Difference between revisions of "Kerberos for Windows (KfW) Build Environment"
From K5Wiki
(4 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
[[Category: Kerberos for Windows]] |
[[Category: Kerberos for Windows]] |
||
Directions for producing an environment in which to build |
Directions for producing an environment in which to build |
||
− | Kerberos for Windows version 4 |
+ | Kerberos for Windows version 4.2 |
− | Start with a clean Windows 7 installation (64-bit necessary?) |
||
+ | * Install 64-bit Windows 10. |
||
− | (0) get a browser that you like/trust to validate SSL certs/etc. |
||
+ | * Install Visual Studio 2017 Community. |
||
+ | ** Check "Desktop development with C++". |
||
+ | ** Check "MFC and ATL support". |
||
+ | ** After installing, locate the Visual Studio 2017 menu under the start menu, and pin the x64 and x86 Native Tools Command Prompt entries to the task bar for e |
||
− | (1) Install MS Visual Studio 2010 Professional |
||
+ | * Install the chocolatey package manager from https://chocolatey.org/install (by pasting the PowerShell command line into an administrative powershell). Install the following packages: |
||
− | grab the Visual C++ 10.0 runtime for x86 and x64 |
||
− | also the 64-bit prerequisites |
||
− | Documentation files not necessary |
||
− | Choose 'Visual C++ Development Settings' (probably doesn't matter) |
||
− | You should now have an 'HTML Help Workshop' entry within |
||
− | Program Files (x86). This will get added to the path, later. |
||
− | (2) Install the Windows SDK version 7.1 |
||
− | http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=8279 |
||
− | The download is over a non-https url by default, though the installer |
||
− | is signed by a Microsoft certificate. |
||
− | [Select all components (add application verifier, debugging tools, |
||
− | windows performance toolkit)] |
||
− | Finishing the installation brings up the Help Library Manager (installer?) |
||
− | but nothing should be necessary from that utility. |
||
− | If you have an error mentioning "Please refer to Samples\Setup\HTML\ConfigDetails.htm" |
||
− | then uninstall any existing Visual Studio 2010 Redistributable packages installed on |
||
− | your system and try again. |
||
− | (3) Install the Utilities and SDK for UNIX-based Applications (amd64 if on a 64-bit system) |
||
− | First, enable the Windows feature "Subsystem for UNIX-based Applications" |
||
− | from the Control Panel. (Programs [and Features] menu, "Turn on or off |
||
− | Windows features", or similar.) |
||
− | Then visit (also available from the All Programs menu) |
||
− | http://www.microsoft.com/en-us/download/details.aspx?id=23754 |
||
− | Again, this is a http-default page, and attempting to use SSL causes |
||
− | an error due to Akamai configuration. |
||
− | I have Version 10.0.6030.0 of the SUA, which claims to be for |
||
− | Windows Vista RTM/Windows Vista SP1/Windows Server 2008 RTM |
||
− | but appears to work fine on Windows 7. |
||
− | [The standard installation gives us awk, which may be all we need?] |
||
− | (4) Install the Windows Installer XML Toolkit |
||
− | Tested with version 3.5; there is a 3.6 beta available as well. |
||
− | wix.sourceforge.net --> wix.codeplex.com/releases/view/60102 |
||
− | These default to non-SSL urls; try to get |
||
− | https://download-codeplex.sec.s-msft.com/Download/Release?ProjectName=wix&DownloadId=204417&FileTime=129409234222130000&Build=19194 |
||
− | Install all components (the default setting). |
||
− | (5) Update the system path to include some necessary utilities. |
||
− | This is something like |
||
− | Control Panel->System->Advanced System Settings->Environment |
||
− | awk is in C:\Windows\SUA\bin |
||
− | But, you will need to make a *copy* (not link) of it named awk.exe in |
||
− | order for things to work properly. Check the permissions so that everyone |
||
− | can read and execute it. |
||
− | Add the directory containing hhc.exe to the path: |
||
− | C:\Program Files (x86)\HTML Help Workshop |
||
− | Add C:\Program Files (x86)\Windows Installer XML v3.5\bin to the path |
||
− | to get candle.exe. |
||
− | (6) Install a real Perl that can handle both forward-slash and backward-slash as path separators, e.g., ActivePerl or Strawberry Perl. |
||
− | I used Strawberry Perl, since its installer was downloadable over SSL and |
||
− | was digitally signed. |
||
− | I have strawberry_perl-5.14.2.1-64bit.msi |
||
− | Note that you may not have spaces in the path to the installation, so |
||
− | it installs to c:\strawberry by default. |
||
− | That should be enough for the build environment. |
||
+ | choco install wixtoolset -y |
||
+ | choco install strawberryperl -y |
||
+ | choco install git -y -params '"/GitAndUnixToolsOnPath"' |
||
+ | choco install emacs -y |
||
+ | choco install windbg -y |
||
− | To actually build an installer, first get the source. If you are using git |
||
+ | * Add wix to the path. |
||
− | to get the source, don't set it to convert the line endings to native. The |
||
+ | ** search for System (control panel) and run it. |
||
− | SUA version of awk expects the files to have unix line endings. |
||
+ | ** advanced system settings |
||
+ | ** environment variables (button at bottom) |
||
+ | ** click on wix, copy value. |
||
+ | ** click on path, click edit, click new, paste value and add "\bin". |
||
− | Next, fire up the Windows SDK 7.1 command prompt. |
||
+ | Follow the instructions in src/windows/README to perform a build. NODEBUG can be set in the environment ("set NODEBUG=1") to avoid having to specify it on the nmake command line each time. For MIT-specific builds, also "set MIT_INTERNAL=1" or specify it on the nmake command line when building the installer. |
||
− | (0) cmd /v to get delayed expansion of variables |
||
+ | Code signing: |
||
− | (1) Environment set-up |
||
+ | signtool sign /v /d "MIT Kerberos for Windows installer" /a /fd sha256 /tr http://timestamp.comodoca.com /td sha256 foo.msi |
||
− | set KRB_INSTALL_DIR=/path/to/an/obj/dir |
||
− | [set MIT_INTERNAL=1] |
||
− | [set NODEBUG=1] |
||
− | \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x86 [/release] |
||
− | set CPU=i386 |
||
− | (2) Build the 32-bit binaries |
||
− | cd /path/to/krb5-tree/src |
||
− | [nmake clean] |
||
− | nmake -f Makefile.in prep-windows |
||
− | nmake |
||
− | nmake install |
||
− | (3) Build 32-bit installer |
||
− | cd windows/installer/wix |
||
− | [nmake clean] |
||
− | nmake |
||
− | rename kfw.msi kfw32.msi |
||
− | (4) 64-bit build -- NOTE: don't delete the install directory from the 32-bit build; the 32-bit DLLs are needed by the 64-bit installer |
||
− | \Program Files\Microsoft SDKs\Windows\v7.1\Bin\SetEnv.cmd /x64 [/release] |
||
− | set CPU=AMD64 |
||
− | cd /path/to/krb5-tree/src |
||
− | nmake clean |
||
− | nmake -f Makefile.in prep-windows [?] |
||
− | nmake |
||
− | nmake install |
||
− | (5) Build 64-bit installer |
||
− | cd windows/installer/wix |
||
− | nmake clean |
||
− | nmake |
||
− | rename kfw.msi kfw64.msi |
||
− | Code signing |
||
+ | See also https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/68/7/ |
||
− | signtool sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll foo.msi |
||
+ | More general KfW release engineering information at [[Kerberos for Windows Release Engineering]]. |
||
− | |||
− | Code signing with SHA256 file digest and timestamp (not required until 2017-01-01?) |
||
− | |||
− | signtool sign /v /a /fd sha256 /tr http://sha256timestamp.ws.symantec.com/sha256/timestamp foo.msi |
||
− | |||
− | See also https://knowledge.symantec.com/support/code-signing-support/index?page=content&id=SO15544 |
Latest revision as of 11:49, 7 April 2019
Directions for producing an environment in which to build Kerberos for Windows version 4.2
- Install 64-bit Windows 10.
- Install Visual Studio 2017 Community.
- Check "Desktop development with C++".
- Check "MFC and ATL support".
- After installing, locate the Visual Studio 2017 menu under the start menu, and pin the x64 and x86 Native Tools Command Prompt entries to the task bar for e
- Install the chocolatey package manager from https://chocolatey.org/install (by pasting the PowerShell command line into an administrative powershell). Install the following packages:
choco install wixtoolset -y choco install strawberryperl -y choco install git -y -params '"/GitAndUnixToolsOnPath"' choco install emacs -y choco install windbg -y
- Add wix to the path.
- search for System (control panel) and run it.
- advanced system settings
- environment variables (button at bottom)
- click on wix, copy value.
- click on path, click edit, click new, paste value and add "\bin".
Follow the instructions in src/windows/README to perform a build. NODEBUG can be set in the environment ("set NODEBUG=1") to avoid having to specify it on the nmake command line each time. For MIT-specific builds, also "set MIT_INTERNAL=1" or specify it on the nmake command line when building the installer.
Code signing:
signtool sign /v /d "MIT Kerberos for Windows installer" /a /fd sha256 /tr http://timestamp.comodoca.com /td sha256 foo.msi
See also https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/68/7/
More general KfW release engineering information at Kerberos for Windows Release Engineering.