-
Notifications
You must be signed in to change notification settings - Fork 64
Windows build and installer guide
This guide describes guidelines how to create .msi installation package of released SCAP Workbench for Windows.
In this guide will be used /tmp/ location for files to easier referencing between release steps.
You can also use prepared automated build using Dockerfile https://github.com/ybznek/openscap-workbench-windows-build.
Please go through the guide even if you are using the automation! There are steps that are not handled by the automated build!
- Wix toolset (Windows)
- Latest SSG release
- Latest Workbench release
- OpenSCAP master
- mingw-bundledlls
- ssh.exe & win-ssh-askpass.exe & .dlls
In this step we will install some useful tools and build dependencies for OpenSCAP/SCAP Workbench.
dnf install -y mingw32-gcc mingw32-binutils mingw32-libxml2 \
mingw32-libgcrypt mingw32-pthreads mingw32-libxslt \
mingw32-curl mingw32-pcre mingw32-qt \
automake autoconf libtool \
wget make git \
cmake asciidoctor \
msitools unzipIn this step, we will build and install OpenSCAP. Currently, we have to use master branch to have Windows support. Master branch could be sometimes broken, maybe you need to fix it. Make sure you merge all the branches up to get all the latest fixes!
git clone --depth 1 https://github.com/OpenSCAP/openscap.git -b master
cd openscap
mingw32-cmake -DENABLE_PYTHON3=FALSE -DENABLE_PROBES=FALSE -DENABLE_OSCAP_UTIL_DOCKER=FALSE ../
make -j 4
make installNow, we will build latest SCAP Workbench using mingw. Don't forget to replace link to the latest release tarball. Use the release tarball and NOT the automatic github tag archive!
- Get the latest release archive
cd /tmp
wget https://github.com/OpenSCAP/scap-workbench/releases/download/1.1.5/scap-workbench-1.1.5-1.tar.bz2 -O workbench.tar.bz2
tar -xjf workbench.tar.bz2; mv scap-workbench* /tmp/scap-workbench- Configure CMake with the correct build options
cd scap-workbench/build
mingw32-cmake \
-D SCAP_WORKBENCH_LOCAL_SCAN_ENABLED=false \
-D SCAP_AS_RPM_EXECUTABLE="" \
-D SSH_EXECUTABLE="ssh.exe" \
-D NICE_EXECUTABLE="" \
-D SETSID_EXECUTABLE="" \
-DQT_INCLUDE_DIRS_NO_SYSTEM=ON \
../- Remove paths and copy license to build folder
sed 's;/tmp/scap-workbench/build/ssh.exe;ssh.exe;' -i Config.h
cp ../win32-LICENSE.rtf ./
sed 's;Value="[^"]*\win32-LICENSE.rtf";Value="win32-LICENSE.rtf";' -i scap-workbench.wxs- Run
make
make -j4Setting QT_INCLUDE_DIRS_NO_SYSTEM=ON prevents the cases where you get an error regarding something like:
fatal error: stdlib.h: No such file or directory
#include_next <stdlib.h>See https://bugzilla.redhat.com/show_bug.cgi?id=1470809 for more info.
SSG is part of SCAP Workbench .msi package. Again, don't forget to replace link to the latest release! We will unpack it and move to the Workbench build directory.
cd /tmp
wget https://github.com/OpenSCAP/scap-security-guide/releases/download/v0.1.34/scap-security-guide-0.1.34.zip -O ssg.zip
unzip ssg.zip
mv /tmp/scap-security-guide* /tmp/scap-workbench/build/scap-workbench/ssgYou can get newer version of these binaries, or you can extract them from old Workbench .msi package using msiextract. (If you use binaries from previous release, update link to the latest release).
Do not get anything else from the old MSI, everything else must be fresh built!
cd /tmp
wget https://github.com/OpenSCAP/scap-workbench/releases/download/1.1.5/scap-workbench-1.1.5-1.msi
msiextract scap-workbench-1.1.5-1.msi
cp Program\ Files*/scap-workbench/ssh.exe /tmp/scap-workbench/build/scap-workbench/ssh.exe
cp Program\ Files*/scap-workbench/win-ssh-askpass.exe /tmp/scap-workbench/build/scap-workbench/win-ssh-askpass.exeThis step will copy required dlls to build directory. We will use previous release to get missing libraries.
cd /tmp
git clone --depth 1 https://github.com/mpreisler/mingw-bundledlls
for exe in /tmp/scap-workbench/build/scap-workbench/*.exe; do /tmp/mingw-bundledlls/mingw-bundledlls "$exe" --copy; doneYou should check /tmp/scap-workbench/build/scap-workbench.wxs, that contains all required files to deploy.
(SSG will maybe have new content files). You can check it also after real workbench installation or using msiextract from msitools
This steps should be performed on Windows.
- Copy the
/tmp/scap-workbenchdirectory to windows. - Install Wix toolset
- Run these commands on Windows (cmd.exe)
$ cd scap-workbench/build
$ "C:\Program Files (x86)\WiX Toolset v3.11\bin\candle.exe" "scap-workbench.wxs"
$ "C:\Program Files (x86)\WiX Toolset v3.11\bin\light.exe" -ext WixUIExtension "scap-workbench.wixobj"
Now, you should have .msi file in current working directory.
Use e.g. Fedora's msiextract to compare files of new and previous "msi". It should helps you to check that you haven't bundled file you didn't want.
10. IMPORTANT Change the www.open-scap.org download link
Go to https://www.open-scap.org/wp-admin/tools.php?page=redirection.php
Look for /tools/scap-workbench/download-win32 and make sure it points to the uploaded MSI.
- https://martin.preisler.me/2015/02/openscap-and-scap-workbench-on-windows/
- https://github.com/OpenSCAP/scap-workbench/wiki/Release-Guide
- libopenscap8.dll is fresh built and not from the previous release
- version of libopenscap8.dll matches the version of headers used to build SCAP Workbench
- SSG included in SCAP Workbench MSI is the latest release
- ssh.exe and win-ssh-askpass.exe are compatible with the mingw DLLs (libc etc...) - THIS MAY BREAK AT SOME POINT! CHECK!