incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lin Yuan <yuanlin....@gmail.com>
Subject Re: Windows 8 Compatibility?
Date Thu, 14 Jun 2012 08:06:39 GMT
About issue5 that support multiple user sessions,  as tested by Yan Ji on a
Windows 2008 server. When allow one user to remote log in with multiple
sessions, AOO 3.4 is not stable and will crash after some operations.

To support multiple sessions for one user, I thinkonly  rearchitect single
IPC to TS session managment is not enough. If allow multiple AOO instances
can be run isolated for one user, the data in user directory must be
synchronized correctly for those AOO instances as they all share the same
user directory. The data may inlucde extensions, .xcu and other
configuration files. So I think the simplest way to be able to cetifiacted
with Windows 8 in this section is do below thing mentioned in Certification
requirements for Windows 8

"If an app does not support multiple user sessions or remote access, it
must clearly state this when launched from this kind of session"

That is, when AOO launched, check if there is another AOO instance in a
different TS session but for the same user. If does, popup a warning dialog
and exit.




2012/6/12 Liu Da Li <wawalovo@gmail.com>

> I have create five items on Bugzilla to track these issue.
>
>   - Issue 1. Test for "Section 3 Apps support Windows security features"
>   is failed.Bugzilla ID 119946 link:
> [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>
>
>   - Issue 2. Test for "Section 4 Apps must adhere to system restart
>   manager messages" is failed. Bugzilla ID 119947 link:
> [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>
>
>   - Issue 3. Test for "Section 5 Apps must support a clean, reversible
>   installation" is failed. Bugzilla ID 119948 link:
> [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>
>
>   - Issue 4. Test for "Section 6 Apps must digitally sign files and
>   drivers" is failed.Bugzilla ID 119949 link:
> [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>
>
>   - Issue 5. Test for "Section 11 Apps must support multi-user sessions"
>   is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
>   [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>
> Anyone please help to check them, confirm them and fix them.
>
> 2012/6/12 XiuLi Xu <susan.dongdong@gmail.com>
>
> > Hi All,
> >
> > I upload the detailed test result and Windows 8 related links in the wiki
> > document, Windows App Certification Kit Test Results for Apache
> OpenOffice
> > 3.4<
> >
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> > >
> >
> >
> > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wawalovo@gmail.com> wrote:
> >
> > > There are so many items in the Windows 8 certification list, I try to
> go
> > > through it and find that there is maybe about 43 TODO items for us to
> do
> > > the certification. Most of the TODO items  are just a verification
> jobs,
> > > but some code change jobs maybe are need to do for the sections
> 4.1,5.1,
> > > 9.1, 10.2,11.7.
> > > I have try to verify some items, the result be marked at green.
> > > Herbert1 also go through the list, I put his result at the end of each
> > > section.
> > >
> > > Items which maybe need to change some codes
> > > ------------------------------------------------
> > > 4.1 Your app must handle critical shutdowns appropriately
> > > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION
> will
> > > be sent WM_ENDSESSION and closed, while those that time out in response
> > to
> > > WM_QUERYENDSESSION will be terminated. .
> > > 5.1 Your app must properly implement a clean, reversible installation
> > > If the installation fails, the app should be able to roll it back and
> > > restore the machine to its previous state.
> > > 9.1 Your app must have a manifest that defines execution levels and
> tells
> > > the operating system what privileges the app requires in order to run
> > > The app manifest marking only applies to EXEs, not DLLs. This is
> because
> > > UAC does not inspect DLLs during process creation. It is also worth
> > noting
> > > that UAC rules do not apply to Windows Services. The manifest can be
> > either
> > > embedded or external.
> > > To create a manifest, create a file with the name
> <app_name>.exe.manifest
> > > and store it in the same directory as the EXE. Note that any external
> > > manifest is ignored if the app has an internal manifest. For example:
> > >  <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > > requireAdministrator"" uiAccess=""true|false""/>
> > > 10.2 Your app must avoid starting automatically on startup
> > > For example, your app should not set any of the following;
> > > Registry run keys HKLM and, or HKCU under
> > > Software\Microsoft\Windows\CurrentVersion
> > > Registry run keys HKLM, and or HKCU under
> > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > > Start Menu AllPrograms > STARTUP
> > > 11.7 Your app must check other terminal service (TS) sessions for
> > existing
> > > instances of the app
> > > Note: If an app does not support multiple user sessions or remote
> access,
> > > it must clearly state this when launched from this kind of session.
> > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > Full TODO items.
> > >
> > > 1. Apps are compatible and resilient
> > > 1.1 Your app must not take a dependency on Windows compatibility modes,
> > > AppHelp message, and or any other compatibility fixes
> > > TODO 1.1 : Need verification , don't depend.
> > > 1.2 Your app must not take a dependency on the VB6 runtime
> > > TODO 1.2 : Need verification , don't depend.
> > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
> > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > AppInit_dlls.
> > > TODO 1.3 : Need verification , don't load.
> > > Herbert1: Win8 Cert Section 1 : ok
> > >
> > > 2. Apps must adhere to Windows Security Best Practices
> > > 2.1 Your app must use strong and appropriate ACLs to secure executable
> > > files
> > > TODO 2.1 : Need verification
> > > 2.2 Your app must use strong and appropriate ACLs to secure directories
> > > TODO 2.2 : Need verification
> > > 2.3 Your app must use strong and appropriate ACLs to secure registry
> keys
> > > TODO 2.3 : Need verification
> > > 2.4 Your app must use strong and appropriate ACLs to secure directories
> > > that contain objects
> > > TODO 2.4 : Need verification
> > > 2.5 Your app must reduce non-administrator access to services that are
> > > vulnerable to tampering
> > > TODO 2.5 : Need verification
> > > 2.6 Your app must prevent services with fast restarts from restarting
> > more
> > > than twice every 24 hours
> > > TODO 2.6 : Need verification
> > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it
> is
> > > fine,we are using nsis-2.46 for building the MSI package but Windows
> > itself
> > > does the installation of the MSI packages
> > >
> > > 3. Apps support Windows security features
> > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA)
> > to
> > > ensure secure access to strong-named assemblies
> > > TODO 3.1 : Need verification,
> > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> > > exceptions handling
> > > TODO 3.2 : Need verification, we use it
> > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
> > > execution
> > > TODO 3.3 : Need verification, we use it
> > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
> > space
> > > layout randomization (ASLR)
> > > TODO 3.4 : Need verification, we use it
> > > 3.5 Your app must not Read/Write Shared PE Sections
> > > TODO 3.5 : Need verification,
> > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
> > > DYNAMICBASE, but the libraries we ship have to be modified to use these
> > > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
> > about
> > > the RW PW Sections, but I guess we do not have any.
> > >
> > > 4. Apps must adhere to system restart manager messages
> > > 4.1 Your app must handle critical shutdowns appropriately
> > > TODO 4.1 : Need verification,
> > > 4.2 A GUI app must return TRUE immediately in preparation for a restart
> > > TODO 4.2 : Need verification, we do
> > > 4.3 Your app must return 0 within 30 seconds and shut down
> > > TODO 4.3 : Need verification,we do
> > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > > implemented,these new messages are currently ignored
> > >
> > > 5. Apps must support a clean, reversible installation
> > > 5.1 Your app must properly implement a clean, reversible installation
> > > TODO 5.1 : Need verification,
> > > 5.2 Your app must never force the user to restart the computer
> > immediately
> > > TODO 5.2 : Need verification,we never
> > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> > > TODO 5.3 : Need verification,we never
> > > 5.4 Your app must never block silent install/uninstall
> > > TODO 5.4 : Need verification,
> > > 5.5 Your app installer must create the correct registry entries to
> allow
> > > successful detection and uninstalls
> > > TODO 5.5 : Need verification,
> > > Herbert1: Win8 Cert Section 5: making sure that the registry entries
> and
> > > files are restored is difficult
> > >
> > > 6. Apps must digitally sign files and drivers
> > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
> must
> > be
> > > signed with an Authenticode certificate
> > > TODO 6.1:Need to do digitally sign
> > > Herbert1: Win8 Cert Section 6: Having authentication credentials would
> be
> > > good even if don't pursue Win8 shop certification
> > >
> > > 7. Apps don’t block installation or app launch based on an operating
> > system
> > > version check
> > > 7.1 Your app must not perform version checks for equality
> > > TODO 7.1 : Need verification,
> > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
> > > almost certain that it is not a check for equality. Needs to be checked
> > > though.
> > >
> > > 8. Apps don’t load services or drivers in safe mode
> > > TODO 8 : Need verification, we don't
> > >
> > > 9. Apps must follow User Account Control guidelines
> > > 9.1 Your app must have a manifest that defines execution levels and
> tells
> > > the operating system what privileges the app requires in order to run
> > > TODO 9.1 : Need verification,
> > > 9.2 Your app’s main process must be run as a standard user (asInvoker).
> > > TODO 9.2 : Need verification,
> > >
> > > 10. Apps must install to the correct folders by default
> > > 10.1 Your app must be installed in the Program Files folder by default
> > > TODO 10.1: Need verification,we do
> > > 10.2 Your app must avoid starting automatically on startup
> > > TODO 10.2: Need verification, the quick start is a issue
> > > 10.3 Your app data, which must be shared among users on the computer,
> > > should be stored within ProgramData
> > > TODO 10.3: Need verification,we do
> > > 10.4 Your app’s data that is exclusive to a specific user and that is
> not
> > > to be shared with other users of the computer, must be stored in
> > > Users\<username>\AppData
> > > TODO 10.4: Need verification,we do
> > > 10.5 Your app must never write directly to the "Windows" directory and
> or
> > > subdirectories
> > > TODO 10.5: Need verification,we never
> > > 10.6 Your app must write user data at first run and not during the
> > > installation in “per-machine” installations
> > > TODO 10.6: Need verification,we do
> > >
> > > 11. Apps must support multi-user sessions
> > > 11.1 Your app must ensure that when running in multiple sessions either
> > > locally or remotely, the normal functionality of the app is not
> adversely
> > > affected
> > > TODO 11.1: Need verification,
> > > 11.2 Your app’s settings and data files must not persist across users
> > > TODO 11.2: Need verification,
> > > 11.3 A user’s privacy and preferences must be isolated to the user’s
> > > session
> > > TODO 11.3: Need verification,
> > > 11.4 Your app’s instances must be isolated from each other
> > > TODO 11.4: Need verification,
> > > 11.5 Apps that are installed for multiple users must store data in the
> > > correct folder(s) and registry locations
> > > Refer to the UAC requirements.
> > > TODO 11.5: Need verification,
> > > 11.6 User apps must be able to run in multiple user sessions (Fast User
> > > Switching) for both local and remote access
> > > TODO 11.6: Need verification,
> > > 11.7 Your app must check other terminal service (TS) sessions for
> > existing
> > > instances of the app
> > > TODO 11.7: Need verification,
> > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
> > > session management
> > >
> > > 12. Apps must support x64 versions of Windows
> > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> > > Windows-based apps must run seamlessly on 64-bit systems to maintain
> > > compatibility with 64-bit versions of Windows
> > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > > 12.2 Your app and its installers must not contain any 16-bit code or
> rely
> > > on any 16-bit component
> > > TODO 12.2: Need verification,  AOO not contain 16-bit code
> > > 12.3 Your app’s setup must detect and install the proper drivers and
> > > components for the 64-bit architecture
> > > TODO 12.3: Need verification,
> > >
> > >
> > >
> > > 2012/6/7 Rob Weir <robweir@apache.org>
> > >
> > > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > > > server.  After a few minutes to figure out the new platform UI I
> > > > installed AOO 3.4.  Install went without problems and it appears to
> > > > run fine.
> > > >
> > > > Of course, there is more that we could do to be a well-integrated
> > > > Windows desktop application.  The best practices are outlined here:
> > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > > >
> > > > A lot of this is goodness that would help users on Windows 7 and
> > > > earlier versions as well.  For example, the code signing reduces the
> > > > risk of tampering or corrupt files.  It also reduces false complaints
> > > > by some anti-virus products.  The recommended compiler options help
> > > > reduce the explotability of security vulnerabilities, especially of
> > > > the kind products run into reading binary file formats.  More info on
> > > > these options are here:
> > > >
> > > >
> > > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > > >
> > > > Did OpenOffice.org ever try for logo certification from Microsoft
> > > > before?  If so, what was the experience?
> > > >
> > > > I think it might be worth trying for this with AOO,  It would takes
> > > > some work, but in the end we would have better platform integration,
> > > > and a better user and admin experience.
> > > >
> > > > -Rob
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message