The Windows installers are built using WiX from the Windows (.zip) IdP release, as well as Procrun and Jetty.
Preconditions
In order to build the installers you need to have WiX and gpg installed. You should probably have the Apache signatures installed, but accepting Jetty signatures apparently requires a "leap of faith".
Release naming and versions
- The windows installers always have a 4 digit version. The first three are inherited from the IDP distribution, the last is the service release version. This is incremented for every installer issued and thus enables us to update the products we bundle with the IdP in the same version.
The tag generated for the installation always has the fourth digit, but file names the first release will not have that an explicit service release version. Subsequent versions will.
Download
Download the latest versions of the following packages as well as their signatures
- Checkout the tagged version of the release (you'll need this to tag this release). All further work is done in the
idp-installer/src/main/wix.
If this is the second (or later) service release check out the tagged version of the latest service release (so as to get the correct versions of the wxs files) - The IdP, from our download pages or (more likely) from Nexus to the
idp-installer/src/main/wix
directory. You need the.zip
and.zip.asc
files. - The Jetty Base Project
- For Jetty 9.4 review the changes and build from source. Instructions here
- Procrun (Commons-daemon) from the Apache download area to the
idp-installer/src/main/wix
directory. You need thesigned.zip
and-signed.zip.asc
files. - The version of Jetty-V9 which has been used to test this release (get this from the pom for java-parent-project) from the Shibboleth Nexus to the
idp-installer/src/main/wix
directory. Again, you need the.zip
and.zip.asc
files.
PreBuild steps
Move into the idp-installer/src/main/wix
directory and verify that the version and name in both the ShibbolethIdP-main.wxs
and MergeModule.wxs
is correct. The version for the latter is less important since we do not ship the merge module. I have used the 1.IdPSubversion.IdPPatch.Unique, i
n order to maintain coherence.
Build
The build is relatively automated and is done in two steps. First the Merge module containing procrun and Jetty is built using the Jetty.bat
batch file. This takes two parameters, the path (relative is OK) of the Procrun zip file and the path of the Jetty zip file:
C:\Juno\New\IDP3.0.0\idp-installer\src\main\wix>Jetty.bat commons-daemon-1.0.15-bin-windows.zip jetty-distribution-9.X.Y.vyyyymmdd.zip gpg: Signature made 03/28/13 12:54:06 GMT Standard Time using DSA key ID 0D498E23 gpg: Good signature from "Mladen Turk (Default signing key) <mturk@apache.org>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: F7DA 48BB 64BC B84E CBA7 EE69 35CD 23C1 0D49 8E23 gpg: Signature made 02/24/15 17:16:44 GMT Standard Time using DSA key ID D7C58886 gpg: Good signature from "Jesse McConnell (signing key) <jesse.mcconnell@gmail.com>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 5DE5 33CB 43DA F8BC 3E37 2283 E7AE 839C D7C5 8886 jetty_contents.wxs MergeModule.wxs procrun.wxs jetty_contents.wxs MergeModule.wxs procrun.wxs Volume in drive C is OS Volume Serial Number is 1278-E6A3 Directory of C:\Perforce\Juno\New\IDP3.0.0\idp-installer\src\main\wix 26/02/2015 13:31 11,793,229 Jetty-x64.msm 26/02/2015 13:31 11,793,182 Jetty-x86.msm 2 File(s) 23,586,411 bytes 0 Dir(s) 31,736,725,504 bytes free C:\Juno\New\IDP3.0.0\idp-installer\src\main\wix>
As can be seen the batch file checks the signatures on the incoming zip files before building the merge modules from the contents. If the signature is not present or cannot be verified the build fails (which can make verifying the Jetty signature problematic since you need to locate the signature and decide whether to install it.
Next you need to build the IdP installation. This time use the IdP.bat
batch file, which takes two parameters, the path to the IdP Distribution and the path to the jetty-base distribution
C:\Juno\New\build\3.3.0\idp-installer\src\main\wix>idp Download\shibboleth-identity-provider-3.3.0.zip Download\shibboleth-jetty-base-X.Y.zip gpg: Signature made [Date/Time] using RSA key ID xxx gpg: Good signature from "Scott Cantor <cantor.2@osu.edu>" gpg: Signature made [Date/Time] using RSA key ID xxx gpg: Good signature from "Scott Cantor <cantor.2@osu.edu>" [...] Windows Installer XML Toolset Toolset Harvester version 3.10.3.3007 Copyright (c) .NET Foundation and contributors. All rights reserved. idp_contents.wxs ShibbolethIdP-registry.wxs ShibbolethIdP-main.wxs ShibbolethIdP-delete.wxs ShibbolethIdP-gui.wxs ShibbolethIdP-install-dlg.wxs ShibbolethIdP-warndir-dlg.wxs ShibbolethIdP-adconfig-dlg.wxs ShibbolethIdP-update-dlg.wxs ShibbolethIdP-main.wxs ShibbolethIdP-registry.wxs ShibbolethIdP-delete.wxs Volume in drive C is OS Volume Serial Number is 1278-E6A3 Directory of C:\Perforce\Juno\New\IDP3.3.0\idp-installer\src\main\wix 26/02/2015 13:36 49,504,256 idp-x64.msi 26/02/2015 13:36 49,504,256 idp-x86.msi
Again the signature is checked, but in this case the absense of a signature is non fatal (to allow building test installers from intermediate builds)
The second parameter (the jetty-base project to use should match the version of jetty that was built into the Jetty merge modules. Currently we deploy Jetty version 9.3.
Test
We are testing that the installation works, and in particular that Jetty has not regressed and so it should suffice to test an upgrade of one architecture.
- It is useful to test both attribute push and attribute fetch.
- Ensure that the version is expected (
https://name/idp/profile/status
)
Sign, Hash and Push
Rename the .msi
files appropriately, sign and generate the hash files, and push to the download area.
gpg -s -b -a shibboleth-identity-provider-3.1.0.1-x64.msi gpg -s -b -a shibboleth-identity-provider-3.1.0.1-x86.msi openssl sha1 shibboleth-identity-provider-3.1.0.1-x64.msi > shibboleth-identity-provider-3.1.0.1-x64.msi.sha1 openssl sha256 shibboleth-identity-provider-3.1.0.1-x64.msi > shibboleth-identity-provider-3.1.0.1-x64.msi.sha256 openssl md5 shibboleth-identity-provider-3.1.0.1-x64.msi > shibboleth-identity-provider-3.1.0.1-x64.msi.md5 openssl sha1 shibboleth-identity-provider-3.1.0.1-x86.msi > shibboleth-identity-provider-3.1.0.1-x86.msi.sha1 openssl sha256 shibboleth-identity-provider-3.1.0.1-x86.msi > shibboleth-identity-provider-3.1.0.1-x86.msi.sha256 openssl md5 shibboleth-identity-provider-3.1.0.1-x86.msi > shibboleth-identity-provider-3.1.0.1-x86.msi.md5
Tag the release
We need to tag the release with
- The modified wxs files
- The signatures of the downloaded packages
- Those downloaded zip files which we did not collect from nexus (procun)
Create a new branch where the tag will live
C:\Perforce\Juno\New\build\3.0.0\idp-installer\src\main\wix>git checkout -b tmpBranch
Commit the changes
git add commons-daemon-1.0.15-bin-windows-signed.zip commons-daemon-1.0.15-bin-windows-signed.zip.asc jetty-distribution-9.3.16.v20170120.zip.asc idp-jetty-base-9.3.0.zip.asc git commit -m "Commit Build files for Windows Installer 3.4.0.0"
Create the tag
git tag -s -m "Tag Windows Installer Build 3.4.0.0" 3.4.0.0
Push the tag (you may want to dry run with '-n' first_
git push origin 3.4.0.0
Delete the branch
git checkout master git branch -D tmpBranch
If building against Jetty 9.4 you need to tag the jetty-base
Update the version in TRUNK
Just as above update the versions in ShibbolethIdP-main.wxs
and MergeModule.wxs
to match the current pom