Open Signed Online (BETA) Service Error

[wirefree101]

Well its probably that Symbian made another change to open signed.
They regressed their previous openeness and the following capabilties are avaliable with a devcert only, but NOT with open signed
CommDD,
MultimediaDD,
NetworkControl,
DiskAdmin

My guess is you are using Network Control or CommDD which will generate this message.

Can you post which of the files you attempted to sign?

Here is the link to the file I have attempting to sign:

http://www-rp.lip6.fr/~berger/pys60_exts/

[ltomuta]

There are a bunch of files there, which one are you really using?

elocation-PyS60_1_4_0_3rdEdFP1-OMAP2420_unsigned.SIS (6.73 Ko)
elocation-PyS60_1_4_0_3rdEdFP1_unsigned.SIS (6.73 Ko)
elocation-PyS60_1_4_0_3rdEd_unsigned.SIS (9.46 Ko)
elocation-PyS60_1_4_1_3rdEd-unsigned.sis (9.52 Ko)
elocation-PyS60_1_4_1_3rdEdFP1-OMAP2420-unsigned.sis (7.61 Ko)
elocation-PyS60_1_4_1_3rdEdFP1-unsigned.sis (7.61 Ko)
gps_location-PyS60_1_3_23_unsigned.sis (8.9 Ko)
gps_location-PyS60_1_4_0_3rdEdFP1-OMAP2420_unsigned.SIS (8.97 Ko)
gps_location-PyS60_1_4_0_3rdEdFP1_unsigned.SIS (8.97 Ko)
gps_location-PyS60_1_4_0_3rdEd_unsigned.SIS (11.23 Ko)
gps_location-PyS60_1_4_1_3rdEd-unsigned.sis (11.23 Ko)
gps_location-PyS60_1_4_1_3rdEdFP1-OMAP2420-unsigned.sis (10.05 Ko)
gps_location-PyS60_1_4_1_3rdEdFP1-unsigned.sis (10.05 Ko)
wlantools-PyS60_1_3_23_unsigned.sis (7.7 Ko)
wlantools-PyS60_1_4_0_3rdEdFP1-OMAP2420_unsigned.SIS (8.27 Ko)
wlantools-PyS60_1_4_0_3rdEdFP1_unsigned.SIS (8.64 Ko)
wlantools-PyS60_1_4_0_3rdEd_unsigned.SIS (8.6 Ko)
wlantools-PyS60_1_4_1_3rdEd-unsigned.sis (8.6 Ko)
wlantools-PyS60_1_4_1_3rdEdFP1-OMAP2420-unsigned.sis (7.49 Ko)
wlantools-PyS60_1_4_1_3rdEdFP1-unsigned.sis (7.49 Ko)

Last time you were complaining about this I was actually able to sign one of the files from there but then I realised that the file is incorrect and should have been rejected by Symbian Signed. If the signing tool was corrected according to my feedback and if the modules above still have that defect then of course you will not be able to sign them.

There's e lot of IFs here though.

[bergerc]

My guess is you are using Network Control or CommDD which will generate this message.

Can you post which of the files you attempted to sign?

Hi,

I'm the developper of this module, sorry I did not follow the changes that happened to Symbian Signed these last months and I think my PyS60 binary modules do not fit anymore to the system. And I'm still using free devcerts that's why I did not check.
Well, I was looking for a detailled procedure like "How to distribute your PyS60 modules (for dummies)" but it appears it's still under discussion.
So, I may have 2 alternatives :
* using an UID from unprotected range and signing it through open signed to distribute it ?
* Using an UID from the test range and let everybody sign it when they want to use it ?
Let users compile the modules is not a solution as it is too complicated for end-users, even for leasure time programmers (I think)

The problem of the capabilities comes from me I think, I was always using the maximum set allowed by the certificate (PowerMgmt ReadDeviceData WriteDeviceData TrustedUI ProtServ SwEvent NetworkServices LocalServices ReadUserData WriteUserData Location SurroundingsDD UserEnvironment)
I'll check what's really necessary and build a new version as soon as I understand how it really works and how I can distribute this module in an easy form for users.

Thanks

[ltomuta]

So, I may have 2 alternatives :
* using an UID from unprotected range and signing it through open signed to distribute it ?
* Using an UID from the test range and let everybody sign it when they want to use it ?
Let users compile the modules is not a solution as it is too complicated for end-users, even for leasure time programmers (I think)

Hi Christophe

You have indeed options but not those listed above.

Open Signed Online is not intended for software releases so you either release your extensions self-siged or you sign them through the Express Signed or Certified Signed processes.

See my blog for more info on PlatSec and Symbian Signed.

In fact you do have another option which you already use: release the source code and let developers integrate/modify and then sign the extensions on their own (with proper credit given to your work of course).

[bergerc]

Hi,

Hi Christophe

You have indeed options but not those listed above.

Open Signed Online is not intended for software releases so you either release your extensions self-siged or you sign them through the Express Signed or Certified Signed processes.

See my blog for more info on PlatSec and Symbian Signed.

In fact you do have another option which you already use: release the source code and let developers integrate/modify and then sign the extensions on their own (with proper credit given to your work of course).

I'll look at your blog. Thanks for your answer, I'll see if I can selfsign it... not sure as it may use NetworkServices capability.


Well, I'm distributing python modules, I think people using these modules are not willing to bother with modules compilation (or even do not know how to do it). Python's goal is to be easy to use... so let users compile the modules they want to use is not a solution.

The credit on my work is not the problem, I really don't care if people use my code, it's documented on the Nokia wiki and anybody willing to use wlan scanning has anyway a minimum work to do.
The problem is to provide a good and easy to use platform to program simple and functional applications for personal use. My modules were done in this view... and I'm really considering moving to iPhone, it's completely dumb to restrict use of the phone (I know Apple does the same thing, but different manner and they apparently provide certificates to people).

Why not give certificates to developpers to let them distribute applications (even for a _little_ fee) ? Apparently on Symbian platforms this solution is too simple... you have to let your code audited and so on if you want to give a application to your friends.
I'm fed up with this system, devcerts was an acceptable solution. Now it's completely dumb. Sorry it's not against anybody but I don't understand the political reasons of this new system.

[SkullZZ]

The application under consideration is wlantools-PyS60 to be found at:

http://www-rp.lip6.fr/~berger/pys60_exts/

The developer of this application listed NetworkServices, ReadUserData, WriteUserData and ReadDeviceData in personal correspondence to me. Signing attempt with these four services yielded in the error:

"FAILURE: Submitted .sis file uses uses capabilites that were not selected"


Next, I checked the capabilities of the .sis file at:

http://www.whythefuckwontmysisfilein...com/index.html

The above URL listed all services. So I checked all the services which finally yielded the error:

"The .sis file contains capabilities that are not permitted for Open Signed (Online)"


Would appreciate advise on how to proceed.

Best,
wirefree

I had similar problem which was resolved in very unusual way.
The problem was that when you do
abld.bat clean
or
abld.bat cleanall
or even (!!!)
abld.bat reallyclean

it does not clean up content of C:\S60\devices\S60_3rd_FP2_SDK\epoc32\release\gcce\urel directory.
So, my SIS file was based on old EXE.

The only thing that works is to explisitly pass platform as argument:

abld.bat clean gcce urel

So, the problem was that I was trying to upload the same old binary again and again.

Shame on that abld.bat file author (or even bldmake), but it really has place in my environment...

Hope this will help someone.

[Paul.Todd]

Open Signed Online is not intended for software releases so you either release your extensions self-siged or you sign them through the Express Signed or Certified Signed processes.

How are freeware and opensource applications intended to be signed then if you do not have a publisher id?

[ltomuta]

How are freeware and opensource applications intended to be signed then if you do not have a publisher id?

Open Source means you have access to the code and build the application yourself, with your own contributions to it (presumably). As such you have the R&D signing options at your disposal.

If the Open Source projects are also offering pre-built binaries those are releases and must follow the release signing path, with the available certification options.

To be noted that the Open Source releases are not necessarily freeware.

As for signing freeware, I am sorry but I do not have a better answer than this: "Sorry, the page you requested was not found.".

For Open Signed Online to be Symbian Signed's answer for freeware that would be the dumbest idea ever. Personal opinion, of course.

[ltomuta]

Yep, it is confirmed, the Open Signed Online is the official freeware signing channel. See https://developer.symbian.com/forum/...D=71130&#71130

[Paul.Todd]

The reason I asked was there was a post on the Symbian newsgroups saying that freeware signing was now discontinued.

[ltomuta]

Well, that sounds like good service: first a non-working URL, then an "announcement" in the newsgroups and a default to the worst possible signing option.

[juhavai]

I had similar problem which was resolved in very unusual way.
The problem was that when you do
abld.bat clean
or
abld.bat cleanall
or even (!!!)
abld.bat reallyclean

it does not clean up content of C:\S60\devices\S60_3rd_FP2_SDK\epoc32\release\gcce\urel directory.
So, my SIS file was based on old EXE.

The only thing that works is to explisitly pass platform as argument:

abld.bat clean gcce urel

So, the problem was that I was trying to upload the same old binary again and again.

Shame on that abld.bat file author (or even bldmake), but it really has place in my environment...

Hope this will help someone.

Hopefully you can live with my little spamming, but I need to thank you. I was just about to lose my temper with that Open Signed as I kept getting this error about using capabilities not grantable through Open Signed, while I had checked a million times that there were no such capabilities (anymore, I had one by mistake before). Turned out to be exactly this old exe -> .sis problem you described. Thank you, I would've never figured that out by myself =)