[ZBX-13371] document how to build Windows agent binaries with and without TLS Created: 2016 Feb 29  Updated: 2024 Apr 10  Resolved: 2018 Dec 21

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Documentation (D)
Affects Version/s: None
Fix Version/s: 4.0 (plan)

Type: Documentation task Priority: Major
Reporter: Aleksandrs Saveljevs Assignee: Viktors Tjarve
Resolution: Fixed Votes: 9
Labels: compilation, windows
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Causes
causes ZBXNEXT-4836 Zabbix License update for OpenSSL Closed
Sub-task
depends on ZBXNEXT-3047 Windows Zabbix Agent Binary is not co... Closed
Epic Link: DEV-680
Team: Team A
Team: Team A
Sprint: Sprint 28, Sprint 29, Sprint 30, Sprint 31, Sprint 32, Sprint 35, Sprint 36, Sprint 37, Sprint 38, Sprint 39, Sprint 40, Sprint 41, Sprint 45, Sprint 46, Nov 2018
Story Points: 3

 Description   

We currently provide pre-compiled Windows binaries at http://www.zabbix.com/download.php , but there are no instructions at https://www.zabbix.com/documentation/3.0/manual/installation/install on how Zabbix users can build a Windows agent themselves.

As mentioned in ZBXNEXT-3047, this is especially important with the introduction of TLS support in ZBXNEXT-1263, because we do not provide Windows binaries with encryption.

 Comments   
Comment by Aleksandrs Saveljevs [ 2016 Feb 29 ]

Meanwhile, some old instructions are available in this comment from 2010. File names may be outdated, but the general idea is the same.

Comment by Aleksandrs Saveljevs [ 2016 Feb 29 ]

As mentioned by wiper in another comment, replacing {ZABBIX_REVISION} with a (random) number in include/version.h may be needed.

Comment by Andris Zeila [ 2016 Feb 29 ]

I believe we should first tackle ZBX-8054 (there are also some build instructions).

Comment by Mark D [ 2018 Jun 25 ]

If I understand correctly, you don't distribute the agent with encryption because of licensing/legal issues.

Documenting would be great (please x86 as well as 64 bit).

I know we're not *nix, but I think that some of the environment setup and building could be scripted in a batch file which could make it even easier. If users have wget.exe, even the downloads could be automated. That would just leave the Microsoft setup GUI to be done manually.

edit: Another idea to make the dev environment easier to setup: Microsoft has a free download available of virtual machines for VMWare, Virtualbox, etc. These include Windows 10 and Visual Studio. MS Virtual Machine Downloads These are evals which expire after a few months, but for our purposes, I think they'd be perfect.

palivoda, Yes, licensing is the issue. Great idea about VM and trail license, but we are very stretched to put our hands on to automatic build now. Check out last comment at - ZBXNEXT-3047. This task is about documentation how to build. If you can create script based on this instruction please attach it to ZBXNEXT-3047 and let us know. We will review and if licensing is OK we could include it in to our continuous build.... and we will not need to document this. Please keep in mind we have to build agents for various Windows platforms. 

 

Comment by Mark D [ 2018 Jun 29 ]

Thanks for clarifying. I think most people don't understand that it is a legal issue, not a technical one why there are no SSL binaries.

sh0thub has provided excellent instructions on 3047 on how to build. I see only two areas where what he created could be improved:

  1. Would be nice to have steps to build OpenSSL from source as well. It's not ideal to rely on trusting the executable provided by a third party when you can build from source instead. I realize it's unlikely there's some malware or vulnerability in the OpenSSL-Windows setup executable, but still..
  2. Have most or all of the build steps in a batch file as I suggested. Theoretically, it could be simplified to downloading the Windows VM from Microsoft, downloading a batch file and wget.exe.

Of course, that's easier said than done. Not sure, but if you're hiring, sh0thub would make an excellent addition

edit: Thomas Oftring suggests here 3047 that wolfSSL may provide a good legal and technical solution. They have a GPL2 and commercial license option. They include an "OpenSSL compatibility layer" which might help with development.

Comment by richlv [ 2018 Jul 06 ]

Mark, Rostislav - is there a writeup on the licensing detail anywhere?

While ZBXNEXT-3047 talks about DLL distribution, it's not very detailed on the legal side.

Comment by wasgehtdichdasan [ 2018 Aug 07 ]

@Mark

can you describe the legal problem?

Comment by Mark D [ 2018 Aug 07 ]

I don't know. palivoda from Zabbix edited my comment to include the info about the legal issue. He'd be the one to add some details.

Comment by Rostislav Palivoda [ 2018 Aug 07 ]

Libraries we use:

Visual C++ redistributables

GnuTLS Transport Layer Security Library

OpenSSL License that is going to move to standard Apache license, but until then:

  • 6. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by the OpenSSL Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)"

SSLeay License:

  • 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * "This product includes cryptographic software written by * Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library * being used are not cryptographic related .
  • 4. If you include any Windows specific code (or a derivative thereof) from * the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([email protected])
Comment by wasgehtdichdasan [ 2018 Aug 20 ]

palivoda 

 

where is the problem on this?

Generated at Fri Apr 19 08:19:48 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.