Online library is empty in Windows build (missing TLS library)

[veloman-yunkan]

Windows build of kiwix-desktop doesn't load the online library.

[kelson42]

Wow, how is that possible!?

[veloman-yunkan]

So the problem was because of missing openssl libraries on which Qt depends - they are not by default present on Windows and are not bundled with Qt. So we have to distribute libssl-1_1-x64.dll and libcrypto-1_1-x64.dll with our kiwix-desktop package. The problem disappeared when I put those DLLs alongside kiwix-desktop.exe.

Note that there is no official source of OpenSSL binaries. For my experiments I got them from https://wiki.overbyte.eu/arch/openssl-1.1.1w-win32.zip (the download link is found on http://wiki.overbyte.eu/wiki/index.php/ICS_Download which is listed on https://wiki.openssl.org/index.php/Binaries) as well as built from source (using version/tag OpenSSL_1_1_1w).

[kelson42]

Significant and urgent issue.

Moving to Kiwix-build.

[kelson42]

@veloman-yunkan I propose:

• We mirror these DLL binaries on https://dev.kiwix.org
• We integrate them at build time in the ZIP
• We open an issue as we should not work like this (we should recompile everything

Does that sounds good?

[veloman-yunkan]

This seems to be only a problem with local builds when running kiwix-desktop from BUILD_native_static\INSTALL\bin directly on a machine where OpenSSL has not been installed (or is at least not in the PATH). Nightly builds of the kiwix-desktop package contain the required openssl DLLs. The packaging script takes care of that

kiwix-build/scripts/package_kiwix-desktop_windows.py

Lines 46 to 49 in 83b45a0

	# Copy ssl stuff
	ssl_directory = Path("C:/") / "Program Files" / "OpenSSL"
	shutil.copy2(ssl_directory / "libcrypto-1_1-x64.dll", out_dir)
	shutil.copy2(ssl_directory / "libssl-1_1-x64.dll", out_dir)

However, it is not clear which step of the builder setup ensures that OpenSSL is installed. Is it a by-product of the Install and configure eSigner CKA and Windows SDK step?

kiwix-build/.github/workflows/cd.yml

Lines 55 to 84 in 83b45a0

	- name: Install and configure eSigner CKA and Windows SDK
	if: github.event_name == 'push'
	env:
	ESIGNER_URL: https://github.com/SSLcom/eSignerCKA/releases/download/v1.0.7/SSL.COM-eSigner-CKA_1.0.7.zip
	run: |
	Set-StrictMode -Version 'Latest'
	# Download and Unzip eSignerCKA Setup
	Invoke-WebRequest -OutFile eSigner_CKA_Setup.zip "$env:ESIGNER_URL"
	Expand-Archive -Force eSigner_CKA_Setup.zip
	Remove-Item eSigner_CKA_Setup.zip
	Move-Item -Destination “eSigner_CKA_Installer.exe” -Path “eSigner_CKA_*\*.exe”
	# Install eSignerCKA
	New-Item -ItemType Directory -Force -Path "C:\esigner"
	./eSigner_CKA_Installer.exe /CURRENTUSER /VERYSILENT /SUPPRESSMSGBOXES /DIR=”C:\esigner” /TYPE=automatic | Out-Null
	Remove-Item "eSigner_CKA_Installer.exe"
	# Configure the CKA with SSL.com credentials
	C:\esigner\eSignerCKATool.exe config -mode product -user "${{ secrets.ESIGNER_USERNAME }}" -pass "${{ secrets.ESIGNER_PASSWORD }}" -totp "${{ secrets.ESIGNER_TOTP_SECRET }}" -key "C:\esigner\master.key" -r
	C:\esigner\eSignerCKATool.exe unload
	C:\esigner\eSignerCKATool.exe load
	# Find certificate
	$CodeSigningCert = Get-ChildItem Cert:\CurrentUser\My -CodeSigningCert | Select-Object -First 1
	echo Certificate: $CodeSigningCert
	# Extract thumbprint and subject name
	$Thumbprint = $CodeSigningCert.Thumbprint
	echo "SIGNTOOL_THUMBPRINT=$Thumbprint" >> $env:GITHUB_ENV

[veloman-yunkan]

However, it is not clear which step of the builder setup ensures that OpenSSL is installed.

Well, the good news is that OpenSSL is readily available on the GitHub windows-2022 runners:

https://github.com/actions/runner-images/blob/a03f6d0ec323000bcbc1bad92a15f9f069c07e93/images/windows/Windows2022-Readme.md

[veloman-yunkan]

BTW, it's worth noting that a plan existed to upgrade the version of OpenSLL on Windows runners to 3.x but was cancelled.

[kelson42]

@veloman-yunkan What would be the next step here? Should we just update the documetation?