Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »

The Windows installers are built using WiX from the Windows (.zip) IdP release, as well as Procrun and Jetty.

Preconditions

In order to build the installers you need to have WiX and gpg installed.  You should probably have the Apache signatures installed, but accepting Jetty signatures apparently requires a "leap of faith".

Release naming and versions

  • The windows installers always have a 4 digit version.  The first three are inherited from the IDP distribution, the last is the service release version.  This is incremented for every installer issued and thus enables us to update the products we bundle with the IdP in the same version.

The tag generated for the installation always has the fourth digit, but file names the first  release will not have that an explicit service release version. Subsequent versions will.

Download

Download the latest versions of the following packages as well as their signatures

  • Checkout the tagged version of the release (you'll need this to tag this release).  All further work is done in the idp-installer/src/main/wix. If this is the second (or later) service release check out the tagged version of the latest service release (so as to get the correct versions of the wxs files)
  • The IdP, from our download pages or (more likely) from Nexus to the  idp-installer/src/main/wix directory. You need the .zip and .zip.asc files.
  • The Jetty Base Project
    • For Jetty 9.4 review the changes and build from source.  Instructions here
  • Procrun (Commons-daemon) from the Apache download area to the  idp-installer/src/main/wix directory.  You need the signed.zip and -signed.zip.asc files.
  • The version of Jetty-V9 which has been used to test this release (get this from the pom for java-parent-project) from the Shibboleth Nexus to the  idp-installer/src/main/wix directory.   Again, you need the .zip and .zip.asc files.

PreBuild steps

Move into the idp-installer/src/main/wix directory and verify that the version and name in both the ShibbolethIdP-main.wxs and MergeModule.wxs is correct.  The version for the latter is less important since we do not ship the merge module.  I have used the 1.IdPSubversion.IdPPatch.Unique, in order to maintain coherence.

Build

The build is relatively automated and is done in two steps.  First the Merge module containing procrun and Jetty is built using the Jetty.bat batch file.  This takes two parameters, the path (relative is OK) of the Procrun zip file and the path of the Jetty zip file:

Building the merge modules
C:\Juno\New\IDP3.0.0\idp-installer\src\main\wix>Jetty.bat commons-daemon-1.0.15-bin-windows.zip jetty-distribution-9.X.Y.vyyyymmdd.zip
gpg: Signature made 03/28/13 12:54:06 GMT Standard Time using DSA key ID 0D498E23
gpg: Good signature from "Mladen Turk (Default signing key) <mturk@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F7DA 48BB 64BC B84E CBA7  EE69 35CD 23C1 0D49 8E23
gpg: Signature made 02/24/15 17:16:44 GMT Standard Time using DSA key ID D7C58886
gpg: Good signature from "Jesse McConnell (signing key) <jesse.mcconnell@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5DE5 33CB 43DA F8BC 3E37  2283 E7AE 839C D7C5 8886
jetty_contents.wxs
MergeModule.wxs
procrun.wxs
jetty_contents.wxs
MergeModule.wxs
procrun.wxs
 Volume in drive C is OS
 Volume Serial Number is 1278-E6A3
 Directory of C:\Perforce\Juno\New\IDP3.0.0\idp-installer\src\main\wix
26/02/2015  13:31        11,793,229 Jetty-x64.msm
26/02/2015  13:31        11,793,182 Jetty-x86.msm
               2 File(s)     23,586,411 bytes
               0 Dir(s)  31,736,725,504 bytes free
C:\Juno\New\IDP3.0.0\idp-installer\src\main\wix>

As can be seen the batch file checks the signatures on the incoming zip files before building the merge modules from the contents.  If the signature is not present or cannot be verified the build fails (which can make verifying the Jetty signature problematic since you need to locate the signature and decide whether to install it.

Next you need to build the IdP installation.  This time use the IdP.bat batch file, which takes two parameters, the path to the IdP Distribution and the path to the jetty-base distribution

Buidling the Installers
C:\Juno\New\build\3.3.0\idp-installer\src\main\wix>idp Download\shibboleth-identity-provider-3.3.0.zip Download\shibboleth-jetty-base-X.Y.zip
 
gpg: Signature made [Date/Time] using RSA key ID xxx
gpg: Good signature from "Scott Cantor <cantor.2@osu.edu>"
gpg: Signature made [Date/Time] using RSA key ID xxx
gpg: Good signature from "Scott Cantor <cantor.2@osu.edu>"

[...]
Windows Installer XML Toolset Toolset Harvester version 3.10.3.3007
Copyright (c) .NET Foundation and contributors. All rights reserved.
idp_contents.wxs
ShibbolethIdP-registry.wxs
ShibbolethIdP-main.wxs
ShibbolethIdP-delete.wxs
ShibbolethIdP-gui.wxs
ShibbolethIdP-install-dlg.wxs
ShibbolethIdP-warndir-dlg.wxs
ShibbolethIdP-adconfig-dlg.wxs
ShibbolethIdP-update-dlg.wxs
ShibbolethIdP-main.wxs
ShibbolethIdP-registry.wxs
ShibbolethIdP-delete.wxs
 Volume in drive C is OS
 Volume Serial Number is 1278-E6A3
 Directory of C:\Perforce\Juno\New\IDP3.3.0\idp-installer\src\main\wix
26/02/2015  13:36        49,504,256 idp-x64.msi
26/02/2015  13:36        49,504,256 idp-x86.msi

Again the signature is checked, but in this case the absense of a signature is non fatal (to allow building test installers from intermediate builds)

The second parameter (the jetty-base project to use should match the version of jetty that was built into the Jetty merge modules.  Currently we deploy Jetty version 9.3.

Test

We are testing that the installation works, and in particular that Jetty has not regressed and so it should suffice to test an upgrade of one architecture.

  • It is useful to test both attribute push and attribute fetch.
  • Ensure that the version is expected ( https://name/idp/profile/status)

Sign, Hash and Push

Rename the .msi files appropriately, sign and generate the hash files, and push to the download area.

gpg -s -b -a shibboleth-identity-provider-3.1.0.1-x64.msi
gpg -s -b -a shibboleth-identity-provider-3.1.0.1-x86.msi


openssl sha1 shibboleth-identity-provider-3.1.0.1-x64.msi > shibboleth-identity-provider-3.1.0.1-x64.msi.sha1
openssl sha256 shibboleth-identity-provider-3.1.0.1-x64.msi > shibboleth-identity-provider-3.1.0.1-x64.msi.sha256
openssl md5 shibboleth-identity-provider-3.1.0.1-x64.msi > shibboleth-identity-provider-3.1.0.1-x64.msi.md5


openssl sha1 shibboleth-identity-provider-3.1.0.1-x86.msi > shibboleth-identity-provider-3.1.0.1-x86.msi.sha1
openssl sha256 shibboleth-identity-provider-3.1.0.1-x86.msi > shibboleth-identity-provider-3.1.0.1-x86.msi.sha256
openssl md5 shibboleth-identity-provider-3.1.0.1-x86.msi > shibboleth-identity-provider-3.1.0.1-x86.msi.md5

Tag the release

We need to tag the release with

  • The modified wxs files 
  • The signatures of the downloaded packages
  • Those downloaded zip files which we did not collect from nexus (procun)


Create a new branch where the tag will live

Create Temporary Branch
C:\Perforce\Juno\New\build\3.0.0\idp-installer\src\main\wix>git checkout -b tmpBranch

Commit the changes

Commit Changes
git add commons-daemon-1.0.15-bin-windows-signed.zip commons-daemon-1.0.15-bin-windows-signed.zip.asc jetty-distribution-9.3.16.v20170120.zip.asc  idp-jetty-base-9.3.0.zip.asc
git commit -m "Commit Build files for Windows Installer 3.4.0.0"

Create the tag

Create Tag
git tag -s -m "Tag Windows Installer Build 3.4.0.0" 3.4.0.0

Push the tag (you may want to dry run with '-n' first_

Push Tag
git push origin 3.4.0.0

Delete the branch

Delete temporary branch
git checkout master
git branch -D tmpBranch

If building against Jetty 9.4 you need to tag the jetty-base


Update the version in TRUNK


Just as above update the versions in ShibbolethIdP-main.wxs and MergeModule.wxs to match the current pom

  • No labels