Singning with no capbilities

**nadav_smilansky** · 2008-11-04, 13:18

Hi,

My package uses no capabilities at all and I have a Publisher ID and Certificate.

Can I somehow sign the package without paying anything, or do I still have to pay the 10 Euro fee for the Express Signing procedure?

Thanks,
Nadav

**nuker85** · 2008-11-04, 13:28

hello,
you don t have to pay for self signing or for siging with your certificate
if you have got unsigned sis file just type in your command line console: singsis -h
and you will get information what do you have to pu in console to sign sis

good luck

**wizard_hu_** · 2008-11-04, 13:37

Originally Posted by nadav_smilansky

do I still have to pay the 10 Euro fee for the Express Signing procedure?

Yes, if you want to have your application Symbian signed, you still have to pay for it. Actually what you pay for are not the capabilities, but the usage of the infrastructure (SymbianSigned still has to validate that you are you, etc.).
If you can live with self-signing, that is totally free, however the user will get a notification about untrusted supplier.

**nadav_smilansky** · 2008-11-04, 14:01

OK, thanks. Maybe you can also answer this one:

We distribute our software via various channels, and we would like our software to identify the channel it came from. Also, we would like to ship our software with different "flavors", which differ from one another only by static resources (text files, pictures, etc.).

However, we wouldn't like to send each "flavor" for signing, as it costs a lot of money and also takes time.

So what we thought doing is to sign the core application once, and then create wrapper packages that install the core application as an embedded package and also install some static files. This allows us to use Express Signing for the wrapper packages, which is much quicker and cheaper.

Only problem is that if the user uninstalls the core application, the wrapper package does not get removed and it is left on the phone.

Is there a way to solve this problem?

Thanks,
Nadav

**wizard_hu_** · 2008-11-04, 14:36

Am I right if I suppose that the "core" application could not be Express-signed?

**nadav_smilansky** · 2008-11-04, 15:37

Yes, certainly. The core application is fully SymbianSigned.

**wizard_hu_** · 2008-11-04, 16:26

Unfortunately I have no ideas for such case. If your core app could be Express-signed you could simply leave out the embedding magic, and sign the whole application in a single step.

**nadav_smilansky** · 2008-11-04, 16:47

I will try this idea:

Make the core application hidden.
Make the wrapper package add the core application's icon to the menu and start the core application when the icon is pressed.

Thanks,
Nadav

**wizard_hu_** · 2008-11-04, 16:56

There is a problem: I doubt that you will get certified signing for an application which can not be started in itself (since you either hide it or do not provide the registration file at all).

**ltomuta** · 2008-11-04, 17:03

Does your main application require any capabilities or waivers that would make passing Certified Signed mandatory?

**nadav_smilansky** · 2008-11-05, 07:37

wizard_hu_, I will supply a wrapper to test it with. Hope it will be OK.

Lucian, yes, my application requires quite a few capabilities, including NetworkControl.

But I must wonder: Why isn't there a simple way to do such things? Why do I need to pay for multiply signing the same application, just to change a picture or text?

**nadav_smilansky** · 2008-11-05, 11:19

wizard_hu_, just to update you that the test house has agreed to sign the application when it is hidden. They only require us to send them a test package that does have GUI.

Cheers,
Nadav

**wizard_hu_** · 2008-11-05, 11:28

Thank you for sharing, this info is important to many other developers I guess.

**nadav_smilansky** · 2008-11-06, 18:51

Although the solution is feasible, it has some problems:

It causes more pop-ups during installation
It still requires express signing, which is not free.

What we now think of doing is renaming the sis file differently for each distribution channel (or for every user download) and then read the sis file name during installation.

I have found that the actual sis file is stored during installation either under E:\ or under C:\Data\Installs, and I've successfully read its name in the install script which I run from the pkg file.

However, I've noted that if I wait a little before running the script, then the sis file is removed. This means the installer does not wait for the install script to complete.

What I need to know: Is the sis file deletion delayed deliberately by the installed, or is it just a matter of the time it takes for the installer process to complete after it launches my install script? In the latter case, this whole method relies on race condition, so it is a bit scary.

**nadav_smilansky** · 2008-11-07, 02:20

OK, discovered an answer to this problem as well

:

In the pkg file, add "RW" (Run Wait) to the flags of the installation script (just after the FILERUN and RUNINSTALL flags).

This makes the installer wait until the script exits. Therefore the sis file remains on the machine throughout the script's life time, eliminating the race condition.

Discussion Board

Thread: Singning with no capbilities

Thread Tools

Search Thread

Rate This Thread

Display

Similar Threads

Streaming capbilities

Posting Permissions