incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Schmidt <jogischm...@googlemail.com>
Subject Re: [CODE]: update code signing for Windows
Date Mon, 25 Jun 2012 10:59:40 GMT
On 6/22/12 4:34 PM, Rob Weir wrote:
> On Fri, Jun 22, 2012 at 9:04 AM, Jürgen Schmidt
> <jogischmidt@googlemail.com> wrote:
>> On 6/22/12 2:34 PM, Jürgen Schmidt wrote:
>>> On 6/22/12 1:47 PM, O.Felka wrote:
>>>> Hello Jürgen,
>>>>
>>>> Am 22.06.2012 13:03, schrieb Jürgen Schmidt:
>>>>> Hi,
>>>>>
>>>>> I analyzed and played with code signing on Windows using a self signed
>>>>> test certificate.
>>>>>
>>>>> Thanks to Andre and his Perl skills I was able to fix a strange build
>>>>> problem with a too long command line triggered from a makefile to perl.
>>>>> Anyway this is solved now.
>>>>>
>>>>> I have now signed a full install set and would like to ask if somebody
>>>>> is interested to test it and give me feedback.
>>>>
>>>> I've made some quick tests under XP and Win7.
>>>> Starting the zipped file for unpacking gives a an unknown distributor in
>>>> the UAC dialog.
>>>
>>> I assume that is normal because the self signed certificate can't be
>>> verified but I have to collect more info ...
>>
>> I double checked on my machine where the certificate is already known
>> and I get as verified publisher "Apache OpenOffice (Dev Build)"
>>
> 
> Is there a way that testers can import the same certificate, so the
> signature verification works like it would with a real cert?
> 

yes I think so, it should be possible to import the cert in a local cert
store.

I can provide the *.cer file on demand. Please drop me an email.

Juergen


>>>
>>>  The same when I start the the setup.exe.
>>>> The properties of the zipped download file, the msi file and the
>>>> setup.exe shoa "Apache OpenOffice (DevBuild)" as
>>>> 'Signaturgeberinformation'.
>>>
>>> that is expected
>>>
>>>>
>>>> Installing the Office and looking at the 'control panel -> Add remove
>>>> and software' shows "OpenOffice.org" as distributor.
>>>
>>> mmh, I am not sure where this information comes from. Again I have
>>> collect more info...
>>
>> but in the control panel I still get as publisher "OpenOffice.org"
>>
>> mmh...
> 
> Could that be a vendor resource string associated with the EXE or DLL
> header PE header?
> 
> -Rob
> 
>>
>> Juergen
>>
>>
>>>
>>> But thanks for the feedback
>>>
>>> Juergen
>>>
>>>>
>>>> I fear that this is not what you've wanted.
>>>>
>>>> Groetjes,
>>>> Olaf
>>>>
>>>>>
>>>>> You can find a signed download file under
>>>>> http://people.apache.org/~jsc/signing_test/Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
>>>>>
>>>>>
>>>>> NOICE: this is a build based on AOO34 branch without the updated version
>>>>> numbers. It's no dev build, please be careful if you test it.
>>>>>
>>>>> I have to check the whole process and probably have to improve some
>>>>> things to make it final. The last important step is triggered manual
by
>>>>> now.
>>>>>
>>>>> I use a Personal Information Exchange file (*.pfx) of my self signed
>>>>> certificate with a passcode that is specified during the build process.
>>>>>
>>>>> This seems to be a good approach to handle a certificate in this
>>>>> scenario and during our build process.
>>>>>
>>>>> I will keep you informed...
>>>>>
>>>>> Juergen
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>



Mime
View raw message