Page 1 of 1
X4 Code Signing Fails
Posted: Tue May 03, 2016 4:25 pm
by Shmulik28
I'm using a new DigiCert Sha-2 certificate within InstallAware Studio (purchased couple days ago) - Worked fine in Installaware 18
Upgraded to X4 for the Double Code signing -->
In the Authenticode Signature Screen on the PFX/P12 File Tab:
Personal Information Exchange...
/path/to/codesigningfile
Time stamp URL:
http://timestamp.comodoca.com/rfc3161The installer goes through many files Code SIgning /Double COde signing ...
it finally ends with:
Error during build: Code signing failed!
What should I be looking for - how to debug???
Re: X4 Code Signing Fails
Posted: Wed May 04, 2016 11:39 am
by FrancescoT
Dear Shmulik28,
from the build dialog you should be able to see which is the file that caused the issue. This should be the last file listed into the build process window.
It may be possible that such particular file is already signed.
If this the case, you can exclude already signed files from the signature process.
Automatically sign all .EXE, .DLL, .OCX, .SYS, .CPL, .DRV, and .SCR files being installed
This is a three-state check-box which has effect only if the main Sign the package with Authenticode check-box is checked.
When this check-box contains a check mark, all mentioned file types included in your setup through the Install Files, Install Service, Install Assembly, and Install ODBC Driver commands will be automatically code signed.
When this check-box contains a square (does not contain a check mark but is not empty either), files will be code signed only if a signature does not already exist.
When this check-box is clear (does not contain a check mark or a square), no automatic code signing occurs for files included in your setup.
Hope this helps you.
Regards
Re: X4 Code Signing Fails
Posted: Wed May 04, 2016 1:47 pm
by Shmulik28
Ok - missed that on the tri-state checkbox.
Went back in and set the "Automatically sign ..." to the square.
Still get an error message (Failed) - the previous file is from a third party uninstaller (uninst.exe) - I launch their installer from my installer, etc.
So, is there a way in the script to exclude a specific file?
Re: X4 Code Signing Fails
Posted: Wed May 04, 2016 1:56 pm
by Shmulik28
One piece of additional information:
So we're using a third party product (Web Update Wizard) to provide in software updates - in my installer I include and execute their installer (in silent mode) wuwinstaller.exe and their uninstaller (uninst.exe) when my application is uninstalled.
I ran the signtool from the command line as follows:
>signtool sign /a /t
http://timestamp.comodoca.com/rfc3161 wuwinstaller.exe --> signs it fine
>signtool sign /a /t
http://timestamp.comodoca.com/rfc3161 uninst.exe --> Error (0x800700C1), not a valid win32 application
so I definitely need to not try and sign this one file - can this be done in script?
Re: X4 Code Signing Fails
Posted: Thu May 05, 2016 7:13 am
by Shmulik28
Follow-up:
Contacted the vendor - quick reply from him, his installer/uninstaller was using NSIS - apparently NSIS doesn't create a well-formed installer. He provided an updated, signed installer/uninstaller so all is good (really nice to see such a quick positive turnaround from a vendor!).
Still would be useful to have the ability to somehow tag an individual file with a [IgnoreCodeSign] flag for less responsive third party vendors!
Re: X4 Code Signing Fails
Posted: Thu May 05, 2016 10:18 am
by FrancescoT
Dear Shmulik28,
it's in fact the software vendor responsible of that and you did the right thing with contacting them.
We'll take in account your suggestion, however I am not quite sure if this can be implemented.
Regards