Don't think this is possible in SetupBuilder, but figured I would ask.....

can I code sign EXE files that are in my install

For example:
in my install script I have several EXE files
Can I have the install script code sign each exe within the script?

--
Eric Jacobowitz
www.castlecomputer.com
www.cctsoftware.com

Eric,

If I understand your question correctly code signing is quite easy in SB. Here
is an example from one of my scripts...

#code-sign application "C:\Clarion6\Projects\LM\lm.exe" [Permanent]

Regards,
Kelly E Major

That was too easy!
Thanks

--
Eric Jacobowitz
www.castlecomputer.com
www.cctsoftware.com

> Don't think this is possible in SetupBuilder, but figured I would ask.....
>
> can I code sign EXE files that are in my install

Eric,

As Kelly said, easy to do!

Matter of fact, while a significant amount of work can be done in
Visualizers (General Information Visualizer, Files and Folder Visualizer),
using the Script Editor to powerfully customize the script is ONE Amazing
Tool!

In the Script Editor, just before Create Folders, I do the following:

Embed Vista Manifest into EXE

Run a batch file that calls Armadillo/SoftwarePassport to License protect
and Trialware enable the EXE.

Code Sign the EXE

The flexibility and wide array and innovation of professional and useful
features in SetupBuilder continues to grow, and is the reason, it's one of
the top Setup Tools today.

Of course, most here just simply agree - IT IS the TOP Setup Tool!

David

--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/

As the giys said, just another tip, if you want to codesign directly
from the clarion compilation, just run a batch file using the 'Run
File' option in the project setup.

========================
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\signtool.exe"
sign YourFile.exe
"C:\Program Files\Microsoft Visual Studio 8\SDK\v2.0\Bin\signtool.exe"
timestamp /t http://timestamp.verisign.com/scripts/timestamp.dll
Yourfile.exe
=======================

I need to call signtool twice as the file has to be signed before
adding the timpe stamp.

My 2cents

Didier G. Le Duc

Francened SARL

http://www.francened.eu

> As the giys said, just another tip, if you want to codesign directly
> from the clarion compilation, just run a batch file using the 'Run
> File' option in the project setup.

Unless you code much better than I do<g>, I think it is better to do it
inside SetupBuilder.

I may compile the app 500 times before I SHIP it.

So there is no need to code sign in Clarion (and wait 500 times) when I can
do it in SetupBuiler ONCE.

Just my $.02

;-)


Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

>Unless you code much better than I do<g>

Of course :-)

Now:
In a company you may need to compile and just distribute on the
network without going through the SB process and still want to sign
the app.
You can extend this by adding a flag in the project and run the batch
only in final release , with is not faster than just adding the batch
to it :-)
An this was merely antother view on how to codesign an app, do not
forget that lots of people are reading without ever sending a mail.
THis is for their tool box and obviously not yours <gr>

Didier G. Le Duc

Francened SARL

http://www.francened.eu

>>Unless you code much better than I do<g>
> Of course :-)

<VBG>


> Now:
> In a company you may need to compile and just distribute on the
> network without going through the SB process and still want to sign
> the app.
> You can extend this by adding a flag in the project and run the batch
> only in final release , with is not faster than just adding the batch
> to it :-)
> An this was merely antother view on how to codesign an app, do not
> forget that lots of people are reading without ever sending a mail.
> THis is for their tool box and obviously not yours <gr>

Sure Didier, that makes sense for that environment.

Another option that could be useful for something like that would be
Arnor's Build Automator. It could sign it and copy to a LAN folder (like a
batch file - but with "brains"<g>).

As with many things - there is more than one way to get the job done!

;-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Hi Charles,

> Another option that could be useful for something like that would be
> Arnor's Build Automator. It could sign it and copy to a LAN folder (like a
> batch file - but with "brains"<g>).

Correct. http://www.buildautomator.com

Version 1.5 which was out this week includes FTP upload action and Call DLL
action - apart from support for some more compilers and installers - so it
is getting pretty strong. I have a Code Signing action planned but it's
probably not going to be in there until early next year.

--
Arnór Baldvinsson - Icetips Creative, Inc.
www.icetips.com - www.buildautomator.com

Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php

Charles,

I do the same thing, but code signing can affect the behavior or an exe in
subtle ways. I often wonder about the wisdom of compiling/testing the app in a
different "mode" than it will be shipped to the client with.

If you use SB exclusively to code-sign and you don't build and use an installer
to install and test your entire app before shipping you've never really tested
what you will be delivering to the end user. I admit to being guilty of this
with regard to code signing. However, I do let Clarion either generate and/or
include a manifest to because I want to be sure to see what my users will when I
test.

Just a few thoughts...

Regards,
Kelly E Major

Kelly,

> I do the same thing, but code signing can affect the behavior or an exe in
> subtle ways. I often wonder about the wisdom of compiling/testing the app
> in a different "mode" than it will be shipped to the client with.
>
> If you use SB exclusively to code-sign and you don't build and use an
> installer to install and test your entire app before shipping you've never
> really tested what you will be delivering to the end user. I admit to
> being guilty of this with regard to code signing. However, I do let
> Clarion either generate and/or include a manifest to because I want to be
> sure to see what my users will when I test.
>
> Just a few thoughts...

I have different SetupBuilder scripts that embed Vista manifests and
code-sign application files silently (during a build process). This gives
me full control over the buold process. For SetupBuilder, I am working
with Clarion 6, Visual Studio 2002, 2003, 2005 and 2008, coding in C/C++
and C#.

For example, the following script is used to code-sign the SetupBuilder
modules. Code-signing is skipped if a module is already code-signed.
The script is called silently from a command-line build.

[ Initialize Setup ]
! --- Define commonly used constants ---
#include script "Common Definitions.sbi"

#code-sign application "[SB_PROJECT]\DSCAN.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\FSCAN.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\FWATCH.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\GacInst.exe" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\HTTP32.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\LSPACK.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\LSPATCH2.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\LSPUZIPX.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\LSPZIPX.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\SBKERNEL.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\sbmsic20.dll" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\SBPATCH.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\SBUTIL.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\sbvar.dll" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\SignCode.exe" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\SSCAN.DLL" [Permanent] [Skip]
#code-sign application "[SB_PROJECT]\x64.exe" [Permanent] [Skip]

SetupBuilder can do more than just compiling installations <g>

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

Friedrich,

As always, thank for your excellent input. Now I have more options to think
about. :)

Somewhat off topic; I seem to recall a while back you posted a list of all the
reasons an exe/dll needs to be code signed an all the bad things that can happen
if you don't. Someone asked me about this yesterday and I searched everywhere
for you message because my recollection is that it was quite well done. All I
could find in my history were messages where you stressed it was important to
code-sign for one reason or another but not the "super list of reasons to
code-sign" I had in mind.

Do you have a document like that or do you have a copy of any such post?

....or have I lost my marbles, or both? :)

Regards,
Kelly E Major

Kelly,

> As always, thank for your excellent input. Now I have more options to
> think about. :)

:)

> Somewhat off topic; I seem to recall a while back you posted a list of all
> the reasons an exe/dll needs to be code signed an all the bad things that
> can happen if you don't. Someone asked me about this yesterday and I
> searched everywhere for you message because my recollection is that it
> was quite well done. All I could find in my history were messages where
> you stressed it was important to code-sign for one reason or another but
> not the "super list of reasons to code-sign" I had in mind.
>
> Do you have a document like that or do you have a copy of any such post?
>
> ....or have I lost my marbles, or both? :)

Can't find it either and (this is alarming <g>) I can't remember the list.

But Microsoft recommends to code-sign *ALL* application files. Beginning
with SetupBuilder 6.7, we code-sign all SetupBuilder application files.
This was a requirement for the "Works With Vista" and "Works With Windows
Server 2008" certification. Without code-signing all application files you
can't even pass "Test 1".

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

"point. click. ship" - that's SetupBuilder
Create Windows Vista ready installations in minutes

-- Official Comodo Code Signing and SSL Certificate Partner

> I do the same thing, but code signing can affect the behavior or an exe in
> subtle ways. I often wonder about the wisdom of compiling/testing the app in a
> different "mode" than it will be shipped to the client with.
>
> If you use SB exclusively to code-sign and you don't build and use an installer
> to install and test your entire app before shipping you've never really tested
> what you will be delivering to the end user. I admit to being guilty of this
> with regard to code signing. However, I do let Clarion either generate and/or
> include a manifest to because I want to be sure to see what my users will when I
> test.

I agree.

I absolutely never do a build and upload in one pass without testing. In
fact I routinely test "off machine" on a non-development machine for both
the installer and the web updater.

There is no need to let Clarion manifest the app for testing during
development.

Just put an external manifest file in the app dev folder and when you
compile/run you will see what they see. Works like a charm.

;-)

Charles




--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

> There is no need to let Clarion manifest the app for testing during
> development.
>
> Just put an external manifest file in the app dev folder and when you
> compile/run you will see what they see. Works like a charm.

Kelly,

One thing I did not say about the above is that I develop with Clarion on
XP - not Vista.

If I were using the Clarion IDE on Vista then I'd use the technique that
Friedrich outlined (having a small SB executable to do the manifest and
code sign).

;-)

Take care,

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Charles,

That's OK, I think I forgot to say I develop on Vista. :)

Regards,
Kelly E Major

Do you fully test the download? I've often found the delivered product
not quite right. You really need to do a professional test instead of
guessing.

George.

> Do you fully test the download? I've often found the delivered product
> not quite right. You really need to do a professional test instead of
> guessing.

It's very important to do a full download/install. It's the only way to
find FTP upload transmission errors.

Friedrich

> It's very important to do a full download/install. It's the only way to
> find FTP upload transmission errors.

I agree.

We test the full installs and web updates the same way.

;-)

Charles


--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

> Do you fully test the download?

Absolutely.

> I've often found the delivered product
> not quite right. You really need to do a professional test instead of
> guessing.

That is the only way we roll<g>

;-)

Charles

--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------

Hi George,

> Do you fully test the download? I've often found the delivered product
> not quite right. You really need to do a professional test instead of
> guessing.

I test my installs on both XP and Vista, both full install and webupdate.
The Build Automator makes this whole process SO much easier because
EVERYTHING has exactly the same version- and build number so I KNOW
immediately if something is out of sync.

I use Total Commander with a user defined view that shows the version number
of the files so I can immediately see if something did not come through
correctly. It's also important to rename the Clarion folder on the machine
you test Clarion related installs on to make sure that all DLLs have been
installed correctly!

--
Arnór Baldvinsson - Icetips Creative, Inc.
www.icetips.com - www.buildautomator.com

Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php