|
If you can't find time to do it right the first time, how are you going to find time to do it again?
PartsBin an Electronics Part Organizer - Release Version 1.4.0 (Many new features) JaxCoder.com
Latest Article: EventAggregator
|
|
|
|
|
In a closed society where everybody's guilty, the only crime is getting caught. In a world of thieves, the only final sin is stupidity. - Hunter S Thompson - RIP
|
|
|
|
|
I didn't realize squirrels could dive that deep.
|
|
|
|
|
A time domain reflectometer is a handy tool! An acquaintance of mine borrowed the one we had at school many years ago. He nearly got expelled when they learned that he'd rolled it out to the parking lot and diagnosed a wiring fault in his car with it. The darned things cost over $40k back then. They're cheap enough now that I happen to have an optical model here at home.
Will Rogers never met me.
|
|
|
|
|
My (company's) code signing certificate expires in less than a month, so over the weekend I intended to renew it. Unbeknownst to me, there are new rules and regulations that prevent the straight download/install/export of a certificate. (for pfx signing) It seems the only options these days are using their keyvault or using a hardware token, both at a cost of course. In fact, the price has almost doubled from just 3 years ago!
I have no choice but to roll with the changes, I just hope that I don't have to change too much in my current deployment toolchain. (currently using signtool/pfx)
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
Is it an EV certificate or just a code signing certificate? I would understand them requiring a token if it's an Extended Validation cert.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
It's just a code signing certificate. Up until this renewal, my CA (DigiCert) has allowed me to simply install the certificate directly into IE/Edge where I can export it to pfx for use on other systems. It seems I now need to either become dependent on them to store/use the private key, or get it shipped on a hardware token, both cost more money and both will require me to alter the custom deployment system. (unless I will have the ability with the hardware token/dongle to create the pfx)
Either way, it's silly that shipping a cheap usb stick should add hundreds of dollars to a product that doubled in price over 3 years. I may go shopping, but it might mean having to get reverified (time and effort) if I change providers instead of renewing. Not sure yet.
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
It took us months to change our TeamCity builders that no longer could use a copy of the .pfx signing certificate.
The builders now send the files to be signed to a "Signing PC" which has the USB dongle with the EV token.
I also had to write a signing application to automate signing as we did not want to sign files manually.
|
|
|
|
|
Thanks for confirming my fears!
I'm the only person here building/signing/deploying, so the only problem will be keeping up with the dongle when I travel. Of course, I don't know what I'm up against with the automation part of things yet...if it can be scripted like signtool, then it shouldn't be too much of a hassle.
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
It is a hassle I'm afraid, there is no official documentation on how to automate signing with an EV token. I only found a useful tip on StackOverflow after much searching. I don't have it at hand at the moment, tomorrow I wil send you the link.
|
|
|
|
|
Automate Extended Validation (EV) code signing with SafeNet eToken
https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing-with-safenet-etoken[^]
signtool sign /f mycert.cer /csp "eToken Base Cryptographic Provider" /k "[{{TokenPasswordHere}}]=KeyContainerNameHere" myfile.exe
To speed up the process and sign multiple files with timestamp in a directory I use this:
string pw = @"[{{MyPassword}}]";
string signToolMs = @"C:\Program Files (x86)\Windows Kits\10\App Certification Kit\signtool.exe";
string command = $"sign /fd sha256 /tr http://timestamp.sectigo.com /td sha256 /f \"z:\\Certificate.cer\" /csp \"eToken Base Cryptographic Provider\" /k \"{pw}=Sectigo_12345678\" file1.exe file2.dll";
ProcessRun(signToolMs, command, dirName);
modified 30-Apr-24 8:50am.
|
|
|
|
|
Woo hoo! Thanks for this.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Awesome!!!..adding this to my notes! Thank You!
"Go forth into the source" - Neal Morse
"Hope is contagious"
|
|
|
|
|
Went through that fun last year. We chose to use Azure Key Vault to store the cert, which meant switching from signtool to AzureSignTool (vcsjones/AzureSignTool[^]).
Which then meant switching from Squirrel.Windows to Clowd.Squirrel , since the former offers no way to customize the signing tool path used.
And it looks like we may now need to switch to the updated tool, velopack , since Clowd.Squirrel is effectively in maintenance mode now.
Oh, and the build time went up drastically, since the tool now has to send each file to be signed up to Azure, wait for Azure to sign it, then download the signed copy.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I am not allowed to post instructions, however , I hope it is OK to post suggestion.
I have been watching too many "spaghetti western movies " - strictly as a needed break from drudgery of coding.
Their plots are not very imaginative - most of them have fists fights in local saloon.
And that, sometime whisky induced brawl, what promoted this vent.
This subforum , in my opinion, is turning into verbal fistfights by few illiterate, "me first" , outlaws and my hope is it will not end with OK corral style gun fight.
adios amigos
|
|
|
|
|
Salvatore Terress wrote: This subforum , in my opinion, is turning into ... And we all know who is responsible.
|
|
|
|
|
Warning. Someone is posting strange messages and signing your name to them.
>64
It’s weird being the same age as old people. Live every day like it is your last; one day, it will be.
|
|
|
|
|
Salvatore Terress wrote: I hope it is OK to post suggestion Sure it is! But alas, this is not the place. Try, Bugs and Suggestions[^]. Keep trying, you'll get there.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
jeron1 wrote: Keep trying, you'll get there. Procul, procul, o este profani!
|
|
|
|
|
You're not alone with that sentiment.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
suggestion - do not take life so seriously
and ( your comment ) is "illogical" - as Spock would say.
The suggestion was about "the lounge"
why hide it somewhere else ?
|
|
|
|
|
Follow your own advice, it was clearly tongue-in-cheek.
"the debugger doesn't tell me anything because this code compiles just fine" - random QA comment
"Facebook is where you tell lies to your friends. Twitter is where you tell the truth to strangers." - chriselst
"I don't drink any more... then again, I don't drink any less." - Mike Mullikins uncle
|
|
|
|
|
According to your profile, you've been here for less than a year and you're suggesting how this show should be run.
This is a terrible way to try to endear yourself and rally the troops, some of which have been for more than two decades, to support your cause (whatever it may be).
Whatever you think the lounge is "turning into", let me point out that throughout its history, people have come and gone, yet the lounge remains.
|
|
|
|
|
I prefer Lounge to Saloon. Saloon is just too "low-brow" for me. If you really want to change the name, consider Salon. The online The American Heritage® Dictionary of the English Language, 5th Edition defines this as follows:
Quote: salon /sə-lŏn′, săl′ŏn″, să-lôɴ′/
noun- A large room, such as a drawing room, used for receiving and entertaining guests.
- A periodic gathering of people of social or intellectual distinction.
- A hall or gallery for the exhibition of works of art
- ...
The only problem with this is it make salon.com upset.
__________________
Lord, grant me the serenity to accept that there are some things I just can’t keep up with, the determination to keep up with the things I must keep up with, and the wisdom to find a good RSS feed from someone who keeps up with what I’d like to, but just don’t have the damn bandwidth to handle right now.
© 2009, Rex Hammock
|
|
|
|
|
In a "Saloon" you interact with your beer
and can become less inhibited because of no guidelines
other participants will toss you out
In a "Lounge" you interact with other people
and are respectful of the guidelines for that Lounge
lack of respect for the guidelines other participants will
ask you to leave
OLD saying "If the shoe fits wear it"
After 10 years here I know my shoe size
Now if I can just learn how to write a Article
|
|
|
|