From a scripting view, can you check if a driver is unsigned - or more accurately check if the publisher cannot be verified - before you attempt to install?
Problem similar to this:
How to get rid of "windows can't verify the publisher of this driver software" window?
I don't WANT to install the driver if the "Windows can't verify the publisher of this driver software" message appears; I simply want to check.
I am happy with any scripted or coded solution.
Signtool.exe can be used to check signature.
Please read MSDN link about signtool.exe options. Signtool can be find out at %program files%/windows Kits\8.1\bin
To test a signature for the purpose of running an executable or installing a driver package, the correct option is /pa. Please refer KMCS_Walkthrough.doc.
To test a signature for the purpose of loading kernel-mode code, the correct option is /kp.
Example of Batch file that verifies the signature of a file, using /pa:
"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool" verify /v /pa %1
pause
some more examples:
Signtool verify /pa /v /c tstamd64.cat amd64\toaster.sys
Please refer MSDN entry and Blog entry for more detailed information about driving signing.
Related
In Team Foundation Server 2015 Build (on-premise), I'm having issues running simple command line commands. All Command Line tasks simply fail with the following error: "File not found: ".
Take for example the following build definition:
This is executed using an on-premise Build Agent and will fail with the following exception in the logs:
BUILD FAILED
2016-01-20T12:04:47.5127709Z ##[warning]Filename doesn't indicate a full path to a executable file.
2016-01-20T12:04:47.5127709Z Executing the following commandline. (workingFolder = D:\_work\2\s)
2016-01-20T12:04:47.5127709Z date
2016-01-20T12:04:47.5127709Z Error message highlight pattern:
2016-01-20T12:04:47.5127709Z Warning message highlight pattern:
2016-01-20T12:04:47.5439748Z ##[error]File not found: date
Of course this is a simplified example where I simply want to output the current date using the date /t command. But the same problem occurs with all general command line commands which I've tried, such as dir, time, path etc. The MSDN does not provide any troubleshooting info on it, other than that the tool executed must reside in the PATH variable.
The issue is not specific to one build definition or repo; it can be reproduced on others as well.
The builds run as the built-in svc_tfsbuild account.
I'm perhaps thinking this is either a simple setting, or - wildly guessing - an issue related to rights, but cannot find any documentation where to look or what to check. Any help would be appreciated.
It appears this is a known issue on MS Connect as well.
In short a MSFT mentions the following:
Commands that are built-in to command prompt don't work. Anything resolvable based on your PATH/PATHEXT will work.
In the comment from 27 Oct, 2015 it is stated that this will be fixed in the next sprint. The mentioned workaround for now is simply executing cmd.exe first and provide the rest as arguments.
Using the example from the original question this would lead to:
Tool: cmd.exe
Arguments: /c "date /t"
And I can indeed confirm this works.
I have created MSI package using advanced Installer. It contains App Config to which i have to pass the siteURL which varies depending on location. I need to pass the siteurl to app config when msi is installed . Please help me with it. I am new to Advanced Installer
You can check the online user guide for Advanced Installer, it has a lot of useful info. For example the article on importing and editing XML config files.
Or how to add a custom dialog and write in the system the values captured from the end users.
EDIT: additional answer regarding command line
You can run the installation silently from the command line but you will still see the message box saying the package is built with a trial. You will not see the standard MSI dialogs. And the trial messages will be gone once you purchase license for Advanced Installer.
Please note that your command prompt window (cmd.exe) must be launched as administrator, if your installation is installing per-machine (i.e. you write in Program Files or HKLM registry hive). Otherwise the installation will fail silently and you will not know why, because on silent installation the OS will not show an error message.
Here is a command line example:
msiexec.exe /i C:\setup\installer.msi /qn ID="235424" SiteURL="www.example.com"
Please note that it is not recommended to use private properties, i.e. properties with lower case letters in their name, we recommend public properties, for example: SITE_URL.
I do develop delphi programs that people do download.
Problem is when downloading them, they receieve an alert
"The publisher cannot be verified."
How can I add my publisher name into my delphi programs ?
You need a code-signing certificate, and need to digitally sign your executable using that certificate.
Search for [windows] code signing here at StackOverflow. There are tons of questions here on the topic; any and all of them (regardless of language used) for Windows applications apply to Delphi as well. Here is a start for you., and here's another one with links to resources. (Both links are here at StackOverflow, and not external sites.)
This is how I created a test certificate for my setup executable (produced by Inno Setup).
I used:
makecert -r -pe -ss MyCertStore -n "CN=MyTestCert" MyTestCert.cer
signtool sign /s MyCertStore /n MyTestCert MyApplication.exe
I could find these tools under:
"c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\"
Dont forget to install MyTestCert.cer under trusted providers, otherwise the MyApplication.exe will still show unknown publisher. Check with certmgr.exe which I could find in the same folder.
Worked for me on Win7x64.
For final signing you need a commercial code signing certificate, the cheapest I could find was from Comodo (about $70 a year).
I have created an MSI package (Using InstallShield - IS) that installs my application along with the MS Postscript driver. My question mainly focuses on the postscript driver install part of the my overall installation process. I have created an IS custom action to run a command file (.cmd) at the correct time that installs the MS Postscript driver. The command file contains the following rundll32 line:
rundll32 printui.dll, PrintUIEntry /ia /m "AppX PS" /h "x64" /v "Type 3 - User Mode" /f "c:\(install)\afprint.inf" /F "%windir%\inf\ntprint.inf" .
The above works great accept for the fact I am pestered by a Microsoft Warning box which requires user input. The box includes the title: Windows can't verify the publisher of this driver software. I can select the option "Install this driver software anyway" and the whole process does work. I did research this and there does not appear to be a way to avoid the warning even if I add "run quiet" switches to the PrintUIEntry method. Obviously, I need to sign my driver to avoid the security box, but where? I have no binary code here. My install uses a custom INF file that simply delegates to Microsoft (via ntprint.inf) for the Postscript driver install. The Postscript Driver is already on the OS. I am only supplying a PPD file. What exactly do I need to sign is my main question? How can I do this as I am unfamiliar with driver signing?
I am running this on windows 2008 R2 x64.
Here is a copy of my INF afprint.inf (it's small):
[Version]
Signature="$Windows NT$"
Provider=%AF%
ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}
Class=Printer
DriverVer=05/17/2007,1.0.0.1
[Manufacturer]
%AF%=Arbfile,NTamd64
[Arbfile]
"AppX PS" = AFCLIENT,,
[Arbfile.NTamd64]
"AppX PS" = AFCLIENT,,
[OEM URLS]
"Arbfile" = "http://www.arbfile.org"
[AFCLIENT]
CopyFiles=#AFCLIENT.PPD
DataFile=AFCLIENT.PPD
DataSection=PSCRIPT_DATA
Include=NTPRINT.INF
Needs=PSCRIPT.OEM,PSCRIPT_DATA
[DestinationDirs]
DefaultDestDir=66000
[Strings]
AF="Arbfile"
thanks for any help
Add a CatalogFile directive to the [Version] section of your inf file, use inf2cat to generate a cat file, then use signtool to sign the cat file.
If you use a certificate that is cross-signed by Microsoft, then the installer security warning will not appear.
You can find inf2cat and signtool in the WDK.
This is a very simple question. What should I write in Delphi post build events to execute a coomand line tool?
I wrote this:
c:\BinPath\signtool.exe sign /f c:\BinPath\Mypfxfile.pfx /p MyPassword
/t http:// timestamp.verisign.com/scripts/timstamp.dll c:\BinPath\Project1.exe
(where c:\BinPath is the Delphi output path, for simplicity I copied signtool.exe adn pfx file in the same folder)
as i build the project I have this modal window error:
--------------------------- Project 1- CodeGear Delphi for Microsoft Windows - Form1
--------------------------- Cannot open file "C:\SourcePath\EXEC".
Impossible to find the specified
path..
and in the messages I have
[Exec Error] EXEC(1):
"SignerTimeStamp() failed."
(-2147467259/0x80004005)
[Exec Error]
exit from command
"c:\BinPath\signtool.exe sign /f
c:\BinPath\Mypfxfile.pfx /p MyPassword
/t http://
timestamp.verisign.com/scripts/timstamp.dll
c:\BinPath\Project1.exee" with code 1.
How to manage this? In Delphi help I read (from Creating Build Events topic):
Enter the build commands, one command per line, and press Return after entering each command. Commands consist of any valid DOS command, such as: copy $() c:\Built\$()
So i simply inserted in the build event what (c:\BinPath\....Project1.exe) I was able to run from command prompt. Where is the error? Thanks.
I could have deleted this question, since I found the problem, but I think it is better to leave it since it can be useful for others:
THE PROBLEM WAS SIMPLY
http:// timestamp...
of course should be
http://timestamp...
when copying on build event I inserted an extra space by mistake. By reading the question posted I found the error...