logo_kerberos.gif

Difference between revisions of "Kerberos for Windows (KfW) Build Environment"

From K5Wiki
Jump to: navigation, search
(Update for InCommon cert/timestamping)
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category: Kerberos for Windows]]
 
[[Category: Kerberos for Windows]]
 
Directions for producing an environment in which to build
 
Directions for producing an environment in which to build
Kerberos for Windows version 4
+
Kerberos for Windows version 4.2
   
Start with a clean Windows 7 installation (64-bit necessary?)
 
 
* Install 64-bit Windows 10.
   
(0) get a browser that you like/trust to validate SSL certs/etc.
 
 
* Install Visual Studio 2017 Community.
  +
** Check "Desktop development with C++".
  +
** Check "MFC and ATL support".
  +
** After installing, locate the Visual Studio 2017 menu under the start menu, and pin the x64 and x86 Native Tools Command Prompt entries to the task bar for e
   
(1) Install MS Visual Studio 2010 Professional
 
  +
* Install the chocolatey package manager from https://chocolatey.org/install (by pasting the PowerShell command line into an administrative powershell). Install the following packages:
grab the Visual C++ 10.0 runtime for x86 and x64
 
also the 64-bit prerequisites
 
Documentation files not necessary
 
Choose 'Visual C++ Development Settings' (probably doesn't matter)
 
You should now have an 'HTML Help Workshop' entry within
 
Program Files (x86). This will get added to the path, later.
 
(2) Install the Windows SDK version 7.1
 
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8279
 
The download is over a non-https url by default, though the installer
 
is signed by a Microsoft certificate.
 
[Select all components (add application verifier, debugging tools,
 
windows performance toolkit)]
 
Finishing the installation brings up the Help Library Manager (installer?)
 
but nothing should be necessary from that utility.
 
If you have an error mentioning "Please refer to Samples\Setup\HTML\ConfigDetails.htm"
 
then uninstall any existing Visual Studio 2010 Redistributable packages installed on
 
your system and try again.
 
(3) Install the Utilities and SDK for UNIX-based Applications (amd64 if on a 64-bit system)
 
First, enable the Windows feature "Subsystem for UNIX-based Applications"
 
from the Control Panel. (Programs [and Features] menu, "Turn on or off
 
Windows features", or similar.)
 
Then visit (also available from the All Programs menu)
 
http://www.microsoft.com/en-us/download/details.aspx?id=23754
 
Again, this is a http-default page, and attempting to use SSL causes
 
an error due to Akamai configuration.
 
I have Version 10.0.6030.0 of the SUA, which claims to be for
 
Windows Vista RTM/Windows Vista SP1/Windows Server 2008 RTM
 
but appears to work fine on Windows 7.
 
[The standard installation gives us awk, which may be all we need?]
 
(4) Install the Windows Installer XML Toolkit
 
Tested with version 3.5; there is a 3.6 beta available as well.
 
wix.sourceforge.net --> wix.codeplex.com/releases/view/60102
 
These default to non-SSL urls; try to get
 
https://download-codeplex.sec.s-msft.com/Download/Release?ProjectName=wix&DownloadId=204417&FileTime=129409234222130000&Build=19194
 
Install all components (the default setting).
 
(5) Update the system path to include some necessary utilities.
 
This is something like
 
Control Panel->System->Advanced System Settings->Environment
 
awk is in C:\Windows\SUA\bin
 
But, you will need to make a *copy* (not link) of it named awk.exe in
 
order for things to work properly. Check the permissions so that everyone
 
can read and execute it.
 
Add the directory containing hhc.exe to the path:
 
C:\Program Files (x86)\HTML Help Workshop
 
Add C:\Program Files (x86)\Windows Installer XML v3.5\bin to the path
 
to get candle.exe.
 
(6) Install a real Perl that can handle both forward-slash and backward-slash as path separators, e.g., ActivePerl or Strawberry Perl.
 
I used Strawberry Perl, since its installer was downloadable over SSL and
 
was digitally signed.
 
I have strawberry_perl-5.14.2.1-64bit.msi
 
Note that you may not have spaces in the path to the installation, so
 
it installs to c:\strawberry by default.
 
   
That should be enough for the build environment.
 
  +
choco install wixtoolset -y
  +
choco install strawberryperl -y
  +
choco install git -y -params '"/GitAndUnixToolsOnPath"'
  +
choco install emacs -y
  +
choco install windbg -y
   
To actually build an installer, first get the source. If you are using git
 
  +
* Add wix to the path.
to get the source, don't set it to convert the line endings to native. The
 
  +
** search for System (control panel) and run it.
SUA version of awk expects the files to have unix line endings.
 
  +
** advanced system settings
  +
** environment variables (button at bottom)
  +
** click on wix, copy value.
  +
** click on path, click edit, click new, paste value and add "\bin".
   
Next, fire up the Windows SDK 7.1 command prompt.
 
  +
Follow the instructions in src/windows/README to perform a build. NODEBUG can be set in the environment ("set NODEBUG=1") to avoid having to specify it on the nmake command line each time. For MIT-specific builds, also "set MIT_INTERNAL=1" or specify it on the nmake command line when building the installer.
   
(0) cmd /v to get delayed expansion of variables
 
 
Code signing:
   
(1) Environment set-up
 
 
signtool sign /v /d "MIT Kerberos for Windows installer" /a /fd sha256 /tr http://timestamp.comodoca.com /td sha256 foo.msi
set KRB_INSTALL_DIR=/path/to/an/obj/dir
 
[set MIT_INTERNAL=1]
 
[set NODEBUG=1]
 
\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x86 [/release]
 
set CPU=i386
 
(2) Build the 32-bit binaries
 
cd /path/to/krb5-tree/src
 
[nmake clean]
 
nmake -f Makefile.in prep-windows
 
nmake
 
nmake install
 
(3) Build 32-bit installer
 
cd windows/installer/wix
 
[nmake clean]
 
nmake
 
rename kfw.msi kfw32.msi
 
(4) 64-bit build -- NOTE: don't delete the install directory from the 32-bit build; the 32-bit DLLs are needed by the 64-bit installer
 
\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x64 [/release]
 
set CPU=AMD64
 
cd /path/to/krb5-tree/src
 
nmake clean
 
nmake -f Makefile.in prep-windows [?]
 
nmake
 
nmake install
 
(5) Build 64-bit installer
 
cd windows/installer/wix
 
nmake clean
 
nmake
 
rename kfw.msi kfw64.msi
 
 
Code signing
 
 
signtool sign /a /t http://timestamp.comodoca.com foo.msi
 
 
Code signing with SHA256 file digest and timestamp (not required until 2017-01-01?)
 
 
signtool sign /v /a /fd sha256 /td sha256 /tr http://timestamp.comodoca.com foo.msi
 
   
 
See also https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/68/7/
 
See also https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/68/7/

Latest revision as of 12:49, 7 April 2019

Directions for producing an environment in which to build Kerberos for Windows version 4.2

  • Install 64-bit Windows 10.
  • Install Visual Studio 2017 Community.
    • Check "Desktop development with C++".
    • Check "MFC and ATL support".
    • After installing, locate the Visual Studio 2017 menu under the start menu, and pin the x64 and x86 Native Tools Command Prompt entries to the task bar for e
  • Install the chocolatey package manager from https://chocolatey.org/install (by pasting the PowerShell command line into an administrative powershell). Install the following packages:
 choco install wixtoolset -y
 choco install strawberryperl -y
 choco install git -y -params '"/GitAndUnixToolsOnPath"'
 choco install emacs -y
 choco install windbg -y
  • Add wix to the path.
    • search for System (control panel) and run it.
    • advanced system settings
    • environment variables (button at bottom)
    • click on wix, copy value.
    • click on path, click edit, click new, paste value and add "\bin".

Follow the instructions in src/windows/README to perform a build. NODEBUG can be set in the environment ("set NODEBUG=1") to avoid having to specify it on the nmake command line each time. For MIT-specific builds, also "set MIT_INTERNAL=1" or specify it on the nmake command line when building the installer.

Code signing:

   signtool sign /v /d "MIT Kerberos for Windows installer" /a /fd sha256 /tr http://timestamp.comodoca.com /td sha256 foo.msi

See also https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/68/7/

More general KfW release engineering information at Kerberos for Windows Release Engineering.