2 Attachment(s)
Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
Hello. Recently, my builds have been generating a "Compiler Error GEN 1053: Codes signing process failed. Error Code: -1" message. Earlier this month, I had no issues and to my knowledge nothing has changed with the certificate or SB7 file. I went through the other threads to troubleshoot and one recommendation was to get rid of the Private Key password so that I could try and manually enter it in. Leaving the field blank did not cause the password screen to stop. I wanted to test and see what would happen if I turned off the Digital Signature so I set Add a Digital Signature = No. The PW screen still automatically appeared and disappeared and the same error shows up as if it were still trying to Add the Digital Signature.
I don't believe there are any issues with the certificate itself because it doesn't expire until 2014 and we have another program which uses the same credentials, private key, locations, URLs. and that program builds without any errors. I need to have the digital signature but am concerned there is another issue because turning it off gives me the same results.
Any thoughts on how to resolve this issues would be greatly appreciated! THANKS!!!!
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
Hello,
If you can correctly code-sign another file with this certificate and the very same configuration information then it is:
1. The timestamp server is not available from your Win7 machine for this file (your anti-spyware or anti-virus is buggy and does not let Authenticode access the Comodo or VeriSign timestamp server).
-or-
2. The PE header of the to be code-signed file is not valid. Try to code-sign that file manually with the ..\Bin\SignCode.exe tool to see if it reports a human readable error message.
BTW, your screenshots shows two completely different locations for code-signing. The "General Information" screen defines the certificate for your setup.exe. But you have an error in your pre-processor code-signing. So make sure that you have the information correct in the pre-processor (e.g. that you don't point to an expired certificate or use an incorrect password in the pre-processor!).
Hope this helps.
Friedrich
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
> BTW, your screenshots shows two completely different locations for code-signing. ... "General Information" ... pre-processor code-signing
That was my problem. Carl fixed bad settings in the #code-sign in my script. But then I still get an errors.
> 1. The timestamp server is not available from your Win7 machine for this file (your anti-spyware or anti-virus is buggy and does not let Authenticode access the Comodo or VeriSign timestamp server).
Now I seem to have this problem frequently. Carl wrote a BAT file to run SignCode and I see it returns the error:
"Error: TimeStamping Failed. Result = 80070020, (-2147024864)"
He tweaked his SignCode parms to have "/tr 3 /tw 3" so it does 3 tries with a 3 second pause. With the pause in that works everytime....in the BAT file. After that SB seems to work. But it has to do 3 signnings (APP EXE,Uninstaller,Setup.exe) and I see it fail a lot on the Uninstaller.
Googling the TimeStamping error I see some mention that its a timing issue under Win 7. That some process or thread has locked the EXE file, so the /t errors. It makes sense that retrying 3 seconds later would work.
Is there a place in SB to let me tweak the SignCode parms to add these "/tr 3 /tw 3" parameters?
Another fix I saw was to sign without timestamp, then run signcode again with the "/x" switch to timestamp only. I have not tried it.
I run SB on a network drive, maybe that is part of the timing issue. My AV is Symantec Endpoint Protection.
Do you have any suggestions for me and the 80070020 error?
John
PS: Carl suggests that SB have a "Test/Debug SignCode" feature that generates a BAT file containing the parms (but not password) and during the Compile process runs the BAT file and waits for it to finish.
Like this with a pause to see the results:
Code:
@echo SetupBuild SignCode Debug
@echo Signing Command: Signcode.exe /tr 3 /tw 3 /a sha1 /spc X:\dir\cert\MyCredentials.spc /v X:\dir\cert\MyPrivateKey.pvk /t http://timestamp.verisign.com/scripts/timstamp.dll X:\app\MyECFMail_setup.exe
@IF not exist X:\dir\cert\MyCredentials.spc ECHO Cannot find file: X:\dir\cert\MyCredentials.spc
@IF not exist X:\dir\cert\MyPrivateKey.pvk ECHO Cannot find file: X:\dir\cert\MyPrivateKey.pvk
@IF not exist X:\app\setup.exe ECHO Cannot find file: X:\app\setup.exe
@echo You will need to enter the signing certficate password in the popup window
Signcode.exe /tr 3 /tw 3 /a sha1 /spc X:\dir\cert\MyCredentials.spc /v X:\dir\cert\MyPrivateKey.pvk /t http://timestamp.verisign.com/scripts/timstamp.dll X:\app\setup.exe
@echo Please note the result of SignCode
pause
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
One tech support tip...
when the timestamping error occurs the EXE does have a new digital signature (file date-time updated), but the digi-sig doesn't have a timestamp.
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
I tried adding " /tr 3 /tw 3" under Tools,Options,File Locations to the SignCode line but it errors in compiling.
That page would be a good spot to add parm override.
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
John,
I think there is a problem with your protection software product (as I understand it, earlier this month you had no issues so it seems to me that one of the latest definition updates introduced it in your case). What you can try is to add the code-signing tool to the "exclusion" list. Perhaps this can help to let it go through to the timestamp server.
Or convert your .spc/.pvk to a .pfx and use signtool.exe to code sign.
Friedrich
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
Yes, this is correct and expected. That's how the MS Authenticode tool works.
Friedrich
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
You can't add parameters. "File Location" only points to the signtool.exe or signcode.exe files.
But we'll add a compiler #pragma to SetupBuilder 8 to specify the maximum number of timestamp trials until success and the delay (in number of seconds) between each timestamp trial.
Friedrich
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
Added and changed in SetupBuilder 8:
IMPROVEMENT: IDE: Add CODESIGN_DELAY #pragma to set the delay (in number of seconds) between each timestamp trial. Defaults to 3.
IMPROVEMENT: IDE: Add CODESIGN_TSTRIALS #pragma to set the maximum number of timestamp trials until success; defaults to 3.
CHANGE: IDE: The default delay between each code-signing timestamp trial increased from 0 to 3 seconds.
CHANGE: IDE: The default maximum number of timestamp trials until success increased from 1 to 3.
Friedrich
Re: Compiler Error GEN 1053 appears when Digital Signature set to Yes or No
Quote:
Originally Posted by
linder
IMPROVEMENT: IDE: Add CODESIGN_DELAY #pragma to set the delay (in number of seconds) between each timestamp trial. Defaults to 3.
IMPROVEMENT: IDE: Add CODESIGN_TSTRIALS #pragma to set the maximum number of timestamp trials until success; defaults to 3.
Think that's a good idea you defaulted to multiple tries. I searched and see a bunch of people saying they needed to add timestamp retires to work consistently. I've seen no downside. You want a timestampm, you may need to wait.
BTW 3 and 3 were numbers I picked without any research that happended to work right away. I just went and tested a bunch of combos and 3 seconds seems to be the minimum wait that I needed. I'd suggest 4 or 5 retries as the default to try to get it done as often as possible.
SignCode is silent with doing the retries so its hard to know what is working.
Any reason I can't write my own Clarion based Signer EXE for you to call?
Basically: RUN('SignCode.exe '/tr 3 /tw 3 ' & clip(command(''),1)
Hmmmm I need the ExitCode from that which I can't think how to do without CreateProcess() or ShellExecuteEx).