Kerberos for Windows (KfW) Build Environment
Directions for producing an environment in which to build Kerberos for Windows version 4
Start with a clean Windows 7 installation (64-bit necessary?)
(0) get a browser that you like/trust to validate SSL certs/etc.
(1) Install MS Visual Studio 2010 Professional
grab the Visual C++ 10.0 runtime for x86 and x64 also the 64-bit prerequisites Documentation files not necessary Choose 'Visual C++ Development Settings' (probably doesn't matter) You should now have an 'HTML Help Workshop' entry within Program Files (x86). This will get added to the path, later.
(2) Install the Windows SDK version 7.1
http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8279 The download is over a non-https url by default, though the installer is signed by a Microsoft certificate. [Select all components (add application verifier, debugging tools, windows performance toolkit)] Finishing the installation brings up the Help Library Manager (installer?) but nothing should be necessary from that utility.
(3) Install the Utilities and SDK for UNIX-based Applications (amd64 if on a 64-bit system)
First, enable the Windows feature "Subsystem for UNIX-based Applications" from the Control Panel. (Programs [and Features] menu, "Turn on or off Windows features", or similar.) Then visit (also available from the All Programs menu) http://www.microsoft.com/en-us/download/details.aspx?id=23754 Again, this is a http-default page, and attempting to use SSL causes an error due to Akamai configuration. I have Version 10.0.6030.0 of the SUA, which claims to be for Windows Vista RTM/Windows Vista SP1/Windows Server 2008 RTM but appears to work fine on Windows 7. [The standard installation gives us awk, which may be all we need?]
(4) Install the Windows Installer XML Toolkit
Tested with version 3.5; there is a 3.6 beta available as well. wix.sourceforge.net --> wix.codeplex.com/releases/view/60102 These default to non-SSL urls; try to get https://download-codeplex.sec.s-msft.com/Download/Release?ProjectName=wix&DownloadId=204417&FileTime=129409234222130000&Build=19194 Install all components (the default setting).
(5) Update the system path to include some necessary utilities.
This is something like Control Panel->System->Advanced System Settings->Environment awk is in C:\Windows\SUA\bin But, you will need to make a *copy* (not link) of it named awk.exe in order for things to work properly. Check the permissions so that everyone can read and execute it. Add the directory containing hhc.exe to the path: C:\Program Files (x86)\HTML Help Workshop Add C:\Program Files (x86)\Windows Installer XML v3.5\bin to the path to get candle.exe.
(6) Install a real Perl that can handle both forward-slash and backward-slash as path separators, e.g., ActivePerl or Strawberry Perl.
I used Strawberry Perl, since its installer was downloadable over SSL and was digitally signed. I have strawberry_perl-220.127.116.11-64bit.msi Note that you may not have spaces in the path to the installation, so it installs to c:\strawberry by default.
That should be enough for the build environment.
To actually build an installer, fire up the Windows SDK 7.1 command prompt.
(0) cmd /v to get delayed expansion of variables
(1) Environment set-up
set KRB_INSTALL_DIR=/path/to/an/obj/dir [set MIT_INTERNAL=1] [set NODEBUG=1] \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x86 [/release] set CPU=i386
(2) Build the 32-bit binaries
cd /path/to/krb5-tree/src [nmake clean] nmake -f Makefile.in prep-windows nmake nmake install
(3) Build 32-bit installer
cd windows/installer/wix [nmake clean] nmake rename kfw.msi kfw32.msi
(4) 64-bit build
\Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x64 [/release] set CPU=AMD64 cd /path/to/krb5-tree/src nmake clean nmake -f Makefile.in prep-windows [?] nmake nmake install
(5) Build 64-bit installer
cd windows/installer/wix nmake clean nmake rename kfw.msi kfw64.msi
signtool sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll foo.msi
You might need to add
/i Verisign or something to select the right signing cert.