incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: [CODE]: update code signing for Windows
Date Fri, 22 Jun 2012 14:34:40 GMT
On Fri, Jun 22, 2012 at 9:04 AM, Jürgen Schmidt
<jogischmidt@googlemail.com> wrote:
> On 6/22/12 2:34 PM, Jürgen Schmidt wrote:
>> On 6/22/12 1:47 PM, O.Felka wrote:
>>> Hello Jürgen,
>>>
>>> Am 22.06.2012 13:03, schrieb Jürgen Schmidt:
>>>> Hi,
>>>>
>>>> I analyzed and played with code signing on Windows using a self signed
>>>> test certificate.
>>>>
>>>> Thanks to Andre and his Perl skills I was able to fix a strange build
>>>> problem with a too long command line triggered from a makefile to perl.
>>>> Anyway this is solved now.
>>>>
>>>> I have now signed a full install set and would like to ask if somebody
>>>> is interested to test it and give me feedback.
>>>
>>> I've made some quick tests under XP and Win7.
>>> Starting the zipped file for unpacking gives a an unknown distributor in
>>> the UAC dialog.
>>
>> I assume that is normal because the self signed certificate can't be
>> verified but I have to collect more info ...
>
> I double checked on my machine where the certificate is already known
> and I get as verified publisher "Apache OpenOffice (Dev Build)"
>

Is there a way that testers can import the same certificate, so the
signature verification works like it would with a real cert?

>>
>>  The same when I start the the setup.exe.
>>> The properties of the zipped download file, the msi file and the
>>> setup.exe shoa "Apache OpenOffice (DevBuild)" as
>>> 'Signaturgeberinformation'.
>>
>> that is expected
>>
>>>
>>> Installing the Office and looking at the 'control panel -> Add remove
>>> and software' shows "OpenOffice.org" as distributor.
>>
>> mmh, I am not sure where this information comes from. Again I have
>> collect more info...
>
> but in the control panel I still get as publisher "OpenOffice.org"
>
> mmh...

Could that be a vendor resource string associated with the EXE or DLL
header PE header?

-Rob

>
> Juergen
>
>
>>
>> But thanks for the feedback
>>
>> Juergen
>>
>>>
>>> I fear that this is not what you've wanted.
>>>
>>> Groetjes,
>>> Olaf
>>>
>>>>
>>>> You can find a signed download file under
>>>> http://people.apache.org/~jsc/signing_test/Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe
>>>>
>>>>
>>>> NOICE: this is a build based on AOO34 branch without the updated version
>>>> numbers. It's no dev build, please be careful if you test it.
>>>>
>>>> I have to check the whole process and probably have to improve some
>>>> things to make it final. The last important step is triggered manual by
>>>> now.
>>>>
>>>> I use a Personal Information Exchange file (*.pfx) of my self signed
>>>> certificate with a passcode that is specified during the build process.
>>>>
>>>> This seems to be a good approach to handle a certificate in this
>>>> scenario and during our build process.
>>>>
>>>> I will keep you informed...
>>>>
>>>> Juergen
>>>>
>>>
>>>
>>
>>
>
>

Mime
View raw message