Recent

Author Topic: installation warning  (Read 2285 times)

systems

  • New Member
  • *
  • Posts: 18
installation warning
« on: May 21, 2022, 08:13:17 am »
Hi

When I tried to install lazarus on windows 10, i got this warning (attached)

Windows protected your PC
Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.

App:
lazarus-2.2.2-fpc-3.2.2-win64.exe
Publisher: 
Unknown publisher



I think this can be fixed, if the install file is properly signed, I made an issue/ticket on gitlab, hope it gets their attention
anyway, how serious is this issue
« Last Edit: May 21, 2022, 08:15:50 am by systems »

PascalDragon

  • Hero Member
  • *****
  • Posts: 4134
  • Compiler Developer
Re: installation warning
« Reply #1 on: May 21, 2022, 05:02:12 pm »
I think this can be fixed, if the install file is properly signed, I made an issue/ticket on gitlab, hope it gets their attention

The problem is that code signing certificates cost money and need to be renewed regularly.

anyway, how serious is this issue

From a technical point of view: as long as you downloaded it from one of the official sources (the servers we advertise or SourceForge), not at all. Just continue with the installation.

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 7949
  • Debugger - SynEdit - and more
    • wiki
Re: installation warning
« Reply #2 on: May 21, 2022, 06:48:19 pm »
We do publish checksums on our webpage.
https://www.lazarus-ide.org/index.php?page=checksums
https://www.lazarus-ide.org/index.php?page=checksums#2_2_2

So after the download you can verify that your copy was not modified. (most OS supply tools to compute the checksum. For Windows you can use power-shell or download "fciv.exe" directly from Microsoft for free).

A signature does nothing but tell you that the file has not been modified since it was signed.
If we would sign, then you would still need to check that the signature is ours (someone else could have a similar name for their signature).

So using the checksum gives you the same information.

For the Windows builds, you can also check (for each checksum)
https://www.virustotal.com/gui/file/3aecce3f12f9c1824dcb149142abfbaee4e162a2624e62cb0ecd9b7c2142b7e3


systems

  • New Member
  • *
  • Posts: 18
Re: installation warning
« Reply #3 on: May 21, 2022, 07:37:24 pm »
Thanks all,

I checked the checksum, and its good, it matches
I still think making this warning go away, is not a bad idea, I think many complete beginners, might be stopped by it
since you have to click view more information link, and only then you get the proceed anyway button, which still looks scary ;)


MarkMLl

  • Hero Member
  • *****
  • Posts: 4431
Re: installation warning
« Reply #4 on: May 21, 2022, 11:58:54 pm »
I still think making this warning go away, is not a bad idea, I think many complete beginners, might be stopped by it

What is a complete beginner doing using Windows?

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 7949
  • Debugger - SynEdit - and more
    • wiki
Re: installation warning
« Reply #5 on: May 22, 2022, 01:21:44 am »
Well, I agree with the general statement "would be nice to have". And maybe also that some people who don't know the project would find it easier to trust the download. (Though to be honest, if I don't know who is behind the name on the certificate, I don't trust it any more as I would if it wasn't there)...

But the problem remains, it takes time and money. In this case the bigger issue actually is time. Someone needs to spend the time. I don't have it. Not sure if any one "eligible to do the task" has time (and interest for that matter).
"eligible" because I guess it should be someone known to (and trusted by) the project.

But well, if enough lobbying is done, maybe someone ...

systems

  • New Member
  • *
  • Posts: 18
Re: installation warning
« Reply #6 on: May 22, 2022, 03:00:03 am »
Well, on the bugtracker, i was asked to unlock the file from the windows file properties
and it kinda works, I no longer get the warning, but its not really a solution

But now I see a second issue, the installer starts working without asking for an admin accounts
and raise a warning/error, when it tries to write DLLs, in C:\Windows\System32

I think this also need a fix, the installer need to ask for an admin privilege as soon as it starts

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1983
  • Former Delphi 1-7, 10.2 user
Re: installation warning
« Reply #7 on: May 22, 2022, 03:39:48 am »
As for the DLL issue, I installed Lazarus 2.2.2 on a brand new Windows 11 VM and had no issues. Perhaps you already had copies of those DLLs and no overwrite access?
Lazarus 2.3, FPC 3.3.1 macOS 12.3.1 x86_64 Xcode 13.4
Lazarus 2.3, FPC 3.3.1 macOS 12.3.1 aarch64 Xcode 13.4

systems

  • New Member
  • *
  • Posts: 18
Re: installation warning
« Reply #8 on: May 22, 2022, 04:05:35 am »
You probably had admin privileges, this is my work computer, so my normal user dont have admin privileges
most personal users wont notice this

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1983
  • Former Delphi 1-7, 10.2 user
Re: installation warning
« Reply #9 on: May 22, 2022, 06:39:51 am »
Ah yes, being the only user on the Win11 system might explain it.

I'd be wary of using any of the supplied, or even the system, SSL DLLs anyway. The latest OpenSSL stable version is the 3.0 series which is supported until 7th September 2026. This is also a Long Term Support (LTS) version. The previous LTS version 1.1.1 is on life support until 11th September 2023 (at which point all support ceases) as OpenSSL moves to version 3 (now at 3.02) which has even more significant ABI changes. All older OpenSSL versions (including 1.1.0, 1.0.2, 1.0.0, 0.9.8 and 0.9.7) are now out of support, contain multiple security vulnerabilities and should not be used.
Lazarus 2.3, FPC 3.3.1 macOS 12.3.1 x86_64 Xcode 13.4
Lazarus 2.3, FPC 3.3.1 macOS 12.3.1 aarch64 Xcode 13.4

systems

  • New Member
  • *
  • Posts: 18
Re: installation warning
« Reply #10 on: May 22, 2022, 07:03:11 am »
Good thing i was cautious and didnt install anything

what would be the most reliable and secure way to get the openssl libraries on windows ?
i googled, and there doesnt seem to be any reliable binaries source/ installer for openssl on windows

trev

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1983
  • Former Delphi 1-7, 10.2 user
Re: installation warning
« Reply #11 on: May 22, 2022, 07:58:39 am »
For my recent work updating the lNet library, I downloaded modern 32 and 64 bit Windows versions from: https://slproweb.com/products/Win32OpenSSL.html
Lazarus 2.3, FPC 3.3.1 macOS 12.3.1 x86_64 Xcode 13.4
Lazarus 2.3, FPC 3.3.1 macOS 12.3.1 aarch64 Xcode 13.4

tetrastes

  • Full Member
  • ***
  • Posts: 217
Re: installation warning
« Reply #12 on: May 22, 2022, 04:54:12 pm »
But now I see a second issue, the installer starts working without asking for an admin accounts
and raise a warning/error, when it tries to write DLLs, in C:\Windows\System32

I think this also need a fix, the installer need to ask for an admin privilege as soon as it starts
Simply uncheck "Globally Install openssl libraries" in "Select Components" step in Lazarus Setup.

dsiders

  • Hero Member
  • *****
  • Posts: 649
Re: installation warning
« Reply #13 on: May 22, 2022, 06:19:11 pm »
But now I see a second issue, the installer starts working without asking for an admin accounts
and raise a warning/error, when it tries to write DLLs, in C:\Windows\System32

I think this also need a fix, the installer need to ask for an admin privilege as soon as it starts
Simply uncheck "Globally Install openssl libraries" in "Select Components" step in Lazarus Setup.

If you know what "Globally Install" actually means the solution is obvious. And. apparently users do not connect the dots when it doesn't work. Perhaps the installer needs to say "Install OpenSSL libraries in the Windows directory (requires administrator permissions)". The description matches the actions performed and tells you exactly what you need.



Lazarus 2.0.12, 2.2.0, 2.2.2, 2.3.0 (Git) / FPC 3.2.0, 3.2.2, 3.3.1 / x86 64-bit / Windows 8.1
Preview Lazarus 2.3.0 documentation at: https://dsiders.gitlab.io/lazdocsnext

tetrastes

  • Full Member
  • ***
  • Posts: 217
Re: installation warning
« Reply #14 on: May 22, 2022, 06:54:27 pm »
Perhaps it needs.
However apparently users ask here, when something doesn't work. And then they have choice according to answers: make it work as is, or wait when it will be corrected.

 

TinyPortal © 2005-2018