Skip to content
This repository was archived by the owner on Sep 27, 2024. It is now read-only.

Windows build and installer guide

Jump to bottom
Wesley Ceraso Prudencio edited this page Jul 4, 2017 · 25 revisions

Windows Release Guide

This guide describes guidelines how to create .msi installation package of released SCAP Workbench for Windows.

In this guide will be used /tmp/ location for files to easier referencing between release steps.

You can also use prepared automated build using Dockerfile https://github.com/ybznek/openscap-workbench-windows-build.

Make sure you refresh the SSH executable, the one bundled in ybznek's repo is quite old! EDIT: I realized we carry custom patches in the Windows ssh so this is not as easy, nvm...

Please go through the guide even if you are using the automation! There are steps there not handled by the automated build!

Main prerequisites

(Don't get them right now)

Get build dependencies

In this step we will install some useful tools and build dependencies for OpenSCAP/SCAP Workbench.

$ dnf install -y mingw32-gcc mingw32-binutils mingw32-libxml2 \
	mingw32-libgcrypt mingw32-pthreads mingw32-libxslt \
	mingw32-curl mingw32-pcre mingw32-qt \
	automake autoconf libtool \
	wget make git \
	cmake asciidoctor \
	msitools unzip
  1. Install OpenSCAP from master

In this step we will install OpenSCAP. Currently we have to use master branch to have Windows support. Master branch could be sometimes broken, maybe you need to fix it. Make sure you merge all the branches up to get all the latest fixes!

$ git clone --depth 1 https://github.com/OpenSCAP/openscap.git -b master
$ cd openscap
$ ./autogen.sh ; \
	mingw32-configure --disable-probes --disable-python --disable-util-oscap-docker; \
	make -j 4
# make install
  1. Compile SCAP Workbench

Now we will build latest SCAP Workbench using mingw. Don't forget to replace link to the latest release tarball. Use the release tarball and NOT the automatic github tag archive!

$ cd /tmp
$ wget https://github.com/OpenSCAP/scap-workbench/releases/download/1.1.5/scap-workbench-1.1.5-1.tar.bz2 -O workbench.tar.bz2
$ tar -xjf workbench.tar.bz2; mv scap-workbench* /tmp/scap-workbench
$ cd scap-workbench; mkdir build; cd build
$ mingw32-cmake \
		-D SCAP_WORKBENCH_LOCAL_SCAN_ENABLED=false \
		-D SCAP_AS_RPM_EXECUTABLE="" \
		-D SSH_EXECUTABLE="ssh.exe" \
		-D NICE_EXECUTABLE="" \
		-D SETSID_EXECUTABLE="" \
		../
$ sed 's;/tmp/scap-workbench/build/ssh.exe;ssh.exe;' -i Config.h # fix ssh.exe path
$ cp ../win32-LICENSE.rtf ./
$ sed 's;Value="[^"]*\win32-LICENSE.rtf";Value="win32-LICENSE.rtf";' -i scap-workbench.wxs # fix licence path
$ make -j4

In case you get an error regarding something like #include_next<stdlib.h>, change this line to #include<stdlib.h> in the file cstdlib

  1. Get latest SSG

SSG is part of SCAP Workbench .msi package. Again, don't forget to replace link to the latest release! We will unpack it and move to the Workbench build directory.

$ cd /tmp
$ wget https://github.com/OpenSCAP/scap-security-guide/releases/download/v0.1.34/scap-security-guide-0.1.34.zip -O ssg.zip
$ unzip ssg.zip
$ mv /tmp/scap-security-guide* /tmp/scap-workbench/build/scap-workbench/ssg
  1. Get ssh.exe & win-ssh-askpass.exe

You can get newer version of these binaries, or you can extract them from old Workbench .msi package using msiextract. (If you use binaries from previous release, update link to the latest release).

Do not get anything else from the old MSI, everything else must be fresh built!

$ cd /tmp
$ wget https://github.com/OpenSCAP/scap-workbench/releases/download/1.1.5/scap-workbench-1.1.5.msi
$ msiextract scap-workbench-1.1.5.msi
$ cp Program\ Files*/scap-workbench/ssh.exe             /tmp/scap-workbench/build/scap-workbench/ssh.exe
$ cp Program\ Files*/scap-workbench/win-ssh-askpass.exe /tmp/scap-workbench/build/scap-workbench/win-ssh-askpass.exe
  1. Get libraries using mingw-bundledlls

This step will copy required dlls to build directory. We will use previous release to get missing libraries.

$ cd /tmp
$ git clone --depth 1 https://github.com/mpreisler/mingw-bundledlls
$ for exe in /tmp/scap-workbench/build/scap-workbench/*.exe; do /tmp/mingw-bundledlls/mingw-bundledlls "$exe" --copy; done
  1. Check files

You should check /tmp/scap-workbench/build/scap-workbench.wxs, that contains all required files to deploy. (SSG will maybe have new content files). You can check it also after real workbench installation or using msiextract from msitools

  1. Create msi & test it

This steps should be performed on Windows.

  • Copy the /tmp/scap-workbench directory to windows.
  • Install Wix toolset
  • Run these commands on Windows (cmd.exe)
$ cd scap-workbench/build
$ "C:\Program Files (x86)\WiX Toolset v3.11\bin\candle.exe" "scap-workbench.wxs"
$ "C:\Program Files (x86)\WiX Toolset v3.11\bin\light.exe" -ext WixUIExtension "scap-workbench.wixobj"

Now, you should have .msi file in current working directory.

  1. Compare .msi packages

Use e.g. Fedora's msiextract to compare files of new and previous "msi". It should helps you to check that you haven't bundled file you didn't want.

  1. Upload the .msi package to github release
  1. IMPORTANT Change the www.open-scap.org download link

Go to https://www.open-scap.org/wp-admin/tools.php?page=redirection.php Look for /tools/scap-workbench/download-win32 and make sure it points to the uploaded MSI.

  1. Checklist for common issues
  • libopenscap8.dll is fresh built and not from the previous release
  • version of libopenscap8.dll matches the version of headers used to build SCAP Workbench
  • SSG included in SCAP Workbench MSI is the latest release
  • ssh.exe and win-ssh-askpass.exe are compatible with the mingw DLLs (libc etc...) - THIS MAY BREAK AT SOME POINT! CHECK!
Clone this wiki locally