Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

The Windows installers are built using WiX from the Windows (.zip) IdP release, as well as Procrun and Jetty.

Preconditions

In order to build the installers you need to have WiX and gpg installed.  You should probably have the Apache signatures installed, but accepting Jetty signatures apparently requires a "leap of faith".

Release naming and versions

  • The windows installers always have a 4 digit version.  The first three are inherited from the IDP distribution, the last is the service release version.  This is incremented for every installer issued and thus enables us to update the products we bundle with the IdP in the same version.

The tag generated for the installation always has the fourth digit, but file names the first  release will not have that an explicit service release version. Subsequent versions will.

Download

Download the latest versions of the following packages as well as their signatures

  • Checkout the tagged version of the release (you'll need this to tag this release).  All further work is done in the idp-installer/src/main/wix. If this is the second (or later) service release check out the tagged version of the latest service release (so as to get the correct versions of the wxs files)
  • The IdP, from our download pages or (more likely) from Nexus to the  idp-installer/src/main/wix directory. You need the .zip and .zip.asc files.
  • The Jetty Base Project
    • For Jetty 9.4 review the changes and build from source.  Instructions here
  • Procrun (Commons-daemon) from the Apache download area to the  idp-installer/src/main/wix directory.  You need the signed.zip and -signed.zip.asc files.
  • The version of Jetty-V9 which has been used to test this release (get this from the pom for java-parent-project) from the Shibboleth Nexus to the  idp-installer/src/main/wix directory.   Again, you need the .zip and .zip.asc files.

PreBuild steps

Move into the idp-installer/src/main/wix directory and verify that the version and name in both the ShibbolethIdP-main.wxs and MergeModule.wxs is correct.  The version for the latter is less important since we do not ship the merge module.  I have used the 1.IdPSubversion.IdPPatch.Unique, in order to maintain coherence.

Build

The build is relatively automated and is done in two steps.  First the Merge module containing procrun and Jetty is built using the Jetty.bat batch file.  This takes two parameters, the path (relative is OK) of the Procrun zip file and the path of the Jetty zip file:

Building the merge modules
C:\path\idp-installer\src\main\wix>Jetty.bat commons-daemon-1.0.15-bin-windows.zip jetty-distribution-9.X.Y.vyyyymmdd.zip
gpg: Signature made 03/28/13 12:54:06 GMT Standard Time using DSA key ID 0D498E23
gpg: Good signature from "Mladen Turk (Default signing key) <mturk@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F7DA 48BB 64BC B84E CBA7  EE69 35CD 23C1 0D49 8E23
gpg: Signature made 02/24/15 17:16:44 GMT Standard Time using DSA key ID D7C58886
gpg: Good signature from "Jesse McConnell (signing key) <jesse.mcconnell@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 5DE5 33CB 43DA F8BC 3E37  2283 E7AE 839C D7C5 8886
jetty_contents.wxs
MergeModule.wxs
procrun.wxs
jetty_contents.wxs
MergeModule.wxs
procrun.wxs
 Volume in drive C is OS
 Volume Serial Number is 1278-E6A3
 Directory of C:path\idp-installer\src\main\wix
26/02/2015  13:31        11,793,229 Jetty-x64.msm
               2 File(s)     23,586,411 bytes
               0 Dir(s)  31,736,725,504 bytes free
C:\Juno\New\IDP3.0.0\idp-installer\src\main\wix>

As can be seen the batch file checks the signatures on the incoming zip files before building the merge modules from the contents.  If the signature is not present or cannot be verified the build fails (which can make verifying the Jetty signature problematic since you need to locate the signature and decide whether to install it.

Next you need to build the IdP installation.  This time use the IdP.bat batch file, which takes two parameters, the path to the IdP Distribution and the path to the jetty-base distribution

Buidling the Installers
C:\path\idp-installer\src\main\wix>idp Download\shibboleth-identity-provider-3.3.0.zip Download\shibboleth-jetty-base-X.Y.zip
 
gpg: Signature made [Date/Time] using RSA key ID xxx
gpg: Good signature from "Scott Cantor <cantor.2@osu.edu>"
gpg: Signature made [Date/Time] using RSA key ID xxx
gpg: Good signature from "Scott Cantor <cantor.2@osu.edu>"

[...]
Windows Installer XML Toolset Toolset Harvester version 3.10.3.3007
Copyright (c) .NET Foundation and contributors. All rights reserved.
idp_contents.wxs
ShibbolethIdP-gui.wxs
ShibbolethIdP-install-dlg.wxs
ShibbolethIdP-warndir-dlg.wxs
ShibbolethIdP-adconfig-dlg.wxs
ShibbolethIdP-update-dlg.wxs
ShibbolethIdP-main.wxs
ShibbolethIdP-registry.wxs
ShibbolethIdP-delete.wxs
 Volume in drive C is OS
 Volume Serial Number is 1278-E6A3
 Directory of C:\path\idp-installer\src\main\wix
26/02/2015  13:36        49,504,256 idp-x64.msi

The second parameter (the jetty-base project to use should match the version of jetty that was built into the Jetty merge modules.  Currently we deploy Jetty version 9.3.

Test

We are testing that the installation works, and in particular that Jetty has not regressed and so it should suffice to test an upgrade of one architecture.

  • It is useful to test both attribute push and attribute fetch.
  • Ensure that the version is expected ( https://name/idp/profile/status)

Sign, Hash and Push

Rename the .msi files appropriately, sign and generate the hash files, and push to the download area.

gpg -s -b -a shibboleth-identity-provider-4.0.1-x64.msi

openssl sha256 shibboleth-identity-provider-4.0.1-x64.msi > shibboleth-identity-provider-4.0.1-x64.msi.sha256

Tag the release

We need to tag the release with the signatures of the downloaded (not Shibboleth) packages 

Checkout the distribution tag

Create Temporary Branch
git checkout 4.0.1

Commit the changes

Windows installations carry four version digits and we use that to distingish from multi-architecture distributions
Commit Changes
git add commons-daemon-1.2.2-bin-windows.zip.asc jetty-distribution-9.4.28.v20200408.zip.asc
git commit -m "Commit signatures files for Windows Installer 4.0.1.0"

Create the tag 

Create Tag
git tag -s -m "Tag Windows Installer Build 4.0.1.0" 4.0.1.0

Push the tag (you may want to dry run with '-n' first_

Push Tag
git push origin 4.0.1.0

Update the version in TRUNK


Just as above update the versions in ShibbolethIdP-main.wxs and MergeModule.wxs to match the current pom

  • No labels