View Full Version : Code signing - the strangest thing
NewsArchive
04-11-2013, 10:42 AM
When compiling a project all is well until right at the end when you are
code signing the exe produced by SB.
If you have a Window open which is viewing the folder where the output is
going to, code signing will always fail. It happens every time. it has taken
me ages to realize this.
You do not even have to have the file open or selected but just opening the
folder where the exe is going to will cause this to happen.
Cure - just don't open the folder until code signing has finished!
What do you think Friedrich?
John Fligg
NewsArchive
04-11-2013, 11:08 AM
John,
>
> What do you think Friedrich?
The explanation is very easy. I think that you are using SignCode.exe to
code-sign via a password protected .spc/.pvk. Microsoft SignCode.exe does
NOT support passwords via the command line. So the IDE tries to "steal"
focus from the active foreground window to set keyboard focus to the
SignCode.exe password window for you (and then "inject" the password and
press Enter).
This fails if the focus can't be set to the SignCode password window (search
for PKEY.EXE in our forums; this goes back to 2007). Microsoft changed the
SetForegroundWindow behavior several years ago and there is NO reliable way
to steal/set focus nowadays.
Your only solution is to switch to SignTool.exe (the recommended
code-signing method). SignTool.exe allows password passing via the command
line (no focus problem). Or disable SignCode.exe password passing via the
IDE and enter it manually (if you don't want to switch to SignTool.exe).
Does this help?
Friedrich
NewsArchive
04-12-2013, 12:54 AM
> When compiling a project all is well until right at the end when you are
> code signing the exe produced by SB.
John,
Everything Friedrich said - Signtool.exe is SO much easier to use!
Help topics - Main SB8 IDE - Jane Fleming's Learning SetupBuilder -
Optional - Create a PFX file
If using at least Windows 7 - download signtool.exe at:
http://www.microsoft.com/downloads/dlx/en-us/listdetailsview.aspx?FamilyID=6b6c21d2-2006-4afa-9702-529fa782d63b
for NON CAPICOM.DLL version of signtool.exe
Related SetupBuilder discussion
http://www.lindersoft.com/forums/showthread.php?p=56858
David
--
From David Troxell - Product Scope 8! - Encourager Software
http://www.encouragersoftware.com/product-scope-major-features.html
NewsArchive
04-12-2013, 11:19 AM
I am using SignTool.exe with a pfx though Friedrich.
John Fligg
NewsArchive
04-12-2013, 11:47 AM
>
>I am using SignTool.exe with a pfx though Friedrich.
>
Aha, okay. In this case, it's your anti-virus / anti-spyware product. You
have the Window open which is viewing the folder and your protection
software monitors that folder (with a higher priority now). Microsoft
Authenticode code-signs the file (changes the binary contents) and your
protection product "locks" this process (caused by the code-manipulation
per-se or the access to the timestamp server). As a result, you see the
code-signing error.
BTW, I always have the output folder open when I code-sign via .PFX (and
have never ever seen your issue) and avast! gives an "Open in sandbox"
recommendation. You have to select "Open normally" in this case (if you are
using avast!) and let avast! remember that option.
Please note that Microsoft Authenticode code-signs the executable, not
SetupBuilder! So in your specific case, there is no way to debug this
process to see if it is the timestamp server and/or the binary
code-manipulation.
Friedrich
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.