Vincent Parrett

I'll let Stefan chime in on that 😉

ping @Stefan Glienke - he has been working in this area with even better results!

FYI Signotaur can sign MSIX files - https://www.finalbuilder.com/signotaur And it works with Certum tokens and works around the password prompts.

Hi All FinalBuilder 8.0.0.3035 with Rad Studio 11 support is now available from our website - release notes https://www.finalbuilder.com/forums/t/finalbuilder-8-0-0-3035-released/7115 Automating your Build process is simple with FinalBuilder. With FinalBuilder you don't need to edit xml, or write scripts. Visually define and debug your build scripts, then schedule them with windows scheduler, or integrate them with Continua CI, Jenkins or any other CI Server. Thousands of Software Developers rely on FinalBuilder to automate the build, test and release process. If you are not using FinalBuilder to automate your builds, you are missing out 😉

I published this last month https://github.com/VSoftTechnologies/VSoft.WindowsCredentialManager I didn't implement any UI parts, just basic storage and retrieval of credentials.

@Stefan Glienke Looking forward to your talk at Delphi Summit 😃

Ummm.. if you are worried about being left behind, why are you still here, still using Delphi? Surely you should be hanging out with all the cool kids using flavor of the week? 🤷‍♂️

Class property Getter/Setters must be static, however delphi doesn't allow virtual abstract static methods. I don't see a good reason for this, so it's likely technical or an oversight.

Fantasic 😃

Sadly not. I don't want to be littering my code with //formatting off/on etc. So I format by hand and it is what it is.

I follow that except I also use camelCase for local variables. An opinionated formatter that doesn't allow me to configure to my taste is unfortunately not going to cut it. I also do weird things like align assigments in constructors constructor TMyClass.Create(x : integer; y : integer; const theName : string); begin Fx := x; Fy := y; FName := theName; end; and for constants const cMyConst = 'test'; cAnotherConst = 'foobar'; No formatter I have tried can cope with that.

https://www.finalbuilder.com/resources/blogs/code-signing-with-inno-setup-and-signotaur

Yes, if it has a command line tool of course you can call it from FinalBuilder. FWIW, when I looked at Azure trusted signing, I also needed to pay for Entra ID for MFA and that more than doubled the costs. If you use azure already then that would not matter of course.

I can highly recommend the LMD Docking Pack - we have been. using it for a long time now and it's been rock solid.

I went thought the whole RAM Disk scenario a few years ago to try and speed up our CI builds - this was before we got new servers with nvme drives. I even did some rough benchmarking. https://forums.adug.org.au/t/anyone-using-ram-disks-these-days/59756 TLDR; don't bother with RAM Disks - they are no faster than nvme. The only scenario where they might be beneficial is avoiding writes to consumer grade SSD's - but even then you can work around that by buying bigger capcity SSD's (write leveling takes care of wear).

OTL is very much tied to the windows api - will take a lot of work to produce a linux version. Feel free to help with the port.

You can use the makeappx tool to create your appx file For signing with the Certum token, take a look at Signotaur - this will get around the token password prompts. You can set it up as a post build option on the release config in Delphi if you don't have a proper build or CI process.

There is a demo app on their github repo - https://github.com/appercept/aws-sdk-delphi-samples/tree/main/CognitoDemo I guess support for the getit version comes from embarcadero - the full version from https://www.appercept.com/ does indeed come with a help file. I believe support for the full version is by email at this stage. @Richard Hatherall will be able to answer that better than I can.

Not many complex third party components work with VCL styles, either because VCL Styles are too limited/buggy, or because they already did their own thing long before VCL Styles were released.

I decided to purchase a 3yr OV certificate from SSL.com and load it onto a Yubikey token to be 100% sure they work with Signotaur (have tested with self signed certs before). I had 2 tokens already and bought another one locally - SSL.com are overcharging a lot for them (USD$297 vs USD$106 locally). You need the FIPS versions (e.g 5C FIPS ) for code signing. Note that by default on the order page, they add their cloud service to the price - make sure to de-select that! You do have to go through the process of generating a Certificate Signing Request and then exporting the the attestation certificate and intermediate from the token to upload to their portal. This is quite well documented and pretty easy to follow. Their web portal is pretty horrible (tiny text and links - even with my glasses on). I had some issues initially - the first time they generated an RSA cert instead of an ECDSA (yubikey only supports 2048bit RSA, code signing needs at least 3072bit) - contacted support and then went through the attestation process again, eventually got an ECDSA cert - but that did not work either - signtool sign said success but verify said failed. Important - I discovered that if you change the yubikey pin/puk/managementpin after doing the attestation and before importing the cert, that will cause it to fail (doh!) - so had to go through the process again. It only takes a few minutes on your end, then an email to support for them to generated the cert again - and then you download and import the certificate onto the token. Remember to unplug and plug the token in again after importing (this triggers the import of the public key into the windows certificate store). Third time lucky, everything works fine. Note that to use Yubikeys with Signtool - you need to have the MiniDriver installed (you will get the smartcard pin prompt when calling sign tool) - you don't need the mini driver with Signotaur - you just need the PIV Tool (which has the pkcs#11 driver). I then enquired about backup tokens, and was told to delete the attestation on their portal and redo it for the backup token. So over the course of a few days and some back and forth (timezones make everything slow down under) - I now have 3 yubkey tokens with my certificate installed. This gives me a lot of comfort as I have a backup in case of hardware failure or theft - I have a Nano token which I can deploy in the data center where are servers live - much less likely to be stolen than the safenet token (which has a bright blue led that screams "take me"). Also thanks to @DelphiUdIT we have now confirmed that Signotaur also works fine with Certum tokens.

Thanks to @DelphiUdIT I can now confirm that Signotaur works with Certum code signing tokens 😀

I have hit this issue before, but didn't delve into it too far - I just made a point of not adding items to collections in the base form. TBH, I had so many issues with form inheritance getting messed up by the IDE that I tend to avoid it - more trouble than it's worth.

Keep it simple - create a class helper for TMemo and add an Assign method and just set the props you need. This will be quicker and easier than messing with RTTI (which can be a bit of a rabbit hole with some property types).

There is a type library you can import - would save a lot of casting C:\Windows\System32\inetsrv\nativerd.dll It's a pretty awful api to work with, it's been a while since I looked at it - Microsoft created a pretty extensive dotnet wrapper for it - https://www.nuget.org/packages/Microsoft.Web.Administration you could download the nuget package and use Ilspy to have a look at it - might help

https://www.finalbuilder.com/resources/blogs/code-signing-with-usb-tokens Also, if anyone with a Certum token is interested in seeing whether the pin prompt issue can be worked around, please PM about testing it with Signotaur - we have tested with Safenet and Yubikey tokens but I wasn't able to test with Certum - I did buy a token without a certificate thinking I could test with a self signed certificate (like I did with yubikey), however they they refused to let me reset the token (no PUK).