incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From XiuLi Xu <susan.dongd...@gmail.com>
Subject Re: Windows 8 Compatibility?
Date Tue, 12 Jun 2012 04:06:59 GMT
Hi All,

I upload the detailed test result and Windows 8 related links in the wiki
document, Windows App Certification Kit Test Results for Apache OpenOffice
3.4<http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4>


On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wawalovo@gmail.com> wrote:

> There are so many items in the Windows 8 certification list, I try to go
> through it and find that there is maybe about 43 TODO items for us to do
> the certification. Most of the TODO items  are just a verification jobs,
> but some code change jobs maybe are need to do for the sections 4.1,5.1,
> 9.1, 10.2,11.7.
> I have try to verify some items, the result be marked at green.
> Herbert1 also go through the list, I put his result at the end of each
> section.
>
> Items which maybe need to change some codes
> ------------------------------------------------
> 4.1 Your app must handle critical shutdowns appropriately
> In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION will
> be sent WM_ENDSESSION and closed, while those that time out in response to
> WM_QUERYENDSESSION will be terminated. .
> 5.1 Your app must properly implement a clean, reversible installation
> If the installation fails, the app should be able to roll it back and
> restore the machine to its previous state.
> 9.1 Your app must have a manifest that defines execution levels and tells
> the operating system what privileges the app requires in order to run
> The app manifest marking only applies to EXEs, not DLLs. This is because
> UAC does not inspect DLLs during process creation. It is also worth noting
> that UAC rules do not apply to Windows Services. The manifest can be either
> embedded or external.
> To create a manifest, create a file with the name <app_name>.exe.manifest
> and store it in the same directory as the EXE. Note that any external
> manifest is ignored if the app has an internal manifest. For example:
>  <requestedExecutionLevel level=""asInvoker | highestAvailable |
> requireAdministrator"" uiAccess=""true|false""/>
> 10.2 Your app must avoid starting automatically on startup
> For example, your app should not set any of the following;
> Registry run keys HKLM and, or HKCU under
> Software\Microsoft\Windows\CurrentVersion
> Registry run keys HKLM, and or HKCU under
> Software\Wow6432Node\Microsoft\windows\CurrentVersion
> Start Menu AllPrograms > STARTUP
> 11.7 Your app must check other terminal service (TS) sessions for existing
> instances of the app
> Note: If an app does not support multiple user sessions or remote access,
> it must clearly state this when launched from this kind of session.
>
> ------------------------------------------------------------------------------------------
> Full TODO items.
>
> 1. Apps are compatible and resilient
> 1.1 Your app must not take a dependency on Windows compatibility modes,
> AppHelp message, and or any other compatibility fixes
> TODO 1.1 : Need verification , don't depend.
> 1.2 Your app must not take a dependency on the VB6 runtime
> TODO 1.2 : Need verification , don't depend.
> 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
> using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> AppInit_dlls.
> TODO 1.3 : Need verification , don't load.
> Herbert1: Win8 Cert Section 1 : ok
>
> 2. Apps must adhere to Windows Security Best Practices
> 2.1 Your app must use strong and appropriate ACLs to secure executable
> files
> TODO 2.1 : Need verification
> 2.2 Your app must use strong and appropriate ACLs to secure directories
> TODO 2.2 : Need verification
> 2.3 Your app must use strong and appropriate ACLs to secure registry keys
> TODO 2.3 : Need verification
> 2.4 Your app must use strong and appropriate ACLs to secure directories
> that contain objects
> TODO 2.4 : Need verification
> 2.5 Your app must reduce non-administrator access to services that are
> vulnerable to tampering
> TODO 2.5 : Need verification
> 2.6 Your app must prevent services with fast restarts from restarting more
> than twice every 24 hours
> TODO 2.6 : Need verification
> Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it is
> fine,we are using nsis-2.46 for building the MSI package but Windows itself
> does the installation of the MSI packages
>
> 3. Apps support Windows security features
> 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA) to
> ensure secure access to strong-named assemblies
> TODO 3.1 : Need verification,
> 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> exceptions handling
> TODO 3.2 : Need verification, we use it
> 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
> execution
> TODO 3.3 : Need verification, we use it
> 3.4 Your app must be compiled using the /DYNAMICBASE flag for address space
> layout randomization (ASLR)
> TODO 3.4 : Need verification, we use it
> 3.5 Your app must not Read/Write Shared PE Sections
> TODO 3.5 : Need verification,
> Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
> DYNAMICBASE, but the libraries we ship have to be modified to use these
> flags too,I'm almost certain that we don't use APTCA,I'm not so sure about
> the RW PW Sections, but I guess we do not have any.
>
> 4. Apps must adhere to system restart manager messages
> 4.1 Your app must handle critical shutdowns appropriately
> TODO 4.1 : Need verification,
> 4.2 A GUI app must return TRUE immediately in preparation for a restart
> TODO 4.2 : Need verification, we do
> 4.3 Your app must return 0 within 30 seconds and shut down
> TODO 4.3 : Need verification,we do
> Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> implemented,these new messages are currently ignored
>
> 5. Apps must support a clean, reversible installation
> 5.1 Your app must properly implement a clean, reversible installation
> TODO 5.1 : Need verification,
> 5.2 Your app must never force the user to restart the computer immediately
> TODO 5.2 : Need verification,we never
> 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> TODO 5.3 : Need verification,we never
> 5.4 Your app must never block silent install/uninstall
> TODO 5.4 : Need verification,
> 5.5 Your app installer must create the correct registry entries to allow
> successful detection and uninstalls
> TODO 5.5 : Need verification,
> Herbert1: Win8 Cert Section 5: making sure that the registry entries and
> files are restored is difficult
>
> 6. Apps must digitally sign files and drivers
> 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) must be
> signed with an Authenticode certificate
> TODO 6.1:Need to do digitally sign
> Herbert1: Win8 Cert Section 6: Having authentication credentials would be
> good even if don't pursue Win8 shop certification
>
> 7. Apps don’t block installation or app launch based on an operating system
> version check
> 7.1 Your app must not perform version checks for equality
> TODO 7.1 : Need verification,
> Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
> almost certain that it is not a check for equality. Needs to be checked
> though.
>
> 8. Apps don’t load services or drivers in safe mode
> TODO 8 : Need verification, we don't
>
> 9. Apps must follow User Account Control guidelines
> 9.1 Your app must have a manifest that defines execution levels and tells
> the operating system what privileges the app requires in order to run
> TODO 9.1 : Need verification,
> 9.2 Your app’s main process must be run as a standard user (asInvoker).
> TODO 9.2 : Need verification,
>
> 10. Apps must install to the correct folders by default
> 10.1 Your app must be installed in the Program Files folder by default
> TODO 10.1: Need verification,we do
> 10.2 Your app must avoid starting automatically on startup
> TODO 10.2: Need verification, the quick start is a issue
> 10.3 Your app data, which must be shared among users on the computer,
> should be stored within ProgramData
> TODO 10.3: Need verification,we do
> 10.4 Your app’s data that is exclusive to a specific user and that is not
> to be shared with other users of the computer, must be stored in
> Users\<username>\AppData
> TODO 10.4: Need verification,we do
> 10.5 Your app must never write directly to the "Windows" directory and or
> subdirectories
> TODO 10.5: Need verification,we never
> 10.6 Your app must write user data at first run and not during the
> installation in “per-machine” installations
> TODO 10.6: Need verification,we do
>
> 11. Apps must support multi-user sessions
> 11.1 Your app must ensure that when running in multiple sessions either
> locally or remotely, the normal functionality of the app is not adversely
> affected
> TODO 11.1: Need verification,
> 11.2 Your app’s settings and data files must not persist across users
> TODO 11.2: Need verification,
> 11.3 A user’s privacy and preferences must be isolated to the user’s
> session
> TODO 11.3: Need verification,
> 11.4 Your app’s instances must be isolated from each other
> TODO 11.4: Need verification,
> 11.5 Apps that are installed for multiple users must store data in the
> correct folder(s) and registry locations
> Refer to the UAC requirements.
> TODO 11.5: Need verification,
> 11.6 User apps must be able to run in multiple user sessions (Fast User
> Switching) for both local and remote access
> TODO 11.6: Need verification,
> 11.7 Your app must check other terminal service (TS) sessions for existing
> instances of the app
> TODO 11.7: Need verification,
> Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
> session management
>
> 12. Apps must support x64 versions of Windows
> 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> Windows-based apps must run seamlessly on 64-bit systems to maintain
> compatibility with 64-bit versions of Windows
> TODO 12.1: Need verification, AOO can be run on 64-bit system
> 12.2 Your app and its installers must not contain any 16-bit code or rely
> on any 16-bit component
> TODO 12.2: Need verification,  AOO not contain 16-bit code
> 12.3 Your app’s setup must detect and install the proper drivers and
> components for the 64-bit architecture
> TODO 12.3: Need verification,
>
>
>
> 2012/6/7 Rob Weir <robweir@apache.org>
>
> > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > server.  After a few minutes to figure out the new platform UI I
> > installed AOO 3.4.  Install went without problems and it appears to
> > run fine.
> >
> > Of course, there is more that we could do to be a well-integrated
> > Windows desktop application.  The best practices are outlined here:
> > http://msdn.microsoft.com/library/windows/desktop/hh749939
> >
> > A lot of this is goodness that would help users on Windows 7 and
> > earlier versions as well.  For example, the code signing reduces the
> > risk of tampering or corrupt files.  It also reduces false complaints
> > by some anti-virus products.  The recommended compiler options help
> > reduce the explotability of security vulnerabilities, especially of
> > the kind products run into reading binary file formats.  More info on
> > these options are here:
> >
> >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> >
> > Did OpenOffice.org ever try for logo certification from Microsoft
> > before?  If so, what was the experience?
> >
> > I think it might be worth trying for this with AOO,  It would takes
> > some work, but in the end we would have better platform integration,
> > and a better user and admin experience.
> >
> > -Rob
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message