I checked the Certification Kit report, It only complained about the unzipped installation package of the vcredist library, not the library itself, we can just fix this installation defect we done, I saw there is a defect already open for this.
On Tue, Jun 12, 2012 at 5:42 PM, Huaidong Qiu <[email protected]> wrote: > Can we remove the vcredist library from AOO and tell the users to download > it from MS? > > > > On Tue, Jun 12, 2012 at 1:53 PM, Liu Da Li <[email protected]> wrote: > >> I have create five items on Bugzilla to track these issue. >> >> - Issue 1. Test for "Section 3 Apps support Windows security features" >> is failed.Bugzilla ID 119946 link: >> [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946> >> >> >> - Issue 2. Test for "Section 4 Apps must adhere to system restart >> manager messages" is failed. Bugzilla ID 119947 link: >> [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947> >> >> >> - Issue 3. Test for "Section 5 Apps must support a clean, reversible >> installation" is failed. Bugzilla ID 119948 link: >> [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948> >> >> >> - Issue 4. Test for "Section 6 Apps must digitally sign files and >> drivers" is failed.Bugzilla ID 119949 link: >> [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949> >> >> >> - Issue 5. Test for "Section 11 Apps must support multi-user sessions" >> is not tested by Windows App Certification Kit.Bugzilla ID 119950 link: >> [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950> >> >> Anyone please help to check them, confirm them and fix them. >> >> 2012/6/12 XiuLi Xu <[email protected]> >> >> > Hi All, >> > >> > I upload the detailed test result and Windows 8 related links in the >> wiki >> > document, Windows App Certification Kit Test Results for Apache >> OpenOffice >> > 3.4< >> > >> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4 >> > > >> > >> > >> > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <[email protected]> wrote: >> > >> > > There are so many items in the Windows 8 certification list, I try to >> go >> > > through it and find that there is maybe about 43 TODO items for us to >> do >> > > the certification. Most of the TODO items are just a verification >> jobs, >> > > but some code change jobs maybe are need to do for the sections >> 4.1,5.1, >> > > 9.1, 10.2,11.7. >> > > I have try to verify some items, the result be marked at green. >> > > Herbert1 also go through the list, I put his result at the end of each >> > > section. >> > > >> > > Items which maybe need to change some codes >> > > ------------------------------------------------ >> > > 4.1 Your app must handle critical shutdowns appropriately >> > > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION >> will >> > > be sent WM_ENDSESSION and closed, while those that time out in >> response >> > to >> > > WM_QUERYENDSESSION will be terminated. . >> > > 5.1 Your app must properly implement a clean, reversible installation >> > > If the installation fails, the app should be able to roll it back and >> > > restore the machine to its previous state. >> > > 9.1 Your app must have a manifest that defines execution levels and >> tells >> > > the operating system what privileges the app requires in order to run >> > > The app manifest marking only applies to EXEs, not DLLs. This is >> because >> > > UAC does not inspect DLLs during process creation. It is also worth >> > noting >> > > that UAC rules do not apply to Windows Services. The manifest can be >> > either >> > > embedded or external. >> > > To create a manifest, create a file with the name >> <app_name>.exe.manifest >> > > and store it in the same directory as the EXE. Note that any external >> > > manifest is ignored if the app has an internal manifest. For example: >> > > <requestedExecutionLevel level=""asInvoker | highestAvailable | >> > > requireAdministrator"" uiAccess=""true|false""/> >> > > 10.2 Your app must avoid starting automatically on startup >> > > For example, your app should not set any of the following; >> > > Registry run keys HKLM and, or HKCU under >> > > Software\Microsoft\Windows\CurrentVersion >> > > Registry run keys HKLM, and or HKCU under >> > > Software\Wow6432Node\Microsoft\windows\CurrentVersion >> > > Start Menu AllPrograms > STARTUP >> > > 11.7 Your app must check other terminal service (TS) sessions for >> > existing >> > > instances of the app >> > > Note: If an app does not support multiple user sessions or remote >> access, >> > > it must clearly state this when launched from this kind of session. >> > > >> > > >> > >> ------------------------------------------------------------------------------------------ >> > > Full TODO items. >> > > >> > > 1. Apps are compatible and resilient >> > > 1.1 Your app must not take a dependency on Windows compatibility >> modes, >> > > AppHelp message, and or any other compatibility fixes >> > > TODO 1.1 : Need verification , don't depend. >> > > 1.2 Your app must not take a dependency on the VB6 runtime >> > > TODO 1.2 : Need verification , don't depend. >> > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls >> > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows >> > > AppInit_dlls. >> > > TODO 1.3 : Need verification , don't load. >> > > Herbert1: Win8 Cert Section 1 : ok >> > > >> > > 2. Apps must adhere to Windows Security Best Practices >> > > 2.1 Your app must use strong and appropriate ACLs to secure executable >> > > files >> > > TODO 2.1 : Need verification >> > > 2.2 Your app must use strong and appropriate ACLs to secure >> directories >> > > TODO 2.2 : Need verification >> > > 2.3 Your app must use strong and appropriate ACLs to secure registry >> keys >> > > TODO 2.3 : Need verification >> > > 2.4 Your app must use strong and appropriate ACLs to secure >> directories >> > > that contain objects >> > > TODO 2.4 : Need verification >> > > 2.5 Your app must reduce non-administrator access to services that are >> > > vulnerable to tampering >> > > TODO 2.5 : Need verification >> > > 2.6 Your app must prevent services with fast restarts from restarting >> > more >> > > than twice every 24 hours >> > > TODO 2.6 : Need verification >> > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it >> is >> > > fine,we are using nsis-2.46 for building the MSI package but Windows >> > itself >> > > does the installation of the MSI packages >> > > >> > > 3. Apps support Windows security features >> > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute >> (APTCA) >> > to >> > > ensure secure access to strong-named assemblies >> > > TODO 3.1 : Need verification, >> > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe >> > > exceptions handling >> > > TODO 3.2 : Need verification, we use it >> > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data >> > > execution >> > > TODO 3.3 : Need verification, we use it >> > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address >> > space >> > > layout randomization (ASLR) >> > > TODO 3.4 : Need verification, we use it >> > > 3.5 Your app must not Read/Write Shared PE Sections >> > > TODO 3.5 : Need verification, >> > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT, >> > > DYNAMICBASE, but the libraries we ship have to be modified to use >> these >> > > flags too,I'm almost certain that we don't use APTCA,I'm not so sure >> > about >> > > the RW PW Sections, but I guess we do not have any. >> > > >> > > 4. Apps must adhere to system restart manager messages >> > > 4.1 Your app must handle critical shutdowns appropriately >> > > TODO 4.1 : Need verification, >> > > 4.2 A GUI app must return TRUE immediately in preparation for a >> restart >> > > TODO 4.2 : Need verification, we do >> > > 4.3 Your app must return 0 within 30 seconds and shut down >> > > TODO 4.3 : Need verification,we do >> > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be >> > > implemented,these new messages are currently ignored >> > > >> > > 5. Apps must support a clean, reversible installation >> > > 5.1 Your app must properly implement a clean, reversible installation >> > > TODO 5.1 : Need verification, >> > > 5.2 Your app must never force the user to restart the computer >> > immediately >> > > TODO 5.2 : Need verification,we never >> > > 5.3 Your app must never be dependent on 8.3 short file names (SFN) >> > > TODO 5.3 : Need verification,we never >> > > 5.4 Your app must never block silent install/uninstall >> > > TODO 5.4 : Need verification, >> > > 5.5 Your app installer must create the correct registry entries to >> allow >> > > successful detection and uninstalls >> > > TODO 5.5 : Need verification, >> > > Herbert1: Win8 Cert Section 5: making sure that the registry entries >> and >> > > files are restored is difficult >> > > >> > > 6. Apps must digitally sign files and drivers >> > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) >> must >> > be >> > > signed with an Authenticode certificate >> > > TODO 6.1:Need to do digitally sign >> > > Herbert1: Win8 Cert Section 6: Having authentication credentials >> would be >> > > good even if don't pursue Win8 shop certification >> > > >> > > 7. Apps don’t block installation or app launch based on an operating >> > system >> > > version check >> > > 7.1 Your app must not perform version checks for equality >> > > TODO 7.1 : Need verification, >> > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but >> I'm >> > > almost certain that it is not a check for equality. Needs to be >> checked >> > > though. >> > > >> > > 8. Apps don’t load services or drivers in safe mode >> > > TODO 8 : Need verification, we don't >> > > >> > > 9. Apps must follow User Account Control guidelines >> > > 9.1 Your app must have a manifest that defines execution levels and >> tells >> > > the operating system what privileges the app requires in order to run >> > > TODO 9.1 : Need verification, >> > > 9.2 Your app’s main process must be run as a standard user >> (asInvoker). >> > > TODO 9.2 : Need verification, >> > > >> > > 10. Apps must install to the correct folders by default >> > > 10.1 Your app must be installed in the Program Files folder by default >> > > TODO 10.1: Need verification,we do >> > > 10.2 Your app must avoid starting automatically on startup >> > > TODO 10.2: Need verification, the quick start is a issue >> > > 10.3 Your app data, which must be shared among users on the computer, >> > > should be stored within ProgramData >> > > TODO 10.3: Need verification,we do >> > > 10.4 Your app’s data that is exclusive to a specific user and that is >> not >> > > to be shared with other users of the computer, must be stored in >> > > Users\<username>\AppData >> > > TODO 10.4: Need verification,we do >> > > 10.5 Your app must never write directly to the "Windows" directory >> and or >> > > subdirectories >> > > TODO 10.5: Need verification,we never >> > > 10.6 Your app must write user data at first run and not during the >> > > installation in “per-machine” installations >> > > TODO 10.6: Need verification,we do >> > > >> > > 11. Apps must support multi-user sessions >> > > 11.1 Your app must ensure that when running in multiple sessions >> either >> > > locally or remotely, the normal functionality of the app is not >> adversely >> > > affected >> > > TODO 11.1: Need verification, >> > > 11.2 Your app’s settings and data files must not persist across users >> > > TODO 11.2: Need verification, >> > > 11.3 A user’s privacy and preferences must be isolated to the user’s >> > > session >> > > TODO 11.3: Need verification, >> > > 11.4 Your app’s instances must be isolated from each other >> > > TODO 11.4: Need verification, >> > > 11.5 Apps that are installed for multiple users must store data in the >> > > correct folder(s) and registry locations >> > > Refer to the UAC requirements. >> > > TODO 11.5: Need verification, >> > > 11.6 User apps must be able to run in multiple user sessions (Fast >> User >> > > Switching) for both local and remote access >> > > TODO 11.6: Need verification, >> > > 11.7 Your app must check other terminal service (TS) sessions for >> > existing >> > > instances of the app >> > > TODO 11.7: Need verification, >> > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS >> > > session management >> > > >> > > 12. Apps must support x64 versions of Windows >> > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit >> > > Windows-based apps must run seamlessly on 64-bit systems to maintain >> > > compatibility with 64-bit versions of Windows >> > > TODO 12.1: Need verification, AOO can be run on 64-bit system >> > > 12.2 Your app and its installers must not contain any 16-bit code or >> rely >> > > on any 16-bit component >> > > TODO 12.2: Need verification, AOO not contain 16-bit code >> > > 12.3 Your app’s setup must detect and install the proper drivers and >> > > components for the 64-bit architecture >> > > TODO 12.3: Need verification, >> > > >> > > >> > > >> > > 2012/6/7 Rob Weir <[email protected]> >> > > >> > > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual >> > > > server. After a few minutes to figure out the new platform UI I >> > > > installed AOO 3.4. Install went without problems and it appears to >> > > > run fine. >> > > > >> > > > Of course, there is more that we could do to be a well-integrated >> > > > Windows desktop application. The best practices are outlined here: >> > > > http://msdn.microsoft.com/library/windows/desktop/hh749939 >> > > > >> > > > A lot of this is goodness that would help users on Windows 7 and >> > > > earlier versions as well. For example, the code signing reduces the >> > > > risk of tampering or corrupt files. It also reduces false >> complaints >> > > > by some anti-virus products. The recommended compiler options help >> > > > reduce the explotability of security vulnerabilities, especially of >> > > > the kind products run into reading binary file formats. More info >> on >> > > > these options are here: >> > > > >> > > > >> > > > >> > > >> > >> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx >> > > > >> > > > Did OpenOffice.org ever try for logo certification from Microsoft >> > > > before? If so, what was the experience? >> > > > >> > > > I think it might be worth trying for this with AOO, It would takes >> > > > some work, but in the end we would have better platform integration, >> > > > and a better user and admin experience. >> > > > >> > > > -Rob >> > > > >> > > >> > >> > >
