logo_kerberos.gif

Kerberos for Windows (KfW) Build Environment

From K5Wiki
Revision as of 10:02, 3 April 2019 by Ghudson (talk | contribs)

Jump to: navigation, search

Directions for producing an environment in which to build Kerberos for Windows version 4

Start with a clean Windows 7 installation (64-bit necessary?)

(0) get a browser that you like/trust to validate SSL certs/etc.

(1) Install MS Visual Studio 2010 Professional

   grab the Visual C++ 10.0 runtime for x86 and x64
   also the 64-bit prerequisites
   Documentation files not necessary
   Choose 'Visual C++ Development Settings' (probably doesn't matter)
   You should now have an 'HTML Help Workshop' entry within
   Program Files (x86).  This will get added to the path, later.

(2) Install the Windows SDK version 7.1

   http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8279
   The download is over a non-https url by default, though the installer
   is signed by a Microsoft certificate.
   [Select all components (add application verifier, debugging tools,
    windows performance toolkit)]
   Finishing the installation brings up the Help Library Manager (installer?)
   but nothing should be necessary from that utility.
   If you have an error mentioning "Please refer to Samples\Setup\HTML\ConfigDetails.htm"
   then uninstall any existing Visual Studio 2010 Redistributable packages installed on
   your system and try again.

(3) Install the Utilities and SDK for UNIX-based Applications (amd64 if on a 64-bit system)

   First, enable the Windows feature "Subsystem for UNIX-based Applications"
   from the Control Panel.  (Programs [and Features] menu, "Turn on or off
   Windows features", or similar.)
   Then visit (also available from the All Programs menu)
   http://www.microsoft.com/en-us/download/details.aspx?id=23754
   Again, this is a http-default page, and attempting to use SSL causes
   an error due to Akamai configuration.
   I have Version 10.0.6030.0 of the SUA, which claims to be for
   Windows Vista RTM/Windows Vista SP1/Windows Server 2008 RTM
   but appears to work fine on Windows 7.
   [The standard installation gives us awk, which may be all we need?]

(4) Install the Windows Installer XML Toolkit

   Tested with version 3.5; there is a 3.6 beta available as well.
   wix.sourceforge.net --> wix.codeplex.com/releases/view/60102
   These default to non-SSL urls; try to get
   https://download-codeplex.sec.s-msft.com/Download/Release?ProjectName=wix&DownloadId=204417&FileTime=129409234222130000&Build=19194
   Install all components (the default setting).

(5) Update the system path to include some necessary utilities.

   This is something like
   Control Panel->System->Advanced System Settings->Environment
   awk is in C:\Windows\SUA\bin
   But, you will need to make a *copy* (not link) of it named awk.exe in
   order for things to work properly.  Check the permissions so that everyone
   can read and execute it.
   Add the directory containing hhc.exe to the path:
   C:\Program Files (x86)\HTML Help Workshop
   Add C:\Program Files (x86)\Windows Installer XML v3.5\bin to the path
   to get candle.exe.

(6) Install a real Perl that can handle both forward-slash and backward-slash as path separators, e.g., ActivePerl or Strawberry Perl.

   I used Strawberry Perl, since its installer was downloadable over SSL and
   was digitally signed.
   I have strawberry_perl-5.14.2.1-64bit.msi
   Note that you may not have spaces in the path to the installation, so
   it installs to c:\strawberry by default.

That should be enough for the build environment.

To actually build an installer, first get the source. If you are using git to get the source, don't set it to convert the line endings to native. The SUA version of awk expects the files to have unix line endings.

Next, fire up the Windows SDK 7.1 command prompt.

(0) cmd /v to get delayed expansion of variables

(1) Environment set-up

   set KRB_INSTALL_DIR=/path/to/an/obj/dir
   [set MIT_INTERNAL=1]
   [set NODEBUG=1]
   \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x86 [/release]
   set CPU=i386

(2) Build the 32-bit binaries

   cd /path/to/krb5-tree/src
   [nmake clean]
   nmake -f Makefile.in prep-windows
   nmake
   nmake install

(3) Build 32-bit installer

   cd windows/installer/wix
   [nmake clean]
   nmake
   rename kfw.msi kfw32.msi

(4) 64-bit build -- NOTE: don't delete the install directory from the 32-bit build; the 32-bit DLLs are needed by the 64-bit installer

   \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x64 [/release]
   set CPU=AMD64
   cd /path/to/krb5-tree/src
   nmake clean
   nmake -f Makefile.in prep-windows [?]
   nmake
   nmake install

(5) Build 64-bit installer

   cd windows/installer/wix
   nmake clean
   nmake
   rename kfw.msi kfw64.msi

Code signing

   signtool sign /a /t http://timestamp.comodoca.com /d kfw.msi foo.msi

Code signing with SHA256 file digest and timestamp (not required until 2017-01-01?)

   signtool sign /v /a /fd sha256 /tr http://timestamp.comodoca.com /td sha256 /d kfw.msi foo.msi

See also https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/68/7/

More general KfW release engineering information at Kerberos for Windows Release Engineering.