-
Notifications
You must be signed in to change notification settings - Fork 58
Hirs build guide
This guide is designed to provide a developer with the information and resources needed to build the HIRS Attestation Certificate Authority (ACA) Server, Trusted Platform Module (TPM) v2.0 Client Provisioners, and the TPM_Module command line tool. In particular, it will cover development environment setup and general instructions for building and packaging the ACA and Provisioner.
This convenience section has been provided to quickly get new developers and their environments set up in the minimal amount of time possible after cloning the HIRS project. Other sections go into more detail regarding the respective sub-projects, and it is highly encouraged that the reader glance through them as well to learn more about the tools and libraries used.
An ACA Docker image is now automatically created for each release. This is the preferred way to run/test an ACA. See the packages page for a complete list of published ACA docker images.
To download and run the ACA image (can take several minutes):
docker run --name=aca -p 8443:8443 ghcr.io/nsacyber/hirs/aca:latest
To check the container is running:
docker ps
To pull updated aca images:
docker pull ghcr.io/nsacyber/hirs/aca:latest
Use the following URL for viewing the ACA Portal:
https:localhost:8443/
Obtain a copy of the HIRS source code (Clone the HIRS project):
git clone https://github.com/nsacyber/HIRS.git
Navigate to the HIRS project folder.
The following commands have been provided to quickly install the necessary developer dependencies for known supported environments.
sudo apt-get install openjdk-17-jdk git
sudo yum install java-1.17.0-openjdk-devel git
The Gradle Build Tool is used to generate platform-dependent build files, run tests, and manage deployment packaging. In particular, the HIRS project relies on the Gradle Wrapper to maintain consistent versioning for Gradle across all developers. Presently, the target Gradle version is 8.10, and it is expected that any updates to Gradle files be checked against the Wrapper or, at the very least, the 8.10 version of Gradle to ensure that no change in minimum Gradle version has occurred.
Due to the nature of Java build tools, Gradle manages all of the dependencies and sub-dependencies needed to build the various Java-based HIRS sub-projects. When a build is performed, it will attempt to check the local Maven package repository. If the packages can't be found there, then it will attempt to reach out to the central Maven package repo and/or any other configured package repositories.
(NOTE: This assumes Gradle to be installed as a plugin in the local IntelliJ installation.)
- Import the root directory as a project into the IntelliJ IDE. It should detect that it's a Gradle Project and that there's a Gradle Wrapper.
- Click
Build
>Build Project
Only a few Gradle commands are necessary for building HIRS and its sub-projects. As mentioned in the previous section on Gradle, a Gradle Wrapper is provided and should be preferred when building the project. It's easily spotted as the gradlew
and gradlew.bat
files. The following commands use the wrapper. They can be used with Gradle directly, but this is discouraged.
- Navigate to the root of the HIRS project directory.
- Run the following command to build and test the ACA and TPM v1.2 Provisioner sub-projects:
./gradlew clean build
This will automatically download the desired version of Gradle and pull all of the necessary Java dependencies that weren't installed in the previous section on Development Environment Setup.
The build command , if successful, will place jar files under the build/libs folder.\
(IMPORTANT: Please prefer using the provided Gradle Wrapper in all cases. The only instance where direct use of Gradle is advised is when the target system does NOT have internet access to download the Gradle Wrapper's specified version of 2.10.)
- Navigate to the root of the HIRS project directory.
- Run the following command to build and test the ACA:
gradle clean build
- Navigate to the root of the entire HIRS project.
- Run the following command:
./gradlew clean buildRpm
- Navigate to the root of the entire HIRS project.
- Run the following command:
./gradlew clean buildDeb
To install the ACA on a Redhat or Rocky Linux download the latest rpm from the release page then run the command
sudo dnf install HIRS_AttestationCA*.rpm
To install the ACA on a Ubuntu Linux download the latest rpm from the release page then run the command
sudo apt-get install ./HIRS_AttestationCA*.deb
Refer to the HIRS .NET Provisioner Readme_2.2.pdf for details on building, installing and configuring the HIRS_Porvisoner.Net application.