skip qtwebsockets -skip qtwebview -skip qtx11extras -skip qtxmlpatterns 
  5. The specified installation directory (the -prefix option) Qt writes inside the source code during configuration, so the compiled library will remember this path. This leads to the fact that when you start the Qt-application, by default it will look for plug-ins along this path, and only if nothing is found, it will refer to its own directory. In most situations, this works correctly, but if suddenly on the target machine in the c:\Programs\Qt\5.6.3-x32 directory there appears a different Qt build (with different flags), then VB will crash when launched.

    There are two ways to avoid this: either add a qt.conf file with contents to the VB directory:
     [Paths] Plugins=. 
    or correct the settings saved in Qt so that it defaults to the program directory. I went the second way, so that the final installation of VB looked more accurate. To do this, open the file C:\Programs\Qt\build-x32\qtbase\src\corelib\global\qconfig.cpp , which was created by the configurator, to find a line like this:
     static const char qt_configure_prefix_path_str [512 + 12] = "qt_prfxpath=c:/Programs/Qt/5.6.3-x32"; 
    and replace there all the way to a point to get the following:
     static const char qt_configure_prefix_path_str [512 + 12] = "qt_prfxpath=."; 
    The Qt installation will still be executed in the directory specified earlier, because it is already saved in Makefiles. This change will only affect the behavior of Qt programs when they are started.
  6. Next, run the build command nmake
  7. Install the compiled library with the nmake install command


Now we open a new console and similarly compile and install the 64-bit version, only in directory names you need to replace ā€œx32ā€ with ā€œx64ā€, and the environment creation commands will look like this:
 cd /d C:\Programs\Qt\build-x64 SET QTVER=5.6.3 "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x64 /win7 COLOR 07 SET QTDIR=C:\Programs\Qt\%QTVER%-x64 SET PATH=%QTDIR%\bin;%PATH% SET QMAKESPEC=win32-msvc2010 


After the installation is completed, the build-x32 , build-x64 and 5.6.3-src directories can be deleted.



• MinGW
Archives of 32-bit and 64-bit versions are simply unpacked, each in its own directory.



• Cygwin
During installation, it is necessary to mark the make and yasm packages



• SDL
  1. Unpack the SDL two times in separate directories: C:\Programs\SDL\x32\ and C:\Programs\SDL\x64\ .
  2. We move all the contents of C:\Programs\SDL\x64\lib\x64\ to a higher level (in C:\Programs\SDL\x64\lib\ ), the directories C:\Programs\SDL\x64\lib\x86 and x64 deleted .
  3. Similarly for the 32-bit version: move the contents of C:\Programs\SDL\x32\lib\x86\ to a higher level, delete the C:\Programs\SDL\x32\lib\x86 and x64 directories.


• NASM
Unpack the nasm-2.13.03-win64.zip archive into C:\Programs\ , rename the resulting nasm-2.13.03 to nasm .



• OpenSSL
  1. Unpack the OpenSSL archive two times into the C:\Programs\OpenSSL\ directory, renaming the resulting subdirectory from openssl-1.1.1a , respectively, to openssl-1.1.1a-x32 and openssl-1.1.1a-x64 .
  2. Open the console, build and install the 32-bit version:
     "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x86 /win7 COLOR 07 set PATH=%PATH%;C:\Programs\nasm cd /d C:\Programs\OpenSSL\openssl-1.1.1a-x32\ perl Configure VC-WIN32 no-shared --prefix=C:\Programs\OpenSSL\x32 --openssldir=C:\Programs\OpenSSL\x32\ssl nmake nmake test nmake install 
    The configurator can give a scary message that, say, can not find the compiler. Do not pay attention, it is a little out of it.

    If you do not want to use NASM, remove the modification of the PATH variable from here and add the no-asm parameter to the Configure call.
  3. Open a new console, build and install the 64-bit version:
     "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x64 /win7 COLOR 07 set PATH=%PATH%;C:\Programs\nasm cd /d C:\Programs\OpenSSL\openssl-1.1.1a-x64\ perl Configure VC-WIN64A no-shared --prefix=C:\Programs\OpenSSL\x64 --openssldir=C:\Programs\OpenSSL\x64\ssl nmake nmake test nmake install 
    Denial of NASM is done similarly to the 32-bit version.
  4. The C:\Programs\OpenSSL\openssl-1.1.1a-x32 and openssl-1.1.1a-x64 can be deleted.


• cURL
  1. Extract the cURL archive to the C:\Programs\curl\ directory, rename the resulting subdirectory from curl-7.63.0 to curl-7.63.0-x32 .
  2. Open the file C:\Programs\curl\curl-7.63.0-x32\winbuild\MakefileBuild.vc in the editor, we find there in the area of ​​lines 61–69 a conditional block like
     !IF "$(VC)"=="6" CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /Gm /Zi /D_DEBUG /GZ CFLAGS = /I. /I../lib /I../include /nologo /W4 /wd4127 /GX /DWIN32 /YX /FD /c /DBUILDING_LIBCURL !ELSE CC_NODEBUG = $(CC) /O2 /DNDEBUG CC_DEBUG = $(CC) /Od /D_DEBUG /RTC1 /Z7 /LDd CFLAGS = /I. /I ../lib /I../include /nologo /W4 /wd4127 /EHsc /DWIN32 /FD /c /DBUILDING_LIBCURL !ENDIF 
    and add a line after it:
     CFLAGS = $(CFLAGS) /DCURL_DISABLE_LDAP 
    If this is not done, then when linking VB, link errors will come up.
  3. Open the file C:\Programs\curl\curl-7.63.0-x32\winbuild\gen_resp_file.bat , after the first line in it ( @echo OFF ) insert the command:
     cd . 
    This is a dummy command that does nothing, and its only task is to reset the ERRORLEVEL code. Otherwise, a situation may arise when this code is non-zero even before the batch file is started, and the batch file itself does not execute any commands that change the return code. As a result, nmake believes that the batch file returned an error and interrupts the build.
  4. Make a copy of the curl-7.63.0-x32 directory as curl-7.63.0-x64 .
  5. Open the console, collect the 32-bit version and copy the necessary files to the target directory:
     "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x86 /win7 COLOR 07 cd /d C:\Programs\curl\curl-7.63.0-x32\winbuild md C:\Programs\curl\x32 nmake /f Makefile.vc mode=static WITH_SSL=static DEBUG=no MACHINE=x86 SSL_PATH=C:\Programs\OpenSSL\x32 ENABLE_SSPI=no ENABLE_WINSSL=no ENABLE_IDN=no copy ..\builds\libcurl-vc-x86-release-static-ssl-static-ipv6\lib\libcurl_a.lib ..\..\x32\libcurl.lib xcopy /E ..\builds\libcurl-vc-x86-release-static-ssl-static-ipv6\include\curl ..\..\x32\include\curl\ 
  6. We assemble the 64-bit version by opening a new console and executing the commands:
     "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x64 /win7 COLOR 07 cd /d C:\Programs\curl\curl-7.63.0-x64\winbuild md C:\Programs\curl\x64 nmake /f Makefile.vc mode=static WITH_SSL=static DEBUG=no MACHINE=x64 SSL_PATH=C:\Programs\OpenSSL\x64 ENABLE_SSPI=no ENABLE_WINSSL=no ENABLE_IDN=no copy ..\builds\libcurl-vc-x64-release-static-ssl-static-ipv6\lib\libcurl_a.lib ..\..\x64\libcurl.lib xcopy /E ..\builds\libcurl-vc-x64-release-static-ssl-static-ipv6\include\curl ..\..\x64\include\curl\ copy ..\builds\libcurl-vc-x64-release-static-ssl-static-ipv6\bin\curl.exe ..\..\x64\curl.exe 
    Please note that, unlike the 32-bit version, here we also copy curl.exe , we will need it later to download the image of guest add-ons.
  7. You can delete the C:\Programs\curl\curl-7.63.0-x32 and curl-7.63.0-x64 .


• libvpx
  1. Extract the libvpx archive to the C:\Programs\libvpx-build\ directory.
  2. We start Cygwin, in it we will carry out configuration, assembly and installation of library. Visual Studio 2010 will be specified as the target platform. At the same time, the build system will try to automatically start the build, but will do it using msbuild.exe , which I could not get to work correctly in the existing environment. Instead, it turned out to be easier to launch a separate build by the Studio itself, since it allows you to work from the command line. However, you can perform this step using the graphical environment, if it is more familiar to someone, but in this case you will need to add the path C:\Programs\cygwin64\bin to the PATH variable (or otherwise specify it in the project), because there is an assembler, yasm.exe , needed for building. So, in the terminal Cygwin run the following commands:
     mkdir -p /cygdrive/c/Programs/libvpx-build/build32 cd /cygdrive/c/Programs/libvpx-build/build32 ../libvpx-1.7.0/configure --target=x86-win32-vs10 --disable-install-bins --disable-examples --disable-tools --disable-docs --prefix=../../libvpx make "/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 10.0/Common7/IDE/devenv.com" vpx.sln /Project vpx.vcxproj /Rebuild "Release|Win32" make install mkdir -p /cygdrive/c/Programs/libvpx-build/build64 cd /cygdrive/c/Programs/libvpx-build/build64 ../libvpx-1.7.0/configure --target=x86_64-win64-vs10 --disable-install-bins --disable-examples --disable-tools --disable-docs --prefix=../../libvpx make "/cygdrive/c/Program Files (x86)/Microsoft Visual Studio 10.0/Common7/IDE/devenv.com" vpx.sln /Project vpx.vcxproj /Rebuild "Release|x64" make install 
  3. We are closing the Cygwin terminal, we don’t need it anymore. The C:\Programs\libvpx-build can be deleted.


• libopus
  1. Unpack the opus archive in the C:\Programs\libopus-build\ directory, go to the opus-1.3\win32\VS2015 .
  2. The project is designed for a newer version of Visual Studio, and in 2010 it will not gather like that, you need to make a few edits. You can do this either through the IDE or in a regular text editor. I preferred the second way. So, open the opus.vcxproj file in the editor (we do not need the other projects) and perform the following manipulations:
    1. Find all the lines with the text
       <PlatformToolset>v140</PlatformToolset> 
      and change the version from v140 to v100 . If you are working in the IDE, then this option in the project settings is located on the Configuration Properties -> General page and is called ā€œPlatrofm Toolsetā€. Remember to select configurations and architectures in the drop-down lists at the top of the dialog.
    2. Next, find the block:
        <ItemDefinitionGroup> <ClCompile> 
      and add the tag there:
        <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> 
      In the Visual Studio project settings, this is done on the Configuration Properties -> C / C ++ -> General page by setting the ā€œDebug Information Formatā€ option in ā€œProgramDatabase (/ Zi)ā€. As a matter of fact, any other valid value from the list will do, the base of debug information does not interest us, just if the value is invalid, the project refuses to be collected.
  3. Now we assemble the Release configuration for both architectures (from the VS shell or from the command line) and copy the assembled library opus.lib and the include\ subdirectory into the target installation directory:
     cd /d C:\Programs\libopus-build\opus-1.3\win32\VS2015 md C:\Programs\libopus\lib\x64 md C:\Programs\libopus\lib\Win32 xcopy /EC:\Programs\libopus-build\opus-1.3\include C:\Programs\libopus\include\ "C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.com" opus.sln /Project opus.vcxproj /Rebuild "Release|x64" copy x64\Release\opus.lib C:\Programs\libopus\lib\x64\ "C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.com" opus.sln /Project opus.vcxproj /Rebuild "Release|Win32" copy Win32\Release\opus.lib C:\Programs\libopus\lib\Win32\ 
  4. The C:\Programs\libopus-build can be deleted.


• gSOAP
Open the archive, go to the gsoap-2.8\gsoap and unpack the contents of this subdirectory in C:\Programs\gSOAP\ . To build correctly with OpenSSL 1.1.x, version 2.8.41 or higher is required. For earlier versions, you will need to impose a special patch (author: Mattias Ellert ). You can do this manually (the format is fairly obvious: open the files in turn, delete the lines marked with minuses, and add the marked positives; the rest of the lines help define the context), or you can take the standard patch utility ported for Windows and set it up.



• MiKTeX
  1. Unpack the archive in C:\Programs\MiKTeX\
  2. Open the console and run the installation of additional modules:
     "C:\Programs\MiKTeX\miktex\bin\mpm.exe" --verbose --install=koma-script --install=ucs --install=tabulary --install=url --install=fancybox --install=fancyvrb --install=bera --install=charter --install=mptopdf 


• DocBook
To unpack the XML DTD, you need to create a separate directory and put all the files there. The archive with XSL Stylesheets already contains the required subdirectory, so it is enough just to unpack it and rename the resulting subdirectory.



Finishing touches



Preparation for the assembly is almost complete, there are a few steps. If you have not done this yet, you need to download the archive with the source codes of VirtualBox of the required version and unpack it in a convenient place. As a working directory, I chose C:\Devel\ ; I unpacked the source code archive into it and renamed the resulting directory to VirtualBox-src .



• Adding certificates
If you do not have a full-fledged certificate, then it is recommended to create at least a personal one (it is easier to load drivers with it than without a signature). To do this, open the console with elevated privileges and execute the following commands in it:
 "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x64 /win7 COLOR 07 makecert.exe -a sha1 -r -pe -ss my -n "CN=Roga and Kopyta Ltd" C:\Devel\testcert_1.cer makecert.exe -a sha256 -r -pe -ss my -n "CN=Roga and Kopyta Ltd" C:\Devel\testcert_256.cer certmgr.exe -add C:\Devel\testcert_1.cer -s -r localMachine root certmgr.exe -add C:\Devel\testcert_256.cer -s -r localMachine root 
The name for the certificates (ā€œRoga and Kopyta Ltdā€) and the path to the files can be chosen at your discretion. Since the names are the same, you will need to use a digital fingerprint to distinguish between certificates. Open the certificate management console (run certmgr.msc ), open the list of personal certificates there. Double click on the first of the certificates ā€œRoga and Kopyta Ltdā€, in the opened dialog go to the Details tab. The Signature algorithm will indicate the signature algorithm: sha256RSA or sha1RSA. Further, at the very end of the list there will be a Thumbprint field with a value in the form of a sequence of hexadecimal numbers. Copy this value somewhere. Repeat the same for the second certificate. Be sure to note which one was sha256 and which one was sha1. (A simpler solution would be to give different names to the certificates, but two different signatures will look unaesthetic.)



• Build xmllint
At one stage, you also need the xmllint program. I did not specify it in the list of requirements, because the necessary sources are already present in the archive VB. Assembly rules are not designed for automatic assembly of this utility, so it will have to be assembled separately. For the target directory, I selected C:\Programs\xmllint .
  1. Copy the contents of the directory C:\Devel\VirtualBox-src\src\libs\libxml2-2.9.4 to C:\Programs\libxml2-2.9.4\ (it is necessary that the intermediate object files do not interfere with the assembly of the VB itself).
  2. Open the console and execute the commands:
     "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x64 /win7 COLOR 07 cd /d C:\Programs\libxml2-2.9.4\win32 cscript.exe configure.js cruntime=/MT prefix=C:\Programs\xmllint iconv=no nmake /f Makefile.msvc nmake /f Makefile.msvc install 
  3. Delete the C:\Programs\libxml2-2.9.4 .


• Various VB edits
Before proceeding with the assembly, we still need to make some changes to the source code of VirtualBox itself. Since there are quite a lot of them, I decided to put them into a separate patch, which you can simply completely impose on the source tree; You can get the file here . Below I give details of what changes were made and why. So, go to the directory C:\Devel\VirtualBox-src and start:
  1. Open the configure.vbs file, do the following bullying with it:
    • Find the code:
       if Shell(DosSlashes(strPathVC & "/bin/cl.exe"), True) <> 0 then 
      and replace with the following:
       if Shell(DosSlashes(strPathVC & "/bin/cl.exe") & " /?", True) <> 0 then 
      This piece is responsible for finding and checking the compiler, but does not take into account that calling cl.exe without arguments returns an error (which is treated as an inappropriate compiler). Adding the " /? »Asks for help, and the return code is no longer erroneous.
    • Now go to the CheckForMinGW32Sub function. 32- MinGW 3.3.3. 4.5.4, / , ( CheckForMinGWw64Sub , ):
       function CheckForMinGW32Sub(strPathMingW32, strPathW32API) g_strSubOutput = "" if strPathW32API = "" then strPathW32API = strPathMingW32 LogPrint "trying: strPathMingW32=" &strPathMingW32 & " strPathW32API=" & strPathW32API if LogFileExists(strPathMingW32, "bin/gcc.exe") _ And LogFileExists(strPathMingW32, "bin/ld.exe") _ And LogFileExists(strPathMingW32, "bin/objdump.exe") _ And LogFileExists(strPathMingW32, "bin/dllwrap.exe") _ And LogFileExists(strPathMingW32, "bin/dlltool.exe") _ And LogFileExists(strPathMingW32, "bin/as.exe") _ And LogFileExists(strPathMingW32, "include/bfd.h") _ And LogFileExists(strPathMingW32, "lib32/libgcc_s.a") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/lib/dllcrt1.o") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/lib/dllcrt2.o") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/lib/libmsvcrt.a") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/lib/libmsvcr100.a") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/include/_mingw.h") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/include/stdint.h") _ And LogFileExists(strPathMingW32, "i686-w64-mingw32/include/windows.h") _ then if Shell(DosSlashes(strPathMingW32 & "/bin/gcc.exe") & " -dumpversion", True) = 0 then dim offVer, iMajor, iMinor, iPatch, strVer ' extract the version. strVer = Trim(Replace(Replace(g_strShellOutput, vbCr, ""), vbLf, "")) if (Mid(strVer, 2, 1) = ".") _ And (Mid(strVer, 4, 1) = ".") then iMajor = Int(Left(strVer, 1)) ' Is Int() the right thing here? I want atoi()!!! iMinor = Int(Mid(strVer, 3, 1)) iPatch = Int(Mid(strVer, 5)) else LogPrint "Malformed version: '" & strVer & "'" strVer = "" end if if strVer <> "" then if (iMajor = 4) And (iMinor >= 4) then CheckForMinGW32Sub = True g_strSubOutput = strVer else LogPrint "MinGW32 version '" & iMajor & "." & iMinor & "." & iPatch & "' is not supported (or configure.vbs failed to parse it correctly)." end if else LogPrint "Couldn't locate the GCC version in the output!" end if else LogPrint "Failed to run gcc.exe!" end if end if end function 
    • , CheckForCurlSub , — :
        if LogFileExists(strPathCurl, "include/curl/curl.h") _ And LogFindFile(strPathCurl, "libcurl.dll") <> "" _ And LogFindFile(strPathCurl, "libcurl.lib") <> "" _ 
      libcurl, , DLL-, . , , libcurl.dll , :
        if LogFileExists(strPathCurl, "include/curl/curl.h") _ And LogFindFile(strPathCurl, "libcurl.lib") <> "" _ 
    • CheckForPython , VBOX_BLD_PYTHON :
        CfgPrint "VBOX_BLD_PYTHON := " & strPathPython & "\python.exe" 
      python.exe : "/python.exe" ( ; , , ).
    • Windows- libvpx libopus, . , , , , , . - ; CheckForQt , :
       '' ' Checks for libvpx sub CheckForVpx(strOptVpx) dim strPathVpx, str strVpx = "libvpx" PrintHdr strVpx if strOptVpx = "" then MsgError "Invalid path specified!" exit sub end if if g_strTargetArch = "amd64" then strVsBuildArch = "x64" else strVsBuildArch = "Win32" end if strLibPathVpx = "lib/" & strVsBuildArch & "/vpxmd.lib" strPathVpx = "" if LogFileExists(strOptVpx, "include/vpx/vpx_encoder.h") _ And LogFileExists(strOptVpx, strLibPathVpx) _ then strPathVpx = UnixSlashes(PathAbs(strOptVpx)) CfgPrint "SDK_VBOX_VPX_INCS := " & strPathVpx & "/include" CfgPrint "SDK_VBOX_VPX_LIBS := " & strPathVpx & "/" & strLibPathVpx else MsgError "Can't locate " & strVpx & ". " _ & "Please consult the configure.log and the build requirements." exit sub end if PrintResult strVpx, strPathVpx end sub '' ' Checks for libopus sub CheckForOpus(strOptOpus) dim strPathOpus, str strOpus = "libopus" PrintHdr strOpus if strOptOpus = "" then MsgError "Invalid path specified!" exit sub end if if g_strTargetArch = "amd64" then strVsBuildArch = "x64" else strVsBuildArch = "Win32" end if strLibPathOpus = "lib/" & strVsBuildArch & "/opus.lib" strPathOpus = "" if LogFileExists(strOptOpus, "include/opus.h") _ And LogFileExists(strOptOpus, strLibPathOpus) _ then strPathOpus = UnixSlashes(PathAbs(strOptOpus)) CfgPrint "SDK_VBOX_OPUS_INCS := " & strPathOpus & "/include" CfgPrint "SDK_VBOX_OPUS_LIBS := " & strPathOpus & "/" & strLibPathOpus else MsgError "Can't locate " & strOpus & ". " _ & "Please consult the configure.log and the build requirements." exit sub end if PrintResult strOpus, strPathOpus end sub 
      usage , , :
        Print " --with-libvpx=PATH " Print " --with-libopus=PATH " 
      Main , , (, strOptMkisofs ):
        strOptVpx = "" strOptOpus = "" 
      select-case , , , --with-mkisofs :
        case "--with-libvpx" strOptVpx = strPath case "--with-libopus" strOptOpus = strPath 
      , , , , if g_blnInternalMode then :
        CheckForVpx strOptVpx CheckForOpus strOptOpus 
  2. src\VBox\Runtime\Makefile.kmk , VBoxRT_LIBS.win VBoxRT-x86_LIBS.win crypt32.lib bcrypt.lib :
     VBoxRT_LIBS.win = \ $(PATH_SDK_$(VBOX_WINDDK)_LIB)/vccomsup.lib \ $(PATH_SDK_$(VBOX_WINDDK)_LIB)/wbemuuid.lib \ $(PATH_TOOL_$(VBOX_VCC_TOOL)_LIB)/delayimp.lib 
    :
     VBoxRT_LIBS.win = \ $(PATH_SDK_$(VBOX_WINDDK)_LIB)/vccomsup.lib \ $(PATH_SDK_$(VBOX_WINDDK)_LIB)/wbemuuid.lib \ $(PATH_TOOL_$(VBOX_VCC_TOOL)_LIB)/delayimp.lib \ $(PATH_SDK_$(VBOX_WINPSDK)_LIB)/crypt32.lib \ $(PATH_SDK_$(VBOX_WINPSDK)_LIB)/bcrypt.lib 
    ( delayimp.lib !); :
     VBoxRT-x86_LIBS.win = \ $(PATH_SDK_$(VBOX_WINDDK)_LIB.x86)/vccomsup.lib \ $(PATH_SDK_$(VBOX_WINDDK)_LIB.x86)/wbemuuid.lib \ $(PATH_TOOL_$(VBOX_VCC_TOOL_STEM)X86_LIB)/delayimp.lib 
    :
     VBoxRT-x86_LIBS.win = \ $(PATH_SDK_$(VBOX_WINDDK)_LIB.x86)/vccomsup.lib \ $(PATH_SDK_$(VBOX_WINDDK)_LIB.x86)/wbemuuid.lib \ $(PATH_TOOL_$(VBOX_VCC_TOOL_STEM)X86_LIB)/delayimp.lib \ $(PATH_SDK_$(VBOX_WINPSDK)_LIB.x86)/crypt32.lib \ $(PATH_SDK_$(VBOX_WINPSDK)_LIB.x86)/bcrypt.lib 
    VBoxRT.dll . : Oracle crypt32.dll , , , , LIB- . , . . bcrypt.dll OpenSSL 1.1.1.
  3. gSOAP 2.8.45 , src\VBox\Runtime\r3\win\VBoxRT-openssl-1.1plus.def , - :
     X509_STORE_set_flags 
    ( X509_VERIFY_PARAM_set_flags ). , VBoxRT.dll . gSOAP 2.8.45 X509_STORE_set_flags() , VBoxRT , OpenSSL - , OpenSSL , VBoxRT . .
  4. , , ISO- . VB , , ISO- . , src\VBox\Makefile.kmk , :
      ifdef VBOX_WITH_ADDITIONS include $(PATH_SUB_CURRENT)/Additions/Makefile.kmk endif 
    :
      ifndef VBOX_WITHOUT_ADDITIONS_ISO $(VBOX_PATH_ADDITIONS_ISO)/VBoxGuestAdditions.iso: $(QUIET)$(MKDIR) -p $(@D) $(VBOX_RETRY) $(TOOL_CURL_FETCH) http://download.virtualbox.org/virtualbox/$(VBOX_VERSION_STRING_RAW)/VBoxGuestAdditions_$(VBOX_VERSION_STRING_RAW).iso -o $@ endif 
    , , , - .
  5. 6.0, - , . , Oracle, , , , - . , . doc\manual\Makefile.kmk :
     define def_vbox_refentry_to_user_sect1 $$(VBOX_PATH_MANUAL_OUTBASE)/$(1)/user_$(2): $(3) \ $$(VBOX_PATH_MANUAL_SRC)/docbook-refentry-to-manual-sect1.xsl \ $$(VBOX_XML_CATALOG) $$(VBOX_XML_CATALOG_DOCBOOK) $$(VBOX_XML_CATALOG_MANUAL) \ $$(VBOX_VERSION_STAMP) | $$(dir $$@) $$(call MSG_TOOL,xsltproc $$(notdir $$(filter %.xsl,$$^)),,$$(filter %.xml,$$^),$$@) $$(QUIET)$$(RM) -f "$$@" $$(QUIET)$$(call VBOX_XSLTPROC_WITH_CAT) --output $$@ $$(VBOX_PATH_MANUAL_SRC)/docbook-refentry-to-manual-sect1.xsl $$< endef 
    $$(RM) :
      $$(QUIET)$$(MKDIR) -p "$$(@D)" 
    ( , !) , - .



    doc\manual\Config.kmk , :
      VBOX_FILE_URL_MAYBE_SLASH = $(if $(eq $(KBUILD_HOST),win),/,) 
    , , :
      VBOX_PATH_MANUAL_SRC_SLASHED = $(subst :/,:///,$(VBOX_PATH_MANUAL_SRC)) VBOX_PATH_MANUAL_OUTBASE_SLASHED = $(subst :/,:///,$(VBOX_PATH_MANUAL_OUTBASE)) 
    :
      $(VBOX_XML_CATALOG): $(MAKEFILE_CURRENT) | $$(dir $$@) $(call MSG_L1,Creating catalog $@) $(QUIET)$(APPEND) -tn "$@" \ '<?xml version="1.0"?>' \ '<!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd">' \ '<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">' \ ' <delegatePublic publicIdStartString="-//OASIS/ENTITIES DocBook XML" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegatePublic publicIdStartString="-//OASIS/DTD DocBook XML" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegateSystem systemIdStartString="http://www.oasis-open.org/docbook/" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegateURI uriStartString="http://www.oasis-open.org/docbook/" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegateSystem systemIdStartString="$(VBOX_PATH_MANUAL_SRC)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="$(VBOX_PATH_MANUAL_SRC)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_PATH_MANUAL_SRC)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="$(VBOX_PATH_MANUAL_OUTBASE)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ '</catalog>' 
    , VBOX_PATH_MANUAL_SRC VBOX_PATH_MANUAL_OUTBASE , (, file:// , ). :
      $(VBOX_XML_CATALOG): $(MAKEFILE_CURRENT) | $$(dir $$@) $(call MSG_L1,Creating catalog $@) $(QUIET)$(APPEND) -tn "$@" \ '<?xml version="1.0"?>' \ '<!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd">' \ '<catalog xmlns="urn:oasis:names:tc:entity:xmlns:xml:catalog">' \ ' <delegatePublic publicIdStartString="-//OASIS/ENTITIES DocBook XML" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegatePublic publicIdStartString="-//OASIS/DTD DocBook XML" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegateSystem systemIdStartString="http://www.oasis-open.org/docbook/" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegateURI uriStartString="http://www.oasis-open.org/docbook/" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_DOCBOOK)"/>' \ ' <delegateSystem systemIdStartString="$(VBOX_PATH_MANUAL_SRC)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateSystem systemIdStartString="$(VBOX_PATH_MANUAL_SRC_SLASHED)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="$(VBOX_PATH_MANUAL_SRC)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="$(VBOX_PATH_MANUAL_SRC_SLASHED)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_PATH_MANUAL_SRC)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="$(VBOX_PATH_MANUAL_OUTBASE)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ ' <delegateURI uriStartString="$(VBOX_PATH_MANUAL_OUTBASE_SLASHED)" catalog="file://$(VBOX_FILE_URL_MAYBE_SLASH)$(VBOX_XML_CATALOG_MANUAL)"/>' \ '</catalog>' 
    , :
      $(VBOX_XML_CATALOG_MANUAL): $(MAKEFILE_CURRENT) | $$(dir $$@) 
    . , , common/ , ( uri ), file://$(VBOX_FILE_URL_MAYBE_SLASH) .
  6. VB , ( /IntegrityCheck ). , . — VB ( ). Config.kmk , ( «» - LocalConfig.kmk ; . ). .
    • VBOX_INTEGRITY_CHECK , . define VBOX_RE_SIGN_DLL_INTERNAL_FN :
       if defined(VBOX_SIGNING_MODE) && defined(VBOX_CROSS_CERTIFICATE_FILE) VBOX_INTEGRITY_CHECK := /IntegrityCheck else VBOX_INTEGRITY_CHECK := /IntegrityCheck:NO endif 
    • :
        $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release /IntegrityCheck \ /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \ "$@" 
      /IntegrityCheck $(VBOX_INTEGRITY_CHECK) .
    • :
       ifdef VBOX_SIGNING_MODE TEMPLATE_XXXXXX_LDFLAGS += -IntegrityCheck endif 
      or
       if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) TEMPLATE_XXXXXX_LDFLAGS += -IntegrityCheck endif 
      Ā« XXXXXX Ā» . — 6 , . , - . , ,
       if defined(VBOX_SIGNING_MODE) && defined(VBOX_CROSS_CERTIFICATE_FILE) 
      or
       if defined(VBOX_SIGNING_MODE) && defined(VBOX_CROSS_CERTIFICATE_FILE) && defined(VBOX_WITH_HARDENING) 
  7. , , LocalConfig.kmk , :
     VBOX_WITH_HARDENING := VBOX_PATH_WIX := C:\Programs\WiX VBOX_GSOAP_INSTALLED := 1 VBOX_PATH_GSOAP := C:\Programs\gSOAP VBOX_WITH_COMBINED_PACKAGE := 1 VBOX_WITH_QT_PAYLOAD := 1 VBOX_WITH_QTGUI_V5 := 1 VBOX_SIGNING_MODE := release VBOX_CERTIFICATE_SUBJECT_NAME := Roga and Kopyta Ltd VBOX_CERTIFICATE_FINGERPRINT := XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX VBOX_CERTIFICATE_SHA2_SUBJECT_NAME := Roga and Kopyta Ltd VBOX_CERTIFICATE_SHA2_FINGERPRINT := XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX XX VBOX_TSA_URL := http://timestamp.digicert.com VBOX_TSA_SHA2_URL := http://timestamp.digicert.com VBOX_TSA_URL_ARGS := /t "$(VBOX_TSA_URL)" VBOX_TSA_SHA2_URL_ARGS := /tr "$(VBOX_TSA_SHA2_URL)" /td sha256 VBOX_CROSS_CERTIFICATE_FILE := VBOX_CROSS_CERTIFICATE_FILE_ARGS := VBOX_CROSS_CERTIFICATE_SHA2_FILE := VBOX_CROSS_CERTIFICATE_SHA2_FILE_ARGS := VBOX_PATH_SIGN_TOOLS := C:\Programs\DevKits\8.1\bin\x64 VBOX_PATH_SELFSIGN := C:\WinDDK\7600.16385.1\bin\selfsign VBOX_PATH_WISUMINFO := "C:\Program Files\Microsoft SDKs\Windows\v7.1\Samples\sysmgmt\msi\scripts\WiSumInf.vbs" VBOX_PATH_WISUBSTG := "C:\Program Files\Microsoft SDKs\Windows\v7.1\Samples\sysmgmt\msi\scripts\WiSubStg.vbs" VBOX_WITH_DOCS := 1 VBOX_WITH_DOCS_CHM := 1 VBOX_WITH_DOCS_PACKING := 1 VBOX_WITH_ADDITIONS := VBOX_WITH_ADDITIONS_PACKING := 1 VBOX_HAVE_XMLLINT := 1 VBOX_XMLLINT := C:\Programs\xmllint\bin\xmllint.exe VBOX_PATH_DOCBOOK := C:/Programs/DocBook/xsl VBOX_PATH_DOCBOOK_DTD := C:/Programs/DocBook/xml VBOX_PATH_HTML_HELP_WORKSHOP := "C:\Program Files (x86)\HTML Help Workshop" VBOX_PDFLATEX := C:\Programs\MiKTeX\miktex\bin\pdflatex.exe VBOX_PDFLATEX_CMD := $(VBOX_PDFLATEX) -halt-on-error -interaction batchmode TOOL_CURL_FETCH := C:\Programs\curl\x64\curl.exe PATH_TOOL_NASM := C:/Programs/nasm VBOX_INSTALLER_LANGUAGES := en_US VBOX_WITH_TESTCASES := VBOX_WITH_VALIDATIONKIT := VBOX_WITH_VBOX_IMG := 1 VBOX_WITH_RECORDING := 1 VBOX_WITH_AUDIO_RECORDING := 1 SDK_VBOX_VPX := 1 VBOX_WITH_LIBVPX := 1 SDK_VBOX_OPUS := 1 VBOX_WITH_LIBOPUS := 1 VBOX_BUILD_PUBLISHER := _OSE 
    - :
    • VBOX_CERTIFICATE_SUBJECT_NAME VBOX_CERTIFICATE_SHA2_SUBJECT_NAME SHA-1 SHA-256, .
    • VBOX_CERTIFICATE_FINGERPRINT VBOX_CERTIFICATE_SHA2_FINGERPRINT , .
    • , , VBOX_CROSS_CERTIFICATE_FILE_ARGS VBOX_CROSS_CERTIFICATE_SHA2_FILE_ARGS , VBOX_CROSS_CERTIFICATE_FILE VBOX_CROSS_CERTIFICATE_SHA2_FILE ( Ā« _ARGS Ā») - ( ). , , Microsoft .
    • , , ́ signtool . Config.kmk Ā«Code SigningĀ» , .
    • - , , .
    • WiX . , ; bin . , , 8.3. dir /x . , , .
    • VBOX_BUILD_PUBLISHER . Ā«_OSEĀ» (. . Ā«6.0.2_OSEĀ»). - , ( , Ā«_OSEĀ»).
    The remaining variables are mainly used to select components to be assembled. Well, the main line, for which everything was started, goes the very first: disable hardening.



Putting VirtualBox



Well, now, finally, you can and begin to build the actual VirtualBox. If you like parallel build, you’ll have to temporarily abandon this habit (or compile it in two copies of the source tree): here you’ll use a common configuration file that you need to regenerate before starting the build. And if during the 64-bit compilation it unexpectedly turns out the paths to 32-bit libraries, the compiler will not like it very much.

  1. We start with the assembly of the 64-bit version. Open the console, execute the commands:
     cd /d C:\Devel\VirtualBox-src "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x64 /win7 COLOR 07 set BUILD_TARGET_ARCH=amd64 cscript configure.vbs --with-DDK=C:\WinDDK\7600.16385.1 --with-MinGW-w64=C:\Programs\mingw64 --with-MinGW32=C:\Programs\mingw32 --with-libSDL=C:\Programs\SDL\x64 --with-openssl=C:\Programs\OpenSSL\x64 --with-openssl32=C:\Programs\OpenSSL\x32 --with-libcurl=C:\Programs\curl\x64 --with-libcurl32=C:\Programs\curl\x32 --with-Qt5=C:\Programs\Qt\5.6.3-x64 --with-libvpx=C:\Programs\libvpx --with-libopus=C:\Programs\libopus --with-python=C:/Programs/Python env.bat kmk kmk C:/Devel/VirtualBox-src/out/win.x86/release/obj/Installer/VirtualBox-6.0.2_OSE-r127994-MultiArch_amd64.msi 
    configure.vbs ( AutoConfig.kmk env.bat ). kmk out\win.amd64\bin\ . MSI-. :
    • . kmk .
    • 64- , out\win.x86\… , 32- .
    • , Ā«_OSEĀ» MSI- , VBOX_BUILD_PUBLISHER .
    • MSI- (127994) Config.kmk VBOX_SVN_REV_FALLBACK . , (, 6.0.2 128162). , .
  2. 32- . , :
     cd /d C:\Devel\VirtualBox-src "C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.Cmd" /Release /x86 /win7 COLOR 07 set BUILD_TARGET_ARCH=x86 cscript configure.vbs --with-DDK=C:\WinDDK\7600.16385.1 --with-MinGW-w64=C:\Programs\mingw64 --with-MinGW32=C:\Programs\mingw32 --with-libSDL=C:\Programs\SDL\x32 --with-openssl=C:\Programs\OpenSSL\x32 --with-libcurl=C:\Programs\curl\x32 --with-Qt5=C:\Programs\Qt\5.6.3-x32 --with-libvpx=C:\Programs\libvpx --with-libopus=C:\Programs\libopus --with-python=C:/Programs/Python env.bat kmk kmk C:/Devel/VirtualBox-src/out/win.x86/release/bin/VirtualBox-6.0.2_OSE-r127994-MultiArch.exe 
    , «_OSE» .

    , EXE , MSI . , 32- MSI- , .


If neither I nor you have confused anything, then after all these twists and turns you should get the VirtualBox installer, which differs from the Oracle version only by the icon of the executable file, by the picture in the ā€œAbout the programā€ dialog and, of course, by the disabled hardening. If desired, the icon and image can also be changed, but this is a topic for another conversation.



For convenience, I reduced the launch of these two chains of teams into a single batch file . If you regularly need to rebuild the package, it is more convenient to use it.

As it was unexpectedly discovered after the release of the article, the VB self-signed distribution kit refuses to be installed on modern systems (Windows 8/10), reporting an invalid driver signature. And this happens even in test mode, where the validity of the signature should not play any role. To work around this problem, you need to add the certificates you used to the root repository:
  1. Open the properties of the downloaded distribution file: right click → Properties, go to the Digital Signatures tab. There will be two signatures from Roga and Kopyta Ltd: sha1 and sha256. Select the first, click Details.
  2. In the dialog that opens, click the View Certificate button.
  3. In the new dialog click Install Certificate.
  4. Local Machine, Next. UAC-. «Place all certificates in the following store», Browse «Trusted Root Certification Authorities». Next, Finish. .
  5. , , sha256, 3–5.
  6. , .


Afterword



The size of the article was a surprise for me. When I started to write it, I intended to tell in detail why at each stage this or that solution was chosen, what specific errors pop up, if the next edit is not applied, and what could be alternative approaches to solving these errors. But gradually I realized that if I had described all this, the article would have been completely unremarkable. Therefore, I apologize for the ā€œdo it this wayā€ style that is found here and there, and I will not say why. I myself do not like such instructions, but I have not seen any other way out. However, in some places I still tried to at least briefly explain the essence of what is happening.



A huge number of aspects of the VB assembly system remained behind the scenes: both because of the reluctance to inflate the text, and because of my laziness, when, having found some workaround for another problem, I did not climb into the depths of the assembly system, but rather went on to the next stage. In the end, my main task was not to find the optimal path, but to finally assemble my own version of the current VirtualBox: I was already fed up with 4.3.12, but I could not update one of my main working tools for something that the moment may simply refuse to work indefinitely.



I hope, however, that, despite the shortcomings, this article will be useful to someone. For those who are too lazy to raise all the above-described jumble of programs, but it is interesting to pick open the resulting distribution, I put the installer on the Yandex disk: 6.0.2 . All the drivers in them (and the rest of the files) are signed with an untrusted certificate, so that in 64-bit Windows this version of VB will work only in test mode. If there are questions, suggestions, suggestions - well in the comments or in PM. And may the Open Source be with you!



Additions



• Update of the article from 05.24.2016
  1. Amendments have been made with regard to changes in VB 5.0.20, in particular, the double signing of SHA-1 / SHA-256.
  2. Added disabling the flag of forced verification of signatures, if a self-signed distribution kit is being built.
  3. .
  4. .
  5. .
  6. .


• 29.07.2016
  1. VB 5.1.2, , Qt5. 5.0.x .
  2. .
  3. .
  4. .


• 15.09.2016
  1. VB 5.1.6.
  2. .
  3. NASM OpenSSL.
  4. cURL OpenSSL, .
  5. , .
  6. .


• 30.11.2016
  1. VB 5.1.10.
  2. , , OpenSSL 1.1.x.
  3. :
    • Qt ;
    • OpenSSL 32- 64- VB.
  4. . GitHub- , .


• 2.12.2016
  1. OpenSSL.


• 20.06.2017
  1. VB 5.1.22.
  2. cURL, OpenSSL, gSOAP; cURL, gSOAP VB.


• 1.12.2017
  1. VB 5.2.2.
  2. MinGW-32 3.3.3 4.5.4.
  3. Qt, cURL, OpenSSL, gSOAP ; cURL, gSOAP VB.
  4. DocBook XML/XSL -.
  5. wget curl .
  6. .


• 4.12.2017
  1. libxml .


• 4.09.2018
  1. VB 5.2.18.
  2. cURL, OpenSSL, gSOAP ; cURL.


• 12.12.2018
  1. VB 5.2.22.
  2. , OSE-; libopus libvpx.
  3. cURL, OpenSSL, gSOAP.
  4. - VirtualBox.


• 25.01.2019
  1. VB 6.0.2.
  2. .
  3. cURL, gSOAP; DocBook XSL Stylesheets 1.69.1 ( ).
  4. .

Source: https://habr.com/ru/post/357526/



All Articles