I'm setting up a new machine, and I'm trying to working through the
last few wrinkles.

In conjunction with the new machine, I've also moved one of projects
from P: to C:, and I've already changed all those references in my SB8
file.

However, when I compile the installer, I get two warnings of GEN1061:
File not found (without mentioning a filename). Then an error of
GEN1053: Code signing process failed. Error Code: -1.

I tried manually signing an EXE in DOS, and realized that I hadn't
installed the Microsoft SDK on on the machine. I went ahead and got
the latest (which was apparently 32-bit instead of 64-bit on my old
machine, but I couldn't find the 64-bit one). Then I tweaked my
manual SignIt.cmd with the new filename, and it work.

I tried it again in SB8, but it still didn't work. Then I figured it
must be a problem with the path, as it was with my own SignIt.cmd. I
dug though the SB8 Options, and found it pointing to C:\Program Files
(x86)\Lindersoft\SetupBuilder 8 Developer\Lib\SignCode.exe. However,
that file doesn't exist.

My manual signer uses C:\Program Files (x86)\Microsoft
SDKs\Windows\v7.1A\Bin\signtool.exe (not SignCode). Should I just
change the SB8 option to point to that file, or is there another
approach I should use?

Mike Hanson
www.boxsoft.net

Mike,

> I tried it again in SB8, but it still didn't work. Then I figured it
> must be a problem with the path, as it was with my own SignIt.cmd. I
> dug though the SB8 Options, and found it pointing to C:\Program Files
> (x86)\Lindersoft\SetupBuilder 8 Developer\Lib\SignCode.exe. However,
> that file doesn't exist.

If the "SignCode.exe" file does not exist the "something" removed it ;) For
example, your anti-virus protection product? It's part of the standard
installation (see attached screenshot).

SignCode.exe makes use of .PVK/.SPC files to code-sign. Because you get two
compiler warnings of GEN1061: File not found (without mentioning a filename)
I am sure that you have used "SignTool.exe" in the past with your .PFX
cerificate.

> My manual signer uses C:\Program Files (x86)\Microsoft
> SDKs\Windows\v7.1A\Bin\signtool.exe (not SignCode). Should I just
> change the SB8 option to point to that file, or is there another
> approach I should use?

If you code-sign with your .PFX file then you have to use "SignTool.exe".
Just point the SB8 Options to the SignTool.exe file and you are done.

Does this help?

Friedrich

Sorry, your SignCode.exe is there. (I was using CMD, and forgot to
wrap the "spacey" path with quotes.) So it should be finding it.

This is the same p12 file that I used on my old machine, and it's in
the same location "P:\Comodo".

However, this discussions has made me realize that I didn't go through
all of SB8's general program options. I've just taken a quick look on
my old machine, and at the very least I'm missing an entry on the
Certificate tab.

Blame me for thinking all of the necessary stuff would have been
stored in the SB8 file. ;) I'll go through those, and let you know if
I'm still having trouble.

Mike Hanson
www.boxsoft.net

Mike,

> This is the same p12 file that I used on my old machine, and it's in
> the same location "P:\Comodo".

I think your only problem is that you did not switch to SignTool.exe. As I
understand it, you are using the .p12 file to code-sign but you are using
SignCode.exe!

You said:

>> I dug though the SB8 Options, and found it pointing to C:\Program Files
>> (x86)\Lindersoft\SetupBuilder 8 Developer\Lib\SignCode.exe.

This option should point to your SignTool.exe and NOT to SignCode.exe!

Friedrich

Yup, confirmed. :)

Mike Hanson
www.boxsoft.net

I had to change your SignTool.exe to use my SignCode.exe. (I had done
the same on my old machine.) Once that was changed, it finished
without errors. Thanks!

Mike Hanson
www.boxsoft.net

Wait, not quite!

Now it kind of works, but keeps failing in the midst of all the code
signing. I've got about 16 EXEs that get signed, and *.DLL as well.
Some number of them will process, then I'll get:

Compiler error GEN1053: Code signing process failed. Error Code: 1.

It slowly worked its way down the list (with repeated compiles), but
is now stalled out on the 10th entry, with nothing seemingly wrong
with it.

It couldn't be that this machine is too fast, could it? <g>

Mike Hanson
www.boxsoft.net

>
> It couldn't be that this machine is too fast, could it? <g>
>

No, your protection software is too buggy, it's not caused by your fast
machine <g>. Assuming that you have enabled "Skip if already code-signed".
I think you are using timestamping and your protection software simply
blocks access to the authenticode timestamp server. As a result, Microsoft
Authenticode code-signing fails. Try to use another timestamp server,
perhaps this makes it through your protection software. And I would suggest
to put the code-signing tool to your protection software's "exclusion list".

Friedrich

> It slowly worked its way down the list (with repeated compiles), but
> is now stalled out on the 10th entry, with nothing seemingly wrong
> with it.

And if it always fails on the 10th entry then it's very well possible this
DLL is damaged (e.g. a currupt PE header structure).

Friedrich

> I had to change your SignTool.exe to use my SignCode.exe. (I had
> done the same on my old machine.) Once that was changed, it
> finished without errors. Thanks!

Hmmm, your "SignCode.exe" can handle the .P12 file? The standard Microsoft
SignCode.exe can only process .PVK/.SPC files, not .PFX (.P12) files. To
process .PFX(.P12) files you need the Microsoft SignTool.exe tool.

Friedrich

SignTool is already allowed in Norton 360. (It must have added
itself, as I didn't do it. <g>)

I've gone ahead and rebuilt everything, and now it seems to be
working. Perhap's that particular EXE really was corrupted, but I'm
not sure how.

Thanks!

Mike Hanson
www.boxsoft.net

Perfect! Thanks for the update, Mike.

Friedrich

I'll try rebuilding the module.

Mike Hanson
www.boxsoft.net

I somehow mistyped. This is what I'm using:

C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe

Mike Hanson
www.boxsoft.net

> I somehow mistyped. This is what I'm using:
>
> C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe

Aha, okay. Yes, this is correct. SignTool.exe digitally signs files with
your .pfx (.p12) certificate.

Friedrich