Problems with code signing

Question and problem.

First, the question: do #include files need to be signed? I assume we tag them with #script-id and sign them but wanted to be sure.

Second, how do I troubleshoot signing issues? I went through these steps:

1. Generated a signing key
2. Submitted CPD and was accepted
3. Signed using CodeSign

The signing process goes fine but accessing files produces the result "invalid signature" whether I test against .js files or the .xri file for my repo.

I then generated a second key with my developer id and tried signing with that. The signing process succeeds but then validation still fails.

What am I missing and how do I troubleshoot?

Jeremy
 
Hi Jeremy,

do #include files need to be signed?

No. You only have to sign executable .js files and .xri repository information files.

The signing process goes fine but accessing files produces the result "invalid signature" whether I test against .js files or the .xri file for my repo.

Have you installed the update that adds your public signing key to the CPD database? To check this, run the following command from Process Console:

lscpd

Your signing identity should be listed as follows:

Code:
--------------------------------------------------------------------------------
Identifier .... Deep Sky Workflows
Email ......... deepskyworkflows@gmail.com
Website ....... https://deepskyworkflows.com
Name .......... Deep Sky Workflows (Jeremy Likness)
Information ...
 
The signing identity shows correctly when I run the command. However, when I sign although it says it signed successfully, it still shows invalid signature when I try to access the resources.

Bash:
run --execute-mode=auto "C:/Program Files/PixInsight/src/scripts/DeepSkyWorkflows/generateDeconSupport.js"

Processing script file: C:/Program Files/PixInsight/src/scripts/DeepSkyWorkflows/generateDeconSupport.js
*** Error: Signature verification failed for 'GenerateDeconSupport': Invalid code signature: C:/Program Files/PixInsight/src/scripts/DeepSkyWorkflows/generateDeconSupport.js
 
Hi Jeremy

Just a guess at what may have happened but have you edited your code in any way at all after creating the code signing file? The .xsgn code signing file must be regenerated every time you update the source code .js file however small the change.

Hope this helps

Mike
 
Thanks for all the help.

I may have overwritten my signing certificate after I submitted. I am now able to sign without issue. Now my packages show "update error" when I try to updatea via PixInsight, but I can't see what the issue is. The error I'm getting is:

1659237715310.png


When I go to the download location, it looks like the tar/gz has been successfully unzipped because all the files are there. I have deleted them, refreshed the repo in PixInsight and confirmed that they are all successfully unzipped and runnable (with valid signatures), so I have no idea where this error is coming from. Is there a detailed log file I can look at? If so, where does PixInsight place it?
 
Hi Jeremy,

For scripts, which are distributed with the same package on all platforms, use .zip instead of .tar.gz. Standard zip compression works perfectly on all platforms, including Windows.
 
Back
Top