Author Topic: weidu next generation - build process improvement for windows executable  (Read 487 times)

Offline AL|EN

  • Planewalker
  • *****
  • Posts: 223
  • Gender: Male
1. Taking into consideration the manifest/config requirements regarding admin rights, as argent77 mention
Weidu should be always executed with admin rights due to the fact that Steam default installation directory is "..\program files\steam\steamapps\common" and it's protected directory.


2. Weidu executable should be signed vie certificate - you can get a free, fully featured SSL certificate from https://letsencrypt.org
it should prevent many false-positives when weidu is recognized by antivirus and blocked.


3. weidu doesn't have any file details/information - it should have some of the information which are displayed here http://imgur.com/6tqIMzH
it will allow for checking what is the weidu file version without need to run executable itself.


Edit by Wisp: My mistake. I don't think anything was lost.
« Last Edit: May 31, 2017, 01:17:59 PM by AL|EN »
You cannot have progress without changes...

Offline Wisp

  • Moderator
  • Planewalker
  • *****
  • Posts: 883
1. Taking into consideration the manifest/config requirements regarding admin rights, as argent77 mention
Weidu should be always executed with admin rights due to the fact that Steam default installation directory is "..\program files\steam\steamapps\common" and it's protected directory.
Nein. WeiDU has no business running with elevated privileges. If you want user processes to be able to write to your game directory, install the game to someplace you have write access.

Quote
2. Weidu executable should be signed vie certificate - you can get a free, fully featured SSL certificate from https://letsencrypt.org
it should prevent many false-positives when weidu is recognized by antivirus and blocked.
I agree WeiDU should be signed, but Let's Encrypt only do TLS certificates (not code-signing ones) and they only do domain-validation (and I don't control weidu.org). Then there's the fun business with what CA has yet to issue fraudulent certificates and how some of the supposedly most trustworthy ones are topping the list of offenders. I take one look at it and I'm all like the Pope of Nope. I'll concede it's probably not impossible to find a CA that isn't complete crap and that I'm overreacting.

Quote
3. weidu doesn't have any file details/information - it should have some of the information which are displayed here http://imgur.com/6tqIMzH
it will allow for checking what is the weidu file version without need to run executable itself.
Seems like a hassle, but if you got a patch for it, sure.
« Last Edit: May 25, 2017, 02:12:09 PM by Wisp »

Offline AL|EN

  • Planewalker
  • *****
  • Posts: 223
  • Gender: Male
Quote
Seems like a hassle, but if you got a patch for it, sure.
It's not the matter of simple patch, it's a matter of adding a automated way of reading version from https://github.com/WeiDUorg/weidu/blob/devel/src/version.ml (also include other needed data) and creating an exe which will always contain what is written into this file. It's on the side of "devops" and only the person who compile it, can create solution for his own OS/environment. It require some work but it's basic windows feature which let's other people to identify file version and preform action based on it.
You cannot have progress without changes...

Offline Wisp

  • Moderator
  • Planewalker
  • *****
  • Posts: 883
It's not the matter of simple patch, it's a matter of adding a automated way of reading version from https://github.com/WeiDUorg/weidu/blob/devel/src/version.ml (also include other needed data) and creating an exe which will always contain what is written into this file. It's on the side of "devops" and only the person who compile it, can create solution for his own OS/environment. It require some work but it's basic windows feature which let's other people to identify file version and preform action based on it.
I was actually suggestion that you contribute code towards the cause. I don't know Windows stuff. I mean, I can probably read up on it, but I hate Windows-isms.

Offline AL|EN

  • Planewalker
  • *****
  • Posts: 223
  • Gender: Male
I might take look at the things which are needed but seriously ... you hate Windows-isms? Just image for one second the amount of shitpost when you would say that you hate linux-isms. I won't draw exaggerate conclusions from this statement but you should really should be more grateful towards the OS which was the reason that Baldur's Gate exist. You should be open minded and take best features of each platform. Zeitgeist and weidu can only benefit from such approach.
You cannot have progress without changes...

Offline qwertyqwerty

  • Planewalker
  • *****
  • Posts: 54
1. Taking into consideration the manifest/config requirements regarding admin rights, as argent77 mention
Weidu should be always executed with admin rights due to the fact that Steam default installation directory is "..\program files\steam\steamapps\common" and it's protected directory.


2. Weidu executable should be signed vie certificate - you can get a free, fully featured SSL certificate from https://letsencrypt.org
it should prevent many false-positives when weidu is recognized by antivirus and blocked.


3. weidu doesn't have any file details/information - it should have some of the information which are displayed here http://imgur.com/6tqIMzH
it will allow for checking what is the weidu file version without need to run executable itself.
1. I don't think it should be be case, because there are people that specifically don't want it to run with admin privileges.
2. If an antivirus gives a false positive, that's a flaw in the antivirus, and it should be dealt with accordingly. Don't want to  flame, but libre software must not bend over.
3. It's kind of nice to have, but what's the actual use case? I've never seen anyone asking for it.

Offline AL|EN

  • Planewalker
  • *****
  • Posts: 223
  • Gender: Male
Quote
3. It's kind of nice to have, but what's the actual use case? I've never seen anyone asking for it.
I hear this all the time. Nobody asked for features or changes because not many people have to maintain more things except their mods. I posted user case: it will allow for checking what is the weidu file version without need to run executable itself for any modding tool which want to check weidu version of 200 setup-xxx.exe
You cannot have progress without changes...

Offline qwertyqwerty

  • Planewalker
  • *****
  • Posts: 54
I posted user case: it will allow for checking what is the weidu file version without need to run executable itself for any modding tool which want to check weidu version of 200 setup-xxx.exe
Such as? BWS? Do they actually update and run each exe? I'd be surprised to hear that. One weidu.exe is enough, just pointing it to the right tp2 will work just as well (and of course will be faster than checking and upgrading hundreds of files, whichever way is used to check their versions)

Offline AL|EN

  • Planewalker
  • *****
  • Posts: 223
  • Gender: Male
Quote
Nein. WeiDU has no business running with elevated privileges. If you want user processes to be able to write to your game directory, install the game to someplace you have write access.
I've just preformed yet another test: even if the weidu.exe itself doesn't request admin rights from non-protected user directory, after you rename it to setup-*.exe it will require admin rights because is missing "Verified Publisher" field/certificate.

BWS update all weidu exe in one go, then use --no-auto-update option to avoid weidu checking 200+ files for new version. You idea about using one weidu and point to tp2 is nice but it require significant code modification. And it might me obsolete soon but that's another story.
« Last Edit: June 08, 2017, 03:49:56 AM by AL|EN »
You cannot have progress without changes...

Offline Wisp

  • Moderator
  • Planewalker
  • *****
  • Posts: 883
Quote
Nein. WeiDU has no business running with elevated privileges. If you want user processes to be able to write to your game directory, install the game to someplace you have write access.
I've just preformed yet another test: even if the weidu.exe itself doesn't request admin rights from non-protected user directory, after you rename it to setup-*.exe it will require admin rights because is missing "Verified Publisher" field/certificate.
I never said WeiDU wouldn't, merely that it shouldn't. Also, Windows is not having WeiDU prompt for elevated privileges because it lacks a certificate (that would be quite backwards, as only trusted code should run elevated and unsigned executables are less trustworthy than signed ones). If there's no manifest (like this one) for the executable, Windows employs heuristics and stuff to determine whether to prompt the user. Among other things, executables called something like "setup", "install" or similar are prompted for.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
What color is grass?:
What is the seventh word in this sentence?:
What is five minus two (use the full word)?: