Wednesday, December 17, 2008

Code signing process

Code signing is a process to digitally sign your product, which verifies the publisher of downloads and check that they have not been infected by a virus since they were created. It is Industry wide professional practice to sign the products which they are selling. Now a days most of the customers restrict downloading an unsigned product. So sign your code to keep up your reputation in delivering genuine software's.

To code sign you need following
1) Digital certificate (along with password)
2) Code signing tools
3) URL of a time stamping server

Digital certificate: You can create your own digital certificate's just for trying out signing process. But to do it professionally, you need to buy certificate's from trusted certification authorities like Comodo, Globalsign, Thawte and Verisign.

Code signing tools: Microsoft provides code signing tools like signcode.exe (comes along with Microsoft .NET Framework Software Development Kit) and signtool.exe ( along with Microsoft Visual Studio 2005).

URL of a time stamping server: s the URL of a time stamping server. This may be one of the following:
- http://timestamp.verisign.com/scripts/timstamp.dll
- http://timestamp.globalsign.com/scripts/timstamp.dll
- http://timestamp.comodoca.com/authenticode

Here is an example of code signing process using signtool.exe.

C:\p4clients\sign\tools> signtool.exe sign /f your-pfx-file /p password /t http://timestamp.verisign.com/scripts/timstamp.dll /v file-to-sign

Here is the Sample Output:
The following certificate was selected:
Issued to: SID Software Inc.
Issued by: Thawte Code Signing CA
Expires: 10/16/2011 2:17:15 AM
SHA1 hash: 4374SD894388B9H456E206124G06D9AV1535G12E

Done Adding Additional Store

Attempting to sign: jservice.exe
Successfully signed and timestamped: jservice.exe

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0


As you can see signtool.exe needs a certificate in the form .pfx. Here is the procedure to create it.
Open a command prompt in the folder containing the code signing tools, and type:
>> makecert.exe -sv mykey.pvk -n "CN=Acme Software Inc." mycert.cer

You can substitute your own business name for "Acme Software Inc." If the file mykey.pvk does not already exist, you will be prompted to enter a password for the private key file. The password may be blank.

On completion of this command you should have two files, mykey.pvk and mycert.cer. Now you need to convert the digital certificate into the Software Publisher Certificate (.spc) format. To do this, type:
 >>  cert2spc.exe mycert.cer mycert.spc

You will be prompted to enter the password for the private key file.
(Hopefully, you haven't forgotten it already!) When the program
finishes you should have a new file, mycert.spc. Only the two files mykey.pvk and mycert.spc will be used when signing your code.

If you are using the signtool.exe from Microsoft Visual Studio 2005 or
later or the Platform SDK, then you must first import your private key
and software publisher certificate into a single PFX file. This is a
one-off process that need only be repeated whenever you renew your code
signing certificate. Open a command prompt and type:
>> pvk2pfx.exe -pvk mykey.pvk -pi -spc mycert.spc -pfx mycert.pfx -po
replacing with your private key password. If you used
a blank password when you created your private key file then you can
omit the -pi


Refer link http://www.tech-pro.net/code-signing-for-developers.html for detail explanation about code signing.



Tuesday, December 16, 2008

RPM usage

Let me show you how to create a simple RPM package.

Let me brief about few important rpm options.

INSTALL OPTIONS
1) How to install a rpm package?
rpm -ivh epm-3.5.1-1.i386.rpm

-i : Insists RPM to install
-v : verbose
-h : print # as install progess

2) How to get more verbose information?
rpm -i
vv epm-3.5.1-1.i386.rpm

3) --test: Perform installation test only
rpm -i --test epm-3.5.1-1.i386.rpm
rpm doesn't install the package, instead performs all the checks that RPM does during an install. RPM will return a non-zero status if the --test option detects problems…

4) --replacepkgs: Install the Package Even If Already Installed
rpm -ivh --replacepkgs epm-3.5.1-1.i386.rpm
This option is used to force RPM to install a package that it believes to be installed already.

5) Force full installation with "--force" option
rpm -ivh
--force epm-3.5.1-1.i386.rpm
Here is one situation where you end up using --force option. Assume a previously installed package is deleted manually by a mischievous person. When you try to install it again by just calling "rpm -i *.rpm". It will end up with the message "package epm-3.5.1-1 is already installed". In this situation you can use either --force option or --replacepkgs option.

6) Installing from URL's
rpm -i ftp://ftp.gnomovision.com/pub/rpms/foobar-1.0-1.i386.rpm
Specifying username for FTP site

rpm -i ftp://smith@ftp.gnomovision.com/pub/rpms/apmd-2.4-1.i386.rpm
  Password for smith@ftp.gnomovision.com: ??

7) Installing package even if dependent packages are not available on system
 rpm -i --nodeps blather-7.9-1.i386.rpm
The --nodeps options to an install command directs RPM to ignore any
dependency-related problems and to complete the package installation.


8) Avoiding docs getting installed
rpm -iv --excludedocs cdp-0.33-3.i386.rpm
Also there is an option --includedocs which directs RPM to install any files marked as
being documentation.

9) Installing package on path of our choice
rpm -i --prefix /tmp/test cdplayer-1.0-1.i386.rpm
--prefix gives the person installing the package flexibility in determining where on
their system they should be installed.

10) --noscripts: Do Not Execute Pre- and Post-install
Scripts

11) --percent
RPM displays a series of numbers. Each number is a percentage that indicates how far along the
install is. When the number reaches 100%, the installation is complete.
rpm -i --percent iBCS-1.2-3.i386.rpm

12) --rcfile : Use As An Alternate rpmrc File
The --rcfile option is used to specify a file containing default settings for RPM. By default, RPM uses /etc/rpmrc and a file named .rpmrc located in your login directory.

13) --root : Use As An Alternate Root
Adding --root to an install command forces RPM to assume that the directory specified by is actually the "root" directory. The --root option affects every aspect of the install process, so pre- and post-install scripts are run with as their root directory.

14) --dbpath : Use To Find RPM Database
Normally, RPM database exists in the directory specified by the rpmrc file entry, dbpath. By default, dbpath is set to /var/lib/rpm.

15) --ftpport : Use In FTP-based Installs

16) --ftpproxy : Use As Proxy In FTP-based Installs

17) --ignorearch: Do Not Verify Package Architecture
When a package file is created, RPM specifies the architecture, or type of computer hardware, for which the package was created. This is a good thing, as the architecture is one of the main factors in determining whether a package written for one computer is going to be compatible with another computer.

The --ignorearch option will not perform any architecture-related checking.

18) --ignoreos: Do Not Verify Package Operating System
When a package file is created, RPM specifies the operating system for which the package was created. This is a good thing as the operating system is one of the main factors in determining whether a package written for one computer is going to be compatible with another computer.

The --ignoreos option will not perform any operating system-related checking.

19) --replacefiles: Install the Package Even If It Replaces Another Package’s Files
rpm -iv --replacefiles cdp-0.33-3.i386.rpm

ERASE OPTIONS
1) How to un-install a package?
rpm -ev eject 
 -e: erase
-v: verbose

To get even more verbose information
rpm -evv eject

By adding -vv to the command line, we can often get a better feel for what’s going on inside RPM.

By default RPM wouldn’t erase the package if there are dependencies for this package.


2) --test: Go through the process of erasing the package, but do not erase it
rpm -e --test bother
It will show if any files needed by other packages getting deleted if we erase this package.

3) --nodeps: do not check dependencies before erasing package
rpm -e --nodeps bother
Adding the --nodeps options to an erase command directs RPM to ignore any dependency-related problems, and to erase the package.

4) --noscripts: do not execute Pre- and Post-uninstall scripts 

5) --rcfile : Read for RPM Defaults
The --rcfile option is used to specify a file containing default settings for RPM. By default, RPM uses /etc/rpmrc and a file named .rpmrc located in your login directory.

6) --root : Use as the root
Adding --root to an un-install command forces RPM to assume that the directory specified by is actually the "root" directory. The --root option affects every aspect of the install process, so pre- and post-install scripts are run with as their root directory

7) --dbpath : Use to find RPM Database
Normally, database exists in the directory specified by the rpmrc file entry, dbpath. By default, dbpath is set to /var/lib/rpm.

8) rpm -e and Config files
If you’ve made changes to a configuration file that was originally installed by RPM, your changes won’t be lost if you erase the package. Say, for example, that we’ve made changes to /etc/skel/.bashrc (a config file), which was installed as part of the etcskel package. Later, we remove etcskel, .bashrc.rpmsave a copy of your modified .bashrc file will be created during un-install.

UPGRADE OPTIONS
1) How to upgrade a already installed package?
rpm -U eject-1.2-2.i386.rpm
If a package not installed at all early, then -U option works similar to -i (install) option.

Given the fact that rpm -U can be used as a replacement to rpm -i, it follows that
most of the options available for rpm -U are identical to those used with rpm -i.

URLs can also be used to specify the package file.

2)  --oldpackage: Upgrade to an older version
rpm -Uv --oldpackage cdp-0.33-2.i386.rpm

3) --force: Forceful up-gradation
It adds --replacepkgs, --replacefiles, and --oldpackage to the command. The only thing that will prevent a --force’ed upgrade from proceeding is a dependency conflict.

4) --noscripts: Do not execute Install and Uninstall Scripts

QUERY OPTIONS
Format: rpm -q   <information-selection>
Where Package name can be
  -
7) How to view content of RPM package using RPM command?
rpm -q -filesbypkg -p filename.rpm (or similar)
where --filesbypkg means "List all the files in each selected package."

Sunday, December 7, 2008

sudo configuration

Need to edit /etc/sudoers file.
use visudo command to edit this file.

# User privilege specification
root ALL=(ALL) ALL
build ALL=(ALL) NOPASSWD: ALL

Thursday, December 4, 2008

Perforce - can't edit exclusive file already opened

In perforce, whenever a binary file like doc, xls or ppt files are checked out, it is opened in exclusive lock mode. So no other person can check-out that file until the current person who checked-out submit(check-in) it. But there is a way to check-out binary files in these scenario

Check out your binary file as shown below
p4 edit -t binary //knowledgebase/ctweb/main/releases/AXM/Server/Moneypenny/Dev/moneypenny_code_review.xls

-t binary option will allow you to check-out binary file even it is locked. After your modification, you can check it back in without any issues

How to know a Unix/Linux system is a 32/64 bit architecture?

To know whether given Unix/Linux machine is of type 32/64 bit architecure, use the command

getconf LONG_BIT

It outputs correspondingly 32 or 64 bit.

For AIX machine use "bootinfo -K" command for same purpose

Reference: http://www.unixguide.net/unixguide.shtml

Wednesday, December 3, 2008

How to know architecture of a AIX machine?

We can easily know the architecture type in Linux or Solaris systems with the help of "uname" command. But uname command in AIX don't give relevant information. To know the architecture (PowerPC, rs6000) of your AIX machine, use the following commands.

1) First know the processor characterstics by typing
[root@re-aix02:/] lsdev -Cc processor
proc0 Available 00-00 Processor
From this you know your processor is on "proc0 or proc1"

2) Using the information obtained from 1), know the attribute characteristics for processor
[root@re-aix02:/] lsattr -E -l proc0
state enable Processor state False
type PowerPC_POWER4 Processor type False
frequency 1200000000 Processor Speed False

The second line in output tells about processor architecture.