We are using a setup creation tool called Inno Setup to get the final installation file.
In there we are using signtool.exe to sign all the files of our app.
We put necessary details in these boxes
We are using a certificate called DMCC_Microsoft_Key.pfx
But after the creation of the setup and when we install the setup only the application.exe file shows digital signatures while other files do not show that.
Here is the script in signtool
"c:\{path}\signtol.exe" sign /f "{Certificate path}\key.pfx" /tr "http://timestamp.digicert.com" /p "Password" $f
The below digital signatures tab is only shown in the .exe file.
How to sign in all the DLLs inside a given directory using Inno Setup?
This is my iss script
;#define APP_EXE_NAME "AsiaMX TY 6.exe"
[Setup]
SignTool=ASIAMX_signtool
[Files]
Source: "{#APP_EXE_NAME}"; DestDir: "{app}"; \
Flags: ignoreversion signonce; Permissions: everyone-full
Source: "*"; DestDir: "{app}"; \
Flags: ignoreversion recursesubdirs createallsubdirs; \
Permissions: everyone-full
I saw some other StackOverflow questions. Another one answered the same kind of question using this answer. I don't know where to put this.
How to sign every ocx, dll and exe file
Try
#echo off FOR /f "tokens=*" %%G IN ('dir /s *.dll *.ocx *.exe') DO ( echo %%G set A= "%%G" signtool sign /f "C:\Certificates\FakeCertificate.pfx" %A% )
You have the signonce flag only at the {#APP_EXE_NAME} entry. Not on the others.
So not surprisingly, Inno Setup signs only the {#APP_EXE_NAME}, not the other files.
As the * entry matches both executable and non-executable files, you have to the split the entry to two. And actually your {#APP_EXE_NAME} entry conflicts too with the * entry.
This should do:
[Files]
Source: "{#APP_EXE_NAME}"; DestDir: "{app}"; \
Flags: ignoreversion signonce; Permissions: everyone-full
Source: "*.dll"; DestDir: "{app}"; \
Flags: ignoreversion recursesubdirs createallsubdirs signonce; \
Permissions: everyone-full
Source: "*"; Excludes: "{#APP_EXE_NAME},*.dll" DestDir: "{app}"; \
Flags: ignoreversion recursesubdirs createallsubdirs; \
Permissions: everyone-full
This is a good question, however perhaps you need to consider that signing a dll that doesn't belong to you might/will cause a antivirus to flag the file as suspicious. You better make sure that they are all yours before you claim them to be yours ;-)
I'm not aware of any method in inno to do this, I guess you could "hack it" and write a pascal method that injects this feature.
[Setup]
AppVersion={code:SignAndGetVersion}
[Code]
function SignAndGetVersion(Param: String): String;
begin
{ some magic selecting your dll's and calling signtool.exe... }
Result := '1.2.3';
end;
however... if you are already calling sign-tool then why do it in inno setup?
perhaps a bat file like so:
for %%f in (X:\InnoSetup_source\*.dll) do "c:\{path}\signtol.exe" sign /f "{Certificate path}\key.pfx" /tr "http://timestamp.digicert.com" /p "Password" "%%f"
or include the instructions in your post build. I do
<Target Name="PostBuild" AfterTargets="PostBuildEvent">
<Exec Command="signtool.exe sign /i Sectigo /t http://timestamp.sectigo.com /fd SHA384 "$(TargetPath)"" Condition="$(Configuration) == 'Release'" />
<Exec Command="signtool.exe sign /i Sectigo /t http://timestamp.sectigo.com /fd SHA384 "$(TargetDir)IDPS.exe"" Condition="$(Configuration) == 'Release'" />
<Exec Command="signtool.exe sign /i Sectigo /fd SHA384 "$(TargetPath)"" Condition="$(Configuration) != 'Release'" />
<Exec Command="signtool.exe sign /i Sectigo /fd SHA384 "$(TargetDir)IDPS.exe"" Condition="$(Configuration) != 'Release'" />
</Target>
Related
I have two domain joined machines (ServerA & ServerB) running Windows Server 2012 R2.
I want to add new registry key in ServerB from ServerA.
I am running below command in ServerA:
reg add \\ServerB\HKLM\SOFTWARE\MyCompany\MyApp /v Username /t REG_SZ /d ABC123 /f
Output from above command: The operation completed successfully.
But when I checked registry in ServerB, I didn't find the newly added key.
I am using MSBuild to run this command inside a script in ServerA.
Deploy.proj
<Target Name="Deploy_Registry">
<!--Make sure the Remote Registry service is started-->
<ServiceController MachineName="ServerB" ServiceName="Remote Registry" Action="Start" ContinueOnError="true"/>
<Exec Command='reg add \\ServerB\HKLM\SOFTWARE\MyCompany\MyApp /v Username /t REG_SZ /d ABC123 /f' ContinueOnError='false' /></Target>
I have used itextsharp library to generate pdf in my asp.net web application. It was working fine untill today when suddenly my laptop on which the application was running in the debug mode went off. When I switched on my laptop again and tried to run the application I satrted getting this error:
"Could not load file or assembly 'itextsharp, Version=5.5.0.0,
Culture=neutral, PublicKeyToken=8354ae6d2174ddca' or one of its
dependencies. The parameter is incorrect. (Exception from HRESULT:
0x80070057 (E_INVALIDARG))"
What could be the reason and how can I solve this? Please help.
Try removing the reference and add again...!!! Seems like the reference got removed due to improper shutdown.
Try to clean Temporary Files of Asp.Net, sometime I've experimented strage cases of files corruption(I know this should be a comment but It's verbose):
1 - Open notepad and paste the following.
#ECHO OFF
ECHO Performing IIS Reset
IISRESET
ECHO Deleting Cache
Del /F /Q /S %LOCALAPPDATA%\Microsoft\WebsiteCache\*.*
Del /F /Q /S %LOCALAPPDATA%\Temp\VWDWebCache\*.*
Del /F /Q /S “%LOCALAPPDATA%\Microsoft\Team Foundation\3.0\Cache\*.*“
Del /F /Q /S “C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\*.*“
Del /F /Q /S “C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\*.*“
Del /F /Q /S “C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\*.*“
Del /F /Q /S “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\*.*“
ECHO Complete
2 - Save the file as a .bat file.
3 - run it from the command prompt.
I had a backup of my project. Restored the backup and it worked. Thanks for all the suggestions.
My msbuild script fails even if copying files is successful. If robocopy command exitcode < 8, it means that files copied. So how can I say to msbuild script IgnoreExitCode if exit code < 8?
I set IgnoreExitCode to true, but what if it's real error?
<Exec Command="robocopy $(SourceDir) $(DestinationDir) /mir /mt /xd $(ExcludeDir)" IgnoreExitCode="true" />
Use ExitCode output parameter of Exec task and ContinueOnError parameter instead of IgnoreExitCode:
<Exec ContinueOnError="True" Command="robocopy $(SourceDir) $(DestinationDir) /mir /mt /xd $(ExcludeDir)">
<Output TaskParameter="ExitCode" PropertyName="ErrorCode"/>
</Exec>
<Error Condition="$(ErrorCode) > 8" Message="Robocopy failed"/>
Try this workaround:
(robocopy $(SourceDir) $(DestinationDir) /mir /mt /xd $(ExcludeDir)) ^& IF %ERRORLEVEL% LEQ 1 exit 0
I created a wix bundle which was working properly before codesigning. After googling and checking wix documentation, I got to know that I need to use insignia.exe for code signing the wix bundle. Please any idea on how to use this tool. Thanks in Anticipation.
I use the next command sequence (it's a part of my cmd file. Certificate is stored in a file on hard drive. If you want to sign your installer by the certificate from the store just fix signing part. All result code check is omitted)
set INSIGNIA_PATH="C:\Program Files (x86)\WiX Toolset v3.8\bin\insignia.exe"
rem Detach engine
del /q engine.exe
%INSIGNIA_PATH% -ib Setup.exe -o engine.exe
rem Sign engine
SignTool.exe sign /f certificate.pfx /p CERT_PASSWORD /t TIMESTAMP_URL engine.exe
rem Attach engine
%INSIGNIA_PATH% -ab engine.exe Setup.exe -o ProductSetup.exe
rem Sign bundle
SignTool.exe sign /f certificate.pfx /p CERT_PASSWORD /t TIMESTAMP_URL ProductSetup.exe
Imported certificates like this:
certmgr /add /v /c /ctl "selfsignedroot.cer" /s /r localMachine root
certmgr /add /v /c /ctl "server.cer" /s /r localMachine root
certmgr /add /v /c /ctl "server.cer" /s /r localMachine CA
certmgr /add /v /c /ctl "server.cer" /s /r localMachine MY
My code looks like this
LdapConnection conn = new LdapConnection();
conn.SecureSocketLayer=true;
conn.Connect("server",636);
conn.bind("cn=user,o=root","password");
I get error comming from mono.security.dll. Error code: -2146762487. Which means it failed to validate root certificate. Looking at the certificate via mmc it is shown as trusted.
Mono.Security.dll is cross platform and its origins are on Linux. As such it does not use Windows CryptoAPI-based certificate stores, but it's own stores (and tools).
You can look at the Mono project's wiki, e.g. the security FAQ, and in particular the article named Using Trusted Roots Respectfully.