Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows installer #4

Closed
wants to merge 7 commits into from
Closed

Windows installer #4

wants to merge 7 commits into from

Conversation

nhorman
Copy link
Contributor

@nhorman nhorman commented Apr 30, 2024
edited

As part of openssl/project#20 I've created this draft PR to propose a windows installer framework. The installer currently:

  • Allows for the installation of 32 bit and 64 bit x86 binaries and supporting libraries, including the fips and legacy proiders (selectable at installer-run-time)
  • Allows for the installation of development headers (selectable at installer-run-time)
  • Creates an uninstaller
  • Allows for the side-by-side installation of multiple openssl versions (target install directory selectable at installer-run-time, defaulting to c:\Program Files\openssl-)
  • Demonstrates installer signing using Microsofts code signing utilities with a generated self-signed certificate
  • Includes a manually triggered github workflow to build the installer on demand, and could be enhanced to do a nightly build
  • Includes a nmake makefile to demonstrate local building

This PR expressly omits any official building of the installer, as we need to determine how we would want to manage code signing certificates, as well as how we want to incorporate the building and releasing of the installer as part of our release process, but I think the installer itself is in pretty good shape. My proposal would be to incorporate this PR in 3.4 and target 3.5 for integrating a signed installer release into the 3.5 development cycle

@nhorman nhorman self-assigned this Apr 30, 2024
This was linked to issues Apr 30, 2024
openssl pkcs12 fails (but returns 0) when oqsprovider is not enabled in config file openssl/openssl#24196
Closed
Produce installer openssl/project#534
Closed
@nhorman nhorman removed a link to an issue May 1, 2024
openssl pkcs12 fails (but returns 0) when oqsprovider is not enabled in config file openssl/openssl#24196
Closed
@nhorman nhorman force-pushed the windows-installer branch 3 times, most recently from 72b64ff to 5c21d00 Compare May 6, 2024 18:06
@nhorman
Update installer to use installed directories
fb68297 
It occured to me that we can simplify the installer greatly by running the
install command for each binary set, and just doing a recursive file copy in the
installer for x64 and x32.  This is adventageous as it lets us package whatever
configuration we built, and will include any files created as part of the
install in the future.  It also makes the installer script significantly smaller
@vavroch2010 vavroch2010 self-requested a review May 9, 2024 14:47
Sashan
Sashan reviewed May 10, 2024
View reviewed changes
Copy link

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The changes look good, My comments are mostly nits/questions.

windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/README.md Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/Makefile Show resolved Hide resolved
@openssl openssl deleted a comment from vavroch2010 May 10, 2024
Sashan
Sashan approved these changes May 10, 2024
View reviewed changes
Copy link

@Sashan Sashan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good to me as far as I can tell. thanks.

mattcaswell
mattcaswell requested changes May 10, 2024
View reviewed changes
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/openssl.nsi Outdated Show resolved Hide resolved
windows-installer/openssl.nsi Outdated Show resolved Hide resolved
windows-installer/openssl.nsi Outdated Show resolved Hide resolved
windows-installer/openssl.nsi Show resolved Hide resolved
mattcaswell
mattcaswell requested changes May 10, 2024
View reviewed changes
.github/workflows/windows-installer.yml
- name: config x32
working-directory: openssl/_build32
run: |
perl ..\Configure --banner=Configured no-makedepend enable-fips VC-WIN32
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to specify the openssldir here? Not sure what it defaults to on Windows - but you are installing in a directory which includes the version number

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't (think) so. We could, but I believe the same output results from specifying DESTDIR during the install command

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm. I don't think that is the case. The openssldir is used for certain compiled in locations used by the libraries at run time. So if you plan to install to a non-default location then I think you need to specify it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on our refinement conversation today, I've created the following issues:
openssl/project#550
openssl/project#551

If we can get this merged, I can follow up and get us using registry keysto dynamically determine OPENSSL_DIR and do directory permisssions checking

windows-installer/openssl.nsi Show resolved Hide resolved
@nhorman
Copy link
Contributor Author

nhorman commented May 10, 2024

nmake install places the dlls in the bin folder, alongside the executables, which is what makes the running of openssl in a shared build work, based on the library search path order. The only thing I see that goes in the lib folder are the static libs

mattcaswell
mattcaswell approved these changes May 13, 2024
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved on the basis that openssl/project#550 and openssl/project#551 will resolve outstanding issues

@mattcaswell
Copy link
Member

Ping @t8m for second review

t8m
t8m requested changes May 14, 2024
View reviewed changes
Copy link
Member

@t8m t8m left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just some doc nits

.github/workflows/windows-installer.yml Outdated Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
windows-installer/README.md Show resolved Hide resolved
windows-installer/README.md Outdated Show resolved Hide resolved
@nhorman nhorman requested a review from t8m May 16, 2024 15:15
mattcaswell
mattcaswell approved these changes May 16, 2024
View reviewed changes
Copy link
Member

@mattcaswell mattcaswell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reconfirm

@t8m t8m added the approval: done This pull request has the required number of approvals label May 17, 2024
@nhorman nhorman closed this May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sashan Sashan Sashan approved these changes

@t8m t8m t8m approved these changes

@mattcaswell mattcaswell mattcaswell approved these changes

@vavroch2010 vavroch2010 vavroch2010 approved these changes

@levitte levitte Awaiting requested review from levitte

@hlandau hlandau Awaiting requested review from hlandau

@t-j-h t-j-h Awaiting requested review from t-j-h

@paulidale paulidale Awaiting requested review from paulidale

Assignees

@nhorman nhorman

Labels
approval: done This pull request has the required number of approvals
Projects
Project Board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Produce installer
5 participants
@nhorman @mattcaswell @Sashan @t8m @vavroch2010