blob: 0bdfb1d17f418b43e4bf88f999e5aaa563e4a52c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
|
Environment setup in debian:jessie
==================================
basically you need this to setup your environment:
# apt-get install mingw-w64
# apt-get install wine
# apt-get install nsis
this is a incomplete list of dependencies, review the pyinstaller/Dockerfile
to get a understanding of what needs to be setup in order to have a
environment that builds the installer
Requirements
============
docker-compose
Building the package
====================
make pkg
Reproducible builds
===================
please run the binary and installer builds on a clean machine eg
using docker or any virtual environment that can easily be prepared
by a third party to verify that the binaries are actually what the
sourcecode suggests.
to use reproducible build you need to install docker which then installs
a clean debian:jessie to install nsis or the mingw environment
Installer
=========
NSIS was choosen because it provided a out of the box toolchain to build
installers for the windows platform with minimal dependencies. The downside
of nsis is that it does not produce msi binaries
to build the binary dependencies run:
```
docker-compose run --rm openvpn
docker-compose run --rm pyinstaller
```
the produced binaries will be stored in ${ROOT}/build
to build the installer run:
```
docker-compose run --rm installer
```
the produced installer will be stored in ${ROOT}/dist
Pyinstaller
===========
Pyinstaller is a docker image based on debian:jessie with a cross-compile
toolchain (gcc) for building zlib and openssl in linux and wine (staging)
with installed python and mingw32 for pip/wheel compiling.
All pip installed dependencies are
part of the pyinstaller-build.sh script so they can be re-executed when the
dependencies of the project change. The image should be rebuild when openssl,
python or pyinstaller is updated:
```
docker-compose build pyinstaller
```
To debug or fine-tune the compile process it may be useful to setup the
following software on the development machine:
```
X :1 -listen tcp
DISPLAY=:1 xhost +
docker-compose run --rm pyinstaller /bin/bash
root@0fa19215321f:/# export DISPLAY=${YOUR_LOCAL_IP}:1
root@0fa19215321f:/# wine cmd
Z:\>python
>>>
```
the configured volumes are:
- the (read-only) sourcecode of the bitmask project in /var/src/bitmask
- the result of the builds in /var/build
pyinstaller-build.sh
====================
Contains all steps to build the win32 executables. The project relies on
a read-write source tree which will pollute the development environment and
make it hard to reproduce 'clean' builds. therefore it expects that the source
is freshly checked out and not used to run in the host-environment. Otherwise
pyc and ui elements will mess up the binary in unpredictable ways.
* copy the /var/src/bitmask sources to a read-write location (/var/build)
* execute ```make all``` in wine to build the qt ui and other resources
* execute ```pip install $dependencies``` to have all dependencies available
* execute ```pyinstaller``` in wine to compile the executable for
** bitmask (src/leap/bitmask/app.py)
* cleanup
** remove the read-write copy
** remove wine-dlls from the installer
As the step 'install dependencies' may take long on slow internet connections
during development it is advised to recycle the container and share the
build/executables path with a windows-vm to test the result in short cycles
instead of make pkg, uninstall, install.
```
docker-compose run --rm --entrypoint=/bin/bash pyinstalle
root@0fa19215321f:/# cd /var/src/bitmask/pkg/windows
root@0fa19215321f:/var/src/bitmask/pkg/windows# ./pyinstaller-build.sh
root@0fa19215321f:/var/src/bitmask/pkg/windows# ./pyinstaller-build.sh
root@0fa19215321f:/var/src/bitmask/pkg/windows# ./pyinstaller-build.sh
....
```
and test the result binary (accessible in bitmask/build in a separate vm.
OpenVPN
=======
OpenVPN is a straight forward cross compile image that builds the openvpn
sourcecode from the git-repository to a windows executable that can be
used by bitmask_root to launch eip.
It needs to be rebuild regulary as openssl gets a new version about every
month. PyInstaller uses the openssl that is compiled by this image
Installer
=========
Installer is a straight forward debian image with makensis installed. The
installer-build script lists the previously built files from pyinstaller and
openvpn to pass it as nsh file to makensis. bitmask.nis controls what will
be displayed to the user and how the components are installed and uninstalled
|
