JIRA 4.0 : JIRA Custom Installer Guide
This page last changed on Oct 01, 2009 by alui.
This page lists instructions for how to build a custom installer for JIRA Standalone.
RequirementsThe JIRA installer is built using install4j (v4.0.5) for which you will need to buy a valid license. If you would like to sign your installer executables you will also need a valid code signing certificate. If you are building the installer on Linux, you may also require mono and mono-mcs for code-signing purposes. GeneralThe installer is configured using install4j. To edit the installer, open jira-template.install4j in the install4j GUI. Installed JREInstall4j will bundle the installer with one of the JREs defined in the <INSTALL4J_HOME>/jres directory. As of v3.12, we are creating a custom JRE bundle, in order to allow the use of the server JVM (only client JVM is included in the default windows jre bundle).
Once you have created the custom JRE bundle, make sure that jira-template.install4j refers to the same JRE bundle name. includedJRE="windows-x86-1.6.0_03_from_jdk" or browse to Media > Windows > Bundled JRE in the install4j GUI. Building the InstallerAll source files regarding the installer reside in the main JIRA source tree in /jira/subprojects/installer. Edit project.properties to correctly identify your install4j home directory, as well as your certificate keystore: subprojects/installer/project.properties # The location used for code-signing the executable. This location should contain an SPC (software platfrom certificates) # and PVK (Private key) file for windows. Not, you will need mono to run this on unix/linux. atlassian.keystore.location=/path/to/your/keystore install4j.home=/path/to/your/install4j Please note that the directory defined by the 'atlassian.keystore.location' property must contain 2 key files: atlassian.spc and private.pvk. Please see the Code signing section below for how to create these. Once install4j has been installed, and project.properties has been correctly configured, the following maven command can be executed from the JIRA root directory to build the installer (Note: this will also build JIRA Standalone): maven jira:installer -Dedition=enterprise Code signingCode signing is useful if you would like to ensure that the executable generated cannot be altered by anyone else. A code signed executable will also list the publisher (i.e. Atlassian Software Systems) correctly when opening the installer exe. BackgroundTo get a code-signing certificate, you firstly generate a public/private key pair using Java's keytool. The public key/certificate is then submitted to a key signing authority (Thawte in our case) who will verify that you really are who you claim to be, sign your public certificate and send it back. Your keystore stores your private key, public certificate as well as the whole certificate chain from your key signing authority. ImplementationIn Windows, you sign executables with a utility called signcode. There's a mono version for this and it's also included in install4j (with a slight modification that will allow you to specify a password for your private key). Signcode takes a number of arguments:
To get all this information you will need some information from your keystore that Java's keytool can't return. The following Java class should return all required information: import sun.misc.BASE64Encoder; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.security.*; import java.security.cert.Certificate; class ExportPriv { public static void main(String args[]) throws Exception { ExportPriv myep = new ExportPriv(); myep.doit(); } public void doit() throws Exception { KeyStore ks = KeyStore.getInstance("JKS"); String fileName = "/path/to/your/keystore"; char[] passPhrase = "password".toCharArray(); BASE64Encoder myB64 = new BASE64Encoder(); File certificateFile = new File(fileName); ks.load(new FileInputStream(certificateFile), passPhrase); KeyPair kp = getPrivateKey(ks, "password", passPhrase); Certificate[] certificateChain = ks.getCertificateChain("atlassian"); for (int i = 0 ; i < certificateChain.length; i++) { File output = new File("/path/to/your/output/directory/cert"+i+".crt"); FileOutputStream out = new FileOutputStream(output); out.write(certificateChain[i].getEncoded()); out.flush(); out.close(); } PrivateKey privKey = kp.getPrivate(); String b64 = myB64.encode(privKey.getEncoded()); File output = new File("/path/to/your/output/directory/private.key"); FileOutputStream out = new FileOutputStream(output); out.write(privKey.getEncoded()); out.flush(); out.close(); System.out.println("-----BEGIN PRIVATE KEY-----"); System.out.println(b64); System.out.println("-----END PRIVATE KEY-----"); } public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) { try { // Get private key Key key = keystore.getKey(alias, password); if (key instanceof PrivateKey) { // Get certificate of public key Certificate cert = keystore.getCertificate(alias); // Get public key PublicKey publicKey = cert.getPublicKey(); // Return a key pair return new KeyPair(publicKey, (PrivateKey) key); } } catch (UnrecoverableKeyException e) { } catch (NoSuchAlgorithmException e) { } catch (KeyStoreException e) { } return null; } } (Note: This code was copied from here with some modifications) The get the SPC file you will first have to export your entire certificate chain from the keystore first using the Java class above (keytool does not provide a method to do this). cert2spc cert0.crt cert1.crt cert2.crt atlassian.spc The private key returned from the keystore is in the wrong format for the signcode utiltiy. There exists a tool for Windows to convert the private key to the correct Windows PVK format. Signcode can now be executed: mono /path/to/your/install4j/resource/signcode.exe -spc atlassian.spc -v private.pvk -vp password -t http://timestamp.verisign.com/scripts/timstamp.dll JIRA_Enterprise_3_8-DEV_windows.exe |
![]() |
Document generated by Confluence on Oct 06, 2009 00:31 |