Bug 68198 - All files of the following extensions: EXEs, DLLs, SYS, DRV, OCX, SCR, and CPL should be signed
Summary: All files of the following extensions: EXEs, DLLs, SYS, DRV, OCX, SCR, and CP...
Status: RESOLVED FIXED
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: Installation (show other bugs)
Version:
(earliest affected)
4.2.0.0.alpha0+ Master
Hardware: Other Windows (All)
: medium minor
Assignee: Mike Kaganski
URL:
Whiteboard: target:7.2.0
Keywords:
Depends on:
Blocks: Installer-Windows
  Show dependency treegraph
 
Reported: 2013-08-16 18:02 UTC by Jesus Corrius
Modified: 2021-01-16 08:29 UTC (History)
2 users (show)

See Also:
Crash report or crash signature:
Regression By:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jesus Corrius 2013-08-16 18:02:18 UTC
All files of the following extensions: EXEs, DLLs, SYS, DRV, OCX, SCR, and CPL should be signed. The ones that are not signed now are:

Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python33.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python3.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-9.0.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-9.0-amd64.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-8.0.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-7.1.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-6.0.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-10.0.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\lib\distutils\command\wininst-10.0-amd64.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python-core-3.3.0\bin\python.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\python.exe does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\share\extensions\presentation-minimizer\SunPresentationMinimizer.uno.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\xpcom_core.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\xpcom_compat.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\xpcom.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\nsldappr32v50.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\nsldap32v50.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\msgbsutl.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\mozz.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\js3250.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\xppref32.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\xpcom_compat_c.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\xpc3250.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\vcard.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\uconv.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\rdf.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\profile.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\pipnss.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\necko.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\mozldap.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\mork.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\i18n.dll does not have a valid signature, either embedded or via a catalog file.
Non-driver file C:\Program Files (x86)\LibreOffice 4\program\components\addrbook.dll does not have a valid signature, either embedded or via a catalog file.

This is not mandatory because they are not the main executable files, but should be nice to resolve this issue if it's not a headache to do it.
Comment 1 David Tardon 2013-08-19 13:28:36 UTC
There are 2 possibilities (they may be both valid) why these dlls/exes are not signed:

1. They are not in the "standard" place in solver (cf. postprocess/CustomTarget_signing.mk: it looks for $(OUTDIR)/bin/*.dll $(OUTDIR)/bin/*.exe).

2. They are not present on signing time because of insufficient dependencies (because most of them come from bundled external projects).

2 is a bit harder to solve than 1, but it is no rocket science either... And you can always ask for pointers :-)
Comment 2 QA Administrators 2015-04-01 14:42:11 UTC Comment hidden (obsolete)
Comment 3 tommy27 2016-04-16 07:25:01 UTC Comment hidden (obsolete)
Comment 4 QA Administrators 2017-05-22 13:26:23 UTC Comment hidden (obsolete)
Comment 5 Mike Kaganski 2021-01-15 10:47:15 UTC
Testing version 7.1.0.1 x64 installed from TDF MSI, I see these files unsigned (which are recognized by MS signtool):

help\a11y-toggle.js
help\fuzzysort.js
help\help.js
help\help2.js
help\hid2file.js
help\languages.js
help\paginathing.js
help\polyfills.js
help\prism.js
program\pyuno.pyd
program\soffice.com
program\unopkg.bin
program\unopkg.com
program\python-core-3.8.4\bin\python.exe
program\python-core-3.8.4\lib\libcrypto-1_1.dll
program\python-core-3.8.4\lib\libssl-1_1.dll
program\python-core-3.8.4\lib\pyexpat.pyd
program\python-core-3.8.4\lib\select.pyd
program\python-core-3.8.4\lib\unicodedata.pyd
program\python-core-3.8.4\lib\winsound.pyd
program\python-core-3.8.4\lib\_asyncio.pyd
program\python-core-3.8.4\lib\_ctypes.pyd
program\python-core-3.8.4\lib\_decimal.pyd
program\python-core-3.8.4\lib\_elementtree.pyd
program\python-core-3.8.4\lib\_msi.pyd
program\python-core-3.8.4\lib\_multiprocessing.pyd
program\python-core-3.8.4\lib\_overlapped.pyd
program\python-core-3.8.4\lib\_queue.pyd
program\python-core-3.8.4\lib\_socket.pyd
program\python-core-3.8.4\lib\_ssl.pyd
program\python-core-3.8.4\lib\distutils\command\wininst-10.0-amd64.exe
program\python-core-3.8.4\lib\distutils\command\wininst-10.0.exe
program\python-core-3.8.4\lib\distutils\command\wininst-14.0-amd64.exe
program\python-core-3.8.4\lib\distutils\command\wininst-14.0.exe
program\python-core-3.8.4\lib\distutils\command\wininst-6.0.exe
program\python-core-3.8.4\lib\distutils\command\wininst-7.1.exe
program\python-core-3.8.4\lib\distutils\command\wininst-8.0.exe
program\python-core-3.8.4\lib\distutils\command\wininst-9.0-amd64.exe
program\python-core-3.8.4\lib\distutils\command\wininst-9.0.exe
share\Scripts\javascript\ExportSheetsToHTML\exportsheetstohtml.js
share\Scripts\javascript\HelloWorld\helloworld.js
share\Scripts\javascript\Highlight\ButtonPressHandler.js
share\Scripts\javascript\Highlight\ShowDialog.js

The script I used for testing:

> del sertcheck.log
> 
> for /R "C:\Program Files\LibreOffice" %%f in (*.*) do (
>   echo ### %%~ff >> sertcheck.log
>   "C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe" verify /pa "%%~ff" >> sertcheck.log 2>&1
> )

These include some .JS files, and some .PYD; no idea how relevant are they. The script also produces lots of "SignTool Error: This file format cannot be verified because it is not recognized" for files like TXT and PNG, but those errors are of course irrelevant.
Comment 6 Commit Notification 2021-01-16 08:28:57 UTC
Mike Kaganski committed a patch related to this issue.
It has been pushed to "master":

https://git.libreoffice.org/core/commit/d534a4c7b45ff254b339e806c6a11f13d9ff0043

tdf#68198: sign the rest of binaries

It will be available in 7.2.0.

The patch should be included in the daily builds available at
https://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
https://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.