PDA

View Full Version : Archive Integrity error



ccordes
09-23-2017, 10:57 AM
Hello,

I am getting an Archive Integrity error [AUTHENTICODE]
I can guess that it is checking some CRC against itself. And I can see how that would happen when someone downloads the install from the website.

Other posts all seem mention the problem to occur after downloading. My problem is that this is occurring when I run te install from the SB project folder - it's not even copied to a different location yet.
The file size is a little bit large - 1.8 GB

I have 7 different versions of this install the first 3 went perfectly. #4 failed.
I will try creating the rest but in the mean-time, is there any suggestion what I may be doing wrong?

Thanks
Chris C

linder
09-25-2017, 03:25 AM
Chris,

Your case is different from the other threads and has nothing to do with "downloads". You have enabled the "Verify Code-Signed Install at Startup" option. That means you instruct the installer to let Windows check the code-signature of your setup. But Windows reports that the signature of your file is invalid (signature broken -or- can't be verified, etc.).

From the Microsoft site: "When signing an executable file that is larger than approximately 300 megabytes for use on a computer running Windows XP with Service Pack 2 (SP2) and later [...]. Depending on the available system resources of the computer on which the file is verified, some applications may not be able to verify the binary signature of a large file. For more information, see KB article 922225."

There is still a MS code-sign limitation even on Windows 10 and Server 2016 machines, but it's not documented (depends on the Windows patch level, system resources, and more). Check manually if the code-signature on file #4 is valid. If this is the case, then it's not caused by the code-signing process (signtool.exe) but by the verification side. Please note, this is not related to SetupBuilder. It's a Microsoft Authenticode thing (sometimes signtool.exe related, sometimes PE Header related, sometimes Windows system resource related)!

Side note: From time to time, Windows needs a root certificate update (it's done automatically) to check for revoked certificates. If a machine has an "outdated" root certificate (e.g. user kills the Update service or computer not Internet connected for some time) then Windows might return a "certificate not valid" status.

Some interesting threads:
http://www.lindersoft.com/forums/showthread.php?47566-Dual-vs-SHA2-code-signing&p=87567#post87567
http://www.lindersoft.com/forums/showthread.php?47566-Dual-vs-SHA2-code-signing&p=87570#post87570
http://www.lindersoft.com/forums/showthread.php?35474-New-security-function-in-SetupBuilder-7-7
http://www.lindersoft.com/forums/showthread.php?43842&p=78775#post78775

Friedrich