I have signed an Adobe AIR desktop app using a Cocomo Certificate. When I install on a Mac, the publisher is UNKNOWN. But the same .air file sent to a windows user is OK and installs as any signed app should.
Why should this happen? A certificate working on one OS, but not the other?
How can I investigate further? - to determine the cause.
Here are some more details:
The Certificate was obtained by a colleague on their PC. They converted it to a .pfx file, and sent me the .pfx, along with the password they used. I built the signed air app on my Mac.
My guess is: in addition to the main .p12/.pfx key for the AIR build process, you should try to use Mac Ceritificate (Developer ID Application: http://c2n.me/3qcrChL.png ). It helped me. The certificate might be got on the Apple Developers website: https://developer.apple.com (if you have a subscription).
In my case I was able to install .dmg on my MacBook Pro (where the .dmg file was created), but other users weren't able to install (when I send the file through the Internet or Skype).
Actually, the very process of signing is not clear. In my case I had to go through few steps:
1) Create .dmg (regular Adobe AIR build)
2) Deploy it
3) Sign the folder inside of it, something like dmg-folder-name/Contents/Resources/application-filename/Contents/MacOS/application-filename (where "dmg-folder-name" is sort of combination of the filename of the application + ".app", "application-name" is the filename of your application)
4) Sign the folder dmg-folder-name/Contents/MacOS/dmg-volume-name (where "dmg-volume-name" is something like "Install " + the filename of the application)
5) Sign the main dmg-folder
6) Create the new .dmg based on the signed files
It took a lot of time for me to figure out the correct solution. Also, please, pay attention to the order of steps, because it's IMPORTANT to sign the content of the main folder before you sign the main dmg-folder!
Also, I was able to find the topic on the Adobe website: https://forums.adobe.com/thread/1470113 . It has a lot of suggestions and some of them don't workd in my case, but some of them helped me to find a solution.
Related
My company distributes a Chrome extension along with our Windows apps. I have read the Google guidelines on doing so, here, and see that the recommended method of doing so is to publish the extension in the Chrome Web Store, which we have done. Then, during installation, we should place a key in the Windows registry, which will direct Chrome to download the extension from the store the next time it starts up. This all makes sense, and we are planning to use this method.
However, I am told by some of our developers that they are worried about certain scenarios (specifically in countries where access to Google servers may be blocked) where it may not be possible to install the extension this way. Therefore, they have proposed both using this method, and including the .crx file in our installation package. My question is: Will this cause any issues? For users with a normal connection to Google's servers, will they be able to receive the extension as normal?
Will this cause any issues?
As long as "it's useless, because it can't be installed" isn't an issue, then no, no issues including it. /sarcasm
You cannot install CRX files from third-party sources, even manually (and not at all automatically), with the possible exception of enterprise deployment via domain policies.
The only way to install a non-Store extension is as unpacked. This requires manually switching on the Developer mode, selecting the folder, and enduring the scary warning on every Chrome launch.
I'm afraid you'll need to consider excluding such scenarios from your potential market.
How to local install ALL Chrome CRX without any problem:
Chrome saves ALL information in %LocalAppData%\Google.
Install Chrome
Install Chrome .CRX you are needing
Back up %LocalAppData%\Google
Create WinRar to unpack saved profile to: %LocalAppData%
This bypasses the mandatory Chrome store installation.
What are the downsides of this method?
Using this method could overwrite existing user profile data/bookmarks.
Overwriting user saved bookmarks/passwords may cause data loss for user.
What is a possible workaround?
Firefox can use alternate profile, if set to do so via txt in user profile.
If Chrome profile can load alternate profile, locate the string/text responsible for this & edit it to use the new user profile path, then create a WinRar SFX to install to this new location.
This will then enable Chrome SFX installer (Via WinRar SFX) to install a chrome profile with the .CRX extensions desired already installed & not have to mess with pre-existing user data.
What are the downsides to this method?
Users may wonder how to get their old bookmarks/settings to work.
While users will get the new .CRX, it will be starting with essentially a blank profile.
How you can help:
We know we can install any unpacked CRX via SFX install.
We know we can potentially cause Chrome to use alternate profile to avoid corrupting or messing with user data.
We need someone with an idea how to install unpacked CRX without causing a problem in the old user profile.
Things tried so far:
Tried to locate the file(s) responsible for saving installed .CRX settings.
(Make unpacked CRX load & work properly)
Discovered a key file that contained bookmarks/user data also was the same one responsible for ID the CRX & making it load.
This presented a problem, because how is it possible to import this key file in a WinRar SFX installer, without also overwriting the user bookmarks/saved data?
If anyone can figure this part out, we can then use WinRar SFX to unpack CRX into Chrome profile directory, without overwriting/destroying user data.
Alternate method may be to re-route Chrome to use new profile with desired .CRX files already loaded, then cmd-line import the old profile settings/bookmarks/saved passwords.
If this is possible...
Congrats to all who are seeking solutions!
Working together, we can succeed!
Can you help me get my crashes symbolicated?
In Xcode 7.3, Window -> Organizer -> Crashes, I have crash reports from my latest TestFlight builds. They were built on this Mac, and all the archives with the corresponding dSYMs are in the Archives tab. The app is divided into a number of frameworks and the main app, and many are a mix of Swift and Objective C. In the crash log I can see the name of the frameworks and app listed correctly, but all the entries for my frameworks and app are in hex. UIKit is symbolicated just fine.
When I look in iTunes Connect, it says "Yes" to "Includes Symbols" and allows me to download the dSYMs. When building, the "Debug Information Format" option was set to "DWARF with dSYM". I tried setting "Strip Debug Symbols During Copy"
and "Strip Linked Product" to "No" to see if that made a difference. It didn't.
I cannot find the symbolicatecrash app on my system, not even in /usr/bin or /Applications/Xcode.app/Contents/SharedFrameworks/DTDeviceKitBase.framework/Versions/A/Resources/symbolicatecrash, but I have an older Xcode 5 where I could grab it. However, it does not resolve the symbols anymore.
I have the same problem in Instruments, if I profile my app, UIKit is symbolicated just fine, but my frameworks and app only show hex.
I know there have been a lot of posts about this, but I have going through them a lot from the 7.3 beta period and until now and have not found a solution
The location of symbolicatecrash has changed in Xcode 7.3:
/Applications/Xcode.app/Contents/SharedFrameworks/DVTFoundation.framework/Versions/A/Resources/symbolicatecrash
After reading this:
https://developer.apple.com/library/content/technotes/tn2151/_index.html
you find out that the App Store is responsible for symbolicating crash reports that come from TestFlight – not Xcode. And it appears the App Store is very unreliable at doing it.
Here's a workaround.
Go to the Archives tab in the "Organizer" window and make sure that for whatever build you need to symbolicate a crash report for, you have clicked the "Download dSYMS..." button over on the right side of the page. This is required if you are uploading in BitCode.
Attach an iOS device so that it appears in the "Devices" window.
Select the device and click "View Device Logs".
Now, go back to the Organizer Window, select the "Crashes" tab and select one of the crashes that did not get symbolicated.
Right-click on it and select "Show in Finder".
Right-click on the revealed .xccrashpoint bundle and select "Show Package Contents".
Drill down into DistributionInfos -> all -> Logs.
Drag any of the .crash files into the left side of the "View Device Logs" pane open in the Devices window.
Wait a second or two for Xcode to symbolicate the crash.
Same here. Having a hard time finding the symbolicatecrash after upgrading to 7.3.
However, you can still use the atos though.
You can find the tutorial here Symbolicate crash in iOS8 with Xcode 6 .1
I do not upload symbols with my application, so the App Store cannot symbolicate for me. I used the following workaround to symbolicate all of the crashlogs that XCode downloads from the store. These instructions are for XCode 8. The paths for the symbolicate crash app will vary from version to version of XCode but the ideas should be the same in each version.
Place your symbols where the symbolicator can find them: Place your symbols (.dsym) file in your Archives directory. You can find this by going to Organizer, context clicking on an archive and choosing "show in finder". Navigate up to the Archives directory (e.g. /Users/USERNAME/Library/Developer/Xcode/Archives) and place your dsym file there. It can be in other locations as well, it's just that I've verified that this one works.
Download the crash logs: In XCode, make sure that you've downloaded the crashlogs for the build you want to symbolicate (Organizer->Crashes, click on your app and then choose the version of your app in the panel to the right of the list of apps).
Locate the crash logs on disk: In the panel that has the App Version and build number, context click on one of the crashes and choose "Show in Finder". Navigate up to the "Crashes Folder" and note this location e.g.: /Users/USERNAME/Library/Developer/Xcode/Products/com.company-name.Your-App/VERSION/Crashes
Setup DEVELOPER_DIR for symbolicatecrash on the command line: Open a terminal window and CD to the crashes directory from step 3 and set the DEVELOPER_DIR like this: cd /Users/USERNAME/Library/Developer/Xcode/Products/com.companyname.Your-App/VERSION/Crashes/
export set DEVELOPER_DIR=/Applications/Xcode.app/Contents/Developer
(this should be the location of the "Developer" directory inside of your XCode app bundle).
Locate the symbolicatecrash script: symbolicatecrash knows how to find your symbolicate crash logs using the dsym from step 1. Apple moves it around from version to version of xcode. You can find it like this: find /Applications/Xcode.app/ -name symbolicatecrash. In XCode 8, it is in /Applications/Xcode.app/Contents/SharedFrameworks/DVTFoundation.framework/Versions/A/Resources/symbolicatecrash
Backup your crashes folder You may want to backup your crashes folder (/Users/USERNAME/Library/Developer/Xcode/Products/com.companyname.Your-App/VERSION/Crashes/)
Symbolicate all of your crashes: Be sure that you are still in the Crashes directory from step 4 and type
for i in `find . -type f -name \*.crash`; do cat $i | /Applications/Xcode.app/Contents/SharedFrameworks/DVTFoundation.framework/Versions/A/Resources/symbolicatecrash --output $i.sym; mv $i.sym $i; done;
This symbolicates each .crash file into an output file and then copies that back over the original, unsymbolicated file.
View Crashes Return to the crashes organizer and view the symbolicated crashes
I tried to copy symbolicatecrash file from xCode 7.2 and pasted it in xCode 7.3 in the following path:
/Applications/Xcode.app/Contents/SharedFrameworks/DTDeviceKitBase.framework/Versions/Current/Resources/
Am using Crasher script to symbolicate the crash reports How to use Crasher
According to the documentation of Xcode 9.0:
The Crashes Organizer symbolicates unsymbolicated logs, if they are
selected, using a local .dSYM indexed by Spotlight. (22550064)
You can check out more on this in Xcode's Documentation.
Upgraded Telerik in my ClickOnce application to version 2014.3.1202.40. (Never sure of the best way to do this. After the install, all my references to Telerik controls was broken and I had to remove all Telerik references in each of the projects and re-add them. So, I may be upgrading in the wrong way. But that's another matter.)
I deploy my app to a staging folder on my web server before moving to production. The app is signed with a commercial code signing certificate from Comodo that doesn't expire until 2019. I've uploaded new versions many times with no problem. But now, since I upgraded the Telerik controls, I can't download the and install the application. Here's what happens:
In Chrome, I enter the url: http://porpoiseanalytics.com/PorpoiseStaging/setup.exe
I get the "Not commonly downloaded" warning where I never got that before. I don't get any error on Firefox nor on IE.
If I tell Chrome to keep the file, I can start it. The installation starts on all the other browsers too.
About 3/4 of the way through the download of the files, Avast blocks it with DRep virus (I'm guessing lack of reputation). If I turn off Avast, it installs fine. ClickOnce install log shows an error: "Exception occurred loading manifest from file [application].exe: the manifest may not be valid or the file could not be opened."
Why is my application suddenly acting like it has no reputation when it's been downloaded for months with no problems. But, after I modify the application in VS2010 and then remove and re-add the Telerik dll's, I suddenly have no reputation. And what makes matters worse, is that now my production download located at ttp://porpoiseanalytics.com/PorpoiseDownload/setup.exe is suddenly acting the same way.
I admit I don't have a good enough understanding of reputation, signing, and clickonce. But I do know that whereas before we were fine, after deploying the application, we're flagged as malicious software. I made a few code changes in the program (not many), but I also replaced the Telerik dlls. Probably has something to do with signing and publishing, but I can't figure it out. Please help. Thanks.
I think I figured it out. Although I had signed the manifest in the main UI project (the installer), the executable was not signed. With some help, learned how to do that:
Download the Windows 7 SDK with signtool.
In Visual Studio, open project properties in the main UI project.
Open the Compile tab and click on the Build Events button.
In the post-build events, enter:
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /f "$(ProjectDir)[name of code cert file]" /p "[password]" /t http://timestamp.comodoca.com/authenticode "$(ProjectDir)obj\$(ConfigurationName)\[exe name].exe
where [name of cert file] is the name of the code-signing cert file, such as private_key.pfk, and [password] is the password used when exporting the certificate (if % is included in the password escape it with %%, so pass%word would be entered as pass%%word), and [exe name] is the name of your primary project executable.
In other projects within solution, sign those by inserting a similar command line in the same post-build location:
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\signtool.exe" sign /f "$(ProjectDir)DAD_Code_Certificate.pfx" /p "<password>" /t http://timestamp.comodoca.com/authenticode "$(TargetPath)
Orignal Problem
My theory is that the original problem was caused because of a new feature in Avast 2015 that does a DomainRep (reputation?) check and if several criteria are all met, the alarm bells go off and it stops the download. Because my executable was not signed, it met all the requirements.
It is possible (although I really am not sure about this) that because of this DRep alarm, Google flagged the installer on our website as malicious, causing the red "not normally downloaded" warning when first starting the download.
At least, that's my best guess. Others will most certainly understand this better than me (and would have avoided it in the first place by signing the executable).
Official answer from Google Apps technical support (I'm on the Silver support plan - $150/month):
I replicated the issue you are describing and it looks to be a known
issue with Google Chrome, when trying to download an archive that has
an executable in it.
Please be advised that Google Chrome is outside the support scope of
Google Cloud, however the workaround is rather simple: when that
message appears you can click on the arrow to the right of that
message and chose "keep". This will download the file requested.
I ran into a problem creating a new project in Cocos2d-x 3.1.1 (or 3.0 - it happens at both versions).
When I'm running the build script in console (Windows 8 - console with admin privileges) an WindowsError pops up (check the image below).
http://i.imgur.com/Ixg4jEE.png
I can set up the COCOS_CONSOLE_ROOT manually, but it does not help with the Error 5.
I tried setting the 777 priviligies an all cocos2d-x folder and subfolders, but it does not help.
Anybody had the same problem? Any solutions out there?
On Windows you should not put manually installed programs and tools under C:\Program... (english: C:\Program Files) because that's a folder where only apps with a proper installer should go. Otherwise you will keep having permission issues. Apps are not allowed to write to that folder or any of its subfolders.
Since cocos2d-x isn't an app, it can't redirect its output to the proper AppplicationData folder as is mandated by the operating system. Not being able to write or modify the program folder's contents (except during installation) is a security feature in Windows that you can't (or shouldn't) bypass.
To fix this simply extract cocos2d-x in a folder that both you and apps have full read/write permission. Normally this would be in your Documents folder, but Desktop would also work and probably just any folder on a drive that you created, for instance C:\cocos2d-x.
Due to this line:
_winreg.SetValueEx() ...
the actual problem looks like to be with registry access, rather than with file permissions.
Make sure you actually running console as an admin, by:
searching cmd in Windows search, or just creating a shortcut to it to desktop
right clicking to cmd.exe and choosing "Run as administrator"
Make sure you don't have registry access block in any way: like blocking in group policies, some "security optimization" software and viruses and antiviruses.
Make sure your python version is 2.x. Python 3.x is not supported.
Anyway, this 'setup.py' step is optional for using cocos2d-x and you can live without running it at all.
Currently, the only way to install a Chrome extension (while working in development) is to drag it from the desktop onto the browser and click "Add" on the popup window. I would prefer to make the whole process automatic. I currently build, package and sign my CRX programatically, but am stuck with the final manual step. Is this possible?
I tried creating my own URL from which to install the CRX (see here: After adding ExtensionInstallSources preference with my URL to Chrome Preferences, still won't allow installing ".crx" packaged app ) but this did not work.
I want this install to be permanent, not a temporary install that only lasts during the current run..
That's an old question, but you recently updated it, so..
There are no fully automated ways to do it besides Enterprise Policy, which only rarely applies. If that is not an option, you're out of luck. This was a security decision in 2014 by Chrome team, because malware that did that was rampant. Here's a latest post on this topic.
On a Windows machine, the Enterprise Policy force_install is the only no-confirmation one, but it requires a machine in a Windows Domain and admin rights in said domain to enable. I'm not 100% sure how it works on Linux/Mac, but here's a relevant FAQ.
There is a programmatic method of installing extensions, but it now only applies to extensions that are published in CWS (so that Google can pull the plug in case of abuse). It is described here, but will still require a manual approval from the user when the browser starts for the first time after this is added. That's how, for instance, various legitimate bundled extensions like Skype's Click-to-call are installed.
For unpacked extensions, you can run with the command line flag:
<path to chrome> --load-extension=<path to extension directory>
For installing a packaged extension in a .crx file, you can use the "external extensions" mechanism to automatically install from either an autoupdate url or a local path:
https://developer.chrome.com/extensions/external_extensions
Two things of note:
-Because this mechanism is intended mostly for distribution to end-users and not for testing, there is a confirmation dialog that allows the user to opt in to the install.
-We may eventually be deprecating the local path based installs in places where we're enforcing the "must be from the webstore" restriction, and only support the autoupdate url (which must be the webstore update url) approach.