Kerberos for Windows (KfW) Build Environment

From K5Wiki
(Difference between revisions)
Jump to: navigation, search
Line 96: Line 96:
Code signing
Code signing
signtool /a /t http://timestamp.verisign.com/scripts/timstamp.dll foo.msi
signtool sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll foo.msi
You might need to add <code>/i Verisign</code> or something to select the right signing cert.
You might need to add <code>/i Verisign</code> or something to select the right signing cert.

Revision as of 13:17, 25 June 2015

Directions for producing an environment in which to build Kerberos for Windows version 4

Start with a clean Windows 7 installation (64-bit necessary?)

(0) get a browser that you like/trust to validate SSL certs/etc.

(1) Install MS Visual Studio 2010 Professional

   grab the Visual C++ 10.0 runtime for x86 and x64
   also the 64-bit prerequisites
   Documentation files not necessary
   Choose 'Visual C++ Development Settings' (probably doesn't matter)
   You should now have an 'HTML Help Workshop' entry within
   Program Files (x86).  This will get added to the path, later.

(2) Install the Windows SDK version 7.1

   The download is over a non-https url by default, though the installer
   is signed by a Microsoft certificate.
   [Select all components (add application verifier, debugging tools,
    windows performance toolkit)]
   Finishing the installation brings up the Help Library Manager (installer?)
   but nothing should be necessary from that utility.

(3) Install the Utilities and SDK for UNIX-based Applications (amd64 if on a 64-bit system)

   First, enable the Windows feature "Subsystem for UNIX-based Applications"
   from the Control Panel.  (Programs [and Features] menu, "Turn on or off
   Windows features", or similar.)
   Then visit (also available from the All Programs menu)
   Again, this is a http-default page, and attempting to use SSL causes
   an error due to Akamai configuration.
   I have Version 10.0.6030.0 of the SUA, which claims to be for
   Windows Vista RTM/Windows Vista SP1/Windows Server 2008 RTM
   but appears to work fine on Windows 7.
   [The standard installation gives us awk, which may be all we need?]

(4) Install the Windows Installer XML Toolkit

   Tested with version 3.5; there is a 3.6 beta available as well.
   wix.sourceforge.net --> wix.codeplex.com/releases/view/60102
   These default to non-SSL urls; try to get
   Install all components (the default setting).

(5) Update the system path to include some necessary utilities.

   This is something like
   Control Panel->System->Advanced System Settings->Environment
   awk is in C:\Windows\SUA\bin
   But, you will need to make a *copy* (not link) of it named awk.exe in
   order for things to work properly.  Check the permissions so that everyone
   can read and execute it.
   Add the directory containing hhc.exe to the path:
   C:\Program Files (x86)\HTML Help Workshop
   Add C:\Program Files (x86)\Windows Installer XML v3.5\bin to the path
   to get candle.exe.

(6) Install a real Perl that can handle both forward-slash and backward-slash as path separators, e.g., ActivePerl or Strawberry Perl.

   I used Strawberry Perl, since its installer was downloadable over SSL and
   was digitally signed.
   I have strawberry_perl-
   Note that you may not have spaces in the path to the installation, so
   it installs to c:\strawberry by default.

That should be enough for the build environment.

To actually build an installer, fire up the Windows SDK 7.1 command prompt.

(0) cmd /v to get delayed expansion of variables

(1) Environment set-up

   set KRB_INSTALL_DIR=/path/to/an/obj/dir
   [set MIT_INTERNAL=1]
   [set NODEBUG=1]
   \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x86 [/release]
   set CPU=i386

(2) Build the 32-bit binaries

   cd /path/to/krb5-tree/src
   [nmake clean]
   nmake -f Makefile.in prep-windows
   nmake install

(3) Build 32-bit installer

   cd windows/installer/wix
   [nmake clean]
   rename kfw.msi kfw32.msi

(4) 64-bit build

   \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x64 [/release]
   set CPU=AMD64
   cd /path/to/krb5-tree/src
   nmake clean
   nmake -f Makefile.in prep-windows [?]
   nmake install

(5) Build 64-bit installer

   cd windows/installer/wix
   nmake clean
   rename kfw.msi kfw64.msi

Code signing

   signtool sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll foo.msi

You might need to add /i Verisign or something to select the right signing cert.

Personal tools