This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Mark_Koehler
Level 6
‎Nov 08, 2007 03:49 PM

Code Signing Bug?

I'm using InstallShield's Signing feature to digitally sign all my EXEs and DLLs in my InstallScript MSI project. Because we include a couple of third-party DLLs and SQL drivers, I added some exceptions to the "exclude patterns and files" list.

Unfortunately, InstallShield ignores those exceptions and signs those file anyway.

Is there something I'm doing wrong or is this a bug I've encountered?
Labels (1)
Labels
0 Kudos
(6) Replies
MichaelU
Level 12 Flexeran
Level 12 Flexeran
‎Nov 09, 2007 02:03 PM

I've not seen this behavior; could you provide more detail as to exactly what relevant entries you have in the include and exclude lists, and what excluded files are getting signed?
0 Kudos
Mark_Koehler
Level 6
‎Nov 09, 2007 02:19 PM

x - Sign Windows Installer Package
0 - Sign setup.exe
x - Sign files in package

Include patterns and files:
*.dll
*.exe

Exclude patterns and files:
chartdir30.dll
SQLSRV32.dll
sqlncli.dll

0 - Sign files that are already signed

--------------------------------------

chartdir30.dll and SQLSRV32.dll end up getting signed despite being in the exclude list. sqlncli.dll doesn't get signed because it is already signed by Microsoft.
0 Kudos
MichaelU
Level 12 Flexeran
Level 12 Flexeran
‎Nov 09, 2007 02:28 PM

That sounds like it should work by doing what you expect. Can you verify two things for me? First, are your source versions of chartdir30.dll and SQLSRV32.dll already signed with your certificate (perhaps due to some testing mishap earlier)? Second, do it work right if you remove those excludes and select them in the Exclude Files browse dialog? This will make sure it's using the exact name and install path; while the full install path shouldn't be required for this, it can't hurt to try it.
0 Kudos
Mark_Koehler
Level 6
‎Nov 09, 2007 03:19 PM

I double-checked and the files are NOT previously signed.

When I tried to use the Browse button to select the files, I got an access violation error. Now that I think of it, that is why I manually added each entry in the first place.

I tried typing adding the fully qualified path to the excluded file names but it still signed the files.
0 Kudos
MichaelU
Level 12 Flexeran
Level 12 Flexeran
‎Nov 12, 2007 12:19 PM

Note that the full path would be something like [INSTALLDIR]Subdir\Filename.exe. As for why there's an access violation, do you get similar results from visiting the files and folders view, or anything like that? Often that's related to invalid entries in the Directory table, and maybe that's somehow blocking the name resolution. Running MSI validation may point to something useful, or if you can send your ism file (no supporting files should be necessary) I can look into it: murman@macrovision.com.
0 Kudos
Mark_Koehler
Level 6
‎Nov 12, 2007 01:40 PM

Looks like adding the appropriate path qualifier (ie [INSTALLDIR], [SystemFolder]) fixed the problem. Thanks a lot.

I didn't enounter any errors with the File and Folders view or anywhere else that might explain the access violation issue. I'll send you my .ISM file in hopes that it you can help you track down the access violation issue.
0 Kudos