Hi Graham,
as I understand you, you are concerned, why there are still warnings, though 
you have signed your installer. That is standard since Win 7. The "only" 
difference is, that the warnings show the text "... of the trusted developer 
xy" instead of "... of unknown developer". But you can't get rid of the 
warnings. Actually the "warnings" are just a request if you are a human being 
and really want to install the wanted software, so that no bot can install a 
software "under the hood" without notice.

Tiemo

-----Ursprüngliche Nachricht-----
Von: use-livecode [mailto:use-livecode-boun...@lists.runrev.com] Im Auftrag von 
Graham Samuel via use-livecode
Gesendet: Sonntag, 15. Januar 2017 17:40
An: How to use LiveCode <use-livecode@lists.runrev.com>
Cc: Graham Samuel <livf...@mac.com>
Betreff: Re: Another naive question about code signing

Matthias, I took your advice. I don’t use tsnet so that wasn’t a difficulty for 
me. So what I did was to sign the standalone (this was Windows, so it was a 
.exe file), then create the installer and sign that. I used Ksign for these 
processes.

I then went through the process of downloading and running the installer and 
was disappointed to see a few warnings, both from Windows and from Norton, 
concerning the installer. Eventually I did the install and started the program 
itself, and Windows did report that it was from a trusted publisher.

Is this the best that I can get, or have I missed a step somewhere? Where I’m 
at at the moment, I think the process could still scare users.

If you’ve got time perhaps you can clarify this for me further - I’d be 
grateful.

TIA

Graham

> On 14 Jan 2017, at 23:04, Matthias Rebbe via use-livecode 
> <use-livecode@lists.runrev.com> wrote:
> 
> Graham,
> 
> first you have to sign the standalone with all externals. If you are using 
> Ksign.exe then just add the folder,which contains the standalone and its 
> subfolders, in Ksign.
> Please be aware that if your standalone make use of the tsNet external,then 
> you have to change the file attributes of tsnet.dll to be writable before you 
> codesign it. Otherwise Ksign.exe will not be able to sign the tsnet.dll.
> tsnet.dll by default is read only. At least if the Windows standalone is 
> created  on Mac.
> 
> After you have signed the standalone and its externals create the installer 
> and codesign that exe again. 
> 
> That´s how i am doing it.
> 
> Regards,
> 
> Matthias
> 
> 
> 
>> Am 14.01.2017 um 19:47 schrieb Graham Samuel via use-livecode 
>> <use-livecode@lists.runrev.com <mailto:use-livecode@lists.runrev.com>>:
>> 
>> Having taken a lot of advice from this list and after a delay getting 
>> certificates, I’m about to do some actual code signing for an app that has a 
>> Windows and a Mac version. I am so unsure about the process that i don’t 
>> understand whether I apply the process (let’s say with Ksign for Windows) to 
>> the installer or the app itself.
>> 
>> In my case the installer installs additional files apart from the executable 
>> (all neatly packaged up in the Mac version of course, but separate in the 
>> Windows one). Since an installer is itself executable, I suppose starting an 
>> installer will generate those irritating warnings (yes, I know, they are for 
>> my users’ benefit, but still…) - on that basis, should the installer be 
>> signed? Or should I codesign everything, executables, additional files 
>> (these can be stacks, which are in some sense executable) and the installer 
>> too? I think the latter, but I’m not sure.
>> 
>> This must be blindingly obvious to everyone else, but it is not easy to get 
>> a simple answer from the internet. Of course I will just do it and see what 
>> happens, but I would be glad to understand what ‘normal practice’ might be.
>> 
>> Graham
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode@lists.runrev.com <mailto:use-livecode@lists.runrev.com>
>> Please visit this url to subscribe, unsubscribe and manage your subscription 
>> preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode

Reply via email to