This is an automated email from the ASF dual-hosted git repository.
slawrence pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/daffodil-infrastructure.git
The following commit(s) were added to refs/heads/main by this push:
new 2d49422 Switch to the new way of building windows installer
2d49422 is described below
commit 2d49422d519772dc655d40040ee8c82ca803590c
Author: Steve Lawrence <[email protected]>
AuthorDate: Wed Mar 19 08:45:10 2025 -0400
Switch to the new way of building windows installer
- Update the build-release container to install Inno Setup and use
packageWindowsBin to build the new EXE installer
- This new method creates reproducible windows installers, so there is
no need for msidiff or anything related anymore--windows installer
builds are now bit-for-bit-identical
DAFFODIL-2980
---
containers/build-release/Dockerfile | 42 +++++--------
.../build-release/src/daffodil-build-release | 7 +--
containers/build-release/src/wix_wine.sh | 71 ----------------------
containers/check-release/Dockerfile | 1 -
containers/check-release/src/check-release.sh | 11 ----
5 files changed, 19 insertions(+), 113 deletions(-)
diff --git a/containers/build-release/Dockerfile
b/containers/build-release/Dockerfile
index b5ac6e3..07a1bfe 100644
--- a/containers/build-release/Dockerfile
+++ b/containers/build-release/Dockerfile
@@ -43,7 +43,8 @@ RUN \
rpm \
unzip \
wine32 \
- winetricks && \
+ winetricks \
+ xvfb && \
echo "deb https://repo.scala-sbt.org/scalasbt/debian all main" >
/etc/apt/sources.list.d/sbt.list && \
curl -sL
"https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x2EE0EA64E40A89B84B2DF73499E82A75642AC823";
| \
gpg --no-default-keyring --keyring
gnupg-ring:/etc/apt/trusted.gpg.d/scalasbt-release.gpg --import && \
@@ -51,33 +52,22 @@ RUN \
apt-get update && \
apt-get install -y \
sbt && \
- npm --no-update-notifier install --global [email protected] node@20 && \
- winetricks -q dotnet40
+ npm --no-update-notifier install --global [email protected] node@20
-# WIX is a Microsoft Windows Installer creation tool kit.
-#
-# Install wix, including changes to allow WiX to run in wine on Linux. See
-# src/wix_wine.sh for more details on why we need to do this and how it works
-#
-# Updating WIX should be done only if there is a specific need (for security,
or other compelling reason)
-# because it is likely things will break and the release scripts/process will
have to adapt.
-# The WIX version 3.11.2 is hard coded into these script lines as tokens
wix3112rtm and wix311.
-#
-# In order to ensure we are downloading and using the exact WIX binary we have
tested and trust
-# we verify the sha512 is the same as the one expected. This protects us from
if someone
-# was to get github credentials allowing them to change the wix binaries on
github.
-# If WIX is updated to a newer version, this sha512 will need to be recomputed.
+# Download and install Inno Setup via wine. Even though we provide options to
+# make Inno Setup a headless install, wine still thinks it wants to open a
+# window so we need install with a temporary virtual X server with xvfb-run.
+# Also ensure it is installed in the directory where the deafult Daffodil SBT
+# configuration expects it--different wine configurations could install it
+# somewhere else.
RUN \
-
WIXSHA=6fd961c85e1e6adafb99ef50c9659e3eb83c84ecaf49f523e556788845b206e1857aba2c39409405d4cda1df9b30a552ce5aab808be5f8368a37a447d78d1a05
&& \
- curl -sS -L
https://github.com/wixtoolset/wix3/releases/download/wix3112rtm/wix311-binaries.zip
-o wix311-binaries.zip && \
- echo "$WIXSHA wix311-binaries.zip" | sha512sum --quiet -c - && \
- mkdir /opt/wix && \
- unzip -q wix311-binaries.zip -d /opt/wix/ && \
- rm wix311-binaries.zip
-RUN mv /opt/wix/candle.exe /opt/wix/real-candle.exe
-RUN mv /opt/wix/light.exe /opt/wix/real-light.exe
-COPY src/wix_wine.sh /opt/wix/candle.exe
-COPY src/wix_wine.sh /opt/wix/light.exe
+ INNO_SETUP_EXE="innosetup-6.4.1.exe" && \
+
EXPECTED_SHA=5dfc9999e2feafa28754baaf80cf73ac96414228b94a1132a919554a822c892810197305d9355885b9ac408c214691cd45279fc2df3a891fbebc4f8eb86bac87
&& \
+ curl -L https://files.jrsoftware.org/is/6/$INNO_SETUP_EXE -o $INNO_SETUP_EXE
&& \
+ echo "$EXPECTED_SHA $INNO_SETUP_EXE" | sha512sum --quiet -c - && \
+ winetricks -q win10 && \
+ xvfb-run wine $INNO_SETUP_EXE /VERYSILENT /SUPPRESSMSGBOXES /TASKS=
'/DIR=C:\\Program Files (x86)\\Inno Setup 6' && \
+ rm $INNO_SETUP_EXE
# We expect users to mount the project repo to /root/project, so we change that
# to our working directory so the daffodil-build-release command is run from
diff --git a/containers/build-release/src/daffodil-build-release
b/containers/build-release/src/daffodil-build-release
index 18285f0..1b4c820 100755
--- a/containers/build-release/src/daffodil-build-release
+++ b/containers/build-release/src/daffodil-build-release
@@ -70,16 +70,15 @@ case $PROJECT in
+compile \
+publish \
daffodil-cli/Rpm/packageBin \
- daffodil-cli/Windows/packageBin \
+ daffodil-cli/packageWindowsBin \
daffodil-cli/Universal/packageBin \
daffodil-cli/Universal/packageZipTarball
cp daffodil-cli/target/universal/apache-daffodil-*.tgz $DIST_DIR/bin/
cp daffodil-cli/target/universal/apache-daffodil-*.zip $DIST_DIR/bin/
cp daffodil-cli/target/rpm/RPMS/noarch/apache-daffodil-*.rpm $DIST_DIR/bin/
- MSI_NAME=$(basename $DIST_DIR/bin/*.zip .zip).msi
- cp daffodil-cli/target/windows/Daffodil.msi $DIST_DIR/bin/$MSI_NAME
- chmod -x $DIST_DIR/bin/$MSI_NAME
+ cp daffodil-cli/target/windows/apache-daffodil-*.exe $DIST_DIR/bin/
+ chmod -x $DIST_DIR/bin/*.exe
;;
"daffodil-sbt")
diff --git a/containers/build-release/src/wix_wine.sh
b/containers/build-release/src/wix_wine.sh
deleted file mode 100755
index d63e6c7..0000000
--- a/containers/build-release/src/wix_wine.sh
+++ /dev/null
@@ -1,71 +0,0 @@
-#!/bin/bash
-#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-# We use sbt-native-packager plugin to build a Windows MSI installer.
-# Unfortunately, that uses WiX toolset which requires Windows. It can be run
-# under Wine, but the plugin cannot be easily configured to use Wine. This
-# script is one part of getting that to work and is setup within the container
-# environment as needed.
-
-
-# We run a few wine commands, let's disable all wine debug information since it
-# is interpreted by sbt as errors and makes the output look like something
-# failed.
-export WINEDEBUG=-all
-
-# Create initial wine config, redirecting stderr to stdout. The command outputs
-# debug message to stderr, which SBT makes look like an actual error.
-winecfg 2>&1
-
-# The sbt native-packager plugin executes the $WIX/{candle,light}.exe
-# executables to build the Daffodil MSI. The problem is that those are Windows
-# executables and so can't be directly executed in the Linux container. To get
-# around this, the container Dockerfile copies the $WIX/{candle,light}.exe
-# files to $WIX/real-{candle,light}.exe and installs this script to
-# $WIX/{candle,light}.exe. This way, when the sbt plugin executes
-# $WIX/{candle,light}.exe, it's actually executing this script, which figures
-# out how it was executed (either as candle.exe or light.exe) and redirects the
-# execution to the real-{candle,light}.exe file using wine.
-
-
-# Figure out what was originally executed, and prepend "real-" to it. This is
-# what to execute with wine
-REAL_CMD=real-$(basename "$0")
-
-# The paths passed as arguments to this script by the plugin are all absolute
-# Linux style paths. For arguments that look like a path (i.e. starts with a
-# forward slash), use winepath to convert them to a Windows style path that
-# wine applications can understand. Leave all other arguments unmodified.
-i=0
-NEWARGS=()
-for VAR in "$@"
-do
- if [[ $VAR == /* ]]
- then
- NEWARGS[$i]=$(winepath -w "$VAR")
- else
- NEWARGS[$i]=$VAR
- fi
- ((++i))
-done
-
-# Uncomment to tell bash to output the wine command we are about to execute,
-# helpful for debugging when something goes wrong with wine
-# set -x
-
-# Execute wine with the real WiX command and modified arguments
-wine $WIX/$REAL_CMD "${NEWARGS[@]}"
diff --git a/containers/check-release/Dockerfile
b/containers/check-release/Dockerfile
index 316ff8d..14b2778 100644
--- a/containers/check-release/Dockerfile
+++ b/containers/check-release/Dockerfile
@@ -19,7 +19,6 @@ RUN \
dnf -y --quiet --repo=fedora install \
diff \
gpg \
- msidiff \
rpmsign \
wget
diff --git a/containers/check-release/src/check-release.sh
b/containers/check-release/src/check-release.sh
index 831d8df..7f96816 100755
--- a/containers/check-release/src/check-release.sh
+++ b/containers/check-release/src/check-release.sh
@@ -46,7 +46,6 @@ require_command sha512sum
require_command wget
if [ -n "$LOCAL_RELEASE_DIR" ]
then
- require_command msidiff
require_command rpmsign
fi
@@ -133,24 +132,14 @@ find $DIST_DIR -name '*.rpm' -execdir rpmsign --delsign
{} \; &>/dev/null
# - The downloaded .rpm file has an embedded signature (which we removed),
# locally built RPM does not so checksums will be different. RPMs should be
# exactly the same with the signature removed though.
-# - The downloaded .msi file has an embedded UUID and timestamps that cannot be
-# changed, so msi and its checksum will be different. We use msidiff later to
-# verify differences are only where expected
# - The .asc files can only be generated by the system with the secret key, the
# locally built releases are not signed
DIFF=$(diff \
--recursive \
--brief \
--exclude=*.rpm.sha512 \
- --exclude=*.msi \
- --exclude=*.msi.sha512 \
--exclude=*.asc \
--exclude=*.asc.md5 \
--exclude=*.asc.sha1 \
$RELEASE_DIR/ $LOCAL_RELEASE_DIR/)
[ $? -eq 0 ] && echo -e "$PASS no differences found" || (echo "$DIFF" | xargs
-I {} echo -e "$FAIL {}")
-
-printf "\n==== MSI Differences ====\n"
-echo -e "$WARN manual verification needed, diff should include only one UUID
and two timestamps"
-echo -e "$WARN ignore for VS Code Extension and SBT Plugin"
-find $DIST_DIR $LOCAL_RELEASE_DIR -name *.msi -exec msidiff {} \+
