echo"Each ISO download takes between 3 - 7 GiBs (average: 5 GiBs)."
echo""
echo"Updates"
echo"-------"
echo"All the downloads provided here are the most up-to-date releases that Microsoft provides. This is ensured by programmatically checking Microsoft's official download pages to get the latest download link. In other cases, the Windows version in question is no longer supported by Microsoft meaning a direct download link (stored in Mido) will always point to the most up-to-date release."| format
echo""
echo"Remember to update Windows to the latest patch level after installation."
echo""
echo"Overuse"
echo"-------"
echo"Newer consumer versions of Windows including win81x64, win10x64, and win11x64 are downloaded through Microsoft's gated download web interface. Do not overuse this interface. Microsoft may be quick to do ~24 hour IP address bans after only a few download requests (especially if they are done in quick succession). Being temporarily banned from one of these downloads (e.g. win11x64) doesn't cause you to be banned from any of the other downloads provided through this interface."| format
echo""
echo"Privacy Preserving Technologies"
echo"-------------------------------"
echo"The aforementioned Microsoft gated download web interface is currently blocking Tor (and similar technologies). They say this is to prevent people in restricted regions from downloading certain Windows media they shouldn't have access to. This is fine by most standards because Tor is too slow for large downloads anyway and we have checksum verification for security."| format
echo""
echo"Language"
echo"--------"
echo"All the downloads provided here are for English (United States). This helps to great simplify maintenance and minimize the user's fingerprint. If another language is desired then that can easily be configured in Windows once it's installed."| format
echo""
echo"Architecture"
echo"------------"
echo"All the downloads provided here are for x86-64 (x64). This is the only architecture Microsoft ships Windows Server in.$([ -d /run/qubes ]&&echo' Also, the only architecture Qubes OS supports.')"| format
}
# Media naming scheme info:
# Windows Server has no architecture because Microsoft only supports amd64 for this version of Windows (the last version to support x86 was Windows Server 2008 without the R2)
# "eval" is short for "evaluation", it's simply the license type included with the Windows installation (only exists on enterprise/server) and must be specified in the associated answer file
# "win7x64" has the "ultimate" edition appended to it because it isn't "multi-edition" like the other Windows ISOs (for multi-edition ISOs the edition is specified in the associated answer file)
# Must be some other server or network error (possibly with this specific request/file)
# This is when accounting for all possible errors in the curl manual assuming a correctly formed curl command and HTTP(S) request, using only the curl features we're using, and a sane build
echo_err "Miscellaneous server or network error!"
;;
126| 127)
echo_err "Curl command not found! Please install curl and try again. Exiting..."
return"$fatal_error_action"
;;
# Exit statuses are undefined by POSIX beyond this point
# Get product edition ID for latest release of given Windows version
# Product edition ID: This specifies both the Windows release (e.g. 22H2) and edition ("multi-edition" is default, either Home/Pro/Edu/etc., we select "Pro" in the answer files) in one number
# This is a request we make that Fido doesn't. Fido manually maintains a list of all the Windows release/edition product edition IDs in its script (see: $WindowsVersions array). This is helpful for downloading older releases (e.g. Windows 10 1909, 21H1, etc.) but we always want to get the newest release which is why we get this value dynamically
# Also, keeping a "$WindowsVersions" array like Fido does would be way too much of a maintenance burden
# Remove "Accept" header that curl sends by default (match Fido requests)
echo_err "Microsoft servers gave us an empty response to our request for an automated download. Please check the FAQ on how to boot from a local file and manually download this ISO in a web browser: $url"
echo_err "Microsoft blocked the automated download request based on your IP address. Please check the FAQ on how to boot from a local file and manually download this ISO in a web browser here: $url"
echo_err "Microsoft servers gave us no download link to our request for an automated download. Please check the FAQ on how to boot from a local file and manually download this ISO in a web browser: $url"
echo_info "Downloading Windows media from official Microsoft servers..."
media_download_failed_list=""
for media in $media_list;do
case"$media" in
"$win7x64_ultimate")
echo_info "Downloading Windows 7..."
# Source, Google search this (it can be found many places): "dec04cbd352b453e437b2fe9614b67f28f7c0b550d8351827bc1e9ef3f601389" "download.microsoft.com"
# This Windows 7 ISO bundles MSU update packages
# It's the most up-to-date Windows 7 ISO that Microsoft offers (August 2018 update): https://files.rg-adguard.net/files/cea4210a-3474-a17a-88d4-4b3e10bd9f66
# Of particular interest to us is the update that adds support for SHA-256 driver signatures so Qubes Windows Tools installs correctly
#
# Microsoft purged Windows 7 from all their servers...
# More info about this event: https://github.com/pbatard/Fido/issues/64
# Luckily, the ISO is still available on the Wayback Machine so get the last copy of it from there
# This is still secure because we validate with the checksum from before the purge
# The only con then is that web.archive.org is a much slower download source than the Microsoft servers
echo_info "Microsoft has unfortunately purged all downloads of Windows 7 from their servers so this identical download is sourced from: web.archive.org"
echo_info "Downloading Windows 8.1 Enterprise Evaluation..."
# This download link is "Update 1": https://files.rg-adguard.net/file/166cbcab-1647-53d5-1785-6ef9e22a6500
# A more up-to-date "Update 3" enterprise ISO exists but it was only ever distributed by Microsoft through MSDN which means it's impossible to get a Microsoft download link now: https://files.rg-adguard.net/file/549a58f2-7813-3e77-df6c-50609bc6dd7c
# win81x64 is "Update 3" but that's isn't an enterprise version (although technically it's possible to modify a few files in the ISO to get any edition)
# If you want "Update 3" enterprise though (not from Microsoft servers), then you should still be able to get it from here: https://archive.org/details/en_windows_8.1_enterprise_with_update_x64_dvd_6054382_202110
# "Update 1" enterprise also seems to be the ISO used by other projects
# Old source, used to be here but Microsoft deleted it: http://technet.microsoft.com/en-us/evalcenter/hh699156.aspx
# Some of these Windows ISOs are EOL (e.g. win81x64) so their checksums will always match
# For all other Windows ISOs, a new release will make their checksums no longer match
#
# IMPORTANT: These checksums are not necessarily subject to being updated
# Unfortunately, the maintenance burden would be too large and even if I did there would still be some time gap between Microsoft releasing a new ISO and me updating the checksum (also, users would have to update this script)
# For these reasons, I've opted for a slightly more manual verification where you have to look up the checksum to see if it's a well-known Windows ISO checksum
# Ultimately, you have to trust Microsoft because they could still include a backdoor in the verified ISO (keeping Windows air gapped could help with this)
echo_err "$(word_count $media_download_failed_list) attempted download(s) failed! Please re-run Mido with these arguments to try downloading again (any partial downloads will be resumed):$media_download_failed_argument_list"
fi
# Exit codes
# 0: Success
# 1: Argument parsing error
# 2: Runtime error (see error message for more info)
# 3: One or more downloads failed
# 4: One or more verifications failed
# 5: At least one download and one verification failed (when more than one media is specified)
echo_err "Mido was exited abruptly! PARTially downloaded or UNVERIFIED Windows media may exist. Please re-run this Mido command and do not use the bad media."
fi
if["$exit_code" !=0];then
trap -- - EXIT
exit"$exit_code"
elif["$signal"];then
trap -- - "$signal"
kill -s "$signal" -- $$
fi
}
# Enable exiting on error
#
# Disable shell globbing
# This isn't necessary given that all unquoted variables (e.g. for determining word count) are set directly by us but it's just a precaution
set -ef
# IFS defaults to many different kinds of whitespace but we only care about space
# Note: This means that ISO filenames cannot contain spaces but that's a bad idea anyway
IFS=' '
parse_args "$@"
# POSIX sh doesn't include signals in its EXIT trap so do it ourselves
signo=1
while true;do
# "kill" is a shell builtin
# shellcheck disable=SC2064
case"$(kill -l "$signo" 2> /dev/null)" in
# Trap on all catchable terminating signals as defined by POSIX
# Stop (i.e. suspend) signals (like Ctrl + Z or TSTP) are fine because they can be resumed
# Most signals result in termination so this way is easiest (Linux signal(7) only adds more terminating signals)