Changes between Version 90 and Version 91 of BuildingUsingGenericBuildsystem


Ignore:
Timestamp:
12/23/22 11:16:26 (16 months ago)
Author:
flichtenheld
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • BuildingUsingGenericBuildsystem

    v90 v91  
    77= Building natively on *NIX =
    88
    9 Building natively on *NIX has not changed much, you can still use roughly the same process as before. If building from Git sources, first do a
     9If building from Git sources, first do a
    1010
    1111{{{
     
    4141= Cross-compiling on *NIX ("generic" subdir) =
    4242
    43 == Using openvpn-build Vagrant VM for building ==
    44 
    45 If you use or can install Vagrant and Virtualbox you can make use of the "openvpn-build" Vagrant VM in [https://github.com/OpenVPN/openvpn-vagrant openvpn-vagrant]. That way you don't have to worry about any of the build system setup and can just skip to the actual building.
    46 
    47 == Installing prerequisites ==
    48 
    49 Content moved [wiki:SettingUpGenericBuildsystem here].
    50 
    51 == Checking out openvpn-build repository ==
    52 
    53 Check out the ''openvpn-build'' subproject using Git:
    54 
    55 {{{
    56 $ git clone https://github.com/OpenVPN/openvpn-build.git
    57 }}}
    58 
    59 Then go to the ''generic'' directory:
    60 
    61 {{{
    62 $ cd openvpn-build/generic
    63 }}}
    64 
    65 == Customizing the build ==
    66 
    67 To customize the build options, refer to ''build.vars'', it contains the defaults for building, most settings can be customized by setting environment variable before executing the build script.
    68 
    69 If you want to use your own, local sources (e.g. for OpenSSL or OpenVPN), put them in ''sources'' directory, so that the ''generic'' buildsystem knows not to download them from a remote site. The cached tarballs will be used even if they're of a different version than what would be downloaded. This is useful for building custom version.
    70 
    71 === Building your own fork of OpenVPN hosted at GitHub ===
    72 1. Sources in tarballs downloaded from GitHub are packed inside ''openvpn-<branch>'' subfolder, while the build process expects them inside ''openvpn-<version>''. Therefore, set the ''OPENVPN_VERSION'' to the branch name, replacing ''"/"'' with ''"-"'' (e.g. ''"master"'', ''"feature-msi"'' etc.).
    73 2. The build process expects the downloaded tarball to be named ''openvpn-<numeric version>.tar.gz''; GitHub delivers ''<branch>.tar.gz''. Set the ''OPENVPN_URL'' to ''"!https://github.com/<username>/openvpn/archive/<branch>.tar.gz/openvpn-2.6_git.tar.gz"''. The extra trailing ''/openvpn-2.6_git.tar.gz'' makes the downloaded tarball named reasonable to the build process: it begins with ''openvpn'' and it contains a version in the form of ''-![0-9].*''.
    74 
    75 == Building OpenVPN and it's dependencies ==
    76 
    77 The ''./build'' command fetches all the dependencies, builds them and builds OpenVPN. To build a native binary:
    78 
    79 {{{
    80 $ IMAGEROOT=`pwd`/image-native ./build
    81 }}}
    82 
    83 To build for Windows 32bit on Linux 64bit:
    84 
    85 {{{
    86 $ IMAGEROOT=`pwd`/image-win32 CHOST=i686-w64-mingw32 \
    87     CBUILD=x86_64-pc-linux-gnu ./build
    88 }}}
    89 
    90 To build for Windows 64bit on Linux 64bit:
    91 
    92 {{{
    93 $ IMAGEROOT=`pwd`/image-win64 CHOST=x86_64-w64-mingw32 \
    94     CBUILD=x86_64-pc-linux-gnu ./build
    95 }}}
    96 
    97 To build for Arm on Linux 64bit:
    98 
    99 {{{
    100 $ IMAGEROOT=`pwd`/image-arm CHOST=arm-linux-gnueabi \
    101     CBUILD=x86_64-pc-linux-gnu ./build
    102 }}}
    103 
    104 If you get an error complaining about missing libpam, add ''--disable-plugin-auth-pam'' to ''generic/build.vars'':
    105 
    106 {{{
    107 EXTRA_OPENVPN_CONFIG="${EXTRA_OPENVPN_CONFIG:---enable-password-save --disable-debug --disable-snappy --disable-plugin-auth-pam}"
    108 }}}
    109 
    110 == Building dependencies only ==
    111 
    112 To build only dependencies (helpful for developers):
    113 
    114 {{{
    115 $ DO_ONLY_DEPS=1 IMAGEROOT=`pwd`/deps-win32 CHOST=i686-w64-mingw32 \
    116     CBUILD=x86_64-pc-linux-gnu ./build
    117 }}}
    118 
    119 For typical OpenVPN installations you'll most likely want to use something like this:
    120 
    121 {{{
    122 $ DEP=location of the dependencies
    123 $ ./configure host=... \
    124     CFLAGS="-I$DEP/include" LDFLAGS="-L$DEB/lib" \
    125     --enable-pkcs11 \
    126     PKCS11_HELPER_CFLAGS=" " PKCS11_HELPER_LIBS="-lpkcs11-helper"
    127 }}}
    128 
    129 == Cleaning up ==
    130 
    131 If you want to start from scratch, do
    132 
    133 {{{
    134 $ cd openvpn-build/generic
    135 $ rm -f sources/*
    136 $ rm -rf image-*
    137 }}}
     43Removed, only MSVC builds are currently supported.
    13844
    13945= Creating a NSIS installer ("windows-nsis" subdir) =
    14046
    141 == Building and packaging ==
    142 
    143 You can use the scripts in ''openvpn-build/windows-nsis'' to create a [http://nsis.sourceforge.net NSIS] installer for Windows. The scripts use the generic build system to build OpenVPN and it's dependencies (e.g. lzo, openssl), and use [http://sourceforge.net/projects/osslsigncode osslsigncode] for signing the resulting binaries, if requested.
    144 
    145 NSIS must be available on system. If installed not in path or standard location set MAKENSIS environment variable. Same goes for OSSLSIGNCODE.
    146 
    147 First check out ''openvpn-build'' as described [wiki:BuildingUsingGenericBuildsystem#Checkingoutopenvpn-buildrepository here]. Check ''build-complete.vars'' for variables which you can set in the shell to point the ''build-complete'' script to the correct dependency packages (''easy-rsa'' and ''tap-windows''). If you're building a snapshot, ensure that OPENVPN_VERSION in ''version.m4'' (in Git) matches that in ''../generic/build.vars''; also make sure other variables in that file are correct.
    148 
    149 Then, if you want to build an (unsigned) installer, do the following:
    150 
    151 {{{
    152 $ cd openvpn-build/windows-nsis
    153 $ ./build-snapshot
    154 }}}
    155 
    156 '''NOTE:''' Ensure that ''OPENVPN_VERSION'' is set to the same value as in ''version.m4'' in OpenVPN sources . 
    157 
    158 If you want to build a signed ''snapshot'' installer (with all included libraries and executables signed) use something like this instead:
    159 
    160 {{{
    161 $ ./build-snapshot --sign --sign-pkcs12=signingkey.p12 --sign-pkcs12-pass=yourpassphrase --sign-timestamp="http://timestamp.domain.com"
    162 }}}
    163 
    164 If you're doing a release build, use ''build-complete'' instead:
    165 
    166 {{{
    167 $ ./build-complete --sign --sign-pkcs12=signingkey.p12 --sign-pkcs12-pass=yourpassphrase --sign-timestamp="http://timestamp.domain.com"
    168 }}}
    169 
    170 If you wish to cut down compile time you can use the dependency cache feature. Refer to ''windows-nsis/README'' for more information on it's usage.
    171 
    172 To make sure fresh tarballs are used, empty ./sources directory before building.
    173 
    174 == Packaging without building ==
    175 
    176 If you're making changes to the NSI installer (openvpn.nsi), you may want to skip all of the building steps and just generate the installers manually. In this case you can use something like this:
    177 
    178 {{{
    179 makensis -DARCH=x86_64 -DVERSION_STRING=2.4_alpha1-I601 -DOPENVPN_ROOT=tmp\\installer\\openvpn -DTAP_WINDOWS_INSTALLER=tmp\\tap-windows-9.21.2.exe -DOPENVPNSERV2_EXECUTABLE=tmp\\openvpnserv2-1.1.0.0.exe -DSPECIAL_BUILD -DEASYRSA_ROOT=tmp\\installer\\easy-rsa -DOUTPUT=./openvpn-test.exe -DPACKAGE_NAME=OpenVPN openvpn.nsi
    180 }}}
    181 
    182 This has been tested with OpenVPN 2.4-alpha1 builds, but may fail on other versions due to missing defines (-D). So make sure the variables match your latest complete build.
    183 
    184 = Building natively on Windows using the MSVC toolchain ("msvc" subdir) =
    185 
    186 Content moved [wiki:BuildingUsingMsvcBuildsystem here].
    187 
    188 = Building TAP-Windows =
    189 
    190 Content moved [wiki:BuildingTapWindows here].
    191 
     47Removed, only MSI installer is currently supported.
    19248
    19349= Code-signing =
    19450
    195 The [http://sourceforge.net/projects/osslsigncode/ osslsigncode] tool is used to sign OpenVPN installer, libraries and executables. [http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=vs.85%29.aspx SignTool] is used to sign the TAP-drivers. Official OpenVPN releases will be signed with  OpenVPN Technologies, Inc. code signing keys. However, it's fairly easy to build a custom version of OpenVPN and sign it with your own code-signing keys.
    196 
    197 Installation instructions for osslsigncode are available [wiki:SettingUpGenericBuildsystem here].
     51[http://msdn.microsoft.com/en-us/library/windows/desktop/aa387764%28v=vs.85%29.aspx SignTool] is used to sign OpenVPN installer, libraries and executables.. Official OpenVPN releases will be signed with  OpenVPN Technologies, Inc. code signing keys. However, it's fairly easy to build a custom version of OpenVPN and sign it with your own code-signing keys.
    19852
    19953= Making the release builds of OpenVPN =
    20054
    201 We've now described building the various components of OpenVPN in isolation. In this chapter we put all of it together.
    202 
    203 == Building signed Windows installers and executables ==
    204 
    205 Building Windows executables and installers is one of the most painful parts of OpenVPN release process due to code-signing requirements etc. To generate universally useful installers you need the following:
    206 
    207  * Code-signing (=SPC) certificates
    208   * Kernel-mode code-signing certificate
    209   * CA's cross-certificate for kernel-mode code-signing
    210   * User-mode code-signing certificate (a.k.a. Microsoft Authenticode certificate)
    211  * A Windows build computer (for building and signing tap-windows)
    212  * *NIX build computer (for building and signing everything else)
    213  * Lots of patience
    214 
    215 The build process is ''fairly'' straightforward:
    216 
    217  * Get the SPC certificates from a CA
    218  * Copy the kernel-mode and cross-certificates to the Windows build computer
    219  * Copy the user-mode code-signing certificate to the *NIX build computer
    220  * Generate an ''easy-rsa'' tarball and put it on a webserver
    221  * Generate an ''openvpn-gui'' tarball (unless one has been generated for you):
    222   * [http://sourceforge.net/scm/?type=git&group_id=248281 Clone] the [http://sourceforge.net/projects/openvpn-gui/ new openvpn-gui] git repository
    223   * Edit ''openvpn-gui/configure.ac'' to change the version number
    224   * Run ''autoreconf -vif'' in the ''openvpn-gui'' directory
    225   * Run ''make dist'' in the ''openvpn-gui'' directory to produce tarball.
    226   * Put the resulting archive on a webserver
    227  * Optionally, build ''tap-windows'' and put the latest installer on a webserver
    228  * Setup ''openvpn-build/generic/build.vars'' to suit your needs:
    229   * dependency locations
    230   * build flags
    231  * Setup ''openvpn-build/windows-nsis/build-complete.vars'' to suit your needs:
    232   * ''easy-rsa'' tarball location
    233   * ''tap-windows'' installer location
    234  * Ensure your mingw-w64 installation is up-to-date and/or patched
    235  * Build the whole thing using ''openvpn-build/windows-nsis/build-complete''
    236   * '''NOTE:''' ''build-snapshot'' is meant for building ''snapshots'', not release packages
    237 
    238 See corresponding sections for more detailed documentation.
     55See Openvpn2ReleaseProcess.
    23956
    24057= External links =
     
    24764 * https://github.com/OpenVPN/tap-windows
    24865 * https://github.com/OpenVPN/easy-rsa
    249 
    250 '''Unofficial Git repositories'''
    251 
    252  * https://github.com/mattock/openvpn-build (openvpn-build with Debian and RPM packaging files, documentation [wiki:CreatingUnixPackages here])