Automatically updating windows client

Jason A. Donenfeld Jason at zx2c4.com
Tue Jan 28 12:02:40 CET 2020


On Wed, Jan 22, 2020 at 03:55:10PM -0800, Elliot Saba wrote:
> I have wireguard deployed on quite a few windows servers.  I like the
> auto-update functionality builtin to the GUI, but it's a little cumbersome
> to login with RDP and click through the menus to perform the auto-update;
> it would be much more convenient if I could use the WireGuard CLI interface
> to check and auto-update directly, or even if it automatically updated with
> no intervention on my part.  This way I can script it with scheduled tasks
> or similar.
> 
> What do you all think?

I'd be interested to see a powershell script posted to this list that
handles that. For help getting started, here's what the procedure looks
like with linux tools:

mkdir /tmp/winupdate && cd /tmp/winupdate
curl -A "MagicMailingListScript/0.1" -L -o latest.sig https://download.wireguard.com/windows-client/latest.sig
echo -e 'untrusted comment: key.pub\nRWRNqGKtBXftKTKPpBPGDMe8jHLnFQ0EdRy8Wg0apV6vTDFLAODD83G4' > key.pub
signify -V -e -p key.pub -m latest || exit 1
ARCH=amd64 #TODO: grab from system type
while read -r hash msi; do [[ $msi =~ wireguard-$ARCH-([0-9.]+)\.msi ]] && break; done < latest
[[ -n ${BASH_REMATCH[0]} ]] || exit 0
CURRENT_VERSION=0.0.36 #TODO: grab from msi database
[[ $(printf '%s\n%s\n' "${BASH_REMATCH[1]}" "$CURRENT_VERSION" | sort -V -r | head -n 1) == "${BASH_REMATCH[1]}" ]] || exit 1
curl -A "MagicMailingListScript/0.1" -L -o "$msi" "https://download.wireguard.com/windows-client/$msi"
echo "$hash $msi" | b2sum -c || exit 1
msiexec.exe /qb!- /i $msi


More information about the WireGuard mailing list