On Fri, Jun 22, 2012 at 9:04 AM, Jürgen Schmidt <[email protected]> wrote: > On 6/22/12 2:34 PM, Jürgen Schmidt wrote: >> On 6/22/12 1:47 PM, O.Felka wrote: >>> Hello Jürgen, >>> >>> Am 22.06.2012 13:03, schrieb Jürgen Schmidt: >>>> Hi, >>>> >>>> I analyzed and played with code signing on Windows using a self signed >>>> test certificate. >>>> >>>> Thanks to Andre and his Perl skills I was able to fix a strange build >>>> problem with a too long command line triggered from a makefile to perl. >>>> Anyway this is solved now. >>>> >>>> I have now signed a full install set and would like to ask if somebody >>>> is interested to test it and give me feedback. >>> >>> I've made some quick tests under XP and Win7. >>> Starting the zipped file for unpacking gives a an unknown distributor in >>> the UAC dialog. >> >> I assume that is normal because the self signed certificate can't be >> verified but I have to collect more info ... > > I double checked on my machine where the certificate is already known > and I get as verified publisher "Apache OpenOffice (Dev Build)" >
Is there a way that testers can import the same certificate, so the signature verification works like it would with a real cert? >> >> The same when I start the the setup.exe. >>> The properties of the zipped download file, the msi file and the >>> setup.exe shoa "Apache OpenOffice (DevBuild)" as >>> 'Signaturgeberinformation'. >> >> that is expected >> >>> >>> Installing the Office and looking at the 'control panel -> Add remove >>> and software' shows "OpenOffice.org" as distributor. >> >> mmh, I am not sure where this information comes from. Again I have >> collect more info... > > but in the control panel I still get as publisher "OpenOffice.org" > > mmh... Could that be a vendor resource string associated with the EXE or DLL header PE header? -Rob > > Juergen > > >> >> But thanks for the feedback >> >> Juergen >> >>> >>> I fear that this is not what you've wanted. >>> >>> Groetjes, >>> Olaf >>> >>>> >>>> You can find a signed download file under >>>> http://people.apache.org/~jsc/signing_test/Apache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe >>>> >>>> >>>> NOICE: this is a build based on AOO34 branch without the updated version >>>> numbers. It's no dev build, please be careful if you test it. >>>> >>>> I have to check the whole process and probably have to improve some >>>> things to make it final. The last important step is triggered manual by >>>> now. >>>> >>>> I use a Personal Information Exchange file (*.pfx) of my self signed >>>> certificate with a passcode that is specified during the build process. >>>> >>>> This seems to be a good approach to handle a certificate in this >>>> scenario and during our build process. >>>> >>>> I will keep you informed... >>>> >>>> Juergen >>>> >>> >>> >> >> > >
