OK, first off I am using the older code signing (the one that is built
in), so that might make a difference. Also using latest SB release.

I have noticed that if during the made phase, a file fails code
signing the program stops - that is good. However when I run the build
again, it will skip that file that had an error saying that it is
already code signed.

Looking at the file, it is code signed however without a timestamp. So
the build is correct, however would it be possible that if build is
set to timestamp, that is checks to see if the stamp is there and if
not, redo it? Or would it be better just to uncheck the "Skip if
signed" option?

Not a big deal, just like to know.

Barton Whisler
Prosoft Inc.
Tampa, Florida

Hi Barton,

Unfortunately, this is how Authenticode code-signing works. If timestamps
fails (e.g. your protection software blocks access to the timestamp server)
then the file is code-signed (process succeeded) but not timestamped
(process failed). But it already changed the binary contents of your file!

If you uncheck the "Skip" option then next time the compilation process will
continue but skip that file because it is already code-signed. It is not
possible to "redo" it because you can't remove that code-signature from the
binary file.

So the only option you have is 1) replace the file with the original
untouched version -or- 2) uncheck the "Permanent" checkbox (only if you can
use that feature for your project).

Note: If the "Permanent" checkbox is not marked, the compiler leaves the
original File Name file untouched. The compiler creates a temporary copy of
File Name and after script compilation restores it to the original. If you
wish to permanently code-sign an application (File Name stays code-signed
after the compilation process), mark this checkbox.

Friedrich

Thanks, that kind of what I thought but figured it would hurt to ask.

Barton

Barton Whisler
Prosoft Inc.
Tampa, Florida

> OK, first off I am using the older code signing (the one that is built
> in), so that might make a difference. Also using latest SB release.

Barton,

Regardless of this present problem, why don't you use the latest
signtool.exe? As I recall, there was a problem of the older tool -
signcode.exe and SB - NOT SB's problem, but how signcode.exe worked - and
if you clicked on another software program, it would fail because it
demanded primary focus until SB compiled.

Encourager Software Developer Tips
MFG - Encourager Software
http://www.encouragersoftware.com/software-developers.html

OLDER CodeSign tool - signcode.exe - Use a certificate in spc and pvk file
format.

Download this CHM tutorial - my company covers how to use pvk2pfx.exe and
convert spc and pvk file format to PFX format to work with the MUCH better
tool - signtool.exe

Also, EASY to obtain signtool.exe - get the latest W7 version - does NOT
need capicom.dll as W7 and above no longer support it - ALL of this is
covered in the Developer Tips CHM.

Besides to get the older files - signcode.exe - Use a certificate in spc
and pvk file format. - require XP or older each time you order the
certificate.

To obtain the PFX file - use modern OSs and moderns browses to order - the
WHOLE process is much easier!

AND, Jane Fleming's well written tutor - Learning SetupBuilder Part I -
contains a wealth of DETAILED code signing information as well.

David

--
From David Troxell - Product Scope 8 (Soon!) - Encourager Software
http://www.encouragersoftware.com/software-developers.html

David,

I have great plans to do just that, just no time<g>. I have a lot of
projects that I would need to go back and change. I know there is not
much to do within each one, but adds up.

This will help push that change up my ToDo list!

Barton

Barton Whisler
Prosoft Inc.
Tampa, Florida

> I have great plans to do just that, just no time<g>. I have a lot of
> projects that I would need to go back and change. I know there is not
> much to do within each one, but adds up.

I still use the old tool as well.

As long as you don't click into another app and let SetupBuilder do it's
thing it is pretty reliable.

Since I want to see what is going on as my installers are built it is not a
problem for me.

:-)

Charles



--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.clarionproseries.com - ProScan, ProImage, ProPath and other Clarion
developer tools!
www.ezchangelog.com - "Free ChangeLog software to manage your projects!"
www.setupcast.com - "A revolutionary new publishing system for software
developers - enhanced for SetupBuilder users!"
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms - Now with PNG support!
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

> David,
>
> I have great plans to do just that, just no time<g>. I have a lot of
> projects that I would need to go back and change. I know there is not
> much to do within each one, but adds up.

Barton,

Seriously, the time to download it (use the Dev Tips help topic to make
that part a breeze), convert the spc and pvk to PFX, change the signtool
file location field in SB7 Options, and create a Certificate Profile or
several in SB7 options - would be a minimal time investment for a great
productive change.

Then as you release each project - you're just a couple mouse clicks away
using the Certificate Profile - Friedrich has been it SO easy, even a
"caveman" can do it. :-)

David

--
From David Troxell - Product Scope 8 (Soon!) - Encourager Software
http://www.encouragersoftware.com/software-developers.html