Merge pull request #3 from qlrd/win32-builtin-openssl

Win32 builtin openssl
selfcustody · Jan 10, 2023 · 9204597 · 9204597
2 parents daac86f + 55c23f3
commit 9204597
Show file tree

Hide file tree

Showing 6 changed files with 74 additions and 37 deletions.
diff --git a/.github/workflows/build-win-nsis-installer.yml b/.github/workflows/build-win-nsis-installer.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - win32-builtin-openssl
     pull_request:
       branches:
         - main
@@ -18,6 +19,53 @@ jobs:
       - name: Checkout Git repository
         uses: actions/checkout@v2
 
+      - name: Setup output variables helpers
+        id: setup
+        shell: pwsh
+        run: |
+          $loc = Get-Location
+          $version = "v22.08.2"
+          $zipname = "krux-$version.zip"
+          $signame = "krux-$version.zip.sig"
+          $pemname = "selfcustody.pem"
+          $extraResources = "$loc\extraResources"
+          $release_url = "https://github.com/selfcustody/krux/releases/download"
+          $raw_url = "https://raw.githubusercontent.com/selfcustody/krux/main"
+          echo "zip=$loc\$zipname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append  
+          echo "sig=$loc\$signame" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append 
+          echo "pem=$loc\$pemname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "extraResources=$extraResources" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "openssl_build_dir=$loc\openssl" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "release_zip=$release_url/$version/$zipname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append 
+          echo "release_sig=$release_url/$version/$signame" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "release_pem=$raw_url/$pemname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+          echo "prefix=$extraResources\OpenSSL" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append  
+          echo "openssldir=$extraResources\OpenSSL\CommonFiles" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append
+      
+      - name: Create extraResources directory
+        shell: pwsh
+        run: mkdir ${{ steps.setup.outputs.extraResources }}
+
+      - name: Configure, build, test and install openssl
+        uses: qlrd/[email protected]
+        with:
+          build-type: 'plain'
+          version: openssl-3.0.7
+          prefix: ${{ steps.setup.outputs.prefix }}
+          openssldir: ${{ steps.setup.outputs.openssldir }}
+
+      - name: Download krux binaries and signature file before pre-test
+        shell: pwsh
+        run: |
+          curl.exe -L ${{ steps.setup.outputs.release_zip }} -o ${{ steps.setup.outputs.zip }}
+          curl.exe -L ${{ steps.setup.outputs.release_sig }} -o ${{ steps.setup.outputs.sig }}
+          curl.exe -L -H "Accept-Charset: utf-8" ${{ steps.setup.outputs.release_pem }} -o ${{ steps.setup.outputs.pem }}
+          Get-Content -Path ${{ steps.setup.outputs.pem }}
+      
+      - name: Pre-test builtin openssl with krux binaries and signature files
+        shell: cmd
+        run: ${{ steps.setup.outputs.prefix }}\bin\openssl.exe sha256 <${{ steps.setup.outputs.zip }} -binary | ${{ steps.setup.outputs.prefix }}\bin\openssl.exe pkeyutl -verify -pubin -inkey ${{ steps.setup.outputs.pem }} -sigfile ${{ steps.setup.outputs.sig }}
+
       - name: Setup node.js
         uses: actions/setup-node@v1
         with:
@@ -29,10 +77,8 @@ jobs:
           yarn run platform-install
 
       - name: Make icons
-        run: |
-          yarn run icon
-          rm ./build/*.svg
-          rm ./build/*.png
+        shell: pwsh
+        run: yarn run icon
 
       - name: Get version from package.json
         uses: polyseam/[email protected]
@@ -43,8 +89,7 @@ jobs:
       - name: Build KruxInstaller
         env:
           GH_TOKEN: ${{ secrets.github_token }}
-        run: |
-          yarn run build nsis
+        run: yarn run build nsis
 
       - name: Hash executable
         uses: qlrd/[email protected]

diff --git a/README.md b/README.md
@@ -69,23 +69,14 @@ The `<target>` depends depends on the running platform (i.e., linux, darwin, win
     * `pkg`
     * `mas`
 
-#### Openssl for windows
+#### Builtin OpenSSL for windows in KruxInstaller
 
-If a user is installing this software for Windows OS, it must have installed a openssl. It be achieved with:
+When downloading official krux firmware versions, it is necessary to verify the signature through the OpenSSL tool, as a way to verify the authenticity of the downloaded binaries.
 
-* [Git-SCM GUI](https://git-scm.com/download/win) (RECOMENDED FOR DEVELOPERS);
-* [OpenSSL for windows](https://wiki.openssl.org/index.php/Binaries);
+On linux release, verification is easily done since such tool exists natively in operating system.
 
-If openssl isn´t installed, a message will appear requestig that user install before proceed.
+In windows releasewe are faced with the peculiarity of the operating system in question not having such a tool (see this [issue](https://github.com/qlrd/krux-installer/issues/2)).
 
-##### OpenSSL Git-SCM GUI
+So, we packaged a stable version of OpenSSL, compiled from the [source](https://github.com/openssl/openssl). The compilation process is done entirely in a reproducible virtual environment and, therefore, not locally, with the github-action [compile-openssl-windows-action](https://github.com/qlrd/compile-openssl-windows-action/actions).
 
-Git-SCM provides a complete solution for developers. If you think that you will be develop for `krux` or `krux-installer`, this is the ideal solution.
-
-##### OpenSSL for Windows
-
-If you do not think develop, the OpenSSL v3.0.7 Light will be enough.
-
-Tested versions:
-
-* [`Shining Light Productions Win64 OpenSSL v3.0.7`](https://slproweb.com/products/Win32OpenSSL.html): Win64 OpenSSL v3.0.7 Light
+Since it is compiled in a virtual environment on github, it is expected to be fully verifiable and free of malicious code. You can check the build steps in [actions](https://github.com/qlrd/krux-installer/actions).
diff --git a/bin/krux-installer.js b/bin/krux-installer.js
@@ -27,10 +27,10 @@ function runner (cmd, args, env) {
 
     let service
     let bin
-    
+
     if (cmd !== 'yarn') {
       bin = join(__dirname, '..', 'node_modules', '.bin', cmd)
-    } 
+    }
     if (cmd === `yarn${process.platform === 'win32' ? '.cmd' : '' }`) {
       bin = cmd
     }
@@ -148,7 +148,6 @@ async function main() {
       args = [`electron:${action}`, '--win', target]
     }
 
-    const platform = `--${process.platform}`
     const cmd = `vue-cli-service${process.platform === 'win32' ? '.cmd' : '' }`
     runner(cmd, args)
   }

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "krux-installer",
-  "version": "0.0.1-alpha-2",
+  "version": "0.0.1-alpha-3",
   "author": "qlrd <[email protected]>",
   "description": "GUI installer of Krux´s firmware to use Kendryte K210 hardwares as Bitcoin Signature Device",
   "scripts": {

diff --git a/src/background.js b/src/background.js
@@ -206,12 +206,10 @@ app.on('ready', async () => {
     separator = ';'
     const _env = process.env.PATH.split(separator)
 
-    if (_env.indexOf(`${process.env.ProgramFiles}\\Git\\usr\\bin`) === -1) {
-      openssls.push(`${process.env.ProgramFiles}\\Git\\usr\\bin`)
+    const vendor = join(__dirname, '..', 'extraResources', 'OpenSSL', 'bin')
+    if (_env.indexOf(vendor === -1)) {
+      openssls.push(vendor)
     }
-    if (_env.indexOf(`${process.env.ProgramFiles}\\OpenSSL-Win64\\bin`) === -1) {
-      openssls.push(`${process.env.ProgramFiles}\\OpenSSL-Win64\\bin`)
-    }  
   }
   for (let i in openssls) {
     debug(`  adding ${openssls[i]} to PATH`)

diff --git a/vue.config.js b/vue.config.js
@@ -1,8 +1,8 @@
-const { defineConfig } = require('@vue/cli-service')
-const path = require('path')
-const replace = require('replace')
-const fs = require('fs')
-const pkg = require('./package.json')
+const { defineConfig } = require('@vue/cli-service');
+const path = require('path');
+const replace = require('replace');
+const fs = require('fs');
+const pkg = require('./package.json');
 
 module.exports = defineConfig({
   configureWebpack: {
@@ -29,7 +29,11 @@ module.exports = defineConfig({
         },
         files: [
           '!**/{README.md,.github,.browserslistrc,.eslintrc.js,vue.config.js,jsconfig.js,babel.config.js,yarn.lock}',
-          '!./bin/{electron-serve.js}'
+          '!**/bin/{krux-installer.js}',
+          '!**/build/{krux.txt}',
+        ],
+        extraResources: [
+          "./extraResources"
         ],
         // See
         // 'Can't load fonts in production build, [email protected]'
@@ -50,4 +54,4 @@ module.exports = defineConfig({
       }
     }
   }
-})
+});