Description: I have WDAC (Windows Defender Application Control) setup and during installation it fails because .dll files used at location: C:\Windows\assembly\tmp\XXXXXX\ during installation are blocked because they are not signed by a publisher. Below are examples of files WDAC complains about but I didn't go through each file (so there are additional files that need to be signed not including the below) examples: C:\Windows\assembly\tmp\XXXXXX\cli_basetypes.dll C:\Windows\assembly\tmp\XXXXXX\cli_ure.dll C:\Windows\assembly\tmp\XXXXXX\cli_uretypes.dll C:\Windows\assembly\tmp\XXXXXX\cli_uretypes.dll C:\Windows\assembly\tmp\XXXXXX\\policy.1.0.cli_basetypes.dll etc. Note: XXXXXX changes on a per install basis, I think LibreOffice being installed: LibreOffice_7.6.6_Win_x86-64 (non-enthusiast version) Windows 11 23H2 Thank you Actual Results: Install fails Expected Results: Install succeeds Reproducible: Always User Profile Reset: Yes Additional Info: [Information automatically included from LibreOffice] Locale: en-US Module: StartModule [Information guessed from browser] OS: Windows (All) OS is 64bit: no
Yes, cli_* assemblies are not signed, unlike the DLLs in the program files. Christian: is there a reason why we don't sign them?
Thorsten Behrens committed a patch related to this issue. It has been pushed to "master": https://git.libreoffice.org/core/commit/31653943cddff60a31fe0c31c09c555b6f4a77d7 tdf#160568 start signing cli DLLs as well It will be available in 25.8.0. The patch should be included in the daily builds available at https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: https://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.