diff options
author | Paixu Aabuizia <PaixuAabuizia@users.noreply.github.com> | 2016-10-03 18:02:50 -0400 |
---|---|---|
committer | Kali Kaneko (leap communications) <kali@leap.se> | 2016-10-19 12:34:18 -0400 |
commit | 8e894bf2b318046acdabe597a71b0ffa079256b6 (patch) | |
tree | 3d46ab68babc7d4869d3490b47c3a37e25796b6e /pkg | |
parent | 8c90f814f40dbc957bafe5bbd1528380c02bd057 (diff) |
[pkg] reproducible windows installer for bitmask_client
Port of paixu's original commit 0a5d24d64b5f637038a15b01bbe1b3d4bf4108f2
in the legacy bitmask_client repo.
Refs: 0.9.1-85-g0a5d24d
- provide a environment that allows automated builds of windows installers
- prepare dockerized environment with wine, python, openssl, zlib and mingw
to build windows binaries from python sourcecode
- prepare dockerized environment with nullsoft installer
to build installers from binaries
- configure pyinstaller to build binaries
- configure nsis to build distributable executables for bitmask
- configure make all in pkg/windows that results in installers
- add documentation
- ico conversion from data/images
- avoid polluting / in docker image
- install dirspec and copy to wine env
- remove obsolete comments
- fix python path
- figure out that pip install leap.a and pyinstalling a leap.b does not work - so the build script fixes that
- rename dependencies to pyinstaller and move nsis code to installer
- build openvpn, export the binaries for further processing
- correct openvpn dependencies, fetch tap installer compatible with openvpn just built
- install tap-driver with nsis
- pyinstaller-build: fix mixed mkdir / show errors if there are some
- installer-build: prepare rw-copy, do not expose nsh files
- add openvpn_leap.exe to install directory so it gets picked up by nsis
- use setup.py to install bitmask to site-packages to have a version
- separate build directories for granular make
- copy all openvpn dlls to installer
- die to signal failure to parent makefile
- cache installDependencies for quick turn-arround times
- share openssl version between openvpn and pysqlcipher/other pip builds
- collect files during prepare for installer
- default to eip:false, mail:true
- configuration in pyinstaller-build.sh
- win64 tap drivers need special care getting removed from 32bit nsis
- correct registry key that identifies if we installed TAP
- extract version from git-tree, expose to wine python
- create nsh with version for build installer
- allow clean/dirty version with patches
- cleanup / indent / remove comments
- die when pysqlchipher patch failed
- add psutil in mingw compatible version
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/windows/Makefile | 25 | ||||
-rw-r--r-- | pkg/windows/README.rst | 144 | ||||
-rw-r--r-- | pkg/windows/TODO | 15 | ||||
-rw-r--r-- | pkg/windows/bitmask.nis | 2 | ||||
-rw-r--r-- | pkg/windows/bitmask.nsh | 115 | ||||
-rw-r--r-- | pkg/windows/bitmask_client_product.nsh | 8 | ||||
-rw-r--r-- | pkg/windows/bitmask_client_registry_install.nsh | 17 | ||||
-rw-r--r-- | pkg/windows/docker-compose.yml | 42 | ||||
-rwxr-xr-x | pkg/windows/installer-build.sh | 119 | ||||
-rw-r--r-- | pkg/windows/installer/Dockerfile | 17 | ||||
-rwxr-xr-x | pkg/windows/openvpn-build.sh | 63 | ||||
-rw-r--r-- | pkg/windows/openvpn/Dockerfile | 17 | ||||
-rw-r--r-- | pkg/windows/openvpn_manifest | 19 | ||||
-rwxr-xr-x | pkg/windows/pyinstaller-build.sh | 288 | ||||
-rw-r--r-- | pkg/windows/pyinstaller/Dockerfile | 105 | ||||
-rw-r--r-- | pkg/windows/pyinstaller/pysqlcipher_setup.py.patch | 14 | ||||
-rw-r--r-- | pkg/windows/pyinstaller/zlib-mingw-shared.patch | 10 |
17 files changed, 1020 insertions, 0 deletions
diff --git a/pkg/windows/Makefile b/pkg/windows/Makefile new file mode 100644 index 0000000..5d19353 --- /dev/null +++ b/pkg/windows/Makefile @@ -0,0 +1,25 @@ +.PHONY: all pkg installer openvpn pyinstaller +all: + docker-compose build + $(MAKE) pkg + +pkg: + $(MAKE) openvpn + $(MAKE) pyinstaller + $(MAKE) installer + +pyinstaller: + docker-compose run --rm pyinstaller + +openvpn: + docker-compose run --rm openvpn + +installer: + docker-compose run --rm installer + +clean: + docker rmi windows_pyinstaller + docker rmi windows_openvpn + docker rmi windows_installer + rm -rf ../../dist/*.exe + rm -rf ../../build/*
\ No newline at end of file diff --git a/pkg/windows/README.rst b/pkg/windows/README.rst new file mode 100644 index 0000000..0bdfb1d --- /dev/null +++ b/pkg/windows/README.rst @@ -0,0 +1,144 @@ +Environment setup in debian:jessie +================================== + +basically you need this to setup your environment: + +# apt-get install mingw-w64 +# apt-get install wine +# apt-get install nsis + +this is a incomplete list of dependencies, review the pyinstaller/Dockerfile +to get a understanding of what needs to be setup in order to have a +environment that builds the installer + +Requirements +============ + +docker-compose + +Building the package +==================== + +make pkg + + +Reproducible builds +=================== + +please run the binary and installer builds on a clean machine eg +using docker or any virtual environment that can easily be prepared +by a third party to verify that the binaries are actually what the +sourcecode suggests. + +to use reproducible build you need to install docker which then installs +a clean debian:jessie to install nsis or the mingw environment + + +Installer +========= + +NSIS was choosen because it provided a out of the box toolchain to build +installers for the windows platform with minimal dependencies. The downside +of nsis is that it does not produce msi binaries + +to build the binary dependencies run: + +``` +docker-compose run --rm openvpn +docker-compose run --rm pyinstaller +``` + +the produced binaries will be stored in ${ROOT}/build + +to build the installer run: + +``` +docker-compose run --rm installer +``` + +the produced installer will be stored in ${ROOT}/dist + + +Pyinstaller +=========== + +Pyinstaller is a docker image based on debian:jessie with a cross-compile +toolchain (gcc) for building zlib and openssl in linux and wine (staging) +with installed python and mingw32 for pip/wheel compiling. +All pip installed dependencies are +part of the pyinstaller-build.sh script so they can be re-executed when the +dependencies of the project change. The image should be rebuild when openssl, +python or pyinstaller is updated: + +``` +docker-compose build pyinstaller +``` + +To debug or fine-tune the compile process it may be useful to setup the +following software on the development machine: + +``` +X :1 -listen tcp +DISPLAY=:1 xhost + +docker-compose run --rm pyinstaller /bin/bash +root@0fa19215321f:/# export DISPLAY=${YOUR_LOCAL_IP}:1 +root@0fa19215321f:/# wine cmd +Z:\>python +>>> +``` + +the configured volumes are: + +- the (read-only) sourcecode of the bitmask project in /var/src/bitmask +- the result of the builds in /var/build + +pyinstaller-build.sh +==================== + +Contains all steps to build the win32 executables. The project relies on +a read-write source tree which will pollute the development environment and +make it hard to reproduce 'clean' builds. therefore it expects that the source +is freshly checked out and not used to run in the host-environment. Otherwise +pyc and ui elements will mess up the binary in unpredictable ways. + +* copy the /var/src/bitmask sources to a read-write location (/var/build) +* execute ```make all``` in wine to build the qt ui and other resources +* execute ```pip install $dependencies``` to have all dependencies available +* execute ```pyinstaller``` in wine to compile the executable for +** bitmask (src/leap/bitmask/app.py) +* cleanup +** remove the read-write copy +** remove wine-dlls from the installer + +As the step 'install dependencies' may take long on slow internet connections +during development it is advised to recycle the container and share the +build/executables path with a windows-vm to test the result in short cycles +instead of make pkg, uninstall, install. + +``` +docker-compose run --rm --entrypoint=/bin/bash pyinstalle +root@0fa19215321f:/# cd /var/src/bitmask/pkg/windows +root@0fa19215321f:/var/src/bitmask/pkg/windows# ./pyinstaller-build.sh +root@0fa19215321f:/var/src/bitmask/pkg/windows# ./pyinstaller-build.sh +root@0fa19215321f:/var/src/bitmask/pkg/windows# ./pyinstaller-build.sh +.... +``` + +and test the result binary (accessible in bitmask/build in a separate vm. + +OpenVPN +======= + +OpenVPN is a straight forward cross compile image that builds the openvpn +sourcecode from the git-repository to a windows executable that can be +used by bitmask_root to launch eip. +It needs to be rebuild regulary as openssl gets a new version about every +month. PyInstaller uses the openssl that is compiled by this image + +Installer +========= + +Installer is a straight forward debian image with makensis installed. The +installer-build script lists the previously built files from pyinstaller and +openvpn to pass it as nsh file to makensis. bitmask.nis controls what will +be displayed to the user and how the components are installed and uninstalled
\ No newline at end of file diff --git a/pkg/windows/TODO b/pkg/windows/TODO new file mode 100644 index 0000000..49c6bac --- /dev/null +++ b/pkg/windows/TODO @@ -0,0 +1,15 @@ +TODO +==== + +fix python-code (0.9.1) that fails on windows: +- fix the race condition for the backend/frontend startup. + spawning the backend takes time. with a introduced 15s timeout + it was possible to ensure the backend is up. It would be ideal + if the backend could signal the app to continue loading the frontend +- fix the ~/leap/events/zmq_certificates/public_keys/server.key +- fix logger (& remove hack in pyinstaller-build.sh:228) +- fix pysqlcipher (/LIB:,https get not working in setup.py, remove hack + in pyinstaller-build:164) +- merge bitmask_root from https://github.com/alirezamirzaeiyan/bitmask-root + +create similar infrastructure for osx dmg, preferably run on osx for compressed dmg
\ No newline at end of file diff --git a/pkg/windows/bitmask.nis b/pkg/windows/bitmask.nis new file mode 100644 index 0000000..8705c05 --- /dev/null +++ b/pkg/windows/bitmask.nis @@ -0,0 +1,2 @@ +!define PKGNAME bitmask +!include .\bitmask.nsh
\ No newline at end of file diff --git a/pkg/windows/bitmask.nsh b/pkg/windows/bitmask.nsh new file mode 100644 index 0000000..fe02f84 --- /dev/null +++ b/pkg/windows/bitmask.nsh @@ -0,0 +1,115 @@ +# pwd is a ro-mounted source-tree that had all dependencies build into +# package-name directories +!define PKGNAMEPATH ..\..\build\executables\${PKGNAME} +!include ${PKGNAMEPATH}_version.nsh +!include .\bitmask_client_product.nsh +!include ${PKGNAMEPATH}_install_files_size.nsh + +RequestExecutionLevel admin ;Require admin rights on NT6+ (When UAC is turned on) + +InstallDir "$PROGRAMFILES\${APPNAME}" + +LicenseData "..\..\LICENSE" +Name "${COMPANYNAME} - ${APPNAME}" +Icon "..\..\build\executables\mask-icon.ico" + +# /var/dist is a rw mounted volume +outFile "/var/dist/${PKGNAME}-${VERSIONMAJOR}.${VERSIONMINOR}.${VERSIONBUILD}${VERSIONSUFFIX}.exe" +!include LogicLib.nsh + +# Just three pages - license agreement, install location, and installation +page license +page directory +Page instfiles + +!macro VerifyUserIsAdmin +UserInfo::GetAccountType +pop $0 +${If} $0 != "admin" ;Require admin rights on NT4+ + messageBox mb_iconstop "Administrator rights required!" + setErrorLevel 740 ;ERROR_ELEVATION_REQUIRED + quit +${EndIf} +!macroend + +function .onInit + setShellVarContext all + !insertmacro VerifyUserIsAdmin +functionEnd + +section "TAP Virtual Ethernet Adapter" SecTAP + SetOverwrite on + SetOutPath "$TEMP" + File /oname=tap-windows.exe "..\..\build\executables\openvpn\tap-windows.exe" + + DetailPrint "Installing TAP (may need confirmation)..." + nsExec::ExecToLog '"$TEMP\tap-windows.exe" /S /SELECT_UTILITIES=1' + Pop $R0 # return value/error/timeout + + Delete "$TEMP\tap-windows.exe" + WriteRegStr HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "tap" "installed" +sectionEnd + +section "install" + setOutPath $INSTDIR + + !include ${PKGNAMEPATH}_install_files.nsh + + # Uninstaller - See function un.onInit and section "uninstall" for configuration + writeUninstaller "$INSTDIR\uninstall.exe" + + # Start Menu + createDirectory "$SMPROGRAMS\${COMPANYNAME}" + createShortCut "$SMPROGRAMS\${COMPANYNAME}\${APPNAME}.lnk" "$INSTDIR\bitmask.exe" "" "$INSTDIR\bitmask.exe" + + !include bitmask_client_registry_install.nsh +sectionEnd + +# Uninstaller + +function un.onInit + SetShellVarContext all + !insertmacro VerifyUserIsAdmin +functionEnd + +section "uninstall" + + delete "$SMPROGRAMS\${COMPANYNAME}\${APPNAME}.lnk" + # Try to remove the Start Menu folder - this will only happen if it is empty + rmDir "$SMPROGRAMS\${COMPANYNAME}" + + # Remove files + !include ${PKGNAMEPATH}_uninstall_files.nsh + + # Remove TAP Drivers + ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "tap" + ${If} $R0 == "installed" + DetailPrint "Uninstalling TAP as we installed it..." + ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TAP-Windows" "UninstallString" + ${If} $R0 != "" + DetailPrint "Uninstalling TAP..." + nsExec::ExecToLog '"$R0" /S' + Pop $R0 # return value/error/timeout + ${Else} + # on x64 windows the uninstall location needs to be accessed using WOW + SetRegView 64 + ReadRegStr $R0 HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TAP-Windows" "UninstallString" + SetRegView 32 + ${If} $R0 != "" + DetailPrint "Uninstalling TAP 64..." + nsExec::ExecToLog '"$R0" /S' + Pop $R0 # return value/error/timeout + ${EndIf} + ${EndIf} + DeleteRegValue HKLM "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "tap" + ${EndIf} + + # Always delete uninstaller as the last action + delete $INSTDIR\uninstall.exe + + # Try to remove the install directory - this will only happen if it is empty + rmDir $INSTDIR + + # Remove uninstaller information from the registry + DeleteRegKey HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" +sectionEnd
\ No newline at end of file diff --git a/pkg/windows/bitmask_client_product.nsh b/pkg/windows/bitmask_client_product.nsh new file mode 100644 index 0000000..64f59ac --- /dev/null +++ b/pkg/windows/bitmask_client_product.nsh @@ -0,0 +1,8 @@ +!define APPNAME "Bitmask" +!define COMPANYNAME "leap.se" +!define DESCRIPTION "With Bitmask VPN, all your traffic is securely routed through your provider before it is decrypted and sent on to the open internet." +# These will be displayed by the "Click here for support information" link in "Add/Remove Programs" +# It is possible to use "mailto:" links in here to open the email client +!define HELPURL "https://bitmask.net/en/help" # "Support Information" link +!define UPDATEURL "https://bitmask.net/en/install" # "Product Updates" link +!define ABOUTURL "https://bitmask.net/" # "Publisher" link
\ No newline at end of file diff --git a/pkg/windows/bitmask_client_registry_install.nsh b/pkg/windows/bitmask_client_registry_install.nsh new file mode 100644 index 0000000..5bf0404 --- /dev/null +++ b/pkg/windows/bitmask_client_registry_install.nsh @@ -0,0 +1,17 @@ +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "DisplayName" "${COMPANYNAME} - ${APPNAME} - ${DESCRIPTION}" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "UninstallString" "$\"$INSTDIR\uninstall.exe$\"" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "QuietUninstallString" "$\"$INSTDIR\uninstall.exe$\" /S" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "InstallLocation" "$\"$INSTDIR$\"" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "DisplayIcon" "$\"$INSTDIR\bitmask.exe$\"" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "Publisher" "${COMPANYNAME}" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "HelpLink" "${HELPURL}" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "URLUpdateInfo" "$\"${UPDATEURL}$\"" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "URLInfoAbout" "$\"${ABOUTURL}$\"" +WriteRegStr HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "DisplayVersion" "${VERSIONMAJOR}.${VERSIONMINOR}.${VERSIONBUILD}${VERSIONSUFFIX}" +WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "VersionMajor" ${VERSIONMAJOR} +WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "VersionMinor" ${VERSIONMINOR} +# There is no option for modifying or repairing the install +WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "NoModify" 1 +WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "NoRepair" 1 +# Set the INSTALLSIZE constant (!defined at the top of this script) so Add/Remove Programs can accurately report the size +WriteRegDWORD HKLM "Software\Microsoft\Windows\CurrentVersion\Uninstall\${COMPANYNAME} ${APPNAME}" "EstimatedSize" ${INSTALLSIZE}
\ No newline at end of file diff --git a/pkg/windows/docker-compose.yml b/pkg/windows/docker-compose.yml new file mode 100644 index 0000000..92b310c --- /dev/null +++ b/pkg/windows/docker-compose.yml @@ -0,0 +1,42 @@ +# mingw environment to build dependency binaries in a reproducible environment +# https://wiki.debian.org/ReproducibleBuilds +# service to build a windows executable using pyinstaller +# utilizes wine and pyinstaller-build.sh to produce +# build/executables/pyinstaller/bitmask/* +# usage: docker-compose run --rm pyinstaller +# non-zero exit code on failure +pyinstaller: + build: pyinstaller + volumes: +# bitmask sources + - ../../:/var/src/bitmask:ro +# produced binaries + - ../../build:/var/build +# service to build a windows-executable from openvpn sources +# uses the openvpn-build infrastructure to produce +# build/executables/openvpn/* +# produces the openvpn.exe and provides openssl that is to be +# used by pyinsaller +# usage: docker-compose run --rm openvpn +# non-zero exit code on failure +openvpn: + build: openvpn + volumes: +# bitmask sources + - ../../:/var/src/bitmask:ro +# produced binaries + - ../../build:/var/build +# service to compile a installer using nullsoft installer +# nsis environment to build installer (exe) that contains all required binaries +# for a clean, just installed windows machine +# utilizes the debian makensis and installer-build to produce +# dist/bitmask-VERSION.exe +# usage: docker-compose run --rm installer +# non-zero exit code on failure +installer: + build: installer + volumes: +# bitmask sources + - ../../:/var/src/bitmask:ro +# produced installers - configured in bitmask.nsh + - ../../dist:/var/dist diff --git a/pkg/windows/installer-build.sh b/pkg/windows/installer-build.sh new file mode 100755 index 0000000..cf66420 --- /dev/null +++ b/pkg/windows/installer-build.sh @@ -0,0 +1,119 @@ +#!/bin/bash + +# build installer +# =============== +# +# builds several installers from previously compiled binaries + +product=bitmask +# the location of the nsis installer nis files dictates the path of the files +relative_executable_path=../../build/executables +source_ro_path=/var/src/${product} +temporary_build_path=/var/tmp/installer + +setups=($(ls -1 ${source_ro_path}/pkg/windows | grep '.nis$' | sed 's|.nis$||')) + +# generate nsis file references for installer for single directory +# appends File and Remove to files that are later included by makensis +# separate files for install and uninstall statements +# +# directory_root: the tree root that is currently generated +# subdir: any directory in the tree +# setup_name: the name of the setup this nsh entries are generated for +function generateDirectoryNSISStatements() { + directory_root=$1 + subdir=$2 + setup_name=$3 + find ${subdir} -maxdepth 1 -type f -exec echo 'File "'${relative_executable_path}'/{}"' \;>> ${setup_name}_install_files.nsh + find ${subdir} -maxdepth 1 -type f -exec echo 'Delete "$INSTDIR/{}"' \; >> ${setup_name}_uninstall_files.nsh +} +# generate a tree of files into nsis installer definitions +# directory_root: the tree root that is currently generated +# setup_name: the name of the setup this nsh entries are generated for +function generateDirectoryNSISStatementsTree() { + directory_root=$1 + setup_name=$2 + subdirs=$(find ${directory_root} -type d | sort) + for subdir in ${subdirs[@]} + do + if [ "${directory_root}" != "${subdir}" ]; then + echo 'SetOutPath "$INSTDIR/'${subdir}'"' >> ${setup_name}_install_files.nsh + fi + generateDirectoryNSISStatements ${directory_root} ${subdir} ${setup_name} + done + # again to remove emptied directories on uninstall so reverse + subdirs=$(find ${directory_root} -type d | sort | tac) + for subdir in ${subdirs[@]} + do + if [ "${directory_root}" != "${subdir}" ]; then + echo 'RMDir "$INSTDIR/'${subdir}'"' >> ${setup_name}_uninstall_files.nsh + fi + done +} +# generate installer files for the available setups +# those files include install and uninstall statements and are +# modified (backslashes/source_path) to generate a sane target +# structure +function generateNSISStatements() { + pushd ${temporary_build_path}/build/executables + for setup in "${setups[@]}" + do + echo "setup:" ${setup} + echo "# auto generated by pkg/windows/installer-build.sh please do not modify" > ${setup}_install_files.nsh + echo "# auto generated by pkg/windows/installer-build.sh please do not modify" > ${setup}_uninstall_files.nsh + setup_source_path=${setup} + generateDirectoryNSISStatementsTree ${setup_source_path} ${setup} + # remove the setup_source_path from the nsh files + sed -i "s|INSTDIR/${setup_source_path}/|INSTDIR/|" ${setup}_install_files.nsh + sed -i "s|/${setup_source_path}/|/|" ${setup}_uninstall_files.nsh + # make backslashes + sed -i "s|/|\\\\|g" ${setup}_install_files.nsh ${setup}_uninstall_files.nsh + # make install size + installed_size=$(du -s --block-size=1000 ${setup} | awk '{print $1}') + echo "!define INSTALLSIZE ${installed_size}" > ${setup}_install_files_size.nsh + done + popd +} +# makensis to produce a installer.exe +# the result is placed in /var/dist +function buildInstaller() { + pushd ${temporary_build_path}/pkg/windows + for setup in ${setups[@]} + do + makensis ${setup}.nis || die 'build setup "'${setup}'" failed' + done + popd +} +# prepare build path +# copies files that have been produced by other containers +# merges the product so the nsis files are correct +function prepareBuildPath() { + mkdir -p ${temporary_build_path}/pkg/windows + mkdir -p ${temporary_build_path}/build + cp -r ${source_ro_path}/pkg/windows/* ${temporary_build_path}/pkg/windows + cp -r ${source_ro_path}/build/* ${temporary_build_path}/build + cp -r ${source_ro_path}/LICENSE ${temporary_build_path}/LICENSE + + test -d ${temporary_build_path}/build/executables/bitmask || die 'bitmask not available run docker-compose run --rm pyinstaller' + test -d ${temporary_build_path}/build/executables/openvpn || die 'openvpn not available run docker-compose run --rm openvpn' + pushd ${temporary_build_path}/build/executables + cp openvpn/bin/openvpn.exe bitmask + cp openvpn/bin/*.dll bitmask + popd +} +# remove build files to ensure subsequent builds +function cleanup() { + rm -r ${temporary_build_path} +} +# display failure message and emit non-zero exit code +function die() { + echo "die:" $@ + exit 1 +} +function main() { + prepareBuildPath + generateNSISStatements + buildInstaller + cleanup +} +main $@
\ No newline at end of file diff --git a/pkg/windows/installer/Dockerfile b/pkg/windows/installer/Dockerfile new file mode 100644 index 0000000..ae46acb --- /dev/null +++ b/pkg/windows/installer/Dockerfile @@ -0,0 +1,17 @@ +FROM debian:jessie +MAINTAINER paixu@0xn0.de +RUN apt-get update + +###### +# install packages required to build + +RUN apt-get -y install \ + nsis +WORKDIR /var/src/bitmask/pkg/windows + +###### +# set a specific user +# needs external tuning of the /var/dist rights! +# RUN useradd installer +# USER installer +ENTRYPOINT ["/var/src/bitmask/pkg/windows/installer-build.sh"]
\ No newline at end of file diff --git a/pkg/windows/openvpn-build.sh b/pkg/windows/openvpn-build.sh new file mode 100755 index 0000000..7f8ed84 --- /dev/null +++ b/pkg/windows/openvpn-build.sh @@ -0,0 +1,63 @@ +#!/bin/bash + +# render openvpn prepared for installer +# ================================================ +# +# requires +# - a linux host with mingw installed +# - a rw directory mounted to /var/build +# returns nonzero exit code when failed +# +# clone openvpn-build repository +# runs cross-compile build +# - downloads openvpn dependencies +# - compiles +# copy files to executables so they can be installed +# cleans up (remove read-write copy) + +# the location where the openvpn binaries are placed +absolute_executable_path=/var/build/executables +temporary_build_path=/var/build/openvpn + +# cleanup the temporary build path for subsequent executes +function cleanup() { + rm -r ${temporary_build_path} 2>/dev/null +} +# build openvpn source +function buildSource() { + pushd ${temporary_build_path}/openvpn-build/generic + CHOST=i686-w64-mingw32 \ + CBUILD=i686-pc-linux-gnu \ + ./build \ + || die 'build openvpn from source failed' + mkdir -p ${absolute_executable_path} + cp -r image/openvpn ${absolute_executable_path}/openvpn + popd +} +# fetch tap-windows.exe as defined in the openvpn vars +function fetchTapWindows() { + pushd ${temporary_build_path}/openvpn-build + source windows-nsis/build-complete.vars + wget ${TAP_WINDOWS_INSTALLER_URL} -O ${absolute_executable_path}/openvpn/tap-windows.exe || die 'tap-windows.exe could not be fetched' + popd +} +# prepare read-write copy +function prepareBuildPath() { + cleanup + mkdir -p ${temporary_build_path} + pushd ${temporary_build_path} + git clone https://github.com/OpenVPN/openvpn-build || die 'openvpn-build could not be cloned' + popd +} +# display failure message and emit non-zero exit code +function die() { + echo "die:" $@ + exit 1 +} +function main() { + prepareBuildPath + buildSource + fetchTapWindows + cleanup +} +main $@ diff --git a/pkg/windows/openvpn/Dockerfile b/pkg/windows/openvpn/Dockerfile new file mode 100644 index 0000000..471685a --- /dev/null +++ b/pkg/windows/openvpn/Dockerfile @@ -0,0 +1,17 @@ +FROM debian:jessie +MAINTAINER paixu@0xn0.de + +###### +# install packages required to build +# https-transport: winehq deb +# winbind: pip install keyring (requirements.pip) needs this somehow +# git-core: clone rw copy of repo and build specific commit +# imagemagick: convert png to ico-files +RUN apt-get update && apt-get -y install \ + unzip bzip2 \ + curl wget \ + apt-transport-https \ + man2html \ + git-core \ + build-essential autoconf mingw-w64 +ENTRYPOINT ["/var/src/bitmask/pkg/windows/openvpn-build.sh"]
\ No newline at end of file diff --git a/pkg/windows/openvpn_manifest b/pkg/windows/openvpn_manifest new file mode 100644 index 0000000..7c6a542 --- /dev/null +++ b/pkg/windows/openvpn_manifest @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="utf-8"?> +<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <assemblyIdentity version="1.0.0.0" name="openvpn_leap" /> + <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"> + <security> + <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"> + <requestedExecutionLevel level="requireAdministrator" uiAccess="false" /> + </requestedPrivileges> + <applicationRequestMinimum> + <defaultAssemblyRequest permissionSetReference="Custom" /> + <PermissionSet class="System.Security.PermissionSet" version="1" ID="Custom" SameSite="site" /> + </applicationRequestMinimum> + </security> + </trustInfo> + <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> + <application> + </application> + </compatibility> +</asmv1:assembly>
\ No newline at end of file diff --git a/pkg/windows/pyinstaller-build.sh b/pkg/windows/pyinstaller-build.sh new file mode 100755 index 0000000..522fc10 --- /dev/null +++ b/pkg/windows/pyinstaller-build.sh @@ -0,0 +1,288 @@ +#!/bin/bash + +# render dependencies into separate subdirectories +# ================================================ +# +# requires +# - a linux host with wine, wine with python and mingw installed +# - the sourcecode mounted to /var/src/ +# - a rw directory mounted to /var/build +# returns nonzero exit code when pyinstaller failed +# +# prepares a read-write copy of the sourcecode +# executes qt-uic and qt-rcc for gui dialogs +# installs dependencies from pkg/dependencies-windows.pip +# runs pyinstaller +# cleans up (remove wine-dlls, remove read-write copy) +# creates nsis install/uninstall scripts for the files for each package +# if $1 is set it is expected to be a branch/git-tag + +product=bitmask +# the location where the pyinstaller results are placed +absolute_executable_path=/var/build/executables +# the location of the nsis installer nis files dictates the path of the files +relative_executable_path=../../build/executables +source_ro_path=/var/src/${product} +temporary_build_path=/var/build/pyinstaller +git_tag=HEAD +version_prefix=leap.bitmask +git_version=unknown +# option that is changed when a dependency-cache is found +install_dependencies=true +# default options for components +with_eip=false +with_mail=true + +setups=($(ls -1 ${source_ro_path}/pkg/windows | grep '.nis$' | sed 's|.nis$||')) +# add mingw dlls that are build in other steps +function addMingwDlls() { + root=$1 + cp /usr/lib/gcc/i686-w64-mingw32/4.9-win32/libgcc_s_sjlj-1.dll ${root} + cp /root/.wine/drive_c/Python27/Lib/site-packages/zmq/libzmq.pyd ${root} + cp /root/.wine/drive_c/Python27/Lib/site-packages/zmq/libzmq.pyd ${root} + mkdir -p ${root}/pysqlcipher + cp /var/build/pyinstaller/pkg/pyinst/build/bitmask/pysqlcipher-2.6.4-py2.7-win32.egg/pysqlcipher/_sqlite.pyd ${root}/pysqlcipher + cp ~/.wine/drive_c/openssl/bin/*.dll ${root} +} +# cleanup the temporary build path for subsequent executes +function cleanup() { + rm -rf ${temporary_build_path} 2>/dev/null +} +# create files that are not part of the repository but are needed +# in the windows environment: +# - license with \r\n +# - ico from png (multiple sizes for best results on high-res displays) +function createInstallablesDependencies() { + pushd ${temporary_build_path} > /dev/null + cat LICENSE | sed 's|\n|\r\n|g' > LICENSE.txt + convert data/images/mask-icon.png -filter Cubic -scale 256x256! data/images/mask-icon-256.png + convert data/images/mask-icon-256.png -define icon:auto-resize data/images/mask-icon.ico + # execute qt-uic / qt-rcc + wine mingw32-make all || die 'qt-uic / qt-rcc failed' + # get version using git (only available in host) + git_version=$(python setup.py version| grep 'Version is currently' | awk -F': ' '{print $2}') + # run setup.py in a path with the version contained so versioneer can + # find the information and put it into the egg + versioned_build_path=/var/tmp/${version_prefix}-${git_version} + mkdir -p ${versioned_build_path} + cp -r ${temporary_build_path}/* ${versioned_build_path} + # apply patches to the source that are required for working code + # should not be required in the future as it introduces possible + # hacks that are hard to debug + applyPatches ${versioned_build_path} + pushd ${versioned_build_path} > /dev/null + # XXX what's this update_files command? + #wine python setup.py update_files || die 'setup.py update_files failed' + wine python setup.py build || die 'setup.py build failed' + wine python setup.py install || die 'setup.py install failed' + popd + rm -rf ${versioned_build_path} + popd +} +# create installer version that may be used by installer-build.sh / makensis +# greps the version-parts from the previously extracted git_version and stores +# the result in a setup_version.nsh +# when the git_version does provide a suffix it is prefixed with a dash so the +# installer output needs no conditional for this +function createInstallerVersion() { + setup=$1 + # [0-9]*.[0-9]*.[0-9]*-[0-9]*_g[0-9a-f]*_dirty + VERSIONMAJOR=$(echo ${git_version} | sed 's|^\([0-9]*\)\..*$|\1|') + VERSIONMINOR=$(echo ${git_version} | sed 's|^[0-9]*\.\([0-9]*\).*$|\1|') + VERSIONBUILD=$(echo ${git_version} | sed 's|^[0-9]*\.[0-9]*\.\([0-9]*\).*$|\1|') + VERSIONSUFFIX=$(echo ${git_version} | sed 's|^[0-9]*\.[0-9]*\.[0-9]*-\(.*\)$|\1|') + echo "!define VERSIONMAJOR ${VERSIONMAJOR}" > ${absolute_executable_path}/${setup}_version.nsh + echo "!define VERSIONMINOR ${VERSIONMINOR}" >> ${absolute_executable_path}/${setup}_version.nsh + echo "!define VERSIONBUILD ${VERSIONBUILD}" >> ${absolute_executable_path}/${setup}_version.nsh + if [ ${VERSIONSUFFIX} != "" ]; then + VERSIONSUFFIX="-${VERSIONSUFFIX}" + fi + echo "!define VERSIONSUFFIX ${VERSIONSUFFIX}" >> ${absolute_executable_path}/${setup}_version.nsh +} +# create installable binaries with dlls +function createInstallables() { + mkdir -p ${absolute_executable_path} + pushd ${temporary_build_path}/pkg/pyinst + # build install directories (contains multiple files with pyd,dll, some of + # them look like windows WS_32.dll but are from wine) + for setup in ${setups[@]} + do + # --clean do not cache anything and overwrite everything --noconfirm + # --distpath to place on correct location + # --debug to see what may be wrong with the result + # --paths=c:\python\lib\site-packages;c:\python27\lib\site-packages + wine pyinstaller \ + --clean \ + --noconfirm \ + --distpath=.\\installables \ + --paths=Z:\\var\\build\\pyinstaller\\src\\ \ + --paths=C:\\Python27\\Lib\\site-packages\\ \ + --debug \ + ${setup}.spec \ + || die 'pyinstaller for "'${setup}'" failed' + removeWineDlls installables/${setup} + addMingwDlls installables/${setup} + rm -r ${absolute_executable_path}/${setup} + cp -r installables/${setup} ${absolute_executable_path} + cp ${absolute_executable_path}/cacert.pem ${absolute_executable_path}/${setup} + rm -r installables + createInstallerVersion ${setup} + done + popd + pushd ${temporary_build_path} + cp data/images/mask-icon.ico ${absolute_executable_path}/ + popd +} +# install (windows)dependencies of project +function installProjectDependencies() { + pushd ${temporary_build_path} > /dev/null + unsupported_packages="dirspec" + pip_flags="--find-links=Z:${temporary_build_path}/wheels" + for unsupported_package in ${unsupported_packages} + do + pip_flags="${pip_flags} --allow-external ${unsupported_package} --allow-unverified ${unsupported_package}" + done + pip_flags="${pip_flags} -r" + + # install dependencies + mkdir -p ${temporary_build_path}/wheels + wine pip install ${pip_flags} pkg/requirements-leap.pip || die 'requirements-leap.pip could not be installed' + # fix requirements + # python-daemon breaks windows build + sed -i 's|^python-daemon|#python-daemon|' pkg/requirements.pip + wine pip install ${pip_flags} pkg/requirements.pip || die 'requirements.pip could not be installed' + git checkout pkg/requirements.pip + popd + cp -r /root/.wine/drive_c/Python27/Lib/site-packages ${absolute_executable_path} + curl https://curl.haxx.se/ca/cacert.pem > ${absolute_executable_path}/cacert.pem || die 'cacert.pem could not be fetched - would result in bad ssl in installer' +} +# workaround for broken dependencies +# runs before pip install requirements +# fixes failure for pysqlcipher as this requests a https file that the +# windows-python fails to request +function installProjectDependenciesBroken() { + pushd ${temporary_build_path} > /dev/null + curl https://pypi.python.org/packages/source/p/pysqlcipher/pysqlcipher-2.6.4.tar.gz \ + > pysqlcipher-2.6.4.tar.gz \ + || die 'fetch pysqlcipher failed' + tar xzf pysqlcipher-2.6.4.tar.gz + pushd pysqlcipher-2.6.4 + curl https://downloads.leap.se/libs/pysqlcipher/amalgamation-sqlcipher-2.1.0.zip \ + > amalgamation-sqlcipher-2.1.0.zip \ + || die 'fetch amalgamation for pysqlcipher failed' + unzip -o amalgamation-sqlcipher-2.1.0.zip || die 'unzip amalgamation failed' + mv sqlcipher amalgamation + patch -p0 < ${source_ro_path}/pkg/windows/pyinstaller/pysqlcipher_setup.py.patch \ + || die 'patch pysqlcipher setup.py failed' + wine python setup.py build install || die 'setup.py for pysqlcipher failed' + popd + popd # temporary_build_path +} +# prepare read-write copy +function prepareBuildPath() { + cleanup + # ensure shared openssl for all pip builds + test -d ${absolute_executable_path}/openvpn || die 'openvpn not available run docker-compose run --rm openvpn' + cp -r ${absolute_executable_path}/openvpn /root/.wine/drive_c/openssl + if [ -d ${absolute_executable_path}/site-packages ]; then + # use pip install cache for slow connections + rm -r /root/.wine/drive_c/Python27/Lib/site-packages + cp -r ${absolute_executable_path}/site-packages /root/.wine/drive_c/Python27/Lib/ + install_dependencies=false + fi + if [ ! -z $1 ]; then + git_tag=$1 + fi + if [ ${git_tag} != "HEAD" ]; then + echo "using ${git_tag} as source for the project" + git clone ${source_ro_path} ${temporary_build_path} + pushd ${temporary_build_path} + git checkout ${git_tag} || die 'checkout "'${git_tag}'" failed' + popd + else + echo "using current source tree for build" + mkdir -p ${temporary_build_path}/data + mkdir -p ${temporary_build_path}/docs + mkdir -p ${temporary_build_path}/pkg + mkdir -p ${temporary_build_path}/src + mkdir -p ${temporary_build_path}/.git + cp -r ${source_ro_path}/data/* ${temporary_build_path}/data + cp -r ${source_ro_path}/data/* ${temporary_build_path}/docs + cp -r ${source_ro_path}/pkg/* ${temporary_build_path}/pkg + cp -r ${source_ro_path}/src/* ${temporary_build_path}/src + cp -r ${source_ro_path}/.git/* ${temporary_build_path}/.git + cp ${source_ro_path}/* ${temporary_build_path}/ + fi +} +# add patches to the sourcetree +# this function should do nothing some day and should be run after +# the version has been evaluated +function applyPatches() { + root_path=$1 + # disable eip + if [ !${with_eip} ]; then + sed -i "s|HAS_EIP = True|HAS_EIP = False|" ${root_path}/src/leap/bitmask/_components.py + fi + # disable mail + if [ !${with_mail} ]; then + sed -i "s|HAS_MAIL = True|HAS_MAIL = False|" ${root_path}/src/leap/bitmask/_components.py + fi + # hack the logger + sed -i "s|'bitmask.log'|str(random.random()) + '_bitmask.log'|;s|import sys|import sys\nimport random|" ${root_path}/src/leap/bitmask/logs/utils.py + sed -i "s|perform_rollover=True|perform_rollover=False|" ${root_path}/src/leap/bitmask/app.py + # fix requirements + # python-daemon breaks windows build + sed -i 's|^python-daemon|#python-daemon|' ${root_path}/pkg/requirements.pip +} +# remove wine dlls that should not be in the installer +# root: path that should be cleaned from dlls +function removeWineDlls() { + root=$1 + declare -a wine_dlls=(\ + advapi32.dll \ + comctl32.dll \ + comdlg32.dll \ + gdi32.dll \ + imm32.dll \ + iphlpapi.dll \ + ktmw32.dll \ + msvcp90.dll \ + msvcrt.dll \ + mswsock.dll \ + mpr.dll \ + netapi32.dll \ + ole32.dll \ + oleaut32.dll \ + opengl32.dll \ + psapi.dll \ + rpcrt4.dll \ + shell32.dll \ + user32.dll \ + version.dll \ + winmm.dll \ + winspool.drv \ + ws2_32.dll \ + wtsapi32.dll \ + ) + for wine_dll in "${wine_dlls[@]}" + do + # not all of the listed dlls are in all directories + rm ${root}/${wine_dll} 2>/dev/null + done +} +# display failure message and emit non-zero exit code +function die() { + echo "die:" $@ + exit 1 +} +function main() { + prepareBuildPath $@ + if [ ${install_dependencies} == true ]; then + installProjectDependenciesBroken + installProjectDependencies + fi + createInstallablesDependencies + createInstallables + cleanup +} +main $@ diff --git a/pkg/windows/pyinstaller/Dockerfile b/pkg/windows/pyinstaller/Dockerfile new file mode 100644 index 0000000..2da0da3 --- /dev/null +++ b/pkg/windows/pyinstaller/Dockerfile @@ -0,0 +1,105 @@ +FROM debian:jessie +MAINTAINER paixu@0xn0.de + +ENV PYTHON_VERSION=2.7.11 +ENV OPENSSL_VERSION=1.0.2f +ENV ZLIB_VERSION=1.2.8 +ENV MINGW_VERSION=0.6.2-beta-20131004-1 +ENV MINGW_BIN_VERSION=0.6.2-mingw32-beta-20131004-1-bin +ENV WINEDEBUG=fixme-all + +###### +# install packages required to build +# https-transport: winehq deb +# winbind: pip install keyring (requirements.pip) needs this somehow +# git-core: clone rw copy of repo and build specific commit +# imagemagick: convert png to ico-files +RUN apt-get update && apt-get -y install \ + unzip curl apt-transport-https \ + winbind \ + build-essential autoconf bison gperf flex libtool mingw-w64 \ + git-core \ + imagemagick \ + pkg-config + +# install wine > 1.6.2 (debian:jessie version fails with pip) +RUN dpkg --add-architecture i386 \ + && curl https://dl.winehq.org/wine-builds/Release.key | apt-key add - \ + && echo 'deb https://dl.winehq.org/wine-builds/debian/ jessie main' >> /etc/apt/sources.list.d/wine.list \ + && apt-get update + +RUN curl https://www.python.org/ftp/python/${PYTHON_VERSION}/python-${PYTHON_VERSION}.msi > /tmp/python-${PYTHON_VERSION}.msi +RUN curl -L http://sourceforge.net/projects/mingw/files/Installer/mingw-get/mingw-get-${MINGW_VERSION}/mingw-get-${MINGW_BIN_VERSION}.zip/download > /tmp/mingw-get.zip + +# alternative with messy python afterwards +# RUN curl -L http://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi > /tmp/msvcforpython27.msi + +RUN curl -L http://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz > /tmp/openssl-${OPENSSL_VERSION}.tar.gz +RUN apt-get install -y winehq-staging + +RUN curl -L http://sourceforge.net/projects/mingw/files/Installer/mingw-get/mingw-get-${MINGW_VERSION}/mingw-get-${MINGW_BIN_VERSION}.zip/download > /tmp/mingw-get.zip +RUN mkdir -p /root/.wine/drive_c/mingw \ + && unzip -d /root/.wine/drive_c/mingw /tmp/mingw-get.zip + +####### +# Build python dependency +# using the 'host' (linux) xcompiler instead of fiddeling in wine +# zlib - needs a update every 5 years +# adds a patch that makes a shared lib - default is static +RUN curl -L http://zlib.net/zlib-${ZLIB_VERSION}.tar.gz > /tmp/zlib-${ZLIB_VERSION}.tar.gz +ADD zlib-mingw-shared.patch /zlib-mingw-shared.patch +RUN mkdir -p /root/.wine/drive_c/zlib/src \ + && mv /tmp/zlib-${ZLIB_VERSION}.tar.gz /root/.wine/drive_c/zlib/src \ + && cd /root/.wine/drive_c/zlib/src \ + && tar xzf zlib-${ZLIB_VERSION}.tar.gz \ + && cd zlib-${ZLIB_VERSION} \ + && patch -p0 < /zlib-mingw-shared.patch \ + && make -f win32/Makefile.gcc PREFIX=/usr/bin/i686-w64-mingw32- \ + && make -f win32/Makefile.gcc INCLUDE_PATH=/root/.wine/drive_c/zlib/include LIBRARY_PATH=/root/.wine/drive_c/zlib/lib BINARY_PATH=/root/.wine/drive_c/zlib/bin install + +###### +# install gcc for most pip builds +# install g++ for pycryptopp +# this is mingw in wine, not to get confused with mingw-w64 in container-host +RUN wine msiexec -i /tmp/python-${PYTHON_VERSION}.msi -q \ + && wine c:/mingw/bin/mingw-get.exe install gcc g++ mingw32-make \ + && rm -r /tmp/.wine-0 + +#### +# pip configuration +# set wine mingw compiler to be used by "python setup build" +# set default include dirs, libraries and library paths +# the libraries=crypto is added because srp will only link using -lssl but links to BN_* (libcrypto) code +# 'install' zlib to mingw so python may find its dlls +# pyside-rcc fix (https://srinikom.github.io/pyside-bz-archive/670.html) +RUN printf "[build]\ncompiler=mingw32\n\n[build_ext]\ninclude_dirs=c:\\openssl\\include;c:\\zlib\\include\nlibraries=crypto\nlibrary_dirs=c:\\openssl\\lib;c:\\openssl\\bin;c:\\zlib\\lib;c:\\zlib\\bin" > /root/.wine/drive_c/Python27/Lib/distutils/distutils.cfg \ + && printf 'REGEDIT4\n\n[HKEY_CURRENT_USER\\Environment]\n"PATH"="C:\\\\python27;C:\\\\python27\\\\Scripts;C:\\\\python27\\\\Lib\\\\site-packages\\\\PySide;C:\\\\mingw\\\\bin;c:\\\\windows;c:\\\\windows\\\\system"' > /root/.wine/drive_c/path.reg \ + && printf 'REGEDIT4\n\n[HKEY_CURRENT_USER\\Environment]\n"OPENSSL_CONF"="C:\\\\openssl"' > /root/.wine/drive_c/openssl_conf.reg \ + && printf 'REGEDIT4\n\n[HKEY_CURRENT_USER\\Environment]\n"PYTHONPATH"="C:\\\\python27\\\\lib\\\\site-packages;Z:\\\\var\\\\build\\\\bitmask_rw\\\\src"' > /root/.wine/drive_c/pythonpath.reg \ + && cp /root/.wine/drive_c/zlib/bin/zlib1.dll /root/.wine/drive_c/mingw/bin \ + && cp /root/.wine/drive_c/zlib/lib/libz.dll.a /root/.wine/drive_c/mingw/lib + +#### +# prepare the environment with all python dependencies installed +# inject dirspec from distribution +# +RUN apt-get install -y python-dirspec \ + && cp -r /usr/lib/python2.7/dist-packages/dirspec* /root/.wine/drive_c/Python27/Lib/site-packages/ +RUN apt-get install -y python-setuptools +RUN wine regedit /root/.wine/drive_c/path.reg \ + && wine regedit /root/.wine/drive_c/openssl_conf.reg \ + && wine regedit /root/.wine/drive_c/pythonpath.reg \ + && wine pip install virtualenv pyinstaller \ + && wine pip install wheel \ + && wine pip install -U setuptools-scm \ + && wine pip install -U setuptools_scm \ + && wine pip install -U pyside python-qt \ + && wine pip install -I psutil==3.4.2 \ + && rm -r /tmp/.wine-0 + +# alternative msvc: after python is installed (or before?) +# && wine msiexec -i /tmp/msvcforpython27.msi -q \ + +RUN apt-get -y install \ + mc +ENTRYPOINT ["/var/src/bitmask/pkg/windows/pyinstaller-build.sh"]
\ No newline at end of file diff --git a/pkg/windows/pyinstaller/pysqlcipher_setup.py.patch b/pkg/windows/pyinstaller/pysqlcipher_setup.py.patch new file mode 100644 index 0000000..dcec54f --- /dev/null +++ b/pkg/windows/pyinstaller/pysqlcipher_setup.py.patch @@ -0,0 +1,14 @@ +--- setup.py.org 2014-11-12 16:38:07.000000000 +0000 ++++ setup.py 2016-01-23 14:08:13.255261595 +0000 +@@ -192,10 +192,7 @@ + ext.define_macros.append(("inline", "__inline")) + + # Configure the linker +- ext.extra_link_args.append("libeay32.lib") +- ext.extra_link_args.append( +- "/LIBPATH:" + os.path.join(openssl, "lib") +- ) ++ ext.extra_link_args.append("-lcrypto") + else: + ext.extra_link_args.append("-lcrypto") + diff --git a/pkg/windows/pyinstaller/zlib-mingw-shared.patch b/pkg/windows/pyinstaller/zlib-mingw-shared.patch new file mode 100644 index 0000000..1b980cb --- /dev/null +++ b/pkg/windows/pyinstaller/zlib-mingw-shared.patch @@ -0,0 +1,10 @@ +diff -Naur ../zlib-1.2.8-org/win32/Makefile.gcc ./win32/Makefile.gcc +--- ../zlib-1.2.8-org/win32/Makefile.gcc 2008-10-23 17:44:36.000000000 +0000 ++++ ./win32/Makefile.gcc 2015-12-06 19:20:00.449471787 +0000 +@@ -37,6 +37,6 @@ + # Set to 1 if shared object needs to be installed + # +-SHARED_MODE=0 ++SHARED_MODE=1 + + #LOC = -DASMV
\ No newline at end of file |