I do develop delphi programs that people do download.
Problem is when downloading them, they receieve an alert
"The publisher cannot be verified."
How can I add my publisher name into my delphi programs ?
You need a code-signing certificate, and need to digitally sign your executable using that certificate.
Search for [windows] code signing here at StackOverflow. There are tons of questions here on the topic; any and all of them (regardless of language used) for Windows applications apply to Delphi as well. Here is a start for you., and here's another one with links to resources. (Both links are here at StackOverflow, and not external sites.)
This is how I created a test certificate for my setup executable (produced by Inno Setup).
I used:
makecert -r -pe -ss MyCertStore -n "CN=MyTestCert" MyTestCert.cer
signtool sign /s MyCertStore /n MyTestCert MyApplication.exe
I could find these tools under:
"c:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\"
Dont forget to install MyTestCert.cer under trusted providers, otherwise the MyApplication.exe will still show unknown publisher. Check with certmgr.exe which I could find in the same folder.
Worked for me on Win7x64.
For final signing you need a commercial code signing certificate, the cheapest I could find was from Comodo (about $70 a year).
Related
I am trying to sign all executables + dll files in my application, within an Azure Pipeline, using Azure signtool for that. (doing basically the described here) - on the result of running dotnet publish.
Exception is updater.exe, because it is generated by Advanced Installer API or some other proprietary way. Signing the updater.exe file that lies inside Advanced Installer installation folder /x86/updater.exe - does not help (it will work, but the updater.exe that is deployed when installing the MSI is not signed, meaning it is generated during processing of the .AIP file, which happens after running dotnet publish)
Is there a way the updater.exe AI generates (with the custom icon, etc) to be created using AdvancedInstaller.com command line API ? How ?
The question has already been answered in the forums here:
https://www.advancedinstaller.com/forums/viewtopic.php?f=5&t=50297#p127034
I have created MSI package using advanced Installer. It contains App Config to which i have to pass the siteURL which varies depending on location. I need to pass the siteurl to app config when msi is installed . Please help me with it. I am new to Advanced Installer
You can check the online user guide for Advanced Installer, it has a lot of useful info. For example the article on importing and editing XML config files.
Or how to add a custom dialog and write in the system the values captured from the end users.
EDIT: additional answer regarding command line
You can run the installation silently from the command line but you will still see the message box saying the package is built with a trial. You will not see the standard MSI dialogs. And the trial messages will be gone once you purchase license for Advanced Installer.
Please note that your command prompt window (cmd.exe) must be launched as administrator, if your installation is installing per-machine (i.e. you write in Program Files or HKLM registry hive). Otherwise the installation will fail silently and you will not know why, because on silent installation the OS will not show an error message.
Here is a command line example:
msiexec.exe /i C:\setup\installer.msi /qn ID="235424" SiteURL="www.example.com"
Please note that it is not recommended to use private properties, i.e. properties with lower case letters in their name, we recommend public properties, for example: SITE_URL.
From a scripting view, can you check if a driver is unsigned - or more accurately check if the publisher cannot be verified - before you attempt to install?
Problem similar to this:
How to get rid of "windows can't verify the publisher of this driver software" window?
I don't WANT to install the driver if the "Windows can't verify the publisher of this driver software" message appears; I simply want to check.
I am happy with any scripted or coded solution.
Signtool.exe can be used to check signature.
Please read MSDN link about signtool.exe options. Signtool can be find out at %program files%/windows Kits\8.1\bin
To test a signature for the purpose of running an executable or installing a driver package, the correct option is /pa. Please refer KMCS_Walkthrough.doc.
To test a signature for the purpose of loading kernel-mode code, the correct option is /kp.
Example of Batch file that verifies the signature of a file, using /pa:
"C:\Program Files (x86)\Windows Kits\8.0\bin\x86\signtool" verify /v /pa %1
pause
some more examples:
Signtool verify /pa /v /c tstamd64.cat amd64\toaster.sys
Please refer MSDN entry and Blog entry for more detailed information about driving signing.
I have created an MSI package (Using InstallShield - IS) that installs my application along with the MS Postscript driver. My question mainly focuses on the postscript driver install part of the my overall installation process. I have created an IS custom action to run a command file (.cmd) at the correct time that installs the MS Postscript driver. The command file contains the following rundll32 line:
rundll32 printui.dll, PrintUIEntry /ia /m "AppX PS" /h "x64" /v "Type 3 - User Mode" /f "c:\(install)\afprint.inf" /F "%windir%\inf\ntprint.inf" .
The above works great accept for the fact I am pestered by a Microsoft Warning box which requires user input. The box includes the title: Windows can't verify the publisher of this driver software. I can select the option "Install this driver software anyway" and the whole process does work. I did research this and there does not appear to be a way to avoid the warning even if I add "run quiet" switches to the PrintUIEntry method. Obviously, I need to sign my driver to avoid the security box, but where? I have no binary code here. My install uses a custom INF file that simply delegates to Microsoft (via ntprint.inf) for the Postscript driver install. The Postscript Driver is already on the OS. I am only supplying a PPD file. What exactly do I need to sign is my main question? How can I do this as I am unfamiliar with driver signing?
I am running this on windows 2008 R2 x64.
Here is a copy of my INF afprint.inf (it's small):
[Version]
Signature="$Windows NT$"
Provider=%AF%
ClassGUID={4D36E979-E325-11CE-BFC1-08002BE10318}
Class=Printer
DriverVer=05/17/2007,1.0.0.1
[Manufacturer]
%AF%=Arbfile,NTamd64
[Arbfile]
"AppX PS" = AFCLIENT,,
[Arbfile.NTamd64]
"AppX PS" = AFCLIENT,,
[OEM URLS]
"Arbfile" = "http://www.arbfile.org"
[AFCLIENT]
CopyFiles=#AFCLIENT.PPD
DataFile=AFCLIENT.PPD
DataSection=PSCRIPT_DATA
Include=NTPRINT.INF
Needs=PSCRIPT.OEM,PSCRIPT_DATA
[DestinationDirs]
DefaultDestDir=66000
[Strings]
AF="Arbfile"
thanks for any help
Add a CatalogFile directive to the [Version] section of your inf file, use inf2cat to generate a cat file, then use signtool to sign the cat file.
If you use a certificate that is cross-signed by Microsoft, then the installer security warning will not appear.
You can find inf2cat and signtool in the WDK.
I overheard another team where I work talking about blackberry development - they are having issues automating builds for blackberry. In particular there is an issue with certificate signing - they have not been able to figure that out yet - it is a manual step right now.
Granted, they/we are new to handheld development, but any pointers to build server and automating a command line certificate signing would be most welcome.
Specific examples and details are probably needed given the short experience our company has with BB development.
I assume hudson would work fine for this - we just have to figure out a command line for the build and signing.
There are different ant & rapc tools for building BlackBerry project, and me myself prefer bb ant tools, but what if you really want to build bb app directly from cmd using only sun java and rim bb sdk?
BerryMore - BlackBerry JDE projects Build & Signing automation - custom ant-rapc jar
Dr.Dobbs BlackBerry Development: Using Apache Ant - clean ant + wtk
Build BlackBerry from command line
"{eJDE path}\components\bin\rapc.exe" -quiet import="{eJDE path}\components\lib\net_rim_api.jar" codename={AppName} -midlet {AppName}.rapc [list of resources] [list *.java files]
Example:
"c:\Program Files\eclipse_bb\plugins\net.rim.eide.componentpack4.5.0_4.5.0.16\components\bin\rapc.exe" -quiet import="c:\Program Files\eclipse_bb\plugins\net.rim.eide.componentpack4.5.0_4.5.0.16\components\lib\net_rim_api.jar" codename=SO45BgAnim -midlet SO45BgAnim.rapc "src\gifanimation.gif" "src\background.png" "src\SO45BgAnim.java"
See also:
CodeForFun: How to use rapc from RIM… dirty details!
Sign BlackBerry from command line
java -jar "{eJDE path}\components\bin\SignatureTool.jar" -a -c -p {password} {path to *.cod}
Example:
java -jar "c:\Program Files\eclipse_bb\plugins\net.rim.eide.componentpack4.5.0_4.5.0.16\components\bin\SignatureTool.jar" -a -c -p pwd#123 "D:\Projects\BlackBerry\TestApp\build\TestApp.cod"
See also:
BlackBerry Support Forum - Request Signatures (Sign Your App) From Command Line
We use BB Ant Tools and it works great, you can even specify the signing password as an argument so there is no user input required.
It looks like there is some workaround:
http://blackberry.synclastic.com/blackberry-code-signing-tips/ (not working as 15/05/2012)
and
http://blog.lightvoid.net/2008/04/28/automated-blackberry-sign-tool-mac-linux-windows/ (points to corporate onidev website as 15/05/2012)
This one looks even better -
http://www.cive.de/projects/signaturetoolrunner/