Skip to content

Hirs build guide

D2B8CA1B27286366A8607B6858C0565962613D18D0546480078B520CD7AD705A edited this page Aug 26, 2024 · 23 revisions

HIRS Build Guide

This guide is designed to provide a developer with the information and resources needed to build the HIRS Attestation Certificate Authority (ACA) Server, Trusted Platform Module (TPM) v2.0 Client Provisioners, and the TPM_Module command line tool. In particular, it will cover development environment setup and general instructions for building and packaging the ACA and Provisioner.

This convenience section has been provided to quickly get new developers and their environments set up in the minimal amount of time possible after cloning the HIRS project. Other sections go into more detail regarding the respective sub-projects, and it is highly encouraged that the reader glance through them as well to learn more about the tools and libraries used.

Table of Contents

HIRS ACA

Using the ACA Docker Image

An ACA Docker image is now automatically created for each release. This is the preferred way to run/test an ACA. See the packages page for a complete list of published ACA docker images.

To download and run the ACA image (can take several minutes):

docker run --name=aca -p 8443:8443 ghcr.io/nsacyber/hirs/aca:latest 

To check the container is running:

docker ps  

To pull updated aca images:

docker pull ghcr.io/nsacyber/hirs/aca:latest

Use the following URL for viewing the ACA Portal:

https:localhost:8443/

Cloning the HIRS ACA

Obtain a copy of the HIRS source code (Clone the HIRS project):

git clone https://github.com/nsacyber/HIRS.git

Navigate to the HIRS project folder.

Dependency Install Commands

The following commands have been provided to quickly install the necessary developer dependencies for known supported environments.

Debian

sudo apt-get install openjdk-17-jdk git 

RHEL

sudo yum install java-1.17.0-openjdk-devel git

Building the HIRS ACA from Source

Building with Gradle Wrapper

The Gradle Build Tool is used to generate platform-dependent build files, run tests, and manage deployment packaging. In particular, the HIRS project relies on the Gradle Wrapper to maintain consistent versioning for Gradle across all developers. Presently, the target Gradle version is 8.10, and it is expected that any updates to Gradle files be checked against the Wrapper or, at the very least, the 8.10 version of Gradle to ensure that no change in minimum Gradle version has occurred.

Due to the nature of Java build tools, Gradle manages all of the dependencies and sub-dependencies needed to build the various Java-based HIRS sub-projects. When a build is performed, it will attempt to check the local Maven package repository. If the packages can't be found there, then it will attempt to reach out to the central Maven package repo and/or any other configured package repositories.

Building with the IntelliJ IDE

(NOTE: This assumes Gradle to be installed as a plugin in the local IntelliJ installation.)

  1. Import the root directory as a project into the IntelliJ IDE. It should detect that it's a Gradle Project and that there's a Gradle Wrapper.
  2. Click Build > Build Project

Building on the CLI with Gradle Wrapper

Only a few Gradle commands are necessary for building HIRS and its sub-projects. As mentioned in the previous section on Gradle, a Gradle Wrapper is provided and should be preferred when building the project. It's easily spotted as the gradlew and gradlew.bat files. The following commands use the wrapper. They can be used with Gradle directly, but this is discouraged.

  1. Navigate to the root of the HIRS project directory.
  2. Run the following command to build and test the ACA and TPM v1.2 Provisioner sub-projects:
./gradlew clean build

This will automatically download the desired version of Gradle and pull all of the necessary Java dependencies that weren't installed in the previous section on Development Environment Setup.

The build command , if successful, will place jar files under the build/libs folder.\

Building on the CLI with Gradle

(IMPORTANT: Please prefer using the provided Gradle Wrapper in all cases. The only instance where direct use of Gradle is advised is when the target system does NOT have internet access to download the Gradle Wrapper's specified version of 2.10.)

  1. Navigate to the root of the HIRS project directory.
  2. Run the following command to build and test the ACA:
gradle clean build

Packaging

Linux

RHEL
  1. Navigate to the root of the entire HIRS project.
  2. Run the following command:
./gradlew clean buildRpm
Debian
  1. Navigate to the root of the entire HIRS project.
  2. Run the following command:
./gradlew clean buildDeb

Installing

RHEL

To install the ACA on a Redhat or Rocky Linux download the latest rpm from the release page then run the command

sudo dnf install HIRS_AttestationCA*.rpm

Debian

To install the ACA on a Ubuntu Linux download the latest rpm from the release page then run the command

sudo apt-get install ./HIRS_AttestationCA*.deb

HIRS TPM v2.0 Provisioner.NET

Refer to the HIRS .NET Provisioner Readme_2.2.pdf for details on building, installing and configuring the HIRS_Porvisoner.Net application.

Clone this wiki locally