[fpc-pascal] FPC generated executables and digital signatures

Sven Barth pascaldragon at googlemail.com
Fri Apr 8 14:35:20 CEST 2016

Am 08.04.2016 13:20 schrieb "Graeme Geldenhuys" <
mailinglists at geldenhuys.co.uk>:
> Hi,
> I don't visit Windows much, but was doing some testing on a Win7 VM.
> Every time I run my FPC generated executable I get a Security Warning
> dialog pop up and it mentions a "Unknown Publisher", and I have to then
> click the 'Run' button before my application runs.

Do you mean an UAC elevation dialog (with a broad yellow bar at the top),
thus asking you whether you can run with elevated right or a dialog that
tells you that the executable has cone from a untrusted source?

In the first case:
Does your application need administrator privileges?
If not, make sure that you don't have "install" or "setup" in the name and
that in the Manifest the setting is "AsInvoker" (you can check the Lazarus
IDE if you're using that).
If it does require these... Well, that's by design then. Only thing you can
do is to sign your application so that instead of "Unknown Publisher" it
will show your own or your company's name, but code signing certificates
are costly...

In the second case:
Your file either has a Alternate Data Stream (a NTFS feature) attached that
marks it as coming from a insecure source. You need to remove the ADS (or
simply uncheck the box) to solve this. I fathom that the "chmls unblock"
from Marco does exactly that.
Alternatively it could be that you execute your application from a network
drive. I think there's a setting for that somewhere as well, but I don't
know that right now...

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freepascal.org/pipermail/fpc-pascal/attachments/20160408/340d439f/attachment.html>

More information about the fpc-pascal mailing list