🚀 MSVC 2022 with cxx20

build_engine_mapping.json

@@ -1,4 +1,12 @@
 {
   "vs-15-2017-win64-cxx17" : "Visual Studio 15 2017 Win64",
-  "vs-16-2019-win64-cxx17" : "Visual Studio 16 2019"
+  "vs-16-2019-win64-cxx17" : "Visual Studio 16 2019",
+
+  "windows-msvc-2019-win64-cxx17" : "Visual Studio 16 2019",
+  "windows-msvc-2019-win64-cxx20" : "Visual Studio 16 2019",
+  "windows-msvc-2019-win64-cxxlatest" : "Visual Studio 16 2019",
+
+  "windows-msvc-2022-win64-cxx17" : "Visual Studio 17 2022",
+  "windows-msvc-2022-win64-cxx20" : "Visual Studio 17 2022",
+  "windows-msvc-2022-win64-cxxlatest" : "Visual Studio 17 2022"
 }

flags/vs-cxx20.cmake

@@ -0,0 +1,20 @@
+# Copyright (c) 2013, 2018 Ruslan Baratov
+# Copyright (c) 2023 tipi technologies Ltd
+# All rights reserved.
+
+if(DEFINED TIPI_FLAGS_VS_CXX20_CMAKE_)
+  return()
+else()
+  set(TIPI_FLAGS_VS_CXX20_CMAKE_ 1)
+endif()
+
+include(polly_add_cache_flag)
+
+polly_add_cache_flag(CMAKE_CXX_FLAGS_INIT "/std:c++20")
+
+# Set CMAKE_CXX_STANDARD to cache to override project local value if present.
+# FORCE added in case CMAKE_CXX_STANDARD already set in cache
+# (e.g. set before 'project' by user).
+set(CMAKE_CXX_STANDARD 20 CACHE STRING "C++ Standard (toolchain)" FORCE)
+set(CMAKE_CXX_STANDARD_REQUIRED YES CACHE BOOL "C++ Standard required" FORCE)
+set(CMAKE_CXX_EXTENSIONS NO CACHE BOOL "C++ Standard extensions" FORCE)

flags/vs19-cxxlatest.cmake

@@ -0,0 +1,20 @@
+# Copyright (c) 2013, 2018 Ruslan Baratov
+# Copyright (c) 2023 tipi technologies Ltd
+# All rights reserved.
+
+if(DEFINED TIPI_FLAGS_VS_CXXLATEST_CMAKE_)
+  return()
+else()
+  set(TIPI_FLAGS_VS_CXXLATEST_CMAKE_ 1)
+endif()
+
+include(polly_add_cache_flag)
+
+polly_add_cache_flag(CMAKE_CXX_FLAGS_INIT "/std:c++latest")
+
+# Set CMAKE_CXX_STANDARD to cache to override project local value if present.
+# FORCE added in case CMAKE_CXX_STANDARD already set in cache
+# (e.g. set before 'project' by user).
+set(CMAKE_CXX_STANDARD 20 CACHE STRING "C++ Standard (toolchain)" FORCE)
+set(CMAKE_CXX_STANDARD_REQUIRED YES CACHE BOOL "C++ Standard required" FORCE)
+set(CMAKE_CXX_EXTENSIONS NO CACHE BOOL "C++ Standard extensions" FORCE)

flags/vs22-cxxlatest.cmake

@@ -0,0 +1,20 @@
+# Copyright (c) 2013, 2018 Ruslan Baratov
+# Copyright (c) 2023 tipi technologies Ltd
+# All rights reserved.
+
+if(DEFINED TIPI_FLAGS_VS_CXXLATEST_CMAKE_)
+  return()
+else()
+  set(TIPI_FLAGS_VS_CXXLATEST_CMAKE_ 1)
+endif()
+
+include(polly_add_cache_flag)
+
+polly_add_cache_flag(CMAKE_CXX_FLAGS_INIT "/std:c++latest")
+
+# Set CMAKE_CXX_STANDARD to cache to override project local value if present.
+# FORCE added in case CMAKE_CXX_STANDARD already set in cache
+# (e.g. set before 'project' by user).
+set(CMAKE_CXX_STANDARD 23 CACHE STRING "C++ Standard (toolchain)" FORCE)
+set(CMAKE_CXX_STANDARD_REQUIRED YES CACHE BOOL "C++ Standard required" FORCE)
+set(CMAKE_CXX_EXTENSIONS NO CACHE BOOL "C++ Standard extensions" FORCE)

windows-msvc-2019-win64-cxx17.cmake

@@ -0,0 +1,18 @@
+# Copyright (c) 2020-2023, tipi technologies Ltd
+# All rights reserved.
+
+if(DEFINED TIPI_WINDOWS_MSVC_2019_WIN64_CXX17_CMAKE_)
+  return()
+else()
+  set(TIPI_WINDOWS_MSVC_2019_WIN64_CXX17_CMAKE_ 1)
+endif()
+
+include("${CMAKE_CURRENT_LIST_DIR}/utilities/polly_init.cmake")
+
+polly_init(
+    "Visual Studio 16 2019 Win64 / C++17"
+    "Visual Studio 16 2019"
+)
+
+include("${CMAKE_CURRENT_LIST_DIR}/utilities/polly_common.cmake")
+include("${CMAKE_CURRENT_LIST_DIR}/flags/vs-cxx17.cmake")

windows-msvc-2019-win64-cxxlatest.cmake

@@ -0,0 +1,18 @@
+# Copyright (c) 2020-2023, tipi technologies Ltd
+# All rights reserved.
+
+if(DEFINED TIPI_WINDOWS_MSVC_2019_WIN64_CXX20_CMAKE_)
+  return()
+else()
+  set(TIPI_WINDOWS_MSVC_2019_WIN64_CXX20_CMAKE_ 1)
+endif()
+
+include("${CMAKE_CURRENT_LIST_DIR}/utilities/polly_init.cmake")
+
+polly_init(
+    "Visual Studio 16 2019 Win64 / C++20 (latest)"
+    "Visual Studio 16 2019"
+)
+
+include("${CMAKE_CURRENT_LIST_DIR}/utilities/polly_common.cmake")
+include("${CMAKE_CURRENT_LIST_DIR}/flags/vs19-cxxlatest.cmake")

windows-msvc-2019.pkr.js/scripts/disable-windows-defender.ps1

@@ -0,0 +1,25 @@
+Set-StrictMode -Version latest
+$ErrorActionPreference = "Stop"
+
+$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
+if (!$RunningAsAdmin) {
+  Write-Error "Must be executed in Administrator level shell."
+  exit 1
+}
+
+Try {
+    # we do LOTs of file access... windows defender is a HUGE break
+    # in that regard... disabling it for good measure 
+    # 
+    # benchmarked: 
+    # -50% file copy time when copying the distro from c:/ to d:/ 
+    # with disabling defender alone.
+    Set-MpPreference -DisableRealtimeMonitoring $true    
+
+} Catch {
+    Write-Error "Failed to disable windows defender"
+    $host.SetShouldExit(-1)
+    throw
+}
+
+Write-Output "Disabled Windows Defender Realtime Threat Protection"

windows-msvc-2019.pkr.js/scripts/disable-windows-update.ps1

@@ -0,0 +1,30 @@
+$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
+if (!$RunningAsAdmin) {
+  Write-Error "Must be executed in Administrator level shell."
+  exit 1
+}
+
+$service = Get-WmiObject Win32_Service -Filter 'Name="wuauserv"'
+
+if (!$service) {
+  Write-Error "Failed to retrieve the wauserv service"
+  exit 1
+}
+
+if ($service.StartMode -ne "Disabled") {
+  $result = $service.ChangeStartMode("Disabled").ReturnValue
+  if($result) {
+    Write-Error "Failed to disable the 'wuauserv' service. The return value was $result."
+    exit 1
+  }
+}
+
+if ($service.State -eq "Running") {
+  $result = $service.StopService().ReturnValue
+  if ($result) {
+    Write-Error "Failed to stop the 'wuauserv' service. The return value was $result."
+    exit 1
+  }
+}
+
+Write-Output "Automatic Windows Updates disabled."

windows-msvc-2019.pkr.js/scripts/fix-tls.ps1

@@ -0,0 +1,163 @@
+# This script hardens TLS configuration by disabling weak and broken protocols
+# and enabling useful protocols like TLS 1.1 and 1.2.
+
+$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
+if (!$RunningAsAdmin) {
+  Write-Error "Must be executed in Administrator level shell."
+  exit 1
+}
+
+$weakProtocols = @(
+	'Multi-Protocol Unified Hello',
+	'PCT 1.0',
+	'SSL 2.0',
+	'SSL 3.0'
+)
+
+$strongProtocols = @(
+	'TLS 1.0',
+	'TLS 1.1',
+	'TLS 1.2'
+)
+
+$weakCiphers = @(
+	'DES 56/56',
+	'NULL',
+	'RC2 128/128',
+	'RC2 40/128',
+	'RC2 56/128',
+	'RC4 40/128',
+	'RC4 56/128',
+	'RC4 64/128',
+	'RC4 128/128'
+)
+
+$strongCiphers = @(
+	'AES 128/128',
+	'AES 256/256',
+	'Triple DES 168/168'
+)
+
+$weakHashes = @(
+	'MD5',
+	'SHA'
+)
+
+$strongHashes = @(
+	'SHA 256',
+	'SHA 384',
+	'SHA 512'
+)
+
+$strongKeyExchanges = @(
+	'Diffie-Hellman',
+	'ECDH',
+	'PKCS'
+)
+
+$cipherOrder = @(
+  'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
+  'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
+  'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
+  'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
+  'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384',
+  'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256',
+  'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384',
+  'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
+  'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384',
+  'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
+  'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',
+  'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',
+  'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
+  'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA',
+  'TLS_RSA_WITH_AES_256_GCM_SHA384',
+  'TLS_RSA_WITH_AES_128_GCM_SHA256',
+  'TLS_RSA_WITH_AES_256_CBC_SHA256',
+  'TLS_RSA_WITH_AES_128_CBC_SHA256',
+  'TLS_RSA_WITH_AES_256_CBC_SHA',
+  'TLS_RSA_WITH_AES_128_CBC_SHA'
+)
+
+# Reset the protocols key
+New-Item 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols' -Force | Out-Null
+
+# Disable weak protocols
+Foreach ($protocol in $weakProtocols) {
+  New-Item HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server -Force | Out-Null
+  New-Item HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server -name DisabledByDefault -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client -name Enabled -value 0 -PropertyType 'DWord' -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client -name DisabledByDefault -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+}
+
+# Enable strong protocols
+Foreach ($protocol in $strongProtocols) {
+  New-Item HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server -Force | Out-Null
+  New-Item HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Server -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+  New-ItemProperty -path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\$protocol\Client -name 'DisabledByDefault' -value 0 -PropertyType 'DWord' -Force | Out-Null
+}
+
+# Reset the ciphers key
+New-Item 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers' -Force | Out-Null
+
+# Disable Weak Ciphers
+Foreach ($cipher in $weakCiphers) {
+  $key = (get-item HKLM:\).OpenSubKey("SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers", $true).CreateSubKey($cipher)
+  $key.SetValue('Enabled', 0, 'DWord')
+  $key.Close()
+}
+
+# Enable Strong Ciphers
+Foreach ($cipher in $strongCiphers) {
+  $key = (get-item HKLM:\).OpenSubKey("SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers", $true).CreateSubKey($cipher)
+  New-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\$cipher" -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+  $key.Close()
+}
+
+# Reset the hashes key
+New-Item 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes' -Force | Out-Null
+
+# Disable weak hashes
+Foreach ($hash in $weakHashes) {
+  $key = (get-item HKLM:\).OpenSubKey("SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes", $true).CreateSubKey($hash)
+  New-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\$hash" -name 'Enabled' -value '0' -PropertyType 'DWord' -Force | Out-Null
+  $key.Close()
+}
+
+# Enable Hashes
+Foreach ($hash in $strongHashes) {
+  $key = (get-item HKLM:\).OpenSubKey("SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes", $true).CreateSubKey($hash)
+  New-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Hashes\$hash" -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+  $key.Close()
+}
+
+# Reset the KeyExchangeAlgorithms key
+New-Item 'HKLM:SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms' -Force | Out-Null
+
+# Enable KeyExchangeAlgorithms
+Foreach ($keyExchange in $strongKeyExchanges) {
+  $key = (get-item HKLM:\).OpenSubKey("SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms", $true).CreateSubKey($keyExchange)
+  New-ItemProperty -path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\$keyExchange" -name 'Enabled' -value '0xffffffff' -PropertyType 'DWord' -Force | Out-Null
+  $key.Close()
+}
+
+# Set cipher order
+$cipherOrderString = [string]::join(',', $cipherOrder)
+New-ItemProperty -path 'HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002' -name 'Functions' -value $cipherOrderString -PropertyType 'String' -Force | Out-Null
+
+# add ssl/tls default policy in the system's powershell profile
+
+$systemPS_ProfilePath = "$PSHOME\Profile.ps1"
+
+if (!(Test-Path -Path $systemPS_ProfilePath)) {
+  New-Item -ItemType File -Path $systemPS_ProfilePath -Force
+}
+
+Write-Output '[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12' > $systemPS_ProfilePath 
+
+
+Write-Output "TLS hardened."

windows-msvc-2019.pkr.js/scripts/install-git.ps1

@@ -0,0 +1,58 @@
+################################################################################
+##  File:  Install-Git.ps1
+##  Desc:  Install Git for Windows
+################################################################################
+
+# source the helpers
+. ("c:\temp\helpers.ps1")
+
+# Force TLS1.2
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+function getSimpleValue([string] $url, [string] $filename ) {
+    $fullpath = "${env:Temp}\$filename"
+    Invoke-WebRequest -Uri $url -OutFile $fullpath
+    $value = Get-Content $fullpath -Raw
+
+    return $value
+}
+
+# Install the latest version of Git for Windows
+#$gitTag = getSimpleValue -url "https://gitforwindows.org/latest-tag.txt" -filename "gitlatesttag.txt"
+#$gitVersion = getSimpleValue -url "https://gitforwindows.org/latest-version.txt" -filename "gitlatestversion.txt";
+
+# there's an installer bug in the current latest, manually sticking the the previous release for now
+$gitTag = "v2.32.0.windows.2"
+$gitVersion = "2.32.0.2"
+
+
+$installerFile = "Git-$gitVersion-64-bit.exe";
+$downloadUrl = "https://github.com/git-for-windows/git/releases/download/$gitTag/$installerFile";
+Install-Binary  -Url $downloadUrl `
+                -Name $installerFile `
+                -ArgumentList (
+                    "/VERYSILENT",
+                    "/NORESTART", `
+                    "/NOCANCEL", `
+                    "/SP-", `
+                    "/CLOSEAPPLICATIONS", `
+                    "/RESTARTAPPLICATIONS", `
+                    "/o:PathOption=CmdTools", `
+                    "/o:BashTerminalOption=ConHost", `
+                    "/o:EnableSymlinks=Enabled", `
+                    "/COMPONENTS=gitlfs")
+
+# Disable GCM machine-wide
+[Environment]::SetEnvironmentVariable("GCM_INTERACTIVE", "Never", [System.EnvironmentVariableTarget]::Machine)
+
+# add git bin dir to machine path
+$context = [EnvironmentVariableTarget]::Machine
+$PATH_orig = [Environment]::GetEnvironmentVariable("Path", $context)
+
+$PATH_new = "C:\Program Files\Git\bin;" + $PATH_orig    # prepending so the latest install wins the path race
+$PATH_new = $PATH_new -replace ';{2,}',';'              # clean the path of eventual double ;; entries
+[Environment]::SetEnvironmentVariable("Path", $PATH_new, $context)
+
+# Add well-known SSH host keys to ssh_known_hosts
+ssh-keyscan -t rsa github.com >> "C:\Program Files\Git\etc\ssh\ssh_known_hosts"
+ssh-keyscan -t rsa ssh.dev.azure.com >> "C:\Program Files\Git\etc\ssh\ssh_known_hosts"