Jump to content

Leaderboard


Popular Content

Showing content with the highest reputation on 10/01/24 in Posts

  1. Vincent Parrett

    Code signing in a remotely working team?

    Yeah for years we have been told (and I have been telling everyone) to automate everything.. then some numpty decides to throw in a manual spanner🤦‍♂️- and yes, the cost of certificates increased a lot - way more than the cost of the physical tokens. There are work arounds and we currently use one - but it has it's limitations - for example right now using the old work around we can still only code sign from one virtual machine in our build environment - so lots of file copying happens which slows down builds - with our new solution code signing can be done from any build agent machine that has the client installed. FWIW, we have only tested using Yubikey and Safenet tokens - but any token with a 64bit pkcs#11 driver dll should work. Preview of the server web interface - product name may or may not change - naming is hard! Edit : forgot to mention, server will be for 64bit windows and linux - client 64bit windows only.
  2. dummzeuch

    Code signing in a remotely working team?

    YMMD: I just imagined the developers singing while running the signing process.
  3. corneliusdavid

    Saving Explicit Properties??

    I think what you might be seeing is standard behavior of the IDE saving property values. If the property has a default value, and that's the current setting of that property, it won't save to the DFM, it'll only save if it's different than the default or if there is no default. For example, a blank VCL application's Form might look initially like this: object Form1: TForm1 Left = 0 Top = 0 Caption = 'Form1' ClientHeight = 324 ClientWidth = 401 Color = clBtnFace Font.Charset = DEFAULT_CHARSET Font.Color = clWindowText Font.Height = -12 Font.Name = 'Segoe UI' Font.Style = [] TextHeight = 15 end If you check AlphaBlend, AutoScroll, and AutoSize in the Object Inspector, the DFM will look like this: object Form1: TForm1 Left = 0 Top = 0 Width = 417 Height = 363 AlphaBlend = True AutoScroll = True AutoSize = True Caption = 'Form1' Color = clBtnFace Font.Charset = DEFAULT_CHARSET Font.Color = clWindowText Font.Height = -12 Font.Name = 'Segoe UI' Font.Style = [] TextHeight = 15 end This has the three additional properties because they're no longer the default value. If you uncheck them in the Object Inspector and save the form, it reverts back to the first one. Is this perhaps what you're seeing?
  4. Anders Melander

    Code signing in a remotely working team?

    Oh, nice. I didn't know you could do that. It's a real PITA that we have to jump through all these hoops with the physical tokens and the fact that a solution like yours, which is basically a work around, is even possible proves that it was all in vain. But I guess somebody made a lot of money selling the tokens.
  5. Vincent Parrett

    Code signing in a remotely working team?

    We're working on a code signing server that supports tokens/pfx etc - allows you to do remote code signing very easily. All you need is network access to the server from a remote location (ideally over a vpn) and the client (a command line tool, which FinalBuilder will support). We're just tidying up loose ends (like the installer) before beta - hopefully in a few weeks.
  6. Angus Robertson

    ICS V9.3 announced

    ICS V9.3 has been released at: https://wiki.overbyte.eu/wiki/index.php/ICS_Download ICS is a free internet component library for Delphi 7, 2006 to 2010, XE to XE8, 10, 10.1, 10.2, 10.3, 10.4, 11 and 12 and C++ Builder 10.4, 11 and 12. ICS supports VCL and FMX, Win32 and Win64 targets. Beware C++ have not been tested recently due to lack of support from such users. The distribution zip includes the latest OpenSSL 3.0.15, 3.2.3 and 3.3.2, for Win32 and Win64. Changes in ICS V9.3 include: 1 - V9.3 continues the simplification of use of ICS components by consolidating many types and constants into the OverbyteIcsTypes unit, avoiding projects needing to find and add specific units before they will build. For XE2 and later, OverbyteIcsTypes and OverbyteIcsSslBase will be added automatically when components needing them are dropped on a form, or that form accessed for existing projects. One benefit of this change is removing dependence on several units for many components and applications, it should be possible to remove OverbyteIcsWinsock, OverbyteIcsLIBEAY, OverbyteIcsSSLEAY and OverbyteIcsLogger from most applications, and also other units. See https://wiki.overbyte.eu/wiki/index.php?title=Updating_projects_to_V9.3 for more information. 2 - Previously, the Windows Certificate Store was supported on Windows for all components and samples, despite it not always being required. There are three new defines {$DEFINE MSCRYPT_Clients}, {$DEFINE MSCRYPT_Servers} and {$DEFINE MSCRYPT_Tools) that determine which components can use the store, at least one must be set or applications that need the store will fail. Although these new defines all default to enabled in the OverbyteIcsDefs.inc supplied with V9.3 and later, unless this file is installed, Windows Certificate Store will be unavailable. These defines are disabled for non-Windows platforms and for C++ Builder which has bugs. 3 - Added new application independent monitoring, comprising a client component and server sample. The ICS Application Monitor TIcsAppMonCli client component is designed to report to an ICS Application Monitor server, which will ensure the main application remains running. The ICS Application Monitor server IcsAppMon.exe is designed to monitor ICS applications using the TIcsAppMonCli client component, and ensure they remain running, restarting the application if it stops or becomes non-responsive, or on demand. Primarily to keep ICS server Windows services running non-stop, but may also be used for network wide monitoring of ICS applications. Client and server both use the TIcsIpStrmLog component with a simple TCP protocol. More information at https://wiki.overbyte.eu/wiki/index.php?title=FAQ_ICS_Application_Monitoring 4 - The HTTP client components TSslHttpCli and TSslHttpRest have new RespMimeType and RespCharset response properties parsed from the Content-Type header to avoid applications needing to parse this headers. Fixed a problem in V9.2 where a missing / was added to the start of the request path, but was not needed for absolute paths used for proxies. 5 - The TIcsIpStrmLog streaming log component has improvements for TCP Server mode when multiple remote clients connect. Previously the same data was sent to all remote clients (the original concept being remote logging), but now applications can send data to specific remote clients, and more easily check which remote client is receiving data. This change means TIcsIpStrmLog can be used as the core of many TCP servers with different protocols, such as the new IcsAppMon sample, see above. 6 - The TSslHttpRest and component has a new way for applications to check SSL certificate chains themselves, ignoring OpenSSL bundle checks, usually for self signed private certificates, maybe checking certificate serials, names or public key. If LogSslVerMethod = logSslVerOwnEvent, a new event OnSslCertVerifyEvent is called so the application can check the chain and change the verify result appropriately. 7 - Improved the ability to customise SSL ciphers if the ICS defaults need to be changed. TSslContext and TIcsHosts have three properties, SslCipherList for TLSv12 ciphers, SslCipherList13 for TLSv13 ciphers, and SslCryptoGroups sets the cipher curve groups allowed (like P-256 or X25519). Beware old SslContexts may include group P-512 which must be corrected to T-521. SSL handshake responses now show the curve group used for OpenSSL 3.2 and later. The OverbyteIcsHttpsTst client sample may be used to test the new cipher options, and they will be read from IcsHosts INI files for servers. 8 - Added a new web server sample OverbyteIcsBasicWebServer1.dpr which is a simplified version of OverbyteIcsSslMultiWebServ ignoring configuration INI files, security features, session data, most demo pages and most logging, and settings for localhost set in code, search for IcsHosts to change IP addresses, etc. This sample should be easier to use as a basis for new web server applications. The existing samples OverbyteIcsSslMultiWebServ and OverbyteIcsDDWebService have a new index.html template page, and default to localhost 127.0.0.1 with an internal localhost SSL certificate, so should always response to https://localhost/ without any INI file changes. 9 - Fixed an HTTP web server problem in V9.2 to avoid repeated redirection for virtual default page /, was adding /// etc. 10 - Updated OpenSSL binary and resource files to releases 3.3.2, 3.2.3 and 3.0.15, only one of which will be linked according to defines. 11 - Restored the sample OverbyteIcsConHttp.dpr which is a console example, now supports SSL by replacing THttpCli with TSslHttpRest, no longer needs any events or a message loop for a single sync request, so a less code than without SSL. Now contacts https://wiki.overbyte.eu/wiki. 12 - A lot of changes have been made preparing ICS for Linux. Corrected loading OpenSSL on Posix, now loads the system supplied OpenSSL 3 DLLs on Ubuntu 22.04. The Linux package now builds correctly, but beware WSocket is not yet supported on Linux so no protocols will work. There is a new IcsPemTest FMX sample that works on Ubuntu 22.04 and which will create ICS signed SSL certificates. Note, MacOS support is disabled pending the new Posix implementation. The release notes for V9.3 are at https://wiki.overbyte.eu/wiki/index.php/ICS_V9.3 All ICS active samples are available as prebuilt executables, to allow ease of testing without needing to install ICS and build them all. There are four separate zip files split into clients, servers, tools and miscellaneous samples which can be downloaded from https://wiki.overbyte.eu/wiki/index.php/ICS_Samples
  7. Dave Nottage

    Uses units qualifiers?

    Delphi 2005
  8. Remy Lebeau

    Saving Explicit Properties??

    See the documentation: Properties (Delphi): Storage Specifiers
  9. Vincent Parrett

    Code signing in a remotely working team?

    This is on the todo list but not for the initial release - actually pretty simple to add. Oh and it does work with old school pfx certificates too.
  10. Anders Melander

    Code signing in a remotely working team?

    There's your problem. You should use a single central build server instead of delegating the build task to individual developers. If you don't have a central server which can function as a build server, at least designate one of the developers as the "build master".
  11. It exists to balance out my inherent sense of imminent doom.
  12. Lajos Juhász

    fmxLinux missing?

    It was mentioned at Delphi 12.2 Webinar. After the death of Eugene Kryukov Embarcadero has no legal agreement to include it with version 12.2. They are working on to make an agreement to continue to include it in future versions of Delphi. https://blogs.embarcadero.com/eugene-kryukov-father-of-firemonkey-and-incredibly-talented-developer
  13. Circular references create a lot of fun.
Ă—