New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposed Windows installer #24277
Closed
Closed
Proposed Windows installer #24277
Changes from 5 commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
c51fe7a
Adding initial NSIS windows installer script
nhorman f15bf2c
Adding manual workflow to build installer
nhorman 3288c0b
Add a sample makefile to build the installer
nhorman 298f576
Add a readme file
nhorman 7879ed4
fixup! Add a readme file
nhorman da933f6
Refactor of nsi script
nhorman File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License 2.0 (the "License"). You may not use | ||
# this file except in compliance with the License. You can obtain a copy | ||
# in the file LICENSE in the source distribution or at | ||
# https://www.openssl.org/source/license.html | ||
|
||
name: Build Windows Installer | ||
|
||
on: | ||
workflow_dispatch: | ||
inputs: | ||
tag: | ||
type: string | ||
description: The tag to build | ||
|
||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
build_installer: | ||
runs-on: windows-2022 | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.inputs.tag }} | ||
- name: Setup directories | ||
run: | | ||
mkdir _installer | ||
mkdir _build64 | ||
mkdir _build32 | ||
- name: download NSIS installer | ||
uses: suisei-cn/actions-download-file@v1.6.0 | ||
with: | ||
url: "https://downloads.sourceforge.net/project/nsis/NSIS%203/3.08/nsis-3.08-setup.exe" | ||
target: _installer/ | ||
- name: Install NSIS 3.0.8 | ||
working-directory: _installer | ||
run: .\nsis-3.08-setup.exe /s | ||
- uses: ilammy/msvc-dev-cmd@v1 | ||
with: | ||
arch: win64 | ||
- uses: ilammy/setup-nasm@v1 | ||
with: | ||
platform: win64 | ||
- name: config x64 | ||
working-directory: _build64 | ||
run: | | ||
perl ..\Configure --banner=Configured no-makedepend enable-fips VC-WIN64A | ||
perl configdata.pm --dump | ||
- name: build x64 binaries | ||
working-directory: _build64 | ||
run: nmake /S | ||
- uses: ilammy/msvc-dev-cmd@v1 | ||
with: | ||
arch: win32 | ||
- uses: ilammy/setup-nasm@v1 | ||
with: | ||
platform: win32 | ||
- name: config x32 | ||
working-directory: _build32 | ||
run: | | ||
perl ..\Configure --banner=Configured no-makedepend enable-fips VC-WIN32 | ||
perl configdata.pm --dump | ||
- name: build x32 binaries | ||
working-directory: _build32 | ||
run: nmake /S | ||
- name: build installer | ||
working-directory: windows-installer | ||
run: makensis.exe /DVERSION=${{ github.event.inputs.tag }} /DBUILD32=_build32 /DBUILD64=_build64 .\openssl.nsi | ||
- name: Upload installer as artifact | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: openssl-installer | ||
path: windows-installer/openssl*.exe | ||
|
||
|
||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
|
||
openssl-installer: openssl.nsi | ||
makensis.exe /DVERSION=testversion /DBUILD32=_build32 /DBUILD64=_build64 .\openssl.nsi | ||
|
||
signed-openssl-installer: openssl.nsi | ||
makecert.exe /n "CN=TestCompany" /r /h 0 /eku "1.3.6.1.5.5.7.3.3,1.3.6.1.4.1.311.10.3.13" /sv testcert.pvk testcert.cer | ||
pvk2pfx.exe /pvk testcert.pvk /pi testpass /spc testcert.cer /pfx testcert.pfx /po testpass | ||
makensis.exe /DVERSION=testversion /DBUILD32=_build32 /DBUILD64=_build64 /DSIGN=testcert.pfx /DSIGNPASS=testpass .\openssl.nsi | ||
|
||
clean: | ||
del .\*.exe .\test*.* | ||
|
||
quarckster marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
Windows installer script | ||
======================== | ||
|
||
Overview | ||
-------- | ||
|
||
The windows installer script found in this directory is capable of building a | ||
windows installer executable capable of installing both 32 and 64 bit openssl | ||
binaries, along with their corresponding development headers | ||
|
||
Requirements | ||
------------ | ||
|
||
* [NSIS](https://nsis.sourceforge.io/Main_Page) version 3.0.8 or later | ||
* Windows 2022 or later | ||
* The Windows SDK | ||
- The makecert.exe utility (to demonstrate installer signing) | ||
- The Pvk2Pfx.exe utility (to demonstrate installer signing) | ||
- The SignTool.exe utility (to demonstrate installer signing) | ||
|
||
Notes on Signing | ||
---------------- | ||
|
||
Installer signing is demonstrated here using self signed certificates. Do not | ||
use this signed code in a deployment as the generated certificate should not be | ||
trusted. However, if you wish to observe this signed installer in operation, | ||
the generated certificate may be imported to the local trust store following the | ||
instructions | ||
[here](https://learn.microsoft.com/en-us/windows/win32/appxpkg/how-to-create-a-package-signing-certificate). | ||
at your own risk. | ||
|
||
Installer Build Prerequisites | ||
----------------------------- | ||
|
||
1) Build Openssl from the parent of this directory: | ||
a) cd /path/to/openssl/source/root | ||
b) mkdir \_build64 | ||
c) cd \_build64 | ||
d) perl ..\Configure [options] VC-WIN64A | ||
e) nmake | ||
f) repeat steps a-e substituting \_build32 for \_build64 to build VC-WIN32 | ||
|
||
Building the installer | ||
---------------------- | ||
|
||
From the windows-installer directory, the included makefile can build 2 targets | ||
1) openssl-installer | ||
2) signed-openssl-installer | ||
|
||
If option 1 is selected, the openssl-testversion-installer.exe file will be | ||
generated, pulling needed binaries from the ../\_build32 and ../\_build64 | ||
directories. | ||
|
||
If option 2 is selected, A self signed certificate will be generated and used to | ||
create the same installer, and digitally sign it. Note that the Signtool | ||
utility requires a password for the generated private key be passed on the | ||
command line, while the MakeCert utility requires that it be entered via a gui | ||
popup window. As such the Makefile is hard coded to use the password | ||
'testpass', which must be entered when prompted during certificate generation, or | ||
the signing process will fail. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,141 @@ | ||
|
||
###################################################### | ||
# NSIS windows installer script file | ||
# Requirements: NSIS 3.0 must be installed with the MUI plugin | ||
# Usage notes: | ||
# This script expects to be executed from the directory it is | ||
# currently stored in. It expects a 32 bit and 64 bit windows openssl | ||
# build to be present in the ..\${BUILD32} and ..\${BUILD64} directories | ||
# respectively | ||
# #################################################### | ||
|
||
!include "MUI.nsh" | ||
|
||
!define PRODUCT_NAME "OpenSSL" | ||
|
||
# The name of the output file we create when building this | ||
# NOTE version is passed with the /D option on the command line | ||
OutFile "openssl-${VERSION}-installer.exe" | ||
|
||
# The name that will appear in the installer title bar | ||
NAME "${PRODUCT_NAME} ${VERSION}" | ||
|
||
ShowInstDetails show | ||
|
||
Function .onInit | ||
StrCpy $INSTDIR "C:\Program Files\openssl-${VERSION}" | ||
FunctionEnd | ||
|
||
# This section is run if installation of 32 bit binaries are selected | ||
!ifdef BUILD32 | ||
Section "32 Bit Binaries" | ||
SetOutPath $INSTDIR\x32 | ||
File ..\${BUILD32}\libcrypto-3.dll | ||
File ..\${BUILD32}\libssl-3.dll | ||
File ..\${BUILD32}\apps\openssl.exe | ||
SetOutPath $INSTDIR\x32\providers | ||
File ..\${BUILD32}\providers\fips.dll | ||
File ..\${BUILD32}\providers\legacy.dll | ||
SectionEnd | ||
!endif | ||
|
||
!ifdef BUILD64 | ||
# This section is run if installation of the 64 bit binaries are selectd | ||
Section "64 Bit Binaries" | ||
SetOutPath $INSTDIR\x64 | ||
File ..\${BUILD64}\libcrypto-3-x64.dll | ||
File ..\${BUILD64}\libssl-3-x64.dll | ||
File ..\${BUILD64}\apps\\openssl.exe | ||
SetOutPath $INSTDIR\x64\providers | ||
File ..\${BUILD64}\providers\fips.dll | ||
File ..\${BUILD64}\providers\legacy.dll | ||
SectionEnd | ||
!endif | ||
|
||
# Optionally install x64 development headers | ||
!ifdef BUILD64 | ||
Section "x64 Development Headers" | ||
SetOutPath $INSTDIR\x64\include\openssl | ||
!tempfile headerlist | ||
!system 'FOR /R "..\${BUILD64}\include\openssl" %A IN (*.h) DO @( >> "${headerlist}" echo.File "%~A" )' | ||
!include "${headerlist}" | ||
!delfile "${headerlist}" | ||
!undef headerlist | ||
|
||
SetOutPath $INSTDIR\x64\include\crypto | ||
!tempfile headerlist | ||
!system 'FOR /R "..\${BUILD64}\include\crypto" %A IN (*.h) DO @( >> "${headerlist}" echo.File "%~A" )' | ||
!include "${headerlist}" | ||
!delfile "${headerlist}" | ||
!undef headerlist | ||
|
||
SetOutPath $INSTDIR\x64\include\internal | ||
!tempfile headerlist | ||
!system 'FOR /R "..\${BUILD64}\include\internal" %A IN (*.h) DO @( >> "${headerlist}" echo.File "%~A" )' | ||
!include "${headerlist}" | ||
!delfile "${headerlist}" | ||
!undef headerlist | ||
SectionEnd | ||
!endif | ||
|
||
# Optionally install x64 development headers | ||
!ifdef BUILD32 | ||
Section "x32 Development Headers" | ||
SetOutPath $INSTDIR\x32\include\openssl | ||
!tempfile headerlist | ||
!system 'FOR /R "..\${BUILD32}\include\openssl" %A IN (*.h) DO @( >> "${headerlist}" echo.File "%~A" )' | ||
!include "${headerlist}" | ||
!delfile "${headerlist}" | ||
!undef headerlist | ||
|
||
SetOutPath $INSTDIR\x32\include\crypto | ||
!tempfile headerlist | ||
!system 'FOR /R "..\${BUILD32}\include\crypto" %A IN (*.h) DO @( >> "${headerlist}" echo.File "%~A" )' | ||
!include "${headerlist}" | ||
!delfile "${headerlist}" | ||
!undef headerlist | ||
|
||
SetOutPath $INSTDIR\x32\include\internal | ||
!tempfile headerlist | ||
!system 'FOR /R "..\${BUILD32}\include\internal" %A IN (*.h) DO @( >> "${headerlist}" echo.File "%~A" )' | ||
!include "${headerlist}" | ||
!delfile "${headerlist}" | ||
!undef headerlist | ||
SectionEnd | ||
!endif | ||
|
||
# Always install the uninstaller | ||
Section | ||
WriteUninstaller $INSTDIR\uninstall.exe | ||
SectionEnd | ||
|
||
# This is run on uninstall | ||
Section "Uninstall" | ||
RMDIR /r $INSTDIR | ||
SectionEnd | ||
|
||
!insertmacro MUI_PAGE_WELCOME | ||
|
||
!insertmacro MUI_PAGE_LICENSE ../LICENSE.TXT | ||
|
||
!insertmacro MUI_PAGE_COMPONENTS | ||
|
||
!define MUI_DIRECTORYPAGE_TEXT_DESTINATION "Installation Directory" | ||
!insertmacro MUI_PAGE_DIRECTORY | ||
|
||
!insertmacro MUI_PAGE_INSTFILES | ||
|
||
!insertmacro MUI_UNPAGE_WELCOME | ||
!insertmacro MUI_UNPAGE_CONFIRM | ||
!insertmacro MUI_UNPAGE_INSTFILES | ||
!insertmacro MUI_UNPAGE_FINISH | ||
|
||
!insertmacro MUI_LANGUAGE "English" | ||
|
||
!ifdef SIGN | ||
!define OutFileSignSHA1 "SignTool.exe sign /f ${SIGN} /p ${SIGNPASS} /fd sha1 /t http://timestamp.comodoca.com /v" | ||
!define OutFileSignSHA256 "SignTool.exe sign /f ${SIGN} /p ${SIGNPASS} /fd sha256 /tr http://timestamp.comodoca.com?td=sha256 /td sha256 /v" | ||
|
||
!finalize "${OutFileSignSHA1} .\openssl-${VERSION}-installer.exe" | ||
!finalize "${OutFileSignSHA256} .\openssl-${VERSION}-installer.exe" | ||
!endif |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do you run the command directly instead of running
windows-installer/Makefile
?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
only because I created the ci workflow before I created the makefile, but I can fix that up