diff --git a/.github/workflows/build-win-nsis-installer.yml b/.github/workflows/build-win-nsis-installer.yml index a8c49a83..7f774425 100644 --- a/.github/workflows/build-win-nsis-installer.yml +++ b/.github/workflows/build-win-nsis-installer.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - win32-builtin-openssl pull_request: branches: - main @@ -18,6 +19,53 @@ jobs: - name: Checkout Git repository uses: actions/checkout@v2 + - name: Setup output variables helpers + id: setup + shell: pwsh + run: | + $loc = Get-Location + $version = "v22.08.2" + $zipname = "krux-$version.zip" + $signame = "krux-$version.zip.sig" + $pemname = "selfcustody.pem" + $extraResources = "$loc\extraResources" + $release_url = "https://github.com/selfcustody/krux/releases/download" + $raw_url = "https://raw.githubusercontent.com/selfcustody/krux/main" + echo "zip=$loc\$zipname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "sig=$loc\$signame" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "pem=$loc\$pemname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "extraResources=$extraResources" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "openssl_build_dir=$loc\openssl" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "release_zip=$release_url/$version/$zipname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "release_sig=$release_url/$version/$signame" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "release_pem=$raw_url/$pemname" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "prefix=$extraResources\OpenSSL" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + echo "openssldir=$extraResources\OpenSSL\CommonFiles" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf8 -Append + + - name: Create extraResources directory + shell: pwsh + run: mkdir ${{ steps.setup.outputs.extraResources }} + + - name: Configure, build, test and install openssl + uses: qlrd/compile-openssl-windows-action@v0.0.2 + with: + build-type: 'plain' + version: openssl-3.0.7 + prefix: ${{ steps.setup.outputs.prefix }} + openssldir: ${{ steps.setup.outputs.openssldir }} + + - name: Download krux binaries and signature file before pre-test + shell: pwsh + run: | + curl.exe -L ${{ steps.setup.outputs.release_zip }} -o ${{ steps.setup.outputs.zip }} + curl.exe -L ${{ steps.setup.outputs.release_sig }} -o ${{ steps.setup.outputs.sig }} + curl.exe -L -H "Accept-Charset: utf-8" ${{ steps.setup.outputs.release_pem }} -o ${{ steps.setup.outputs.pem }} + Get-Content -Path ${{ steps.setup.outputs.pem }} + + - name: Pre-test builtin openssl with krux binaries and signature files + shell: cmd + run: ${{ steps.setup.outputs.prefix }}\bin\openssl.exe sha256 <${{ steps.setup.outputs.zip }} -binary | ${{ steps.setup.outputs.prefix }}\bin\openssl.exe pkeyutl -verify -pubin -inkey ${{ steps.setup.outputs.pem }} -sigfile ${{ steps.setup.outputs.sig }} + - name: Setup node.js uses: actions/setup-node@v1 with: @@ -29,10 +77,8 @@ jobs: yarn run platform-install - name: Make icons - run: | - yarn run icon - rm ./build/*.svg - rm ./build/*.png + shell: pwsh + run: yarn run icon - name: Get version from package.json uses: polyseam/get-version-from-package-json@1.0.0 @@ -43,8 +89,7 @@ jobs: - name: Build KruxInstaller env: GH_TOKEN: ${{ secrets.github_token }} - run: | - yarn run build nsis + run: yarn run build nsis - name: Hash executable uses: qlrd/sha256sum-action@v1.0.0 diff --git a/README.md b/README.md index 4a657dcd..a1352fe5 100644 --- a/README.md +++ b/README.md @@ -69,23 +69,14 @@ The `` depends depends on the running platform (i.e., linux, darwin, win * `pkg` * `mas` -#### Openssl for windows +#### Builtin OpenSSL for windows in KruxInstaller -If a user is installing this software for Windows OS, it must have installed a openssl. It be achieved with: +When downloading official krux firmware versions, it is necessary to verify the signature through the OpenSSL tool, as a way to verify the authenticity of the downloaded binaries. -* [Git-SCM GUI](https://git-scm.com/download/win) (RECOMENDED FOR DEVELOPERS); -* [OpenSSL for windows](https://wiki.openssl.org/index.php/Binaries); +On linux release, verification is easily done since such tool exists natively in operating system. -If openssl isn´t installed, a message will appear requestig that user install before proceed. +In windows releasewe are faced with the peculiarity of the operating system in question not having such a tool (see this [issue](https://github.com/qlrd/krux-installer/issues/2)). -##### OpenSSL Git-SCM GUI +So, we packaged a stable version of OpenSSL, compiled from the [source](https://github.com/openssl/openssl). The compilation process is done entirely in a reproducible virtual environment and, therefore, not locally, with the github-action [compile-openssl-windows-action](https://github.com/qlrd/compile-openssl-windows-action/actions). -Git-SCM provides a complete solution for developers. If you think that you will be develop for `krux` or `krux-installer`, this is the ideal solution. - -##### OpenSSL for Windows - -If you do not think develop, the OpenSSL v3.0.7 Light will be enough. - -Tested versions: - -* [`Shining Light Productions Win64 OpenSSL v3.0.7`](https://slproweb.com/products/Win32OpenSSL.html): Win64 OpenSSL v3.0.7 Light +Since it is compiled in a virtual environment on github, it is expected to be fully verifiable and free of malicious code. You can check the build steps in [actions](https://github.com/qlrd/krux-installer/actions). diff --git a/bin/krux-installer.js b/bin/krux-installer.js index 1dd0141c..aca7fe69 100644 --- a/bin/krux-installer.js +++ b/bin/krux-installer.js @@ -27,10 +27,10 @@ function runner (cmd, args, env) { let service let bin - + if (cmd !== 'yarn') { bin = join(__dirname, '..', 'node_modules', '.bin', cmd) - } + } if (cmd === `yarn${process.platform === 'win32' ? '.cmd' : '' }`) { bin = cmd } @@ -148,7 +148,6 @@ async function main() { args = [`electron:${action}`, '--win', target] } - const platform = `--${process.platform}` const cmd = `vue-cli-service${process.platform === 'win32' ? '.cmd' : '' }` runner(cmd, args) } diff --git a/package.json b/package.json index c61b3b44..9f2622fc 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "krux-installer", - "version": "0.0.1-alpha-2", + "version": "0.0.1-alpha-3", "author": "qlrd <106913782+qlrd@users.noreply.github.com>", "description": "GUI installer of Krux´s firmware to use Kendryte K210 hardwares as Bitcoin Signature Device", "scripts": { diff --git a/src/background.js b/src/background.js index d44f1427..decddc39 100644 --- a/src/background.js +++ b/src/background.js @@ -206,12 +206,10 @@ app.on('ready', async () => { separator = ';' const _env = process.env.PATH.split(separator) - if (_env.indexOf(`${process.env.ProgramFiles}\\Git\\usr\\bin`) === -1) { - openssls.push(`${process.env.ProgramFiles}\\Git\\usr\\bin`) + const vendor = join(__dirname, '..', 'extraResources', 'OpenSSL', 'bin') + if (_env.indexOf(vendor === -1)) { + openssls.push(vendor) } - if (_env.indexOf(`${process.env.ProgramFiles}\\OpenSSL-Win64\\bin`) === -1) { - openssls.push(`${process.env.ProgramFiles}\\OpenSSL-Win64\\bin`) - } } for (let i in openssls) { debug(` adding ${openssls[i]} to PATH`) diff --git a/vue.config.js b/vue.config.js index 2cd517ed..72a8abc7 100644 --- a/vue.config.js +++ b/vue.config.js @@ -1,8 +1,8 @@ -const { defineConfig } = require('@vue/cli-service') -const path = require('path') -const replace = require('replace') -const fs = require('fs') -const pkg = require('./package.json') +const { defineConfig } = require('@vue/cli-service'); +const path = require('path'); +const replace = require('replace'); +const fs = require('fs'); +const pkg = require('./package.json'); module.exports = defineConfig({ configureWebpack: { @@ -29,7 +29,11 @@ module.exports = defineConfig({ }, files: [ '!**/{README.md,.github,.browserslistrc,.eslintrc.js,vue.config.js,jsconfig.js,babel.config.js,yarn.lock}', - '!./bin/{electron-serve.js}' + '!**/bin/{krux-installer.js}', + '!**/build/{krux.txt}', + ], + extraResources: [ + "./extraResources" ], // See // 'Can't load fonts in production build, vue-cli@5.0.0-alpha.6' @@ -50,4 +54,4 @@ module.exports = defineConfig({ } } } -}) +});