Can someone tell me how to create a .APP file that using the AIR3.0 captive runtime?
So far, I have the following:
adt -package pkcs12 -keystore MyPersonalCertificate.p12 -target bundle pkcs12 -keystore CertFromAppleWebsite.p12 CellImaging.app Protocols_Large-app.xml ./xml Protocols_Large.swf ./Category_Icons ./AppIconsForPublish
Andrew Trice touches on it here: http://www.tricedesigns.com/2011/08/10/air-3-0-captive-runtime/
So far, I get the following error:
Signing options required to package from descriptor and fileset
Ultimately, I plan to put this into the Mac App Store, but first I have to create the .app file!
Thanks!
You forgot "-storetype":
adt -package -storetype pkcs12 -keystore MyPersonalCertificate.p12 -target bundle pkcs12 -keystore CertFromAppleWebsite.p12 CellImaging.app Protocols_Large-app.xml ./xml Protocols_Large.swf ./Category_Icons ./AppIconsForPublish
Be wary though, ordering is important:
http://www.andymoore.ca/2013/06/adobe-air-error-on-exe-bundle-package/
In case you didn't find a solution to your problem, here's how I do it.
Create a signed release build (air) file and then run the following command in the terminal:
[path to the sdk]/bin/adt -package -target bundle [choose a path and filename where your bundled application is saved] [path to the air file]
Related
While I'm able to get Conan to download a package from a remote by adding a corporate CA certifiate to cacert.pem, many of these package recipes use conans.tools.download() to download source code from external sites. It seems as if this functionality does not use cacert.pem for its certificate store.
So, for a simple example, I have a conanfile.txt that looks like this:
[requires]
sdl2/2.0.8#bincrafters/stable
Of course there is no sdl2 binary for Visual Studio 2019, so I need to specify the compiler version, build type, cppstd (well, technically not this one since SDL2 is written in C), etc, but the larger project uses C++, so I run the command to build SDL2:
conan install .. -s compiler.version=16 -s build_type=Debug -s compiler.cppstd=17 --build
Conan downloads the package fine, since it's respecting the corp CA I've added to cacert.pem, but the package recipe uses tools.download() to actually pull the source. This failed spectacularly with this error:
ERROR: Error downloading file https://www.libsdl.org/release/SDL2-2.0.8.tar.gz: 'HTTPSConnectionPool(host='www.libsdl.org', port=443): Max retries exceeded with url: /release/SDL2-2.0.8.tar.gz (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)'),))'
While I'm able to modify the recipe directly by adding verify=False to the download call, this is obviously not a viable solution.
How can this be fixed? I'd prefer not to disable certification verification but at this point would settle for that.
You need to include the ROOT (not a non-root ancestor) certificate in the Python requests package CA bundle, or create a new CA bundle that includes the root certificate and use the REQUESTS_CA_BUNDLE environment variable.
I have a question about how and what is the version of OpenSSl that I must install in Windows to later create certificates.
Install a one version (openssl-1.0.2d-fips-2.0.10) found in SourceForge but it does not generate the files correctly.
There is also the official website https://www.openssl.org, but I do not know how to install it and how, so that when it comes to generating the keys and .pem file, it works.
Generate some environment variables that point to the folder where I unzipped the downloaded, I do not know if it is the correct way.
I also wanted to create OPEN SSL for Windows 10. An easy way to do it without running into a risk of installing unknown software from 3rd party websites and risking entries of viruses, is by using the openssl.exe that comes inside your Git for Windows installation. In my case, I found the open SSL in the following location of Git for Windows Installation.
C:\Program Files\Git\usr\bin\openssl.exe
If you also want instructions on how to use OPENSSL to generate and use Certificates, here is a write-up on my blog. The step by step instructions first explains how to use Microsoft Windows Default Tool and also OPEN SSL and explains the difference between them.
https://kaushikghosh12.blogspot.com/2016/08/self-signed-certificates-with-microsoft.html
If you have chocolatey installed you can install openssl via a single command i.e.
choco install openssl
In case you have Git installed,
you can open the Git Bash (shift pressed + right click in the folder -> Git Bash Here) and use openssl command right in the Bash
Do you have Git installed?
You can access openssl command from Git Bash without adding any environment variable.
But, if you want to access the openssl command from Windows cmd, then follow me:
Find the path of the bin directory of Git. Normally it is at
C:\Program Files\Git\usr\bin\
Then add the path your environment variable (User variables -> Path):
Now open a new command prompt (don't use an already opened cmd, because the already opened cmd doesn't know the new environment variable).
Now write:
openssl
Either set the openssl present in Git as your default openssl and include that into your path in environmental variables (quick way)
OR
Install the system-specific openssl from this
link.
set the following variable : set
OPENSSL_CONF=LOCATION_OF_SSL_INSTALL\bin\openssl.cfg
Update the path : set Path=...Other Values
here...;LOCATION_OF_SSL_INSTALL\bin
Necroposting, but might be useful for others:
There's always the official page ([OpenSSL.Wiki]: Binaries) which contains useful URLs (pointing to unofficial resources / builds, make sure to read the Important Disclaimer)
There are other repositories which contain unofficial builds
Here I want to mention: [GitHub]: CristiFati/Prebuilt-Binaries - Prebuilt-Binaries/OpenSSL
v1.0.2u (FIPS capable) is built with OpenSSL-FIPS 2.0.16
Artefacts are .zips that should be unpacked in "C:\Program Files" (please take a look at the Readme.md file, and also at the one at the repository root)
Other 3rd-party software may bundle OpenSSL, so it gets "installed" as a side effect. Such software (mentioned by other answers): Cygwin, Git
And of course you can build it yourself from sources, but that requires some deeper knowledge
Note: when having a functional OpenSSL instance (using whatever method above), here's how you can use it (if you need it into your own projects) from VStudio: [SO]: How to include OpenSSL in Visual Studio (#CristiFati's answer)
I recently needed to document how to get a version of it installed, so I've copied my steps here, as the other answers were using different sources from what I recommend, which is Cygwin. I like Cygwin because it is well maintained and provides a wealth of other utilities for Windows. Cygwin also allows you to easily update the versions as needed when vulnerabilities are fixed. Please update your version of OpenSSL often!
Open a Windows Command prompt and check to see if you have OpenSSL installed by entering: openssl version
If you get an error message that the command is NOT recognized, then install OpenSSL by referring to Cygwin following the summary steps below:
Basically, download and run the Cygwin Windows Setup App to install and to update as needed the OpenSSL application:
Select an install directory, such as C:\cygwin64. Choose a download mirror such as: http://mirror.cs.vt.edu
Enter in openssl into the search and select it. You can also select/un-select other items of interest at this time. The click Next twice then click Finish.
After installing, you need to edit the PATH variable. On Windows, you can access the System Control Center by pressing Windows Key + Pause. In the System window, click Advanced System Settings → Advanced (tab) → Environment Variables. For Windows 10, a quick access is to enter "Edit the system environment variables" in the Start Search of Windows and click the button "Environment Variables". Change the PATH variable (double-click on it or Select and Edit), and add the path where your Cywgwin is, e.g. C:\cygwin\bin.
Verify you have it installed via a new Command Prompt window: openssl version. For example: C:\Program Files\mosquitto>openssl versionOpenSSL 1.1.1f 31 Mar 2020
If not, refer to the Cygwin documentation and also other tutorials such as: https://www.eclipse.org/4diac/documentation/html/installation/cygwin.html
Here's a solution that may delight those who have implemented WSL (Windows Subsystem for Linux). You can just use:
wsl openssl ...whatever_args...
The point is that many who've implemented WSL may not realize they can call upon ANY linux command (within their underlying WSL linux vm) right from the DOS or powershell command-line this way. (It's easy to fall into thinking the point of WSL is to use it to "shell into the vm", which is indeed an option, but the power to just run linux commands from Windows is a real value-add of WSL.)
And to be clear, in doing the command as above, whatever file names or folders you may point to (or create) will be relative to the Windows folder from which you run the command. So doing for example, openssl req to create a self-signed cert, where you may name -keyout selfsigned.key -out selfsigned.crt, those two files will be created in the Windows folder where you ran the command.
That said, there are ways this could fall down for some openssl command examples one may find, such as if they tried to use various bash-specific arguments, in which case "shelling into wsl" to run the command may well be the better choice. You could still direct things to be found or placed on the host, but I don't mean this answer to become overly-focused on such WSL aspects. I just wanted to propose it as another alternative to installing openssl.
I installed openssl 3.0.0 from https://slproweb.com/products/Win32OpenSSL.html. then I go to windows start ->openssl->Win64 OpenSSL Command Prompt, it opens a window like regular dos window, all I need is to go to the installation folder of openssl.
If you are running Windows 10 1709 (build 16299) or later versions, you can use winget command below to install OpenSSL
winget install -e --id ShiningLight.OpenSSL
Or if you have Git for Windows installed on your system, you can also find OpenSSL in Git file directory.
C:\Program Files\Git\usr\bin\openssl.exe
For more details, check this guide 3 Methods on How to Install OpenSSL on Windows.
Check openssl tool which is a collection of Openssl from the LibreSSL project and Cygwin libraries (2.5 MB). NB! We're the packager.
One liner to create a self signed certificate:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout selfsigned.key -out selfsigned.crt
you can get it from here https://slproweb.com/products/Win32OpenSSL.html
Supported and reqognized by https://wiki.openssl.org/index.php/Binaries
Install scoop then type
scoop install openssl
Open your
Git Bash
Move to your directory if required.
Run your command. eg.
openssl
I set up my Visual Studio Team Service account to clone my private GitHub repo and build the Windows UWP application anytime I queue a build. The cloning works without any issues; the compilation of every project (6) works except one. The Windows UWP app project.
I receive the following warnings while the build server compiles the app:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0104: Certificate file 'myapp_TemporaryKey.pfx' not found.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0104: Certificate file 'myapp_TemporaryKey.pfx' not found. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
Warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(1778,5):
warning APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [C:\a\1\s\Source\Applications\myapp.WindowsUWP\myapp.csproj]
This is the last project out of the 6 to compile. After I receive the warnings, it proceeds to copy all of the output files over to the final /bin directory. Then when it's all done, reports the same messages as above, but as errors this time and fails the build.
_GenerateAppxPackageFile:
C:\Program Files (x86)\Windows Kits\10\bin\x64\MakeAppx.exe pack /l /h sha256 /f obj\x86\Debug\package.map.txt /o /p C:\a\1\s\Source\Applications\MyApp.WindowsUWP\AppPackages\MyApp_1.0.0.0_x86_Debug_Test\MyApp_1.0.0.0_x86_Debug.appx
MyApp -> C:\a\1\s\Source\Applications\MyApp.WindowsUWP\AppPackages\MyApp_1.0.0.0_x86_Debug_Test\MyApp_1.0.0.0_x86_Debug.appx
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0104: Certificate file 'MyApp_TemporaryKey.pfx' not found.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0104: Certificate file 'MyApp_TemporaryKey.pfx' not found. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0102: A certificate with thumbprint '58F2EA544193F6FC9F2737135570555B388E58D8' that is specified in the project cannot be found in the certificate store. Please specify a valid thumbprint in the project file. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): Error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478.
2>C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\AppxPackage\Microsoft.AppXPackage.Targets(2382,5): error APPX0107: The certificate specified is not valid for signing. For more information about valid certificates, see http://go.microsoft.com/fwlink/?LinkID=241478. [C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj]
2>Done Building Project "C:\a\1\s\Source\Applications\MyApp.WindowsUWP\MyApp.csproj" (default targets) -- FAILED.
1>Done Building Project "C:\a\1\s\Source\MyApp.UWP.sln" (default targets) -- FAILED.
Build FAILED.
"C:\a\1\s\Source\MyApp.UWP.sln" (default target) (1) ->
If I just delete the certificate (as I did in this particular error log), it fails because it can't find it. If I generate the certificate using the manifest editor in VS, and assign it a password, the build server fails because it doesn't know the password. So I can't get it to build whether I provide a temporary test certificate or not.
How are we supposed to run Windows 10 UWP apps through the Visual Studio Team Services build system? This is something that Microsoft has been promoting for a while now so I I assumed this was a thing that could be done. I can't seem to get the UWP project to actually build.
You can generate a certificate without password assigned.
Or add a PowerShell step in your build definition to import the password protected certificate. Following is the powershell script you can use:
$pfxpath = 'myapp_TemporaryKey.pfx'
$password = 'yourpassword'
Add-Type -AssemblyName System.Security
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import($pfxpath, $password, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]"PersistKeySet")
$store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "MY", CurrentUser
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]"ReadWrite")
$store.Add($cert)
$store.Close()
Remember to set the "Working Folder" to the path where your pfx file placed.
By default .gitignore ignores any *.pfx file. Therefore it is not added to git. I had the same issue, that the build machine does not has the *_StoreKey.pfx file and therefore the build did not succeed.
For me the solution was to install the *_StoreKey.pfx on the build server. Then building the solution on the build server succeeds.
I solved this with the "secure files" feature: https://learn.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=vsts
In the build pipeline, there's a "library" tab. I added the pfx (that's excluded from source control) as a file there.
I then added "download secure file" as a build task (https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/utility/download-secure-file?view=vsts). Note the environment variable in the documentation (currently $env:DOWNLOADSECUREFILE_SECUREFILEPATH)
I then added a command line task to move the file to where it was expected. So the command was move %DOWNLOADSECUREFILE_SECUREFILEPATH% FolderOfMyProject
Now it behaves as though the certificate were checked in.
Same issue I met these days, And I finally successfully solved with the help of this post.
Actually we must ensure we had create a test-used .pfx as the developer of UWP
,and followed words shared some helpful solutions I thought:
Create a test certificate with VS:
In Visual Studio, from Solution Explorer, open Package.appxmanifest
In the App Manifest Designer, choose the Packaging tab, and then choose the Choose Certificate button.
In the Choose Certificate dialog box, expand the Configure Certificate list, and then choose Create test certificate.
In the Create test certificate dialog box, input your info and click the OK button.(Above step description are coming from this ↓)
Create a certificate with MakeCert,Pvk2Pfx and Certutil tools
MDSN : How to create an app package signing certificate
Hope it can help u!
I too was getting the error:
"Cannot import the key file 'blah.pfx'. The key file may be password protected. To correct this, try to import the certificate manually into the current user’s personal certificate store".
You can double click a .pfx file to import it into your store, the trick is that when it brings up the wizard, you have to choose "Current User", instead of "Local Machine" on the first screen, then instead of "Automatic", I specifically chose "Personal".
I was able to build the package after that. Didn't work when I chose "Local Machine" + Personal.
Had the same issue (error APPX0107: The certificate specified is not valid for signing) and tryed every solution but nothing worked for me.
In fact their was a new line after the key name in the .csproj:
<PackageCertificateKeyFile>myCert.pfx
</PackageCertificateKeyFile>
Removed it and it worked.
I have a OneClick Deployed VSTO Addin that I have signed with a up-to-date Verisign code-signing certificate (PFX). I have verified that I am signing correctly with Verisign support on the phone – they concur. I am building with VS2010. Nonetheless, the Addin shows “unknown publisher” when I try to install.
Why?
How can I replace “Unknown Publisher” with the name of the Publisher on the PFX certificate?
This is what I have done to try to solve the problem to date:
Found this question about “Unknown Publisher” issue on Addins. The accepted answer to that question discusses using mage.exe to sign the deployment and application manifests.
I used mage.exe to apply the PFX signature to both the application and deployment manifests to no avail; “Unknown Publisher” still shows when I install the Addin. Only then did I see a comment by a MS program manager on the page of the last link that VSTO Addin's built under 2008 or earlier do not read either the application or deployment manifests.
Then I saw the same MS program manager's comment at bottom linking to this page and asserting that starting in VS2010 that VSTO Addin's with Publisher specified as given in the linked page will now have their manifests read and the correct Publisher name displayed upon Addin installation.
I have done all this and the publisher on my correctly code-signed OneClick Deployment still shows “Unknown Publisher” - why?
Follow these steps:
Install the certificate on your local machine. In Windows Explorer right-click the certificate file, select Install PFX, and follow the instructions.
Ensure the VSTO project manifest and assembly are signed. In the VSTO project's properties on the Signing tab, "Sign the ClickOnce manifests" should be checked (if not, select your PFX file). "Sign the assembly" should also be checked and using the same PFX file.
After publishing the VSTO, you'll need to sign the manifest and the published .vsto files from the command line. You will also need to copy the .dll's from the bin to your published folder before you run mage.exe (to avoid "File Not Found" errors). I highly recommend signing both .vsto's for safety's sake. Here is the command line code to perform these steps:
-
set AppPublishPath=bin\Release\app.publish
set AppPublishVersionPath=bin\Release\app.publish\Application Files\MyProjectName_1_0_0_0
set CertificatePath=C:\SignedCertificate.pfx
set CertificatePassword=password
copy bin\*.dll "%AppPublishVersionPath%"
mage -update "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
mage -update "%AppPublishVersionPath%\MyProjectName.vsto" -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
mage -update "%AppPublishPath%\MyProjectName.vsto" -appmanifest "%AppPublishVersionPath%\MyProjectName.dll.manifest" -certfile "%CertificatePath%" -Password %CertificatePassword%
See Nathan's comment below about a possible additional step.
My application is currently using SSCrypto.framework to decrypt a string encrypted with Blowfish. SSCrypto utilizes OpenSSL which is a new problem for me. Using the 10.6 base SDK while targeting 10.5 doesn't seem to work. The issue is explained in this Apple Mailing List thread: http://lists.apple.com/archives/Cocoa-dev/2009/Aug/msg01737.html
I have to use Blowfish or all copies currently in the field would stop working once they were updated (they rely on a previously stored Blowfish encrypted string which they have to be able to decrypt and verify).
OpenSSL has a very permissive license, so just link it into your app as a static library. You should then still be able to use the SSCrypto framework, or you can just call the OpenSSL libcrypto routines directly.
Step 1: Build openssl from source: Download OpenSSL
Step 2: Add a header search path to Xcode, pointing to the OpenSSL include directory for the source tree you built
Step 3: Link against libcrypto.a. Note: to prevent XCode from linking against the system's dynamic copy of libcryto, do NOT add libcrypto.a to your XCode project. If you do, that will add a -lcrypto to the linker command, and the linker will resolve that by looking for a dynamic library first (which it will find in /usr/lib - exactly what you don't want)
Instead, put the full path to the library in "Other Linker Flags"
Step 4: Build.
Blowfish is simple and common enough that you may be able to easily embed your own copy of the algorithm.