You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Rob Weir <ro...@apache.org> on 2012/06/06 23:59:26 UTC
Windows 8 Compatibility?
I installed the Windows 8 Tech Preview (32-bit) today on a virtual
server. After a few minutes to figure out the new platform UI I
installed AOO 3.4. Install went without problems and it appears to
run fine.
Of course, there is more that we could do to be a well-integrated
Windows desktop application. The best practices are outlined here:
http://msdn.microsoft.com/library/windows/desktop/hh749939
A lot of this is goodness that would help users on Windows 7 and
earlier versions as well. For example, the code signing reduces the
risk of tampering or corrupt files. It also reduces false complaints
by some anti-virus products. The recommended compiler options help
reduce the explotability of security vulnerabilities, especially of
the kind products run into reading binary file formats. More info on
these options are here:
http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
Did OpenOffice.org ever try for logo certification from Microsoft
before? If so, what was the experience?
I think it might be worth trying for this with AOO, It would takes
some work, but in the end we would have better platform integration,
and a better user and admin experience.
-Rob
Re: Windows 8 Compatibility?
Posted by Andrea Pescetti <pe...@apache.org>.
Rob Weir wrote:
> Of course, there is more that we could do to be a well-integrated
> Windows desktop application. The best practices are outlined here:
> http://msdn.microsoft.com/library/windows/desktop/hh749939
I have no idea on many of those, but there are a couple of items that I
noticed:
- 5. Apps must support a clean, reversible installation: this would need
some work if it means that, when overwriting (say) version 3.3,
OpenOffice 3.4 (or 3.4.1, or 4.0, whatever) should allow to roll back to
version 3.3 upon failed installation. Much would actually depend on how
a "failed" installation is defined...
- 10.2 Your app must avoid starting automatically on startup: would this
mean that the Quickstarter must be disabled by default, that it must be
removed (this would be problematic) or that it can stay because (current
bugs aside...) it doesn't actually start OpenOffice?
Still, with the large majority of OpenOffice users on Windows and User
Experience becoming a medium-term priority for OpenOffice, it would be
reasonable to prepare in order to be ready for Windows 8.
Regards,
Andrea.
Re: Windows 8 Compatibility?
Posted by Liu Da Li <wa...@gmail.com>.
Base on the Windows 8 certification requirements and Windows App
Certification Kit (ACK) test result.
It seems that there are only five issues need be resolved to make Apache
OpenOffice can be put on Windows 8 APP Store.
It seems that it's possible to make Apache Openoffice available on Windows
8 APP Store.
The details is be updated in the wiki page. It also can be used to track
the owner and status of these issue.
http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
2012/6/12 Liu Da Li <wa...@gmail.com>
> I have create five items on Bugzilla to track these issue.
>
> - Issue 1. Test for "Section 3 Apps support Windows security features"
> is failed.Bugzilla ID 119946 link: [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>
>
> - Issue 2. Test for "Section 4 Apps must adhere to system restart
> manager messages" is failed. Bugzilla ID 119947 link: [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>
>
> - Issue 3. Test for "Section 5 Apps must support a clean, reversible
> installation" is failed. Bugzilla ID 119948 link: [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>
>
> - Issue 4. Test for "Section 6 Apps must digitally sign files and
> drivers" is failed.Bugzilla ID 119949 link: [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>
>
> - Issue 5. Test for "Section 11 Apps must support multi-user sessions"
> is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
> [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>
> Anyone please help to check them, confirm them and fix them.
>
>
> 2012/6/12 XiuLi Xu <su...@gmail.com>
>
>> Hi All,
>>
>> I upload the detailed test result and Windows 8 related links in the wiki
>> document, Windows App Certification Kit Test Results for Apache OpenOffice
>> 3.4<
>> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
>> >
>>
>>
>> On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
>>
>> > There are so many items in the Windows 8 certification list, I try to go
>> > through it and find that there is maybe about 43 TODO items for us to do
>> > the certification. Most of the TODO items are just a verification jobs,
>> > but some code change jobs maybe are need to do for the sections 4.1,5.1,
>> > 9.1, 10.2,11.7.
>> > I have try to verify some items, the result be marked at green.
>> > Herbert1 also go through the list, I put his result at the end of each
>> > section.
>> >
>> > Items which maybe need to change some codes
>> > ------------------------------------------------
>> > 4.1 Your app must handle critical shutdowns appropriately
>> > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION
>> will
>> > be sent WM_ENDSESSION and closed, while those that time out in response
>> to
>> > WM_QUERYENDSESSION will be terminated. .
>> > 5.1 Your app must properly implement a clean, reversible installation
>> > If the installation fails, the app should be able to roll it back and
>> > restore the machine to its previous state.
>> > 9.1 Your app must have a manifest that defines execution levels and
>> tells
>> > the operating system what privileges the app requires in order to run
>> > The app manifest marking only applies to EXEs, not DLLs. This is because
>> > UAC does not inspect DLLs during process creation. It is also worth
>> noting
>> > that UAC rules do not apply to Windows Services. The manifest can be
>> either
>> > embedded or external.
>> > To create a manifest, create a file with the name
>> <app_name>.exe.manifest
>> > and store it in the same directory as the EXE. Note that any external
>> > manifest is ignored if the app has an internal manifest. For example:
>> > <requestedExecutionLevel level=""asInvoker | highestAvailable |
>> > requireAdministrator"" uiAccess=""true|false""/>
>> > 10.2 Your app must avoid starting automatically on startup
>> > For example, your app should not set any of the following;
>> > Registry run keys HKLM and, or HKCU under
>> > Software\Microsoft\Windows\CurrentVersion
>> > Registry run keys HKLM, and or HKCU under
>> > Software\Wow6432Node\Microsoft\windows\CurrentVersion
>> > Start Menu AllPrograms > STARTUP
>> > 11.7 Your app must check other terminal service (TS) sessions for
>> existing
>> > instances of the app
>> > Note: If an app does not support multiple user sessions or remote
>> access,
>> > it must clearly state this when launched from this kind of session.
>> >
>> >
>> ------------------------------------------------------------------------------------------
>> > Full TODO items.
>> >
>> > 1. Apps are compatible and resilient
>> > 1.1 Your app must not take a dependency on Windows compatibility modes,
>> > AppHelp message, and or any other compatibility fixes
>> > TODO 1.1 : Need verification , don't depend.
>> > 1.2 Your app must not take a dependency on the VB6 runtime
>> > TODO 1.2 : Need verification , don't depend.
>> > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
>> > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
>> > AppInit_dlls.
>> > TODO 1.3 : Need verification , don't load.
>> > Herbert1: Win8 Cert Section 1 : ok
>> >
>> > 2. Apps must adhere to Windows Security Best Practices
>> > 2.1 Your app must use strong and appropriate ACLs to secure executable
>> > files
>> > TODO 2.1 : Need verification
>> > 2.2 Your app must use strong and appropriate ACLs to secure directories
>> > TODO 2.2 : Need verification
>> > 2.3 Your app must use strong and appropriate ACLs to secure registry
>> keys
>> > TODO 2.3 : Need verification
>> > 2.4 Your app must use strong and appropriate ACLs to secure directories
>> > that contain objects
>> > TODO 2.4 : Need verification
>> > 2.5 Your app must reduce non-administrator access to services that are
>> > vulnerable to tampering
>> > TODO 2.5 : Need verification
>> > 2.6 Your app must prevent services with fast restarts from restarting
>> more
>> > than twice every 24 hours
>> > TODO 2.6 : Need verification
>> > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it is
>> > fine,we are using nsis-2.46 for building the MSI package but Windows
>> itself
>> > does the installation of the MSI packages
>> >
>> > 3. Apps support Windows security features
>> > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA)
>> to
>> > ensure secure access to strong-named assemblies
>> > TODO 3.1 : Need verification,
>> > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
>> > exceptions handling
>> > TODO 3.2 : Need verification, we use it
>> > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
>> > execution
>> > TODO 3.3 : Need verification, we use it
>> > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
>> space
>> > layout randomization (ASLR)
>> > TODO 3.4 : Need verification, we use it
>> > 3.5 Your app must not Read/Write Shared PE Sections
>> > TODO 3.5 : Need verification,
>> > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
>> > DYNAMICBASE, but the libraries we ship have to be modified to use these
>> > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
>> about
>> > the RW PW Sections, but I guess we do not have any.
>> >
>> > 4. Apps must adhere to system restart manager messages
>> > 4.1 Your app must handle critical shutdowns appropriately
>> > TODO 4.1 : Need verification,
>> > 4.2 A GUI app must return TRUE immediately in preparation for a restart
>> > TODO 4.2 : Need verification, we do
>> > 4.3 Your app must return 0 within 30 seconds and shut down
>> > TODO 4.3 : Need verification,we do
>> > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
>> > implemented,these new messages are currently ignored
>> >
>> > 5. Apps must support a clean, reversible installation
>> > 5.1 Your app must properly implement a clean, reversible installation
>> > TODO 5.1 : Need verification,
>> > 5.2 Your app must never force the user to restart the computer
>> immediately
>> > TODO 5.2 : Need verification,we never
>> > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
>> > TODO 5.3 : Need verification,we never
>> > 5.4 Your app must never block silent install/uninstall
>> > TODO 5.4 : Need verification,
>> > 5.5 Your app installer must create the correct registry entries to allow
>> > successful detection and uninstalls
>> > TODO 5.5 : Need verification,
>> > Herbert1: Win8 Cert Section 5: making sure that the registry entries and
>> > files are restored is difficult
>> >
>> > 6. Apps must digitally sign files and drivers
>> > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
>> must be
>> > signed with an Authenticode certificate
>> > TODO 6.1:Need to do digitally sign
>> > Herbert1: Win8 Cert Section 6: Having authentication credentials would
>> be
>> > good even if don't pursue Win8 shop certification
>> >
>> > 7. Apps don’t block installation or app launch based on an operating
>> system
>> > version check
>> > 7.1 Your app must not perform version checks for equality
>> > TODO 7.1 : Need verification,
>> > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
>> > almost certain that it is not a check for equality. Needs to be checked
>> > though.
>> >
>> > 8. Apps don’t load services or drivers in safe mode
>> > TODO 8 : Need verification, we don't
>> >
>> > 9. Apps must follow User Account Control guidelines
>> > 9.1 Your app must have a manifest that defines execution levels and
>> tells
>> > the operating system what privileges the app requires in order to run
>> > TODO 9.1 : Need verification,
>> > 9.2 Your app’s main process must be run as a standard user (asInvoker).
>> > TODO 9.2 : Need verification,
>> >
>> > 10. Apps must install to the correct folders by default
>> > 10.1 Your app must be installed in the Program Files folder by default
>> > TODO 10.1: Need verification,we do
>> > 10.2 Your app must avoid starting automatically on startup
>> > TODO 10.2: Need verification, the quick start is a issue
>> > 10.3 Your app data, which must be shared among users on the computer,
>> > should be stored within ProgramData
>> > TODO 10.3: Need verification,we do
>> > 10.4 Your app’s data that is exclusive to a specific user and that is
>> not
>> > to be shared with other users of the computer, must be stored in
>> > Users\<username>\AppData
>> > TODO 10.4: Need verification,we do
>> > 10.5 Your app must never write directly to the "Windows" directory and
>> or
>> > subdirectories
>> > TODO 10.5: Need verification,we never
>> > 10.6 Your app must write user data at first run and not during the
>> > installation in “per-machine” installations
>> > TODO 10.6: Need verification,we do
>> >
>> > 11. Apps must support multi-user sessions
>> > 11.1 Your app must ensure that when running in multiple sessions either
>> > locally or remotely, the normal functionality of the app is not
>> adversely
>> > affected
>> > TODO 11.1: Need verification,
>> > 11.2 Your app’s settings and data files must not persist across users
>> > TODO 11.2: Need verification,
>> > 11.3 A user’s privacy and preferences must be isolated to the user’s
>> > session
>> > TODO 11.3: Need verification,
>> > 11.4 Your app’s instances must be isolated from each other
>> > TODO 11.4: Need verification,
>> > 11.5 Apps that are installed for multiple users must store data in the
>> > correct folder(s) and registry locations
>> > Refer to the UAC requirements.
>> > TODO 11.5: Need verification,
>> > 11.6 User apps must be able to run in multiple user sessions (Fast User
>> > Switching) for both local and remote access
>> > TODO 11.6: Need verification,
>> > 11.7 Your app must check other terminal service (TS) sessions for
>> existing
>> > instances of the app
>> > TODO 11.7: Need verification,
>> > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
>> > session management
>> >
>> > 12. Apps must support x64 versions of Windows
>> > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
>> > Windows-based apps must run seamlessly on 64-bit systems to maintain
>> > compatibility with 64-bit versions of Windows
>> > TODO 12.1: Need verification, AOO can be run on 64-bit system
>> > 12.2 Your app and its installers must not contain any 16-bit code or
>> rely
>> > on any 16-bit component
>> > TODO 12.2: Need verification, AOO not contain 16-bit code
>> > 12.3 Your app’s setup must detect and install the proper drivers and
>> > components for the 64-bit architecture
>> > TODO 12.3: Need verification,
>> >
>> >
>> >
>> > 2012/6/7 Rob Weir <ro...@apache.org>
>> >
>> > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
>> > > server. After a few minutes to figure out the new platform UI I
>> > > installed AOO 3.4. Install went without problems and it appears to
>> > > run fine.
>> > >
>> > > Of course, there is more that we could do to be a well-integrated
>> > > Windows desktop application. The best practices are outlined here:
>> > > http://msdn.microsoft.com/library/windows/desktop/hh749939
>> > >
>> > > A lot of this is goodness that would help users on Windows 7 and
>> > > earlier versions as well. For example, the code signing reduces the
>> > > risk of tampering or corrupt files. It also reduces false complaints
>> > > by some anti-virus products. The recommended compiler options help
>> > > reduce the explotability of security vulnerabilities, especially of
>> > > the kind products run into reading binary file formats. More info on
>> > > these options are here:
>> > >
>> > >
>> > >
>> >
>> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
>> > >
>> > > Did OpenOffice.org ever try for logo certification from Microsoft
>> > > before? If so, what was the experience?
>> > >
>> > > I think it might be worth trying for this with AOO, It would takes
>> > > some work, but in the end we would have better platform integration,
>> > > and a better user and admin experience.
>> > >
>> > > -Rob
>> > >
>> >
>>
>
>
Re: Windows 8 Compatibility?
Posted by Liu Da Li <wa...@gmail.com>.
When we install Apache openoffice there is a dialog will let you choose
install this application for "all users" or "only for me". If we choose
"for all users" I think these register string will be fine. If we choose
"only for me", should we still write the register string to HKLM, is it a
better way that write the register string to the current user ?
2012/7/5 Liu Da Li <wa...@gmail.com>
> From the windows certification toolkit test result, we find that there is
> a section named"Single user registry check"
> It said:
>
> Warning: The single user registry test detected the following errors:
> Registry key [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}] was modified during installation.
> Registry key [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}] AuthorizedCDFPrefix=String: was modified during installation.
>
> Registry key [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}] VersionMinor=DWord:4 was modified during installation.
> Registry key [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}] WindowsInstaller=DWord:1 was modified during installation.
> Impact if not fixed: The application is available to all users of the machine.
> How to fix: In a Per user installation, should not create or modify machine wide registry entries (HKLM).
>
>
>
>
>
> 2012/6/28 Rob Weir <ro...@apache.org>
>
>> On Thu, Jun 28, 2012 at 4:02 AM, Liu Da Li <wa...@gmail.com> wrote:
>> > For issue 2.
>> >>> - Issue 2. Test for "Section 4 Apps must adhere to system restart
>> >> > manager messages" is failed. Bugzilla ID 119947 link:
>> >> > <https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>> > It seems that we handle these system restart manager messages in a right
>> > way.
>> > Anyone can have a double check on this?
>>
>> This would be good to test. A good test case would be to have a new
>> document, or a document with unsaved changes in it. If we get the
>> system restart message, what do we do? Windows guidelines are that we
>> shut down within 30 seconds. So we can't popup a "Do you want to
>> save?" dialog indefinitely.
>>
>> The scenario Microsoft is thinking of is something like this: A user
>> leaves their machine on at work, and then goes on vacation. A big
>> security problem is found in Windows and a virus is spreading all over
>> the world. Microsoft has a fix that they push out to all machines via
>> their update mechanism. But they cannot apply it on this machine
>> because they need to force a reboot. But applications are refusing to
>> shut down cleanly. That's the scenario we should consider.
>>
>> I wonder if this should use the existing document restore mechanism
>> that OpenOffice has to recover from a crash?
>>
>> -Rob
>>
>>
>>
>> > Here is the codes in main\vcl\win\source\window\salframe.cxx.
>> >
>> > ......
>> > LRESULT CALLBACK SalFrameWndProc( HWND hWnd, UINT nMsg, WPARAM wParam,
>> > LPARAM lParam, int& rDef )
>> > {
>> > ......
>> > case WM_QUERYENDSESSION:
>> > if( !bInQueryEnd )
>> > {
>> > // handle queryendsession only once
>> > bInQueryEnd = TRUE;
>> > nRet = !ImplHandleShutDownMsg( hWnd );
>> > rDef = FALSE;
>> >
>> > // Issue #16314#: ImplHandleShutDownMsg
>> causes a PostMessage in
>> > case of allowing shutdown.
>> > // This posted message was never
>> processed and cause Windows XP to
>> > hang after log off
>> > // if there are multiple sessions and
>> the current session wasn't
>> > the first one started.
>> > // So if shutdown is allowed we assume
>> that a post message was
>> > done and retrieve all
>> > // messages in the message queue and
>> dispatch them before we
>> > return control to the system.
>> >
>> > if ( nRet )
>> > {
>> > MSG msg;
>> >
>> > while( PeekMessage( &msg, NULL,
>> 0, 0, PM_REMOVE ) )
>> > {
>> > DispatchMessage( &msg );
>> > }
>> > }
>> > }
>> > else
>> > {
>> > ImplSalYieldMutexAcquireWithWait();
>> > ImplSalYieldMutexRelease();
>> > rDef = TRUE;
>> > }
>> > break;
>> >
>> > case WM_ENDSESSION:
>> > if( !wParam )
>> > bInQueryEnd = FALSE; // no shutdown:
>> allow query again
>> > nRet = FALSE;
>> > rDef = FALSE;
>> > break;
>> > ......
>> >
>> >
>> >
>> >
>> > 2012/6/15 Huaidong Qiu <qi...@gmail.com>
>> >
>> >> About the fonts AOO installed into the system font directory, I did
>> some
>> >> verification on Windwos XP.
>> >>
>> >> 1. AOO archive package packs those font inside the package, you can
>> find
>> >> them here Basis\share\fonts\truetype.
>> >>
>> >> 2. Install AOO, then remove one of the fonts AOO
>> >> installed, Arimo-Bold.ttf, Arimo-BoldItalic.ttf, Arimo-Italic.ttf,
>> >> Arimo-Regular.ttf,
>> >> from the system font directory. Open installed AOO, the font name
>> >> disappears from the font list of AOO.
>> >>
>> >> 3.Copy directory Basis\share\fonts\truetype from archive package to
>> the
>> >> install directory. Open installed AOO, the font name come back.
>> >>
>> >> So I think we can pack the needed fonts into the installer package
>> >> as archive package did. Then we can safely remove those fonts from the
>> >> install directory without affect other applications.
>> >>
>> >> Any ideas?
>> >>
>> >>
>> >> On Thu, Jun 14, 2012 at 4:06 PM, Lin Yuan <yu...@gmail.com>
>> wrote:
>> >>
>> >> > About issue5 that support multiple user sessions, as tested by Yan
>> Ji
>> >> on a
>> >> > Windows 2008 server. When allow one user to remote log in with
>> multiple
>> >> > sessions, AOO 3.4 is not stable and will crash after some operations.
>> >> >
>> >> > To support multiple sessions for one user, I thinkonly rearchitect
>> >> single
>> >> > IPC to TS session managment is not enough. If allow multiple AOO
>> >> instances
>> >> > can be run isolated for one user, the data in user directory must be
>> >> > synchronized correctly for those AOO instances as they all share the
>> same
>> >> > user directory. The data may inlucde extensions, .xcu and other
>> >> > configuration files. So I think the simplest way to be able to
>> >> cetifiacted
>> >> > with Windows 8 in this section is do below thing mentioned in
>> >> Certification
>> >> > requirements for Windows 8
>> >> >
>> >> > "If an app does not support multiple user sessions or remote access,
>> it
>> >> > must clearly state this when launched from this kind of session"
>> >> >
>> >> > That is, when AOO launched, check if there is another AOO instance
>> in a
>> >> > different TS session but for the same user. If does, popup a warning
>> >> dialog
>> >> > and exit.
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > 2012/6/12 Liu Da Li <wa...@gmail.com>
>> >> >
>> >> > > I have create five items on Bugzilla to track these issue.
>> >> > >
>> >> > > - Issue 1. Test for "Section 3 Apps support Windows security
>> >> features"
>> >> > > is failed.Bugzilla ID 119946 link:
>> >> > > [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>> >> > >
>> >> > >
>> >> > > - Issue 2. Test for "Section 4 Apps must adhere to system restart
>> >> > > manager messages" is failed. Bugzilla ID 119947 link:
>> >> > > [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>> >> > >
>> >> > >
>> >> > > - Issue 3. Test for "Section 5 Apps must support a clean,
>> reversible
>> >> > > installation" is failed. Bugzilla ID 119948 link:
>> >> > > [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>> >> > >
>> >> > >
>> >> > > - Issue 4. Test for "Section 6 Apps must digitally sign files and
>> >> > > drivers" is failed.Bugzilla ID 119949 link:
>> >> > > [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>> >> > >
>> >> > >
>> >> > > - Issue 5. Test for "Section 11 Apps must support multi-user
>> >> sessions"
>> >> > > is not tested by Windows App Certification Kit.Bugzilla ID 119950
>> >> link:
>> >> > > [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>> >> > >
>> >> > > Anyone please help to check them, confirm them and fix them.
>> >> > >
>> >> > > 2012/6/12 XiuLi Xu <su...@gmail.com>
>> >> > >
>> >> > > > Hi All,
>> >> > > >
>> >> > > > I upload the detailed test result and Windows 8 related links in
>> the
>> >> > wiki
>> >> > > > document, Windows App Certification Kit Test Results for Apache
>> >> > > OpenOffice
>> >> > > > 3.4<
>> >> > > >
>> >> > >
>> >> >
>> >>
>> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
>> >> > > > >
>> >> > > >
>> >> > > >
>> >> > > > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com>
>> >> wrote:
>> >> > > >
>> >> > > > > There are so many items in the Windows 8 certification list, I
>> try
>> >> to
>> >> > > go
>> >> > > > > through it and find that there is maybe about 43 TODO items
>> for us
>> >> to
>> >> > > do
>> >> > > > > the certification. Most of the TODO items are just a
>> verification
>> >> > > jobs,
>> >> > > > > but some code change jobs maybe are need to do for the sections
>> >> > > 4.1,5.1,
>> >> > > > > 9.1, 10.2,11.7.
>> >> > > > > I have try to verify some items, the result be marked at green.
>> >> > > > > Herbert1 also go through the list, I put his result at the end
>> of
>> >> > each
>> >> > > > > section.
>> >> > > > >
>> >> > > > > Items which maybe need to change some codes
>> >> > > > > ------------------------------------------------
>> >> > > > > 4.1 Your app must handle critical shutdowns appropriately
>> >> > > > > In a critical shutdown, apps that return FALSE to
>> >> WM_QUERYENDSESSION
>> >> > > will
>> >> > > > > be sent WM_ENDSESSION and closed, while those that time out in
>> >> > response
>> >> > > > to
>> >> > > > > WM_QUERYENDSESSION will be terminated. .
>> >> > > > > 5.1 Your app must properly implement a clean, reversible
>> >> installation
>> >> > > > > If the installation fails, the app should be able to roll it
>> back
>> >> and
>> >> > > > > restore the machine to its previous state.
>> >> > > > > 9.1 Your app must have a manifest that defines execution
>> levels and
>> >> > > tells
>> >> > > > > the operating system what privileges the app requires in order
>> to
>> >> run
>> >> > > > > The app manifest marking only applies to EXEs, not DLLs. This
>> is
>> >> > > because
>> >> > > > > UAC does not inspect DLLs during process creation. It is also
>> worth
>> >> > > > noting
>> >> > > > > that UAC rules do not apply to Windows Services. The manifest
>> can
>> >> be
>> >> > > > either
>> >> > > > > embedded or external.
>> >> > > > > To create a manifest, create a file with the name
>> >> > > <app_name>.exe.manifest
>> >> > > > > and store it in the same directory as the EXE. Note that any
>> >> external
>> >> > > > > manifest is ignored if the app has an internal manifest. For
>> >> example:
>> >> > > > > <requestedExecutionLevel level=""asInvoker | highestAvailable
>> |
>> >> > > > > requireAdministrator"" uiAccess=""true|false""/>
>> >> > > > > 10.2 Your app must avoid starting automatically on startup
>> >> > > > > For example, your app should not set any of the following;
>> >> > > > > Registry run keys HKLM and, or HKCU under
>> >> > > > > Software\Microsoft\Windows\CurrentVersion
>> >> > > > > Registry run keys HKLM, and or HKCU under
>> >> > > > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
>> >> > > > > Start Menu AllPrograms > STARTUP
>> >> > > > > 11.7 Your app must check other terminal service (TS) sessions
>> for
>> >> > > > existing
>> >> > > > > instances of the app
>> >> > > > > Note: If an app does not support multiple user sessions or
>> remote
>> >> > > access,
>> >> > > > > it must clearly state this when launched from this kind of
>> session.
>> >> > > > >
>> >> > > > >
>> >> > > >
>> >> > >
>> >> >
>> >>
>> ------------------------------------------------------------------------------------------
>> >> > > > > Full TODO items.
>> >> > > > >
>> >> > > > > 1. Apps are compatible and resilient
>> >> > > > > 1.1 Your app must not take a dependency on Windows
>> compatibility
>> >> > modes,
>> >> > > > > AppHelp message, and or any other compatibility fixes
>> >> > > > > TODO 1.1 : Need verification , don't depend.
>> >> > > > > 1.2 Your app must not take a dependency on the VB6 runtime
>> >> > > > > TODO 1.2 : Need verification , don't depend.
>> >> > > > > 1.3 Your app must not load arbitrary DLLs to intercept Win32
>> API
>> >> > calls
>> >> > > > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
>> >> > > > > AppInit_dlls.
>> >> > > > > TODO 1.3 : Need verification , don't load.
>> >> > > > > Herbert1: Win8 Cert Section 1 : ok
>> >> > > > >
>> >> > > > > 2. Apps must adhere to Windows Security Best Practices
>> >> > > > > 2.1 Your app must use strong and appropriate ACLs to secure
>> >> > executable
>> >> > > > > files
>> >> > > > > TODO 2.1 : Need verification
>> >> > > > > 2.2 Your app must use strong and appropriate ACLs to secure
>> >> > directories
>> >> > > > > TODO 2.2 : Need verification
>> >> > > > > 2.3 Your app must use strong and appropriate ACLs to secure
>> >> registry
>> >> > > keys
>> >> > > > > TODO 2.3 : Need verification
>> >> > > > > 2.4 Your app must use strong and appropriate ACLs to secure
>> >> > directories
>> >> > > > > that contain objects
>> >> > > > > TODO 2.4 : Need verification
>> >> > > > > 2.5 Your app must reduce non-administrator access to services
>> that
>> >> > are
>> >> > > > > vulnerable to tampering
>> >> > > > > TODO 2.5 : Need verification
>> >> > > > > 2.6 Your app must prevent services with fast restarts from
>> >> restarting
>> >> > > > more
>> >> > > > > than twice every 24 hours
>> >> > > > > TODO 2.6 : Need verification
>> >> > > > > Herbert1: Win8 Cert Section 2 : if the MSI based installer
>> does it
>> >> it
>> >> > > is
>> >> > > > > fine,we are using nsis-2.46 for building the MSI package but
>> >> Windows
>> >> > > > itself
>> >> > > > > does the installation of the MSI packages
>> >> > > > >
>> >> > > > > 3. Apps support Windows security features
>> >> > > > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
>> >> > (APTCA)
>> >> > > > to
>> >> > > > > ensure secure access to strong-named assemblies
>> >> > > > > TODO 3.1 : Need verification,
>> >> > > > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure
>> >> safe
>> >> > > > > exceptions handling
>> >> > > > > TODO 3.2 : Need verification, we use it
>> >> > > > > 3.3 Your app must be compiled using the /NXCOMPAT flag to
>> prevent
>> >> > data
>> >> > > > > execution
>> >> > > > > TODO 3.3 : Need verification, we use it
>> >> > > > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for
>> >> address
>> >> > > > space
>> >> > > > > layout randomization (ASLR)
>> >> > > > > TODO 3.4 : Need verification, we use it
>> >> > > > > 3.5 Your app must not Read/Write Shared PE Sections
>> >> > > > > TODO 3.5 : Need verification,
>> >> > > > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH,
>> >> > NXCOMPAT,
>> >> > > > > DYNAMICBASE, but the libraries we ship have to be modified to
>> use
>> >> > these
>> >> > > > > flags too,I'm almost certain that we don't use APTCA,I'm not so
>> >> sure
>> >> > > > about
>> >> > > > > the RW PW Sections, but I guess we do not have any.
>> >> > > > >
>> >> > > > > 4. Apps must adhere to system restart manager messages
>> >> > > > > 4.1 Your app must handle critical shutdowns appropriately
>> >> > > > > TODO 4.1 : Need verification,
>> >> > > > > 4.2 A GUI app must return TRUE immediately in preparation for a
>> >> > restart
>> >> > > > > TODO 4.2 : Need verification, we do
>> >> > > > > 4.3 Your app must return 0 within 30 seconds and shut down
>> >> > > > > TODO 4.3 : Need verification,we do
>> >> > > > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
>> >> > > > > implemented,these new messages are currently ignored
>> >> > > > >
>> >> > > > > 5. Apps must support a clean, reversible installation
>> >> > > > > 5.1 Your app must properly implement a clean, reversible
>> >> installation
>> >> > > > > TODO 5.1 : Need verification,
>> >> > > > > 5.2 Your app must never force the user to restart the computer
>> >> > > > immediately
>> >> > > > > TODO 5.2 : Need verification,we never
>> >> > > > > 5.3 Your app must never be dependent on 8.3 short file names
>> (SFN)
>> >> > > > > TODO 5.3 : Need verification,we never
>> >> > > > > 5.4 Your app must never block silent install/uninstall
>> >> > > > > TODO 5.4 : Need verification,
>> >> > > > > 5.5 Your app installer must create the correct registry
>> entries to
>> >> > > allow
>> >> > > > > successful detection and uninstalls
>> >> > > > > TODO 5.5 : Need verification,
>> >> > > > > Herbert1: Win8 Cert Section 5: making sure that the registry
>> >> entries
>> >> > > and
>> >> > > > > files are restored is difficult
>> >> > > > >
>> >> > > > > 6. Apps must digitally sign files and drivers
>> >> > > > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv,
>> .scr)
>> >> > > must
>> >> > > > be
>> >> > > > > signed with an Authenticode certificate
>> >> > > > > TODO 6.1:Need to do digitally sign
>> >> > > > > Herbert1: Win8 Cert Section 6: Having authentication
>> credentials
>> >> > would
>> >> > > be
>> >> > > > > good even if don't pursue Win8 shop certification
>> >> > > > >
>> >> > > > > 7. Apps don’t block installation or app launch based on an
>> >> operating
>> >> > > > system
>> >> > > > > version check
>> >> > > > > 7.1 Your app must not perform version checks for equality
>> >> > > > > TODO 7.1 : Need verification,
>> >> > > > > Herbert1: Win8 Cert Section 7: We are doing win-version
>> checks, but
>> >> > I'm
>> >> > > > > almost certain that it is not a check for equality. Needs to be
>> >> > checked
>> >> > > > > though.
>> >> > > > >
>> >> > > > > 8. Apps don’t load services or drivers in safe mode
>> >> > > > > TODO 8 : Need verification, we don't
>> >> > > > >
>> >> > > > > 9. Apps must follow User Account Control guidelines
>> >> > > > > 9.1 Your app must have a manifest that defines execution
>> levels and
>> >> > > tells
>> >> > > > > the operating system what privileges the app requires in order
>> to
>> >> run
>> >> > > > > TODO 9.1 : Need verification,
>> >> > > > > 9.2 Your app’s main process must be run as a standard user
>> >> > (asInvoker).
>> >> > > > > TODO 9.2 : Need verification,
>> >> > > > >
>> >> > > > > 10. Apps must install to the correct folders by default
>> >> > > > > 10.1 Your app must be installed in the Program Files folder by
>> >> > default
>> >> > > > > TODO 10.1: Need verification,we do
>> >> > > > > 10.2 Your app must avoid starting automatically on startup
>> >> > > > > TODO 10.2: Need verification, the quick start is a issue
>> >> > > > > 10.3 Your app data, which must be shared among users on the
>> >> computer,
>> >> > > > > should be stored within ProgramData
>> >> > > > > TODO 10.3: Need verification,we do
>> >> > > > > 10.4 Your app’s data that is exclusive to a specific user and
>> that
>> >> is
>> >> > > not
>> >> > > > > to be shared with other users of the computer, must be stored
>> in
>> >> > > > > Users\<username>\AppData
>> >> > > > > TODO 10.4: Need verification,we do
>> >> > > > > 10.5 Your app must never write directly to the "Windows"
>> directory
>> >> > and
>> >> > > or
>> >> > > > > subdirectories
>> >> > > > > TODO 10.5: Need verification,we never
>> >> > > > > 10.6 Your app must write user data at first run and not during
>> the
>> >> > > > > installation in “per-machine” installations
>> >> > > > > TODO 10.6: Need verification,we do
>> >> > > > >
>> >> > > > > 11. Apps must support multi-user sessions
>> >> > > > > 11.1 Your app must ensure that when running in multiple
>> sessions
>> >> > either
>> >> > > > > locally or remotely, the normal functionality of the app is not
>> >> > > adversely
>> >> > > > > affected
>> >> > > > > TODO 11.1: Need verification,
>> >> > > > > 11.2 Your app’s settings and data files must not persist across
>> >> users
>> >> > > > > TODO 11.2: Need verification,
>> >> > > > > 11.3 A user’s privacy and preferences must be isolated to the
>> >> user’s
>> >> > > > > session
>> >> > > > > TODO 11.3: Need verification,
>> >> > > > > 11.4 Your app’s instances must be isolated from each other
>> >> > > > > TODO 11.4: Need verification,
>> >> > > > > 11.5 Apps that are installed for multiple users must store
>> data in
>> >> > the
>> >> > > > > correct folder(s) and registry locations
>> >> > > > > Refer to the UAC requirements.
>> >> > > > > TODO 11.5: Need verification,
>> >> > > > > 11.6 User apps must be able to run in multiple user sessions
>> (Fast
>> >> > User
>> >> > > > > Switching) for both local and remote access
>> >> > > > > TODO 11.6: Need verification,
>> >> > > > > 11.7 Your app must check other terminal service (TS) sessions
>> for
>> >> > > > existing
>> >> > > > > instances of the app
>> >> > > > > TODO 11.7: Need verification,
>> >> > > > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our
>> IPC to
>> >> > TS
>> >> > > > > session management
>> >> > > > >
>> >> > > > > 12. Apps must support x64 versions of Windows
>> >> > > > > 12.1 Your app must natively support 64-bit or, at a minimum,
>> 32-bit
>> >> > > > > Windows-based apps must run seamlessly on 64-bit systems to
>> >> maintain
>> >> > > > > compatibility with 64-bit versions of Windows
>> >> > > > > TODO 12.1: Need verification, AOO can be run on 64-bit system
>> >> > > > > 12.2 Your app and its installers must not contain any 16-bit
>> code
>> >> or
>> >> > > rely
>> >> > > > > on any 16-bit component
>> >> > > > > TODO 12.2: Need verification, AOO not contain 16-bit code
>> >> > > > > 12.3 Your app’s setup must detect and install the proper
>> drivers
>> >> and
>> >> > > > > components for the 64-bit architecture
>> >> > > > > TODO 12.3: Need verification,
>> >> > > > >
>> >> > > > >
>> >> > > > >
>> >> > > > > 2012/6/7 Rob Weir <ro...@apache.org>
>> >> > > > >
>> >> > > > > > I installed the Windows 8 Tech Preview (32-bit) today on a
>> >> virtual
>> >> > > > > > server. After a few minutes to figure out the new platform
>> UI I
>> >> > > > > > installed AOO 3.4. Install went without problems and it
>> appears
>> >> to
>> >> > > > > > run fine.
>> >> > > > > >
>> >> > > > > > Of course, there is more that we could do to be a
>> well-integrated
>> >> > > > > > Windows desktop application. The best practices are outlined
>> >> here:
>> >> > > > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
>> >> > > > > >
>> >> > > > > > A lot of this is goodness that would help users on Windows 7
>> and
>> >> > > > > > earlier versions as well. For example, the code signing
>> reduces
>> >> > the
>> >> > > > > > risk of tampering or corrupt files. It also reduces false
>> >> > complaints
>> >> > > > > > by some anti-virus products. The recommended compiler
>> options
>> >> help
>> >> > > > > > reduce the explotability of security vulnerabilities,
>> especially
>> >> of
>> >> > > > > > the kind products run into reading binary file formats. More
>> >> info
>> >> > on
>> >> > > > > > these options are here:
>> >> > > > > >
>> >> > > > > >
>> >> > > > > >
>> >> > > > >
>> >> > > >
>> >> > >
>> >> >
>> >>
>> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
>> >> > > > > >
>> >> > > > > > Did OpenOffice.org ever try for logo certification from
>> Microsoft
>> >> > > > > > before? If so, what was the experience?
>> >> > > > > >
>> >> > > > > > I think it might be worth trying for this with AOO, It would
>> >> takes
>> >> > > > > > some work, but in the end we would have better platform
>> >> > integration,
>> >> > > > > > and a better user and admin experience.
>> >> > > > > >
>> >> > > > > > -Rob
>> >> > > > > >
>> >> > > > >
>> >> > > >
>> >> > >
>> >> >
>> >>
>>
>
>
Re: Windows 8 Compatibility?
Posted by Liu Da Li <wa...@gmail.com>.
>From the windows certification toolkit test result, we find that there is
a section named"Single user registry check"
It said:
Warning: The single user registry test detected the following errors:
Registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}]
was modified during installation.
Registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}]
AuthorizedCDFPrefix=String: was modified during installation.
Registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}]
VersionMinor=DWord:4 was modified during installation.
Registry key
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{51071D66-D034-4239-94E0-723FCA10B6FE}]
WindowsInstaller=DWord:1 was modified during installation.
Impact if not fixed: The application is available to all users of
the machine.
How to fix: In a Per user installation, should not create or
modify machine wide registry entries (HKLM).
2012/6/28 Rob Weir <ro...@apache.org>
> On Thu, Jun 28, 2012 at 4:02 AM, Liu Da Li <wa...@gmail.com> wrote:
> > For issue 2.
> >>> - Issue 2. Test for "Section 4 Apps must adhere to system restart
> >> > manager messages" is failed. Bugzilla ID 119947 link:
> >> > <https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> > It seems that we handle these system restart manager messages in a right
> > way.
> > Anyone can have a double check on this?
>
> This would be good to test. A good test case would be to have a new
> document, or a document with unsaved changes in it. If we get the
> system restart message, what do we do? Windows guidelines are that we
> shut down within 30 seconds. So we can't popup a "Do you want to
> save?" dialog indefinitely.
>
> The scenario Microsoft is thinking of is something like this: A user
> leaves their machine on at work, and then goes on vacation. A big
> security problem is found in Windows and a virus is spreading all over
> the world. Microsoft has a fix that they push out to all machines via
> their update mechanism. But they cannot apply it on this machine
> because they need to force a reboot. But applications are refusing to
> shut down cleanly. That's the scenario we should consider.
>
> I wonder if this should use the existing document restore mechanism
> that OpenOffice has to recover from a crash?
>
> -Rob
>
>
>
> > Here is the codes in main\vcl\win\source\window\salframe.cxx.
> >
> > ......
> > LRESULT CALLBACK SalFrameWndProc( HWND hWnd, UINT nMsg, WPARAM wParam,
> > LPARAM lParam, int& rDef )
> > {
> > ......
> > case WM_QUERYENDSESSION:
> > if( !bInQueryEnd )
> > {
> > // handle queryendsession only once
> > bInQueryEnd = TRUE;
> > nRet = !ImplHandleShutDownMsg( hWnd );
> > rDef = FALSE;
> >
> > // Issue #16314#: ImplHandleShutDownMsg
> causes a PostMessage in
> > case of allowing shutdown.
> > // This posted message was never
> processed and cause Windows XP to
> > hang after log off
> > // if there are multiple sessions and the
> current session wasn't
> > the first one started.
> > // So if shutdown is allowed we assume
> that a post message was
> > done and retrieve all
> > // messages in the message queue and
> dispatch them before we
> > return control to the system.
> >
> > if ( nRet )
> > {
> > MSG msg;
> >
> > while( PeekMessage( &msg, NULL,
> 0, 0, PM_REMOVE ) )
> > {
> > DispatchMessage( &msg );
> > }
> > }
> > }
> > else
> > {
> > ImplSalYieldMutexAcquireWithWait();
> > ImplSalYieldMutexRelease();
> > rDef = TRUE;
> > }
> > break;
> >
> > case WM_ENDSESSION:
> > if( !wParam )
> > bInQueryEnd = FALSE; // no shutdown:
> allow query again
> > nRet = FALSE;
> > rDef = FALSE;
> > break;
> > ......
> >
> >
> >
> >
> > 2012/6/15 Huaidong Qiu <qi...@gmail.com>
> >
> >> About the fonts AOO installed into the system font directory, I did some
> >> verification on Windwos XP.
> >>
> >> 1. AOO archive package packs those font inside the package, you can find
> >> them here Basis\share\fonts\truetype.
> >>
> >> 2. Install AOO, then remove one of the fonts AOO
> >> installed, Arimo-Bold.ttf, Arimo-BoldItalic.ttf, Arimo-Italic.ttf,
> >> Arimo-Regular.ttf,
> >> from the system font directory. Open installed AOO, the font name
> >> disappears from the font list of AOO.
> >>
> >> 3.Copy directory Basis\share\fonts\truetype from archive package to the
> >> install directory. Open installed AOO, the font name come back.
> >>
> >> So I think we can pack the needed fonts into the installer package
> >> as archive package did. Then we can safely remove those fonts from the
> >> install directory without affect other applications.
> >>
> >> Any ideas?
> >>
> >>
> >> On Thu, Jun 14, 2012 at 4:06 PM, Lin Yuan <yu...@gmail.com>
> wrote:
> >>
> >> > About issue5 that support multiple user sessions, as tested by Yan Ji
> >> on a
> >> > Windows 2008 server. When allow one user to remote log in with
> multiple
> >> > sessions, AOO 3.4 is not stable and will crash after some operations.
> >> >
> >> > To support multiple sessions for one user, I thinkonly rearchitect
> >> single
> >> > IPC to TS session managment is not enough. If allow multiple AOO
> >> instances
> >> > can be run isolated for one user, the data in user directory must be
> >> > synchronized correctly for those AOO instances as they all share the
> same
> >> > user directory. The data may inlucde extensions, .xcu and other
> >> > configuration files. So I think the simplest way to be able to
> >> cetifiacted
> >> > with Windows 8 in this section is do below thing mentioned in
> >> Certification
> >> > requirements for Windows 8
> >> >
> >> > "If an app does not support multiple user sessions or remote access,
> it
> >> > must clearly state this when launched from this kind of session"
> >> >
> >> > That is, when AOO launched, check if there is another AOO instance in
> a
> >> > different TS session but for the same user. If does, popup a warning
> >> dialog
> >> > and exit.
> >> >
> >> >
> >> >
> >> >
> >> > 2012/6/12 Liu Da Li <wa...@gmail.com>
> >> >
> >> > > I have create five items on Bugzilla to track these issue.
> >> > >
> >> > > - Issue 1. Test for "Section 3 Apps support Windows security
> >> features"
> >> > > is failed.Bugzilla ID 119946 link:
> >> > > [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
> >> > >
> >> > >
> >> > > - Issue 2. Test for "Section 4 Apps must adhere to system restart
> >> > > manager messages" is failed. Bugzilla ID 119947 link:
> >> > > [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> >> > >
> >> > >
> >> > > - Issue 3. Test for "Section 5 Apps must support a clean,
> reversible
> >> > > installation" is failed. Bugzilla ID 119948 link:
> >> > > [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
> >> > >
> >> > >
> >> > > - Issue 4. Test for "Section 6 Apps must digitally sign files and
> >> > > drivers" is failed.Bugzilla ID 119949 link:
> >> > > [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
> >> > >
> >> > >
> >> > > - Issue 5. Test for "Section 11 Apps must support multi-user
> >> sessions"
> >> > > is not tested by Windows App Certification Kit.Bugzilla ID 119950
> >> link:
> >> > > [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
> >> > >
> >> > > Anyone please help to check them, confirm them and fix them.
> >> > >
> >> > > 2012/6/12 XiuLi Xu <su...@gmail.com>
> >> > >
> >> > > > Hi All,
> >> > > >
> >> > > > I upload the detailed test result and Windows 8 related links in
> the
> >> > wiki
> >> > > > document, Windows App Certification Kit Test Results for Apache
> >> > > OpenOffice
> >> > > > 3.4<
> >> > > >
> >> > >
> >> >
> >>
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> >> > > > >
> >> > > >
> >> > > >
> >> > > > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com>
> >> wrote:
> >> > > >
> >> > > > > There are so many items in the Windows 8 certification list, I
> try
> >> to
> >> > > go
> >> > > > > through it and find that there is maybe about 43 TODO items for
> us
> >> to
> >> > > do
> >> > > > > the certification. Most of the TODO items are just a
> verification
> >> > > jobs,
> >> > > > > but some code change jobs maybe are need to do for the sections
> >> > > 4.1,5.1,
> >> > > > > 9.1, 10.2,11.7.
> >> > > > > I have try to verify some items, the result be marked at green.
> >> > > > > Herbert1 also go through the list, I put his result at the end
> of
> >> > each
> >> > > > > section.
> >> > > > >
> >> > > > > Items which maybe need to change some codes
> >> > > > > ------------------------------------------------
> >> > > > > 4.1 Your app must handle critical shutdowns appropriately
> >> > > > > In a critical shutdown, apps that return FALSE to
> >> WM_QUERYENDSESSION
> >> > > will
> >> > > > > be sent WM_ENDSESSION and closed, while those that time out in
> >> > response
> >> > > > to
> >> > > > > WM_QUERYENDSESSION will be terminated. .
> >> > > > > 5.1 Your app must properly implement a clean, reversible
> >> installation
> >> > > > > If the installation fails, the app should be able to roll it
> back
> >> and
> >> > > > > restore the machine to its previous state.
> >> > > > > 9.1 Your app must have a manifest that defines execution levels
> and
> >> > > tells
> >> > > > > the operating system what privileges the app requires in order
> to
> >> run
> >> > > > > The app manifest marking only applies to EXEs, not DLLs. This is
> >> > > because
> >> > > > > UAC does not inspect DLLs during process creation. It is also
> worth
> >> > > > noting
> >> > > > > that UAC rules do not apply to Windows Services. The manifest
> can
> >> be
> >> > > > either
> >> > > > > embedded or external.
> >> > > > > To create a manifest, create a file with the name
> >> > > <app_name>.exe.manifest
> >> > > > > and store it in the same directory as the EXE. Note that any
> >> external
> >> > > > > manifest is ignored if the app has an internal manifest. For
> >> example:
> >> > > > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> >> > > > > requireAdministrator"" uiAccess=""true|false""/>
> >> > > > > 10.2 Your app must avoid starting automatically on startup
> >> > > > > For example, your app should not set any of the following;
> >> > > > > Registry run keys HKLM and, or HKCU under
> >> > > > > Software\Microsoft\Windows\CurrentVersion
> >> > > > > Registry run keys HKLM, and or HKCU under
> >> > > > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> >> > > > > Start Menu AllPrograms > STARTUP
> >> > > > > 11.7 Your app must check other terminal service (TS) sessions
> for
> >> > > > existing
> >> > > > > instances of the app
> >> > > > > Note: If an app does not support multiple user sessions or
> remote
> >> > > access,
> >> > > > > it must clearly state this when launched from this kind of
> session.
> >> > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> ------------------------------------------------------------------------------------------
> >> > > > > Full TODO items.
> >> > > > >
> >> > > > > 1. Apps are compatible and resilient
> >> > > > > 1.1 Your app must not take a dependency on Windows compatibility
> >> > modes,
> >> > > > > AppHelp message, and or any other compatibility fixes
> >> > > > > TODO 1.1 : Need verification , don't depend.
> >> > > > > 1.2 Your app must not take a dependency on the VB6 runtime
> >> > > > > TODO 1.2 : Need verification , don't depend.
> >> > > > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API
> >> > calls
> >> > > > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> >> > > > > AppInit_dlls.
> >> > > > > TODO 1.3 : Need verification , don't load.
> >> > > > > Herbert1: Win8 Cert Section 1 : ok
> >> > > > >
> >> > > > > 2. Apps must adhere to Windows Security Best Practices
> >> > > > > 2.1 Your app must use strong and appropriate ACLs to secure
> >> > executable
> >> > > > > files
> >> > > > > TODO 2.1 : Need verification
> >> > > > > 2.2 Your app must use strong and appropriate ACLs to secure
> >> > directories
> >> > > > > TODO 2.2 : Need verification
> >> > > > > 2.3 Your app must use strong and appropriate ACLs to secure
> >> registry
> >> > > keys
> >> > > > > TODO 2.3 : Need verification
> >> > > > > 2.4 Your app must use strong and appropriate ACLs to secure
> >> > directories
> >> > > > > that contain objects
> >> > > > > TODO 2.4 : Need verification
> >> > > > > 2.5 Your app must reduce non-administrator access to services
> that
> >> > are
> >> > > > > vulnerable to tampering
> >> > > > > TODO 2.5 : Need verification
> >> > > > > 2.6 Your app must prevent services with fast restarts from
> >> restarting
> >> > > > more
> >> > > > > than twice every 24 hours
> >> > > > > TODO 2.6 : Need verification
> >> > > > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does
> it
> >> it
> >> > > is
> >> > > > > fine,we are using nsis-2.46 for building the MSI package but
> >> Windows
> >> > > > itself
> >> > > > > does the installation of the MSI packages
> >> > > > >
> >> > > > > 3. Apps support Windows security features
> >> > > > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
> >> > (APTCA)
> >> > > > to
> >> > > > > ensure secure access to strong-named assemblies
> >> > > > > TODO 3.1 : Need verification,
> >> > > > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure
> >> safe
> >> > > > > exceptions handling
> >> > > > > TODO 3.2 : Need verification, we use it
> >> > > > > 3.3 Your app must be compiled using the /NXCOMPAT flag to
> prevent
> >> > data
> >> > > > > execution
> >> > > > > TODO 3.3 : Need verification, we use it
> >> > > > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for
> >> address
> >> > > > space
> >> > > > > layout randomization (ASLR)
> >> > > > > TODO 3.4 : Need verification, we use it
> >> > > > > 3.5 Your app must not Read/Write Shared PE Sections
> >> > > > > TODO 3.5 : Need verification,
> >> > > > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH,
> >> > NXCOMPAT,
> >> > > > > DYNAMICBASE, but the libraries we ship have to be modified to
> use
> >> > these
> >> > > > > flags too,I'm almost certain that we don't use APTCA,I'm not so
> >> sure
> >> > > > about
> >> > > > > the RW PW Sections, but I guess we do not have any.
> >> > > > >
> >> > > > > 4. Apps must adhere to system restart manager messages
> >> > > > > 4.1 Your app must handle critical shutdowns appropriately
> >> > > > > TODO 4.1 : Need verification,
> >> > > > > 4.2 A GUI app must return TRUE immediately in preparation for a
> >> > restart
> >> > > > > TODO 4.2 : Need verification, we do
> >> > > > > 4.3 Your app must return 0 within 30 seconds and shut down
> >> > > > > TODO 4.3 : Need verification,we do
> >> > > > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> >> > > > > implemented,these new messages are currently ignored
> >> > > > >
> >> > > > > 5. Apps must support a clean, reversible installation
> >> > > > > 5.1 Your app must properly implement a clean, reversible
> >> installation
> >> > > > > TODO 5.1 : Need verification,
> >> > > > > 5.2 Your app must never force the user to restart the computer
> >> > > > immediately
> >> > > > > TODO 5.2 : Need verification,we never
> >> > > > > 5.3 Your app must never be dependent on 8.3 short file names
> (SFN)
> >> > > > > TODO 5.3 : Need verification,we never
> >> > > > > 5.4 Your app must never block silent install/uninstall
> >> > > > > TODO 5.4 : Need verification,
> >> > > > > 5.5 Your app installer must create the correct registry entries
> to
> >> > > allow
> >> > > > > successful detection and uninstalls
> >> > > > > TODO 5.5 : Need verification,
> >> > > > > Herbert1: Win8 Cert Section 5: making sure that the registry
> >> entries
> >> > > and
> >> > > > > files are restored is difficult
> >> > > > >
> >> > > > > 6. Apps must digitally sign files and drivers
> >> > > > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv,
> .scr)
> >> > > must
> >> > > > be
> >> > > > > signed with an Authenticode certificate
> >> > > > > TODO 6.1:Need to do digitally sign
> >> > > > > Herbert1: Win8 Cert Section 6: Having authentication credentials
> >> > would
> >> > > be
> >> > > > > good even if don't pursue Win8 shop certification
> >> > > > >
> >> > > > > 7. Apps don’t block installation or app launch based on an
> >> operating
> >> > > > system
> >> > > > > version check
> >> > > > > 7.1 Your app must not perform version checks for equality
> >> > > > > TODO 7.1 : Need verification,
> >> > > > > Herbert1: Win8 Cert Section 7: We are doing win-version checks,
> but
> >> > I'm
> >> > > > > almost certain that it is not a check for equality. Needs to be
> >> > checked
> >> > > > > though.
> >> > > > >
> >> > > > > 8. Apps don’t load services or drivers in safe mode
> >> > > > > TODO 8 : Need verification, we don't
> >> > > > >
> >> > > > > 9. Apps must follow User Account Control guidelines
> >> > > > > 9.1 Your app must have a manifest that defines execution levels
> and
> >> > > tells
> >> > > > > the operating system what privileges the app requires in order
> to
> >> run
> >> > > > > TODO 9.1 : Need verification,
> >> > > > > 9.2 Your app’s main process must be run as a standard user
> >> > (asInvoker).
> >> > > > > TODO 9.2 : Need verification,
> >> > > > >
> >> > > > > 10. Apps must install to the correct folders by default
> >> > > > > 10.1 Your app must be installed in the Program Files folder by
> >> > default
> >> > > > > TODO 10.1: Need verification,we do
> >> > > > > 10.2 Your app must avoid starting automatically on startup
> >> > > > > TODO 10.2: Need verification, the quick start is a issue
> >> > > > > 10.3 Your app data, which must be shared among users on the
> >> computer,
> >> > > > > should be stored within ProgramData
> >> > > > > TODO 10.3: Need verification,we do
> >> > > > > 10.4 Your app’s data that is exclusive to a specific user and
> that
> >> is
> >> > > not
> >> > > > > to be shared with other users of the computer, must be stored in
> >> > > > > Users\<username>\AppData
> >> > > > > TODO 10.4: Need verification,we do
> >> > > > > 10.5 Your app must never write directly to the "Windows"
> directory
> >> > and
> >> > > or
> >> > > > > subdirectories
> >> > > > > TODO 10.5: Need verification,we never
> >> > > > > 10.6 Your app must write user data at first run and not during
> the
> >> > > > > installation in “per-machine” installations
> >> > > > > TODO 10.6: Need verification,we do
> >> > > > >
> >> > > > > 11. Apps must support multi-user sessions
> >> > > > > 11.1 Your app must ensure that when running in multiple sessions
> >> > either
> >> > > > > locally or remotely, the normal functionality of the app is not
> >> > > adversely
> >> > > > > affected
> >> > > > > TODO 11.1: Need verification,
> >> > > > > 11.2 Your app’s settings and data files must not persist across
> >> users
> >> > > > > TODO 11.2: Need verification,
> >> > > > > 11.3 A user’s privacy and preferences must be isolated to the
> >> user’s
> >> > > > > session
> >> > > > > TODO 11.3: Need verification,
> >> > > > > 11.4 Your app’s instances must be isolated from each other
> >> > > > > TODO 11.4: Need verification,
> >> > > > > 11.5 Apps that are installed for multiple users must store data
> in
> >> > the
> >> > > > > correct folder(s) and registry locations
> >> > > > > Refer to the UAC requirements.
> >> > > > > TODO 11.5: Need verification,
> >> > > > > 11.6 User apps must be able to run in multiple user sessions
> (Fast
> >> > User
> >> > > > > Switching) for both local and remote access
> >> > > > > TODO 11.6: Need verification,
> >> > > > > 11.7 Your app must check other terminal service (TS) sessions
> for
> >> > > > existing
> >> > > > > instances of the app
> >> > > > > TODO 11.7: Need verification,
> >> > > > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our
> IPC to
> >> > TS
> >> > > > > session management
> >> > > > >
> >> > > > > 12. Apps must support x64 versions of Windows
> >> > > > > 12.1 Your app must natively support 64-bit or, at a minimum,
> 32-bit
> >> > > > > Windows-based apps must run seamlessly on 64-bit systems to
> >> maintain
> >> > > > > compatibility with 64-bit versions of Windows
> >> > > > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> >> > > > > 12.2 Your app and its installers must not contain any 16-bit
> code
> >> or
> >> > > rely
> >> > > > > on any 16-bit component
> >> > > > > TODO 12.2: Need verification, AOO not contain 16-bit code
> >> > > > > 12.3 Your app’s setup must detect and install the proper drivers
> >> and
> >> > > > > components for the 64-bit architecture
> >> > > > > TODO 12.3: Need verification,
> >> > > > >
> >> > > > >
> >> > > > >
> >> > > > > 2012/6/7 Rob Weir <ro...@apache.org>
> >> > > > >
> >> > > > > > I installed the Windows 8 Tech Preview (32-bit) today on a
> >> virtual
> >> > > > > > server. After a few minutes to figure out the new platform
> UI I
> >> > > > > > installed AOO 3.4. Install went without problems and it
> appears
> >> to
> >> > > > > > run fine.
> >> > > > > >
> >> > > > > > Of course, there is more that we could do to be a
> well-integrated
> >> > > > > > Windows desktop application. The best practices are outlined
> >> here:
> >> > > > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> >> > > > > >
> >> > > > > > A lot of this is goodness that would help users on Windows 7
> and
> >> > > > > > earlier versions as well. For example, the code signing
> reduces
> >> > the
> >> > > > > > risk of tampering or corrupt files. It also reduces false
> >> > complaints
> >> > > > > > by some anti-virus products. The recommended compiler options
> >> help
> >> > > > > > reduce the explotability of security vulnerabilities,
> especially
> >> of
> >> > > > > > the kind products run into reading binary file formats. More
> >> info
> >> > on
> >> > > > > > these options are here:
> >> > > > > >
> >> > > > > >
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> >> > > > > >
> >> > > > > > Did OpenOffice.org ever try for logo certification from
> Microsoft
> >> > > > > > before? If so, what was the experience?
> >> > > > > >
> >> > > > > > I think it might be worth trying for this with AOO, It would
> >> takes
> >> > > > > > some work, but in the end we would have better platform
> >> > integration,
> >> > > > > > and a better user and admin experience.
> >> > > > > >
> >> > > > > > -Rob
> >> > > > > >
> >> > > > >
> >> > > >
> >> > >
> >> >
> >>
>
Re: Windows 8 Compatibility?
Posted by Rob Weir <ro...@apache.org>.
On Thu, Jun 28, 2012 at 4:02 AM, Liu Da Li <wa...@gmail.com> wrote:
> For issue 2.
>>> - Issue 2. Test for "Section 4 Apps must adhere to system restart
>> > manager messages" is failed. Bugzilla ID 119947 link:
>> > <https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> It seems that we handle these system restart manager messages in a right
> way.
> Anyone can have a double check on this?
This would be good to test. A good test case would be to have a new
document, or a document with unsaved changes in it. If we get the
system restart message, what do we do? Windows guidelines are that we
shut down within 30 seconds. So we can't popup a "Do you want to
save?" dialog indefinitely.
The scenario Microsoft is thinking of is something like this: A user
leaves their machine on at work, and then goes on vacation. A big
security problem is found in Windows and a virus is spreading all over
the world. Microsoft has a fix that they push out to all machines via
their update mechanism. But they cannot apply it on this machine
because they need to force a reboot. But applications are refusing to
shut down cleanly. That's the scenario we should consider.
I wonder if this should use the existing document restore mechanism
that OpenOffice has to recover from a crash?
-Rob
> Here is the codes in main\vcl\win\source\window\salframe.cxx.
>
> ......
> LRESULT CALLBACK SalFrameWndProc( HWND hWnd, UINT nMsg, WPARAM wParam,
> LPARAM lParam, int& rDef )
> {
> ......
> case WM_QUERYENDSESSION:
> if( !bInQueryEnd )
> {
> // handle queryendsession only once
> bInQueryEnd = TRUE;
> nRet = !ImplHandleShutDownMsg( hWnd );
> rDef = FALSE;
>
> // Issue #16314#: ImplHandleShutDownMsg causes a PostMessage in
> case of allowing shutdown.
> // This posted message was never processed and cause Windows XP to
> hang after log off
> // if there are multiple sessions and the current session wasn't
> the first one started.
> // So if shutdown is allowed we assume that a post message was
> done and retrieve all
> // messages in the message queue and dispatch them before we
> return control to the system.
>
> if ( nRet )
> {
> MSG msg;
>
> while( PeekMessage( &msg, NULL, 0, 0, PM_REMOVE ) )
> {
> DispatchMessage( &msg );
> }
> }
> }
> else
> {
> ImplSalYieldMutexAcquireWithWait();
> ImplSalYieldMutexRelease();
> rDef = TRUE;
> }
> break;
>
> case WM_ENDSESSION:
> if( !wParam )
> bInQueryEnd = FALSE; // no shutdown: allow query again
> nRet = FALSE;
> rDef = FALSE;
> break;
> ......
>
>
>
>
> 2012/6/15 Huaidong Qiu <qi...@gmail.com>
>
>> About the fonts AOO installed into the system font directory, I did some
>> verification on Windwos XP.
>>
>> 1. AOO archive package packs those font inside the package, you can find
>> them here Basis\share\fonts\truetype.
>>
>> 2. Install AOO, then remove one of the fonts AOO
>> installed, Arimo-Bold.ttf, Arimo-BoldItalic.ttf, Arimo-Italic.ttf,
>> Arimo-Regular.ttf,
>> from the system font directory. Open installed AOO, the font name
>> disappears from the font list of AOO.
>>
>> 3.Copy directory Basis\share\fonts\truetype from archive package to the
>> install directory. Open installed AOO, the font name come back.
>>
>> So I think we can pack the needed fonts into the installer package
>> as archive package did. Then we can safely remove those fonts from the
>> install directory without affect other applications.
>>
>> Any ideas?
>>
>>
>> On Thu, Jun 14, 2012 at 4:06 PM, Lin Yuan <yu...@gmail.com> wrote:
>>
>> > About issue5 that support multiple user sessions, as tested by Yan Ji
>> on a
>> > Windows 2008 server. When allow one user to remote log in with multiple
>> > sessions, AOO 3.4 is not stable and will crash after some operations.
>> >
>> > To support multiple sessions for one user, I thinkonly rearchitect
>> single
>> > IPC to TS session managment is not enough. If allow multiple AOO
>> instances
>> > can be run isolated for one user, the data in user directory must be
>> > synchronized correctly for those AOO instances as they all share the same
>> > user directory. The data may inlucde extensions, .xcu and other
>> > configuration files. So I think the simplest way to be able to
>> cetifiacted
>> > with Windows 8 in this section is do below thing mentioned in
>> Certification
>> > requirements for Windows 8
>> >
>> > "If an app does not support multiple user sessions or remote access, it
>> > must clearly state this when launched from this kind of session"
>> >
>> > That is, when AOO launched, check if there is another AOO instance in a
>> > different TS session but for the same user. If does, popup a warning
>> dialog
>> > and exit.
>> >
>> >
>> >
>> >
>> > 2012/6/12 Liu Da Li <wa...@gmail.com>
>> >
>> > > I have create five items on Bugzilla to track these issue.
>> > >
>> > > - Issue 1. Test for "Section 3 Apps support Windows security
>> features"
>> > > is failed.Bugzilla ID 119946 link:
>> > > [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>> > >
>> > >
>> > > - Issue 2. Test for "Section 4 Apps must adhere to system restart
>> > > manager messages" is failed. Bugzilla ID 119947 link:
>> > > [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>> > >
>> > >
>> > > - Issue 3. Test for "Section 5 Apps must support a clean, reversible
>> > > installation" is failed. Bugzilla ID 119948 link:
>> > > [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>> > >
>> > >
>> > > - Issue 4. Test for "Section 6 Apps must digitally sign files and
>> > > drivers" is failed.Bugzilla ID 119949 link:
>> > > [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>> > >
>> > >
>> > > - Issue 5. Test for "Section 11 Apps must support multi-user
>> sessions"
>> > > is not tested by Windows App Certification Kit.Bugzilla ID 119950
>> link:
>> > > [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>> > >
>> > > Anyone please help to check them, confirm them and fix them.
>> > >
>> > > 2012/6/12 XiuLi Xu <su...@gmail.com>
>> > >
>> > > > Hi All,
>> > > >
>> > > > I upload the detailed test result and Windows 8 related links in the
>> > wiki
>> > > > document, Windows App Certification Kit Test Results for Apache
>> > > OpenOffice
>> > > > 3.4<
>> > > >
>> > >
>> >
>> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
>> > > > >
>> > > >
>> > > >
>> > > > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com>
>> wrote:
>> > > >
>> > > > > There are so many items in the Windows 8 certification list, I try
>> to
>> > > go
>> > > > > through it and find that there is maybe about 43 TODO items for us
>> to
>> > > do
>> > > > > the certification. Most of the TODO items are just a verification
>> > > jobs,
>> > > > > but some code change jobs maybe are need to do for the sections
>> > > 4.1,5.1,
>> > > > > 9.1, 10.2,11.7.
>> > > > > I have try to verify some items, the result be marked at green.
>> > > > > Herbert1 also go through the list, I put his result at the end of
>> > each
>> > > > > section.
>> > > > >
>> > > > > Items which maybe need to change some codes
>> > > > > ------------------------------------------------
>> > > > > 4.1 Your app must handle critical shutdowns appropriately
>> > > > > In a critical shutdown, apps that return FALSE to
>> WM_QUERYENDSESSION
>> > > will
>> > > > > be sent WM_ENDSESSION and closed, while those that time out in
>> > response
>> > > > to
>> > > > > WM_QUERYENDSESSION will be terminated. .
>> > > > > 5.1 Your app must properly implement a clean, reversible
>> installation
>> > > > > If the installation fails, the app should be able to roll it back
>> and
>> > > > > restore the machine to its previous state.
>> > > > > 9.1 Your app must have a manifest that defines execution levels and
>> > > tells
>> > > > > the operating system what privileges the app requires in order to
>> run
>> > > > > The app manifest marking only applies to EXEs, not DLLs. This is
>> > > because
>> > > > > UAC does not inspect DLLs during process creation. It is also worth
>> > > > noting
>> > > > > that UAC rules do not apply to Windows Services. The manifest can
>> be
>> > > > either
>> > > > > embedded or external.
>> > > > > To create a manifest, create a file with the name
>> > > <app_name>.exe.manifest
>> > > > > and store it in the same directory as the EXE. Note that any
>> external
>> > > > > manifest is ignored if the app has an internal manifest. For
>> example:
>> > > > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
>> > > > > requireAdministrator"" uiAccess=""true|false""/>
>> > > > > 10.2 Your app must avoid starting automatically on startup
>> > > > > For example, your app should not set any of the following;
>> > > > > Registry run keys HKLM and, or HKCU under
>> > > > > Software\Microsoft\Windows\CurrentVersion
>> > > > > Registry run keys HKLM, and or HKCU under
>> > > > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
>> > > > > Start Menu AllPrograms > STARTUP
>> > > > > 11.7 Your app must check other terminal service (TS) sessions for
>> > > > existing
>> > > > > instances of the app
>> > > > > Note: If an app does not support multiple user sessions or remote
>> > > access,
>> > > > > it must clearly state this when launched from this kind of session.
>> > > > >
>> > > > >
>> > > >
>> > >
>> >
>> ------------------------------------------------------------------------------------------
>> > > > > Full TODO items.
>> > > > >
>> > > > > 1. Apps are compatible and resilient
>> > > > > 1.1 Your app must not take a dependency on Windows compatibility
>> > modes,
>> > > > > AppHelp message, and or any other compatibility fixes
>> > > > > TODO 1.1 : Need verification , don't depend.
>> > > > > 1.2 Your app must not take a dependency on the VB6 runtime
>> > > > > TODO 1.2 : Need verification , don't depend.
>> > > > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API
>> > calls
>> > > > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
>> > > > > AppInit_dlls.
>> > > > > TODO 1.3 : Need verification , don't load.
>> > > > > Herbert1: Win8 Cert Section 1 : ok
>> > > > >
>> > > > > 2. Apps must adhere to Windows Security Best Practices
>> > > > > 2.1 Your app must use strong and appropriate ACLs to secure
>> > executable
>> > > > > files
>> > > > > TODO 2.1 : Need verification
>> > > > > 2.2 Your app must use strong and appropriate ACLs to secure
>> > directories
>> > > > > TODO 2.2 : Need verification
>> > > > > 2.3 Your app must use strong and appropriate ACLs to secure
>> registry
>> > > keys
>> > > > > TODO 2.3 : Need verification
>> > > > > 2.4 Your app must use strong and appropriate ACLs to secure
>> > directories
>> > > > > that contain objects
>> > > > > TODO 2.4 : Need verification
>> > > > > 2.5 Your app must reduce non-administrator access to services that
>> > are
>> > > > > vulnerable to tampering
>> > > > > TODO 2.5 : Need verification
>> > > > > 2.6 Your app must prevent services with fast restarts from
>> restarting
>> > > > more
>> > > > > than twice every 24 hours
>> > > > > TODO 2.6 : Need verification
>> > > > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it
>> it
>> > > is
>> > > > > fine,we are using nsis-2.46 for building the MSI package but
>> Windows
>> > > > itself
>> > > > > does the installation of the MSI packages
>> > > > >
>> > > > > 3. Apps support Windows security features
>> > > > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
>> > (APTCA)
>> > > > to
>> > > > > ensure secure access to strong-named assemblies
>> > > > > TODO 3.1 : Need verification,
>> > > > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure
>> safe
>> > > > > exceptions handling
>> > > > > TODO 3.2 : Need verification, we use it
>> > > > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent
>> > data
>> > > > > execution
>> > > > > TODO 3.3 : Need verification, we use it
>> > > > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for
>> address
>> > > > space
>> > > > > layout randomization (ASLR)
>> > > > > TODO 3.4 : Need verification, we use it
>> > > > > 3.5 Your app must not Read/Write Shared PE Sections
>> > > > > TODO 3.5 : Need verification,
>> > > > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH,
>> > NXCOMPAT,
>> > > > > DYNAMICBASE, but the libraries we ship have to be modified to use
>> > these
>> > > > > flags too,I'm almost certain that we don't use APTCA,I'm not so
>> sure
>> > > > about
>> > > > > the RW PW Sections, but I guess we do not have any.
>> > > > >
>> > > > > 4. Apps must adhere to system restart manager messages
>> > > > > 4.1 Your app must handle critical shutdowns appropriately
>> > > > > TODO 4.1 : Need verification,
>> > > > > 4.2 A GUI app must return TRUE immediately in preparation for a
>> > restart
>> > > > > TODO 4.2 : Need verification, we do
>> > > > > 4.3 Your app must return 0 within 30 seconds and shut down
>> > > > > TODO 4.3 : Need verification,we do
>> > > > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
>> > > > > implemented,these new messages are currently ignored
>> > > > >
>> > > > > 5. Apps must support a clean, reversible installation
>> > > > > 5.1 Your app must properly implement a clean, reversible
>> installation
>> > > > > TODO 5.1 : Need verification,
>> > > > > 5.2 Your app must never force the user to restart the computer
>> > > > immediately
>> > > > > TODO 5.2 : Need verification,we never
>> > > > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
>> > > > > TODO 5.3 : Need verification,we never
>> > > > > 5.4 Your app must never block silent install/uninstall
>> > > > > TODO 5.4 : Need verification,
>> > > > > 5.5 Your app installer must create the correct registry entries to
>> > > allow
>> > > > > successful detection and uninstalls
>> > > > > TODO 5.5 : Need verification,
>> > > > > Herbert1: Win8 Cert Section 5: making sure that the registry
>> entries
>> > > and
>> > > > > files are restored is difficult
>> > > > >
>> > > > > 6. Apps must digitally sign files and drivers
>> > > > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
>> > > must
>> > > > be
>> > > > > signed with an Authenticode certificate
>> > > > > TODO 6.1:Need to do digitally sign
>> > > > > Herbert1: Win8 Cert Section 6: Having authentication credentials
>> > would
>> > > be
>> > > > > good even if don't pursue Win8 shop certification
>> > > > >
>> > > > > 7. Apps don’t block installation or app launch based on an
>> operating
>> > > > system
>> > > > > version check
>> > > > > 7.1 Your app must not perform version checks for equality
>> > > > > TODO 7.1 : Need verification,
>> > > > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but
>> > I'm
>> > > > > almost certain that it is not a check for equality. Needs to be
>> > checked
>> > > > > though.
>> > > > >
>> > > > > 8. Apps don’t load services or drivers in safe mode
>> > > > > TODO 8 : Need verification, we don't
>> > > > >
>> > > > > 9. Apps must follow User Account Control guidelines
>> > > > > 9.1 Your app must have a manifest that defines execution levels and
>> > > tells
>> > > > > the operating system what privileges the app requires in order to
>> run
>> > > > > TODO 9.1 : Need verification,
>> > > > > 9.2 Your app’s main process must be run as a standard user
>> > (asInvoker).
>> > > > > TODO 9.2 : Need verification,
>> > > > >
>> > > > > 10. Apps must install to the correct folders by default
>> > > > > 10.1 Your app must be installed in the Program Files folder by
>> > default
>> > > > > TODO 10.1: Need verification,we do
>> > > > > 10.2 Your app must avoid starting automatically on startup
>> > > > > TODO 10.2: Need verification, the quick start is a issue
>> > > > > 10.3 Your app data, which must be shared among users on the
>> computer,
>> > > > > should be stored within ProgramData
>> > > > > TODO 10.3: Need verification,we do
>> > > > > 10.4 Your app’s data that is exclusive to a specific user and that
>> is
>> > > not
>> > > > > to be shared with other users of the computer, must be stored in
>> > > > > Users\<username>\AppData
>> > > > > TODO 10.4: Need verification,we do
>> > > > > 10.5 Your app must never write directly to the "Windows" directory
>> > and
>> > > or
>> > > > > subdirectories
>> > > > > TODO 10.5: Need verification,we never
>> > > > > 10.6 Your app must write user data at first run and not during the
>> > > > > installation in “per-machine” installations
>> > > > > TODO 10.6: Need verification,we do
>> > > > >
>> > > > > 11. Apps must support multi-user sessions
>> > > > > 11.1 Your app must ensure that when running in multiple sessions
>> > either
>> > > > > locally or remotely, the normal functionality of the app is not
>> > > adversely
>> > > > > affected
>> > > > > TODO 11.1: Need verification,
>> > > > > 11.2 Your app’s settings and data files must not persist across
>> users
>> > > > > TODO 11.2: Need verification,
>> > > > > 11.3 A user’s privacy and preferences must be isolated to the
>> user’s
>> > > > > session
>> > > > > TODO 11.3: Need verification,
>> > > > > 11.4 Your app’s instances must be isolated from each other
>> > > > > TODO 11.4: Need verification,
>> > > > > 11.5 Apps that are installed for multiple users must store data in
>> > the
>> > > > > correct folder(s) and registry locations
>> > > > > Refer to the UAC requirements.
>> > > > > TODO 11.5: Need verification,
>> > > > > 11.6 User apps must be able to run in multiple user sessions (Fast
>> > User
>> > > > > Switching) for both local and remote access
>> > > > > TODO 11.6: Need verification,
>> > > > > 11.7 Your app must check other terminal service (TS) sessions for
>> > > > existing
>> > > > > instances of the app
>> > > > > TODO 11.7: Need verification,
>> > > > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to
>> > TS
>> > > > > session management
>> > > > >
>> > > > > 12. Apps must support x64 versions of Windows
>> > > > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
>> > > > > Windows-based apps must run seamlessly on 64-bit systems to
>> maintain
>> > > > > compatibility with 64-bit versions of Windows
>> > > > > TODO 12.1: Need verification, AOO can be run on 64-bit system
>> > > > > 12.2 Your app and its installers must not contain any 16-bit code
>> or
>> > > rely
>> > > > > on any 16-bit component
>> > > > > TODO 12.2: Need verification, AOO not contain 16-bit code
>> > > > > 12.3 Your app’s setup must detect and install the proper drivers
>> and
>> > > > > components for the 64-bit architecture
>> > > > > TODO 12.3: Need verification,
>> > > > >
>> > > > >
>> > > > >
>> > > > > 2012/6/7 Rob Weir <ro...@apache.org>
>> > > > >
>> > > > > > I installed the Windows 8 Tech Preview (32-bit) today on a
>> virtual
>> > > > > > server. After a few minutes to figure out the new platform UI I
>> > > > > > installed AOO 3.4. Install went without problems and it appears
>> to
>> > > > > > run fine.
>> > > > > >
>> > > > > > Of course, there is more that we could do to be a well-integrated
>> > > > > > Windows desktop application. The best practices are outlined
>> here:
>> > > > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
>> > > > > >
>> > > > > > A lot of this is goodness that would help users on Windows 7 and
>> > > > > > earlier versions as well. For example, the code signing reduces
>> > the
>> > > > > > risk of tampering or corrupt files. It also reduces false
>> > complaints
>> > > > > > by some anti-virus products. The recommended compiler options
>> help
>> > > > > > reduce the explotability of security vulnerabilities, especially
>> of
>> > > > > > the kind products run into reading binary file formats. More
>> info
>> > on
>> > > > > > these options are here:
>> > > > > >
>> > > > > >
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
>> > > > > >
>> > > > > > Did OpenOffice.org ever try for logo certification from Microsoft
>> > > > > > before? If so, what was the experience?
>> > > > > >
>> > > > > > I think it might be worth trying for this with AOO, It would
>> takes
>> > > > > > some work, but in the end we would have better platform
>> > integration,
>> > > > > > and a better user and admin experience.
>> > > > > >
>> > > > > > -Rob
>> > > > > >
>> > > > >
>> > > >
>> > >
>> >
>>
Re: Windows 8 Compatibility?
Posted by Lin Yuan <yu...@gmail.com>.
About issue 2. Test for "Section 4 Apps must adhere to system restart
manager messages" is failed.
Bugzilla ID 119947 link:
https://issues.apache.org/ooo/show_bug.cgi?id=119947
I did some investigation on this issue on Windows 7 platform. I found the
Windows App Cert Kit will launch 7 AOO apps:soffice.exe,simpress.exe,
sbase.exe,scalc.exe, sdraw.exe, swriter.exe, smath.exe in one test. And 3
test result.
1. soffice.exe
Can pass.
2. simpress.exe, sbase.exe
Failed because the two applications will popup a wizard dialog which will
block Windows platform to shutdown. May need try to cancel the wizard
dialog on this situation.
3. scalc.exe, sdraw.exe, swriter.exe, smath.exe
Failed but not sure the root cause.
I add some logs and I think the event handler for
WM_QUERYENDSESSION,WM_ENDSESSION,WM_CLOSE can work correctly. But at last
the log will block at Desktop:DestroyApplicationServiceManager() function.
However, it will not block at that place in my debug env with VC. So not
sure the root cause.
And If add a exit() in WM_ENDSESSION event handler. The test can pass.
I attached the raw log in the bugzilla. Maybe someone can have idea or
comments on this issue.
2012/6/28 Liu Da Li <wa...@gmail.com>
> For issue 2.
> >> - Issue 2. Test for "Section 4 Apps must adhere to system restart
> > > manager messages" is failed. Bugzilla ID 119947 link:
> > > <https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> It seems that we handle these system restart manager messages in a right
> way.
> Anyone can have a double check on this?
> Here is the codes in main\vcl\win\source\window\salframe.cxx.
>
> ......
> LRESULT CALLBACK SalFrameWndProc( HWND hWnd, UINT nMsg, WPARAM wParam,
> LPARAM lParam, int& rDef )
> {
> ......
> case WM_QUERYENDSESSION:
> if( !bInQueryEnd )
> {
> // handle queryendsession only once
> bInQueryEnd = TRUE;
> nRet = !ImplHandleShutDownMsg( hWnd );
> rDef = FALSE;
>
> // Issue #16314#: ImplHandleShutDownMsg
> causes a PostMessage in
> case of allowing shutdown.
> // This posted message was never processed
> and cause Windows XP to
> hang after log off
> // if there are multiple sessions and the
> current session wasn't
> the first one started.
> // So if shutdown is allowed we assume
> that a post message was
> done and retrieve all
> // messages in the message queue and
> dispatch them before we
> return control to the system.
>
> if ( nRet )
> {
> MSG msg;
>
> while( PeekMessage( &msg, NULL, 0,
> 0, PM_REMOVE ) )
> {
> DispatchMessage( &msg );
> }
> }
> }
> else
> {
> ImplSalYieldMutexAcquireWithWait();
> ImplSalYieldMutexRelease();
> rDef = TRUE;
> }
> break;
>
> case WM_ENDSESSION:
> if( !wParam )
> bInQueryEnd = FALSE; // no shutdown: allow
> query again
> nRet = FALSE;
> rDef = FALSE;
> break;
> ......
>
>
>
>
> 2012/6/15 Huaidong Qiu <qi...@gmail.com>
>
> > About the fonts AOO installed into the system font directory, I did some
> > verification on Windwos XP.
> >
> > 1. AOO archive package packs those font inside the package, you can find
> > them here Basis\share\fonts\truetype.
> >
> > 2. Install AOO, then remove one of the fonts AOO
> > installed, Arimo-Bold.ttf, Arimo-BoldItalic.ttf, Arimo-Italic.ttf,
> > Arimo-Regular.ttf,
> > from the system font directory. Open installed AOO, the font name
> > disappears from the font list of AOO.
> >
> > 3.Copy directory Basis\share\fonts\truetype from archive package to the
> > install directory. Open installed AOO, the font name come back.
> >
> > So I think we can pack the needed fonts into the installer package
> > as archive package did. Then we can safely remove those fonts from the
> > install directory without affect other applications.
> >
> > Any ideas?
> >
> >
> > On Thu, Jun 14, 2012 at 4:06 PM, Lin Yuan <yu...@gmail.com> wrote:
> >
> > > About issue5 that support multiple user sessions, as tested by Yan Ji
> > on a
> > > Windows 2008 server. When allow one user to remote log in with multiple
> > > sessions, AOO 3.4 is not stable and will crash after some operations.
> > >
> > > To support multiple sessions for one user, I thinkonly rearchitect
> > single
> > > IPC to TS session managment is not enough. If allow multiple AOO
> > instances
> > > can be run isolated for one user, the data in user directory must be
> > > synchronized correctly for those AOO instances as they all share the
> same
> > > user directory. The data may inlucde extensions, .xcu and other
> > > configuration files. So I think the simplest way to be able to
> > cetifiacted
> > > with Windows 8 in this section is do below thing mentioned in
> > Certification
> > > requirements for Windows 8
> > >
> > > "If an app does not support multiple user sessions or remote access, it
> > > must clearly state this when launched from this kind of session"
> > >
> > > That is, when AOO launched, check if there is another AOO instance in a
> > > different TS session but for the same user. If does, popup a warning
> > dialog
> > > and exit.
> > >
> > >
> > >
> > >
> > > 2012/6/12 Liu Da Li <wa...@gmail.com>
> > >
> > > > I have create five items on Bugzilla to track these issue.
> > > >
> > > > - Issue 1. Test for "Section 3 Apps support Windows security
> > features"
> > > > is failed.Bugzilla ID 119946 link:
> > > > [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
> > > >
> > > >
> > > > - Issue 2. Test for "Section 4 Apps must adhere to system restart
> > > > manager messages" is failed. Bugzilla ID 119947 link:
> > > > [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> > > >
> > > >
> > > > - Issue 3. Test for "Section 5 Apps must support a clean,
> reversible
> > > > installation" is failed. Bugzilla ID 119948 link:
> > > > [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
> > > >
> > > >
> > > > - Issue 4. Test for "Section 6 Apps must digitally sign files and
> > > > drivers" is failed.Bugzilla ID 119949 link:
> > > > [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
> > > >
> > > >
> > > > - Issue 5. Test for "Section 11 Apps must support multi-user
> > sessions"
> > > > is not tested by Windows App Certification Kit.Bugzilla ID 119950
> > link:
> > > > [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
> > > >
> > > > Anyone please help to check them, confirm them and fix them.
> > > >
> > > > 2012/6/12 XiuLi Xu <su...@gmail.com>
> > > >
> > > > > Hi All,
> > > > >
> > > > > I upload the detailed test result and Windows 8 related links in
> the
> > > wiki
> > > > > document, Windows App Certification Kit Test Results for Apache
> > > > OpenOffice
> > > > > 3.4<
> > > > >
> > > >
> > >
> >
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> > > > > >
> > > > >
> > > > >
> > > > > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com>
> > wrote:
> > > > >
> > > > > > There are so many items in the Windows 8 certification list, I
> try
> > to
> > > > go
> > > > > > through it and find that there is maybe about 43 TODO items for
> us
> > to
> > > > do
> > > > > > the certification. Most of the TODO items are just a
> verification
> > > > jobs,
> > > > > > but some code change jobs maybe are need to do for the sections
> > > > 4.1,5.1,
> > > > > > 9.1, 10.2,11.7.
> > > > > > I have try to verify some items, the result be marked at green.
> > > > > > Herbert1 also go through the list, I put his result at the end of
> > > each
> > > > > > section.
> > > > > >
> > > > > > Items which maybe need to change some codes
> > > > > > ------------------------------------------------
> > > > > > 4.1 Your app must handle critical shutdowns appropriately
> > > > > > In a critical shutdown, apps that return FALSE to
> > WM_QUERYENDSESSION
> > > > will
> > > > > > be sent WM_ENDSESSION and closed, while those that time out in
> > > response
> > > > > to
> > > > > > WM_QUERYENDSESSION will be terminated. .
> > > > > > 5.1 Your app must properly implement a clean, reversible
> > installation
> > > > > > If the installation fails, the app should be able to roll it back
> > and
> > > > > > restore the machine to its previous state.
> > > > > > 9.1 Your app must have a manifest that defines execution levels
> and
> > > > tells
> > > > > > the operating system what privileges the app requires in order to
> > run
> > > > > > The app manifest marking only applies to EXEs, not DLLs. This is
> > > > because
> > > > > > UAC does not inspect DLLs during process creation. It is also
> worth
> > > > > noting
> > > > > > that UAC rules do not apply to Windows Services. The manifest can
> > be
> > > > > either
> > > > > > embedded or external.
> > > > > > To create a manifest, create a file with the name
> > > > <app_name>.exe.manifest
> > > > > > and store it in the same directory as the EXE. Note that any
> > external
> > > > > > manifest is ignored if the app has an internal manifest. For
> > example:
> > > > > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > > > > > requireAdministrator"" uiAccess=""true|false""/>
> > > > > > 10.2 Your app must avoid starting automatically on startup
> > > > > > For example, your app should not set any of the following;
> > > > > > Registry run keys HKLM and, or HKCU under
> > > > > > Software\Microsoft\Windows\CurrentVersion
> > > > > > Registry run keys HKLM, and or HKCU under
> > > > > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > > > > > Start Menu AllPrograms > STARTUP
> > > > > > 11.7 Your app must check other terminal service (TS) sessions for
> > > > > existing
> > > > > > instances of the app
> > > > > > Note: If an app does not support multiple user sessions or remote
> > > > access,
> > > > > > it must clearly state this when launched from this kind of
> session.
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > > > Full TODO items.
> > > > > >
> > > > > > 1. Apps are compatible and resilient
> > > > > > 1.1 Your app must not take a dependency on Windows compatibility
> > > modes,
> > > > > > AppHelp message, and or any other compatibility fixes
> > > > > > TODO 1.1 : Need verification , don't depend.
> > > > > > 1.2 Your app must not take a dependency on the VB6 runtime
> > > > > > TODO 1.2 : Need verification , don't depend.
> > > > > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API
> > > calls
> > > > > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > > > > AppInit_dlls.
> > > > > > TODO 1.3 : Need verification , don't load.
> > > > > > Herbert1: Win8 Cert Section 1 : ok
> > > > > >
> > > > > > 2. Apps must adhere to Windows Security Best Practices
> > > > > > 2.1 Your app must use strong and appropriate ACLs to secure
> > > executable
> > > > > > files
> > > > > > TODO 2.1 : Need verification
> > > > > > 2.2 Your app must use strong and appropriate ACLs to secure
> > > directories
> > > > > > TODO 2.2 : Need verification
> > > > > > 2.3 Your app must use strong and appropriate ACLs to secure
> > registry
> > > > keys
> > > > > > TODO 2.3 : Need verification
> > > > > > 2.4 Your app must use strong and appropriate ACLs to secure
> > > directories
> > > > > > that contain objects
> > > > > > TODO 2.4 : Need verification
> > > > > > 2.5 Your app must reduce non-administrator access to services
> that
> > > are
> > > > > > vulnerable to tampering
> > > > > > TODO 2.5 : Need verification
> > > > > > 2.6 Your app must prevent services with fast restarts from
> > restarting
> > > > > more
> > > > > > than twice every 24 hours
> > > > > > TODO 2.6 : Need verification
> > > > > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does
> it
> > it
> > > > is
> > > > > > fine,we are using nsis-2.46 for building the MSI package but
> > Windows
> > > > > itself
> > > > > > does the installation of the MSI packages
> > > > > >
> > > > > > 3. Apps support Windows security features
> > > > > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
> > > (APTCA)
> > > > > to
> > > > > > ensure secure access to strong-named assemblies
> > > > > > TODO 3.1 : Need verification,
> > > > > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure
> > safe
> > > > > > exceptions handling
> > > > > > TODO 3.2 : Need verification, we use it
> > > > > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent
> > > data
> > > > > > execution
> > > > > > TODO 3.3 : Need verification, we use it
> > > > > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for
> > address
> > > > > space
> > > > > > layout randomization (ASLR)
> > > > > > TODO 3.4 : Need verification, we use it
> > > > > > 3.5 Your app must not Read/Write Shared PE Sections
> > > > > > TODO 3.5 : Need verification,
> > > > > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH,
> > > NXCOMPAT,
> > > > > > DYNAMICBASE, but the libraries we ship have to be modified to use
> > > these
> > > > > > flags too,I'm almost certain that we don't use APTCA,I'm not so
> > sure
> > > > > about
> > > > > > the RW PW Sections, but I guess we do not have any.
> > > > > >
> > > > > > 4. Apps must adhere to system restart manager messages
> > > > > > 4.1 Your app must handle critical shutdowns appropriately
> > > > > > TODO 4.1 : Need verification,
> > > > > > 4.2 A GUI app must return TRUE immediately in preparation for a
> > > restart
> > > > > > TODO 4.2 : Need verification, we do
> > > > > > 4.3 Your app must return 0 within 30 seconds and shut down
> > > > > > TODO 4.3 : Need verification,we do
> > > > > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > > > > > implemented,these new messages are currently ignored
> > > > > >
> > > > > > 5. Apps must support a clean, reversible installation
> > > > > > 5.1 Your app must properly implement a clean, reversible
> > installation
> > > > > > TODO 5.1 : Need verification,
> > > > > > 5.2 Your app must never force the user to restart the computer
> > > > > immediately
> > > > > > TODO 5.2 : Need verification,we never
> > > > > > 5.3 Your app must never be dependent on 8.3 short file names
> (SFN)
> > > > > > TODO 5.3 : Need verification,we never
> > > > > > 5.4 Your app must never block silent install/uninstall
> > > > > > TODO 5.4 : Need verification,
> > > > > > 5.5 Your app installer must create the correct registry entries
> to
> > > > allow
> > > > > > successful detection and uninstalls
> > > > > > TODO 5.5 : Need verification,
> > > > > > Herbert1: Win8 Cert Section 5: making sure that the registry
> > entries
> > > > and
> > > > > > files are restored is difficult
> > > > > >
> > > > > > 6. Apps must digitally sign files and drivers
> > > > > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv,
> .scr)
> > > > must
> > > > > be
> > > > > > signed with an Authenticode certificate
> > > > > > TODO 6.1:Need to do digitally sign
> > > > > > Herbert1: Win8 Cert Section 6: Having authentication credentials
> > > would
> > > > be
> > > > > > good even if don't pursue Win8 shop certification
> > > > > >
> > > > > > 7. Apps don’t block installation or app launch based on an
> > operating
> > > > > system
> > > > > > version check
> > > > > > 7.1 Your app must not perform version checks for equality
> > > > > > TODO 7.1 : Need verification,
> > > > > > Herbert1: Win8 Cert Section 7: We are doing win-version checks,
> but
> > > I'm
> > > > > > almost certain that it is not a check for equality. Needs to be
> > > checked
> > > > > > though.
> > > > > >
> > > > > > 8. Apps don’t load services or drivers in safe mode
> > > > > > TODO 8 : Need verification, we don't
> > > > > >
> > > > > > 9. Apps must follow User Account Control guidelines
> > > > > > 9.1 Your app must have a manifest that defines execution levels
> and
> > > > tells
> > > > > > the operating system what privileges the app requires in order to
> > run
> > > > > > TODO 9.1 : Need verification,
> > > > > > 9.2 Your app’s main process must be run as a standard user
> > > (asInvoker).
> > > > > > TODO 9.2 : Need verification,
> > > > > >
> > > > > > 10. Apps must install to the correct folders by default
> > > > > > 10.1 Your app must be installed in the Program Files folder by
> > > default
> > > > > > TODO 10.1: Need verification,we do
> > > > > > 10.2 Your app must avoid starting automatically on startup
> > > > > > TODO 10.2: Need verification, the quick start is a issue
> > > > > > 10.3 Your app data, which must be shared among users on the
> > computer,
> > > > > > should be stored within ProgramData
> > > > > > TODO 10.3: Need verification,we do
> > > > > > 10.4 Your app’s data that is exclusive to a specific user and
> that
> > is
> > > > not
> > > > > > to be shared with other users of the computer, must be stored in
> > > > > > Users\<username>\AppData
> > > > > > TODO 10.4: Need verification,we do
> > > > > > 10.5 Your app must never write directly to the "Windows"
> directory
> > > and
> > > > or
> > > > > > subdirectories
> > > > > > TODO 10.5: Need verification,we never
> > > > > > 10.6 Your app must write user data at first run and not during
> the
> > > > > > installation in “per-machine” installations
> > > > > > TODO 10.6: Need verification,we do
> > > > > >
> > > > > > 11. Apps must support multi-user sessions
> > > > > > 11.1 Your app must ensure that when running in multiple sessions
> > > either
> > > > > > locally or remotely, the normal functionality of the app is not
> > > > adversely
> > > > > > affected
> > > > > > TODO 11.1: Need verification,
> > > > > > 11.2 Your app’s settings and data files must not persist across
> > users
> > > > > > TODO 11.2: Need verification,
> > > > > > 11.3 A user’s privacy and preferences must be isolated to the
> > user’s
> > > > > > session
> > > > > > TODO 11.3: Need verification,
> > > > > > 11.4 Your app’s instances must be isolated from each other
> > > > > > TODO 11.4: Need verification,
> > > > > > 11.5 Apps that are installed for multiple users must store data
> in
> > > the
> > > > > > correct folder(s) and registry locations
> > > > > > Refer to the UAC requirements.
> > > > > > TODO 11.5: Need verification,
> > > > > > 11.6 User apps must be able to run in multiple user sessions
> (Fast
> > > User
> > > > > > Switching) for both local and remote access
> > > > > > TODO 11.6: Need verification,
> > > > > > 11.7 Your app must check other terminal service (TS) sessions for
> > > > > existing
> > > > > > instances of the app
> > > > > > TODO 11.7: Need verification,
> > > > > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC
> to
> > > TS
> > > > > > session management
> > > > > >
> > > > > > 12. Apps must support x64 versions of Windows
> > > > > > 12.1 Your app must natively support 64-bit or, at a minimum,
> 32-bit
> > > > > > Windows-based apps must run seamlessly on 64-bit systems to
> > maintain
> > > > > > compatibility with 64-bit versions of Windows
> > > > > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > > > > > 12.2 Your app and its installers must not contain any 16-bit code
> > or
> > > > rely
> > > > > > on any 16-bit component
> > > > > > TODO 12.2: Need verification, AOO not contain 16-bit code
> > > > > > 12.3 Your app’s setup must detect and install the proper drivers
> > and
> > > > > > components for the 64-bit architecture
> > > > > > TODO 12.3: Need verification,
> > > > > >
> > > > > >
> > > > > >
> > > > > > 2012/6/7 Rob Weir <ro...@apache.org>
> > > > > >
> > > > > > > I installed the Windows 8 Tech Preview (32-bit) today on a
> > virtual
> > > > > > > server. After a few minutes to figure out the new platform UI
> I
> > > > > > > installed AOO 3.4. Install went without problems and it
> appears
> > to
> > > > > > > run fine.
> > > > > > >
> > > > > > > Of course, there is more that we could do to be a
> well-integrated
> > > > > > > Windows desktop application. The best practices are outlined
> > here:
> > > > > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > > > > > >
> > > > > > > A lot of this is goodness that would help users on Windows 7
> and
> > > > > > > earlier versions as well. For example, the code signing
> reduces
> > > the
> > > > > > > risk of tampering or corrupt files. It also reduces false
> > > complaints
> > > > > > > by some anti-virus products. The recommended compiler options
> > help
> > > > > > > reduce the explotability of security vulnerabilities,
> especially
> > of
> > > > > > > the kind products run into reading binary file formats. More
> > info
> > > on
> > > > > > > these options are here:
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > > > > > >
> > > > > > > Did OpenOffice.org ever try for logo certification from
> Microsoft
> > > > > > > before? If so, what was the experience?
> > > > > > >
> > > > > > > I think it might be worth trying for this with AOO, It would
> > takes
> > > > > > > some work, but in the end we would have better platform
> > > integration,
> > > > > > > and a better user and admin experience.
> > > > > > >
> > > > > > > -Rob
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: Windows 8 Compatibility?
Posted by Liu Da Li <wa...@gmail.com>.
For issue 2.
>> - Issue 2. Test for "Section 4 Apps must adhere to system restart
> > manager messages" is failed. Bugzilla ID 119947 link:
> > <https://issues.apache.org/ooo/show_bug.cgi?id=119947>
It seems that we handle these system restart manager messages in a right
way.
Anyone can have a double check on this?
Here is the codes in main\vcl\win\source\window\salframe.cxx.
......
LRESULT CALLBACK SalFrameWndProc( HWND hWnd, UINT nMsg, WPARAM wParam,
LPARAM lParam, int& rDef )
{
......
case WM_QUERYENDSESSION:
if( !bInQueryEnd )
{
// handle queryendsession only once
bInQueryEnd = TRUE;
nRet = !ImplHandleShutDownMsg( hWnd );
rDef = FALSE;
// Issue #16314#: ImplHandleShutDownMsg causes a PostMessage in
case of allowing shutdown.
// This posted message was never processed and cause Windows XP to
hang after log off
// if there are multiple sessions and the current session wasn't
the first one started.
// So if shutdown is allowed we assume that a post message was
done and retrieve all
// messages in the message queue and dispatch them before we
return control to the system.
if ( nRet )
{
MSG msg;
while( PeekMessage( &msg, NULL, 0, 0, PM_REMOVE ) )
{
DispatchMessage( &msg );
}
}
}
else
{
ImplSalYieldMutexAcquireWithWait();
ImplSalYieldMutexRelease();
rDef = TRUE;
}
break;
case WM_ENDSESSION:
if( !wParam )
bInQueryEnd = FALSE; // no shutdown: allow query again
nRet = FALSE;
rDef = FALSE;
break;
......
2012/6/15 Huaidong Qiu <qi...@gmail.com>
> About the fonts AOO installed into the system font directory, I did some
> verification on Windwos XP.
>
> 1. AOO archive package packs those font inside the package, you can find
> them here Basis\share\fonts\truetype.
>
> 2. Install AOO, then remove one of the fonts AOO
> installed, Arimo-Bold.ttf, Arimo-BoldItalic.ttf, Arimo-Italic.ttf,
> Arimo-Regular.ttf,
> from the system font directory. Open installed AOO, the font name
> disappears from the font list of AOO.
>
> 3.Copy directory Basis\share\fonts\truetype from archive package to the
> install directory. Open installed AOO, the font name come back.
>
> So I think we can pack the needed fonts into the installer package
> as archive package did. Then we can safely remove those fonts from the
> install directory without affect other applications.
>
> Any ideas?
>
>
> On Thu, Jun 14, 2012 at 4:06 PM, Lin Yuan <yu...@gmail.com> wrote:
>
> > About issue5 that support multiple user sessions, as tested by Yan Ji
> on a
> > Windows 2008 server. When allow one user to remote log in with multiple
> > sessions, AOO 3.4 is not stable and will crash after some operations.
> >
> > To support multiple sessions for one user, I thinkonly rearchitect
> single
> > IPC to TS session managment is not enough. If allow multiple AOO
> instances
> > can be run isolated for one user, the data in user directory must be
> > synchronized correctly for those AOO instances as they all share the same
> > user directory. The data may inlucde extensions, .xcu and other
> > configuration files. So I think the simplest way to be able to
> cetifiacted
> > with Windows 8 in this section is do below thing mentioned in
> Certification
> > requirements for Windows 8
> >
> > "If an app does not support multiple user sessions or remote access, it
> > must clearly state this when launched from this kind of session"
> >
> > That is, when AOO launched, check if there is another AOO instance in a
> > different TS session but for the same user. If does, popup a warning
> dialog
> > and exit.
> >
> >
> >
> >
> > 2012/6/12 Liu Da Li <wa...@gmail.com>
> >
> > > I have create five items on Bugzilla to track these issue.
> > >
> > > - Issue 1. Test for "Section 3 Apps support Windows security
> features"
> > > is failed.Bugzilla ID 119946 link:
> > > [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
> > >
> > >
> > > - Issue 2. Test for "Section 4 Apps must adhere to system restart
> > > manager messages" is failed. Bugzilla ID 119947 link:
> > > [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> > >
> > >
> > > - Issue 3. Test for "Section 5 Apps must support a clean, reversible
> > > installation" is failed. Bugzilla ID 119948 link:
> > > [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
> > >
> > >
> > > - Issue 4. Test for "Section 6 Apps must digitally sign files and
> > > drivers" is failed.Bugzilla ID 119949 link:
> > > [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
> > >
> > >
> > > - Issue 5. Test for "Section 11 Apps must support multi-user
> sessions"
> > > is not tested by Windows App Certification Kit.Bugzilla ID 119950
> link:
> > > [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
> > >
> > > Anyone please help to check them, confirm them and fix them.
> > >
> > > 2012/6/12 XiuLi Xu <su...@gmail.com>
> > >
> > > > Hi All,
> > > >
> > > > I upload the detailed test result and Windows 8 related links in the
> > wiki
> > > > document, Windows App Certification Kit Test Results for Apache
> > > OpenOffice
> > > > 3.4<
> > > >
> > >
> >
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> > > > >
> > > >
> > > >
> > > > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com>
> wrote:
> > > >
> > > > > There are so many items in the Windows 8 certification list, I try
> to
> > > go
> > > > > through it and find that there is maybe about 43 TODO items for us
> to
> > > do
> > > > > the certification. Most of the TODO items are just a verification
> > > jobs,
> > > > > but some code change jobs maybe are need to do for the sections
> > > 4.1,5.1,
> > > > > 9.1, 10.2,11.7.
> > > > > I have try to verify some items, the result be marked at green.
> > > > > Herbert1 also go through the list, I put his result at the end of
> > each
> > > > > section.
> > > > >
> > > > > Items which maybe need to change some codes
> > > > > ------------------------------------------------
> > > > > 4.1 Your app must handle critical shutdowns appropriately
> > > > > In a critical shutdown, apps that return FALSE to
> WM_QUERYENDSESSION
> > > will
> > > > > be sent WM_ENDSESSION and closed, while those that time out in
> > response
> > > > to
> > > > > WM_QUERYENDSESSION will be terminated. .
> > > > > 5.1 Your app must properly implement a clean, reversible
> installation
> > > > > If the installation fails, the app should be able to roll it back
> and
> > > > > restore the machine to its previous state.
> > > > > 9.1 Your app must have a manifest that defines execution levels and
> > > tells
> > > > > the operating system what privileges the app requires in order to
> run
> > > > > The app manifest marking only applies to EXEs, not DLLs. This is
> > > because
> > > > > UAC does not inspect DLLs during process creation. It is also worth
> > > > noting
> > > > > that UAC rules do not apply to Windows Services. The manifest can
> be
> > > > either
> > > > > embedded or external.
> > > > > To create a manifest, create a file with the name
> > > <app_name>.exe.manifest
> > > > > and store it in the same directory as the EXE. Note that any
> external
> > > > > manifest is ignored if the app has an internal manifest. For
> example:
> > > > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > > > > requireAdministrator"" uiAccess=""true|false""/>
> > > > > 10.2 Your app must avoid starting automatically on startup
> > > > > For example, your app should not set any of the following;
> > > > > Registry run keys HKLM and, or HKCU under
> > > > > Software\Microsoft\Windows\CurrentVersion
> > > > > Registry run keys HKLM, and or HKCU under
> > > > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > > > > Start Menu AllPrograms > STARTUP
> > > > > 11.7 Your app must check other terminal service (TS) sessions for
> > > > existing
> > > > > instances of the app
> > > > > Note: If an app does not support multiple user sessions or remote
> > > access,
> > > > > it must clearly state this when launched from this kind of session.
> > > > >
> > > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > > Full TODO items.
> > > > >
> > > > > 1. Apps are compatible and resilient
> > > > > 1.1 Your app must not take a dependency on Windows compatibility
> > modes,
> > > > > AppHelp message, and or any other compatibility fixes
> > > > > TODO 1.1 : Need verification , don't depend.
> > > > > 1.2 Your app must not take a dependency on the VB6 runtime
> > > > > TODO 1.2 : Need verification , don't depend.
> > > > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API
> > calls
> > > > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > > > AppInit_dlls.
> > > > > TODO 1.3 : Need verification , don't load.
> > > > > Herbert1: Win8 Cert Section 1 : ok
> > > > >
> > > > > 2. Apps must adhere to Windows Security Best Practices
> > > > > 2.1 Your app must use strong and appropriate ACLs to secure
> > executable
> > > > > files
> > > > > TODO 2.1 : Need verification
> > > > > 2.2 Your app must use strong and appropriate ACLs to secure
> > directories
> > > > > TODO 2.2 : Need verification
> > > > > 2.3 Your app must use strong and appropriate ACLs to secure
> registry
> > > keys
> > > > > TODO 2.3 : Need verification
> > > > > 2.4 Your app must use strong and appropriate ACLs to secure
> > directories
> > > > > that contain objects
> > > > > TODO 2.4 : Need verification
> > > > > 2.5 Your app must reduce non-administrator access to services that
> > are
> > > > > vulnerable to tampering
> > > > > TODO 2.5 : Need verification
> > > > > 2.6 Your app must prevent services with fast restarts from
> restarting
> > > > more
> > > > > than twice every 24 hours
> > > > > TODO 2.6 : Need verification
> > > > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it
> it
> > > is
> > > > > fine,we are using nsis-2.46 for building the MSI package but
> Windows
> > > > itself
> > > > > does the installation of the MSI packages
> > > > >
> > > > > 3. Apps support Windows security features
> > > > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
> > (APTCA)
> > > > to
> > > > > ensure secure access to strong-named assemblies
> > > > > TODO 3.1 : Need verification,
> > > > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure
> safe
> > > > > exceptions handling
> > > > > TODO 3.2 : Need verification, we use it
> > > > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent
> > data
> > > > > execution
> > > > > TODO 3.3 : Need verification, we use it
> > > > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for
> address
> > > > space
> > > > > layout randomization (ASLR)
> > > > > TODO 3.4 : Need verification, we use it
> > > > > 3.5 Your app must not Read/Write Shared PE Sections
> > > > > TODO 3.5 : Need verification,
> > > > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH,
> > NXCOMPAT,
> > > > > DYNAMICBASE, but the libraries we ship have to be modified to use
> > these
> > > > > flags too,I'm almost certain that we don't use APTCA,I'm not so
> sure
> > > > about
> > > > > the RW PW Sections, but I guess we do not have any.
> > > > >
> > > > > 4. Apps must adhere to system restart manager messages
> > > > > 4.1 Your app must handle critical shutdowns appropriately
> > > > > TODO 4.1 : Need verification,
> > > > > 4.2 A GUI app must return TRUE immediately in preparation for a
> > restart
> > > > > TODO 4.2 : Need verification, we do
> > > > > 4.3 Your app must return 0 within 30 seconds and shut down
> > > > > TODO 4.3 : Need verification,we do
> > > > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > > > > implemented,these new messages are currently ignored
> > > > >
> > > > > 5. Apps must support a clean, reversible installation
> > > > > 5.1 Your app must properly implement a clean, reversible
> installation
> > > > > TODO 5.1 : Need verification,
> > > > > 5.2 Your app must never force the user to restart the computer
> > > > immediately
> > > > > TODO 5.2 : Need verification,we never
> > > > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> > > > > TODO 5.3 : Need verification,we never
> > > > > 5.4 Your app must never block silent install/uninstall
> > > > > TODO 5.4 : Need verification,
> > > > > 5.5 Your app installer must create the correct registry entries to
> > > allow
> > > > > successful detection and uninstalls
> > > > > TODO 5.5 : Need verification,
> > > > > Herbert1: Win8 Cert Section 5: making sure that the registry
> entries
> > > and
> > > > > files are restored is difficult
> > > > >
> > > > > 6. Apps must digitally sign files and drivers
> > > > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
> > > must
> > > > be
> > > > > signed with an Authenticode certificate
> > > > > TODO 6.1:Need to do digitally sign
> > > > > Herbert1: Win8 Cert Section 6: Having authentication credentials
> > would
> > > be
> > > > > good even if don't pursue Win8 shop certification
> > > > >
> > > > > 7. Apps don’t block installation or app launch based on an
> operating
> > > > system
> > > > > version check
> > > > > 7.1 Your app must not perform version checks for equality
> > > > > TODO 7.1 : Need verification,
> > > > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but
> > I'm
> > > > > almost certain that it is not a check for equality. Needs to be
> > checked
> > > > > though.
> > > > >
> > > > > 8. Apps don’t load services or drivers in safe mode
> > > > > TODO 8 : Need verification, we don't
> > > > >
> > > > > 9. Apps must follow User Account Control guidelines
> > > > > 9.1 Your app must have a manifest that defines execution levels and
> > > tells
> > > > > the operating system what privileges the app requires in order to
> run
> > > > > TODO 9.1 : Need verification,
> > > > > 9.2 Your app’s main process must be run as a standard user
> > (asInvoker).
> > > > > TODO 9.2 : Need verification,
> > > > >
> > > > > 10. Apps must install to the correct folders by default
> > > > > 10.1 Your app must be installed in the Program Files folder by
> > default
> > > > > TODO 10.1: Need verification,we do
> > > > > 10.2 Your app must avoid starting automatically on startup
> > > > > TODO 10.2: Need verification, the quick start is a issue
> > > > > 10.3 Your app data, which must be shared among users on the
> computer,
> > > > > should be stored within ProgramData
> > > > > TODO 10.3: Need verification,we do
> > > > > 10.4 Your app’s data that is exclusive to a specific user and that
> is
> > > not
> > > > > to be shared with other users of the computer, must be stored in
> > > > > Users\<username>\AppData
> > > > > TODO 10.4: Need verification,we do
> > > > > 10.5 Your app must never write directly to the "Windows" directory
> > and
> > > or
> > > > > subdirectories
> > > > > TODO 10.5: Need verification,we never
> > > > > 10.6 Your app must write user data at first run and not during the
> > > > > installation in “per-machine” installations
> > > > > TODO 10.6: Need verification,we do
> > > > >
> > > > > 11. Apps must support multi-user sessions
> > > > > 11.1 Your app must ensure that when running in multiple sessions
> > either
> > > > > locally or remotely, the normal functionality of the app is not
> > > adversely
> > > > > affected
> > > > > TODO 11.1: Need verification,
> > > > > 11.2 Your app’s settings and data files must not persist across
> users
> > > > > TODO 11.2: Need verification,
> > > > > 11.3 A user’s privacy and preferences must be isolated to the
> user’s
> > > > > session
> > > > > TODO 11.3: Need verification,
> > > > > 11.4 Your app’s instances must be isolated from each other
> > > > > TODO 11.4: Need verification,
> > > > > 11.5 Apps that are installed for multiple users must store data in
> > the
> > > > > correct folder(s) and registry locations
> > > > > Refer to the UAC requirements.
> > > > > TODO 11.5: Need verification,
> > > > > 11.6 User apps must be able to run in multiple user sessions (Fast
> > User
> > > > > Switching) for both local and remote access
> > > > > TODO 11.6: Need verification,
> > > > > 11.7 Your app must check other terminal service (TS) sessions for
> > > > existing
> > > > > instances of the app
> > > > > TODO 11.7: Need verification,
> > > > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to
> > TS
> > > > > session management
> > > > >
> > > > > 12. Apps must support x64 versions of Windows
> > > > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> > > > > Windows-based apps must run seamlessly on 64-bit systems to
> maintain
> > > > > compatibility with 64-bit versions of Windows
> > > > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > > > > 12.2 Your app and its installers must not contain any 16-bit code
> or
> > > rely
> > > > > on any 16-bit component
> > > > > TODO 12.2: Need verification, AOO not contain 16-bit code
> > > > > 12.3 Your app’s setup must detect and install the proper drivers
> and
> > > > > components for the 64-bit architecture
> > > > > TODO 12.3: Need verification,
> > > > >
> > > > >
> > > > >
> > > > > 2012/6/7 Rob Weir <ro...@apache.org>
> > > > >
> > > > > > I installed the Windows 8 Tech Preview (32-bit) today on a
> virtual
> > > > > > server. After a few minutes to figure out the new platform UI I
> > > > > > installed AOO 3.4. Install went without problems and it appears
> to
> > > > > > run fine.
> > > > > >
> > > > > > Of course, there is more that we could do to be a well-integrated
> > > > > > Windows desktop application. The best practices are outlined
> here:
> > > > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > > > > >
> > > > > > A lot of this is goodness that would help users on Windows 7 and
> > > > > > earlier versions as well. For example, the code signing reduces
> > the
> > > > > > risk of tampering or corrupt files. It also reduces false
> > complaints
> > > > > > by some anti-virus products. The recommended compiler options
> help
> > > > > > reduce the explotability of security vulnerabilities, especially
> of
> > > > > > the kind products run into reading binary file formats. More
> info
> > on
> > > > > > these options are here:
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > > > > >
> > > > > > Did OpenOffice.org ever try for logo certification from Microsoft
> > > > > > before? If so, what was the experience?
> > > > > >
> > > > > > I think it might be worth trying for this with AOO, It would
> takes
> > > > > > some work, but in the end we would have better platform
> > integration,
> > > > > > and a better user and admin experience.
> > > > > >
> > > > > > -Rob
> > > > > >
> > > > >
> > > >
> > >
> >
>
Re: Windows 8 Compatibility?
Posted by Huaidong Qiu <qi...@gmail.com>.
About the fonts AOO installed into the system font directory, I did some
verification on Windwos XP.
1. AOO archive package packs those font inside the package, you can find
them here Basis\share\fonts\truetype.
2. Install AOO, then remove one of the fonts AOO
installed, Arimo-Bold.ttf, Arimo-BoldItalic.ttf, Arimo-Italic.ttf,
Arimo-Regular.ttf,
from the system font directory. Open installed AOO, the font name
disappears from the font list of AOO.
3.Copy directory Basis\share\fonts\truetype from archive package to the
install directory. Open installed AOO, the font name come back.
So I think we can pack the needed fonts into the installer package
as archive package did. Then we can safely remove those fonts from the
install directory without affect other applications.
Any ideas?
On Thu, Jun 14, 2012 at 4:06 PM, Lin Yuan <yu...@gmail.com> wrote:
> About issue5 that support multiple user sessions, as tested by Yan Ji on a
> Windows 2008 server. When allow one user to remote log in with multiple
> sessions, AOO 3.4 is not stable and will crash after some operations.
>
> To support multiple sessions for one user, I thinkonly rearchitect single
> IPC to TS session managment is not enough. If allow multiple AOO instances
> can be run isolated for one user, the data in user directory must be
> synchronized correctly for those AOO instances as they all share the same
> user directory. The data may inlucde extensions, .xcu and other
> configuration files. So I think the simplest way to be able to cetifiacted
> with Windows 8 in this section is do below thing mentioned in Certification
> requirements for Windows 8
>
> "If an app does not support multiple user sessions or remote access, it
> must clearly state this when launched from this kind of session"
>
> That is, when AOO launched, check if there is another AOO instance in a
> different TS session but for the same user. If does, popup a warning dialog
> and exit.
>
>
>
>
> 2012/6/12 Liu Da Li <wa...@gmail.com>
>
> > I have create five items on Bugzilla to track these issue.
> >
> > - Issue 1. Test for "Section 3 Apps support Windows security features"
> > is failed.Bugzilla ID 119946 link:
> > [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
> >
> >
> > - Issue 2. Test for "Section 4 Apps must adhere to system restart
> > manager messages" is failed. Bugzilla ID 119947 link:
> > [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
> >
> >
> > - Issue 3. Test for "Section 5 Apps must support a clean, reversible
> > installation" is failed. Bugzilla ID 119948 link:
> > [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
> >
> >
> > - Issue 4. Test for "Section 6 Apps must digitally sign files and
> > drivers" is failed.Bugzilla ID 119949 link:
> > [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
> >
> >
> > - Issue 5. Test for "Section 11 Apps must support multi-user sessions"
> > is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
> > [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
> >
> > Anyone please help to check them, confirm them and fix them.
> >
> > 2012/6/12 XiuLi Xu <su...@gmail.com>
> >
> > > Hi All,
> > >
> > > I upload the detailed test result and Windows 8 related links in the
> wiki
> > > document, Windows App Certification Kit Test Results for Apache
> > OpenOffice
> > > 3.4<
> > >
> >
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> > > >
> > >
> > >
> > > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
> > >
> > > > There are so many items in the Windows 8 certification list, I try to
> > go
> > > > through it and find that there is maybe about 43 TODO items for us to
> > do
> > > > the certification. Most of the TODO items are just a verification
> > jobs,
> > > > but some code change jobs maybe are need to do for the sections
> > 4.1,5.1,
> > > > 9.1, 10.2,11.7.
> > > > I have try to verify some items, the result be marked at green.
> > > > Herbert1 also go through the list, I put his result at the end of
> each
> > > > section.
> > > >
> > > > Items which maybe need to change some codes
> > > > ------------------------------------------------
> > > > 4.1 Your app must handle critical shutdowns appropriately
> > > > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION
> > will
> > > > be sent WM_ENDSESSION and closed, while those that time out in
> response
> > > to
> > > > WM_QUERYENDSESSION will be terminated. .
> > > > 5.1 Your app must properly implement a clean, reversible installation
> > > > If the installation fails, the app should be able to roll it back and
> > > > restore the machine to its previous state.
> > > > 9.1 Your app must have a manifest that defines execution levels and
> > tells
> > > > the operating system what privileges the app requires in order to run
> > > > The app manifest marking only applies to EXEs, not DLLs. This is
> > because
> > > > UAC does not inspect DLLs during process creation. It is also worth
> > > noting
> > > > that UAC rules do not apply to Windows Services. The manifest can be
> > > either
> > > > embedded or external.
> > > > To create a manifest, create a file with the name
> > <app_name>.exe.manifest
> > > > and store it in the same directory as the EXE. Note that any external
> > > > manifest is ignored if the app has an internal manifest. For example:
> > > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > > > requireAdministrator"" uiAccess=""true|false""/>
> > > > 10.2 Your app must avoid starting automatically on startup
> > > > For example, your app should not set any of the following;
> > > > Registry run keys HKLM and, or HKCU under
> > > > Software\Microsoft\Windows\CurrentVersion
> > > > Registry run keys HKLM, and or HKCU under
> > > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > > > Start Menu AllPrograms > STARTUP
> > > > 11.7 Your app must check other terminal service (TS) sessions for
> > > existing
> > > > instances of the app
> > > > Note: If an app does not support multiple user sessions or remote
> > access,
> > > > it must clearly state this when launched from this kind of session.
> > > >
> > > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > > Full TODO items.
> > > >
> > > > 1. Apps are compatible and resilient
> > > > 1.1 Your app must not take a dependency on Windows compatibility
> modes,
> > > > AppHelp message, and or any other compatibility fixes
> > > > TODO 1.1 : Need verification , don't depend.
> > > > 1.2 Your app must not take a dependency on the VB6 runtime
> > > > TODO 1.2 : Need verification , don't depend.
> > > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API
> calls
> > > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > > AppInit_dlls.
> > > > TODO 1.3 : Need verification , don't load.
> > > > Herbert1: Win8 Cert Section 1 : ok
> > > >
> > > > 2. Apps must adhere to Windows Security Best Practices
> > > > 2.1 Your app must use strong and appropriate ACLs to secure
> executable
> > > > files
> > > > TODO 2.1 : Need verification
> > > > 2.2 Your app must use strong and appropriate ACLs to secure
> directories
> > > > TODO 2.2 : Need verification
> > > > 2.3 Your app must use strong and appropriate ACLs to secure registry
> > keys
> > > > TODO 2.3 : Need verification
> > > > 2.4 Your app must use strong and appropriate ACLs to secure
> directories
> > > > that contain objects
> > > > TODO 2.4 : Need verification
> > > > 2.5 Your app must reduce non-administrator access to services that
> are
> > > > vulnerable to tampering
> > > > TODO 2.5 : Need verification
> > > > 2.6 Your app must prevent services with fast restarts from restarting
> > > more
> > > > than twice every 24 hours
> > > > TODO 2.6 : Need verification
> > > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it
> > is
> > > > fine,we are using nsis-2.46 for building the MSI package but Windows
> > > itself
> > > > does the installation of the MSI packages
> > > >
> > > > 3. Apps support Windows security features
> > > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
> (APTCA)
> > > to
> > > > ensure secure access to strong-named assemblies
> > > > TODO 3.1 : Need verification,
> > > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> > > > exceptions handling
> > > > TODO 3.2 : Need verification, we use it
> > > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent
> data
> > > > execution
> > > > TODO 3.3 : Need verification, we use it
> > > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
> > > space
> > > > layout randomization (ASLR)
> > > > TODO 3.4 : Need verification, we use it
> > > > 3.5 Your app must not Read/Write Shared PE Sections
> > > > TODO 3.5 : Need verification,
> > > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH,
> NXCOMPAT,
> > > > DYNAMICBASE, but the libraries we ship have to be modified to use
> these
> > > > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
> > > about
> > > > the RW PW Sections, but I guess we do not have any.
> > > >
> > > > 4. Apps must adhere to system restart manager messages
> > > > 4.1 Your app must handle critical shutdowns appropriately
> > > > TODO 4.1 : Need verification,
> > > > 4.2 A GUI app must return TRUE immediately in preparation for a
> restart
> > > > TODO 4.2 : Need verification, we do
> > > > 4.3 Your app must return 0 within 30 seconds and shut down
> > > > TODO 4.3 : Need verification,we do
> > > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > > > implemented,these new messages are currently ignored
> > > >
> > > > 5. Apps must support a clean, reversible installation
> > > > 5.1 Your app must properly implement a clean, reversible installation
> > > > TODO 5.1 : Need verification,
> > > > 5.2 Your app must never force the user to restart the computer
> > > immediately
> > > > TODO 5.2 : Need verification,we never
> > > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> > > > TODO 5.3 : Need verification,we never
> > > > 5.4 Your app must never block silent install/uninstall
> > > > TODO 5.4 : Need verification,
> > > > 5.5 Your app installer must create the correct registry entries to
> > allow
> > > > successful detection and uninstalls
> > > > TODO 5.5 : Need verification,
> > > > Herbert1: Win8 Cert Section 5: making sure that the registry entries
> > and
> > > > files are restored is difficult
> > > >
> > > > 6. Apps must digitally sign files and drivers
> > > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
> > must
> > > be
> > > > signed with an Authenticode certificate
> > > > TODO 6.1:Need to do digitally sign
> > > > Herbert1: Win8 Cert Section 6: Having authentication credentials
> would
> > be
> > > > good even if don't pursue Win8 shop certification
> > > >
> > > > 7. Apps don’t block installation or app launch based on an operating
> > > system
> > > > version check
> > > > 7.1 Your app must not perform version checks for equality
> > > > TODO 7.1 : Need verification,
> > > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but
> I'm
> > > > almost certain that it is not a check for equality. Needs to be
> checked
> > > > though.
> > > >
> > > > 8. Apps don’t load services or drivers in safe mode
> > > > TODO 8 : Need verification, we don't
> > > >
> > > > 9. Apps must follow User Account Control guidelines
> > > > 9.1 Your app must have a manifest that defines execution levels and
> > tells
> > > > the operating system what privileges the app requires in order to run
> > > > TODO 9.1 : Need verification,
> > > > 9.2 Your app’s main process must be run as a standard user
> (asInvoker).
> > > > TODO 9.2 : Need verification,
> > > >
> > > > 10. Apps must install to the correct folders by default
> > > > 10.1 Your app must be installed in the Program Files folder by
> default
> > > > TODO 10.1: Need verification,we do
> > > > 10.2 Your app must avoid starting automatically on startup
> > > > TODO 10.2: Need verification, the quick start is a issue
> > > > 10.3 Your app data, which must be shared among users on the computer,
> > > > should be stored within ProgramData
> > > > TODO 10.3: Need verification,we do
> > > > 10.4 Your app’s data that is exclusive to a specific user and that is
> > not
> > > > to be shared with other users of the computer, must be stored in
> > > > Users\<username>\AppData
> > > > TODO 10.4: Need verification,we do
> > > > 10.5 Your app must never write directly to the "Windows" directory
> and
> > or
> > > > subdirectories
> > > > TODO 10.5: Need verification,we never
> > > > 10.6 Your app must write user data at first run and not during the
> > > > installation in “per-machine” installations
> > > > TODO 10.6: Need verification,we do
> > > >
> > > > 11. Apps must support multi-user sessions
> > > > 11.1 Your app must ensure that when running in multiple sessions
> either
> > > > locally or remotely, the normal functionality of the app is not
> > adversely
> > > > affected
> > > > TODO 11.1: Need verification,
> > > > 11.2 Your app’s settings and data files must not persist across users
> > > > TODO 11.2: Need verification,
> > > > 11.3 A user’s privacy and preferences must be isolated to the user’s
> > > > session
> > > > TODO 11.3: Need verification,
> > > > 11.4 Your app’s instances must be isolated from each other
> > > > TODO 11.4: Need verification,
> > > > 11.5 Apps that are installed for multiple users must store data in
> the
> > > > correct folder(s) and registry locations
> > > > Refer to the UAC requirements.
> > > > TODO 11.5: Need verification,
> > > > 11.6 User apps must be able to run in multiple user sessions (Fast
> User
> > > > Switching) for both local and remote access
> > > > TODO 11.6: Need verification,
> > > > 11.7 Your app must check other terminal service (TS) sessions for
> > > existing
> > > > instances of the app
> > > > TODO 11.7: Need verification,
> > > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to
> TS
> > > > session management
> > > >
> > > > 12. Apps must support x64 versions of Windows
> > > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> > > > Windows-based apps must run seamlessly on 64-bit systems to maintain
> > > > compatibility with 64-bit versions of Windows
> > > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > > > 12.2 Your app and its installers must not contain any 16-bit code or
> > rely
> > > > on any 16-bit component
> > > > TODO 12.2: Need verification, AOO not contain 16-bit code
> > > > 12.3 Your app’s setup must detect and install the proper drivers and
> > > > components for the 64-bit architecture
> > > > TODO 12.3: Need verification,
> > > >
> > > >
> > > >
> > > > 2012/6/7 Rob Weir <ro...@apache.org>
> > > >
> > > > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > > > > server. After a few minutes to figure out the new platform UI I
> > > > > installed AOO 3.4. Install went without problems and it appears to
> > > > > run fine.
> > > > >
> > > > > Of course, there is more that we could do to be a well-integrated
> > > > > Windows desktop application. The best practices are outlined here:
> > > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > > > >
> > > > > A lot of this is goodness that would help users on Windows 7 and
> > > > > earlier versions as well. For example, the code signing reduces
> the
> > > > > risk of tampering or corrupt files. It also reduces false
> complaints
> > > > > by some anti-virus products. The recommended compiler options help
> > > > > reduce the explotability of security vulnerabilities, especially of
> > > > > the kind products run into reading binary file formats. More info
> on
> > > > > these options are here:
> > > > >
> > > > >
> > > > >
> > > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > > > >
> > > > > Did OpenOffice.org ever try for logo certification from Microsoft
> > > > > before? If so, what was the experience?
> > > > >
> > > > > I think it might be worth trying for this with AOO, It would takes
> > > > > some work, but in the end we would have better platform
> integration,
> > > > > and a better user and admin experience.
> > > > >
> > > > > -Rob
> > > > >
> > > >
> > >
> >
>
Re: Windows 8 Compatibility?
Posted by Lin Yuan <yu...@gmail.com>.
About issue5 that support multiple user sessions, as tested by Yan Ji on a
Windows 2008 server. When allow one user to remote log in with multiple
sessions, AOO 3.4 is not stable and will crash after some operations.
To support multiple sessions for one user, I thinkonly rearchitect single
IPC to TS session managment is not enough. If allow multiple AOO instances
can be run isolated for one user, the data in user directory must be
synchronized correctly for those AOO instances as they all share the same
user directory. The data may inlucde extensions, .xcu and other
configuration files. So I think the simplest way to be able to cetifiacted
with Windows 8 in this section is do below thing mentioned in Certification
requirements for Windows 8
"If an app does not support multiple user sessions or remote access, it
must clearly state this when launched from this kind of session"
That is, when AOO launched, check if there is another AOO instance in a
different TS session but for the same user. If does, popup a warning dialog
and exit.
2012/6/12 Liu Da Li <wa...@gmail.com>
> I have create five items on Bugzilla to track these issue.
>
> - Issue 1. Test for "Section 3 Apps support Windows security features"
> is failed.Bugzilla ID 119946 link:
> [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>
>
> - Issue 2. Test for "Section 4 Apps must adhere to system restart
> manager messages" is failed. Bugzilla ID 119947 link:
> [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>
>
> - Issue 3. Test for "Section 5 Apps must support a clean, reversible
> installation" is failed. Bugzilla ID 119948 link:
> [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>
>
> - Issue 4. Test for "Section 6 Apps must digitally sign files and
> drivers" is failed.Bugzilla ID 119949 link:
> [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>
>
> - Issue 5. Test for "Section 11 Apps must support multi-user sessions"
> is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
> [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>
> Anyone please help to check them, confirm them and fix them.
>
> 2012/6/12 XiuLi Xu <su...@gmail.com>
>
> > Hi All,
> >
> > I upload the detailed test result and Windows 8 related links in the wiki
> > document, Windows App Certification Kit Test Results for Apache
> OpenOffice
> > 3.4<
> >
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> > >
> >
> >
> > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
> >
> > > There are so many items in the Windows 8 certification list, I try to
> go
> > > through it and find that there is maybe about 43 TODO items for us to
> do
> > > the certification. Most of the TODO items are just a verification
> jobs,
> > > but some code change jobs maybe are need to do for the sections
> 4.1,5.1,
> > > 9.1, 10.2,11.7.
> > > I have try to verify some items, the result be marked at green.
> > > Herbert1 also go through the list, I put his result at the end of each
> > > section.
> > >
> > > Items which maybe need to change some codes
> > > ------------------------------------------------
> > > 4.1 Your app must handle critical shutdowns appropriately
> > > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION
> will
> > > be sent WM_ENDSESSION and closed, while those that time out in response
> > to
> > > WM_QUERYENDSESSION will be terminated. .
> > > 5.1 Your app must properly implement a clean, reversible installation
> > > If the installation fails, the app should be able to roll it back and
> > > restore the machine to its previous state.
> > > 9.1 Your app must have a manifest that defines execution levels and
> tells
> > > the operating system what privileges the app requires in order to run
> > > The app manifest marking only applies to EXEs, not DLLs. This is
> because
> > > UAC does not inspect DLLs during process creation. It is also worth
> > noting
> > > that UAC rules do not apply to Windows Services. The manifest can be
> > either
> > > embedded or external.
> > > To create a manifest, create a file with the name
> <app_name>.exe.manifest
> > > and store it in the same directory as the EXE. Note that any external
> > > manifest is ignored if the app has an internal manifest. For example:
> > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > > requireAdministrator"" uiAccess=""true|false""/>
> > > 10.2 Your app must avoid starting automatically on startup
> > > For example, your app should not set any of the following;
> > > Registry run keys HKLM and, or HKCU under
> > > Software\Microsoft\Windows\CurrentVersion
> > > Registry run keys HKLM, and or HKCU under
> > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > > Start Menu AllPrograms > STARTUP
> > > 11.7 Your app must check other terminal service (TS) sessions for
> > existing
> > > instances of the app
> > > Note: If an app does not support multiple user sessions or remote
> access,
> > > it must clearly state this when launched from this kind of session.
> > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > Full TODO items.
> > >
> > > 1. Apps are compatible and resilient
> > > 1.1 Your app must not take a dependency on Windows compatibility modes,
> > > AppHelp message, and or any other compatibility fixes
> > > TODO 1.1 : Need verification , don't depend.
> > > 1.2 Your app must not take a dependency on the VB6 runtime
> > > TODO 1.2 : Need verification , don't depend.
> > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
> > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > AppInit_dlls.
> > > TODO 1.3 : Need verification , don't load.
> > > Herbert1: Win8 Cert Section 1 : ok
> > >
> > > 2. Apps must adhere to Windows Security Best Practices
> > > 2.1 Your app must use strong and appropriate ACLs to secure executable
> > > files
> > > TODO 2.1 : Need verification
> > > 2.2 Your app must use strong and appropriate ACLs to secure directories
> > > TODO 2.2 : Need verification
> > > 2.3 Your app must use strong and appropriate ACLs to secure registry
> keys
> > > TODO 2.3 : Need verification
> > > 2.4 Your app must use strong and appropriate ACLs to secure directories
> > > that contain objects
> > > TODO 2.4 : Need verification
> > > 2.5 Your app must reduce non-administrator access to services that are
> > > vulnerable to tampering
> > > TODO 2.5 : Need verification
> > > 2.6 Your app must prevent services with fast restarts from restarting
> > more
> > > than twice every 24 hours
> > > TODO 2.6 : Need verification
> > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it
> is
> > > fine,we are using nsis-2.46 for building the MSI package but Windows
> > itself
> > > does the installation of the MSI packages
> > >
> > > 3. Apps support Windows security features
> > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA)
> > to
> > > ensure secure access to strong-named assemblies
> > > TODO 3.1 : Need verification,
> > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> > > exceptions handling
> > > TODO 3.2 : Need verification, we use it
> > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
> > > execution
> > > TODO 3.3 : Need verification, we use it
> > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
> > space
> > > layout randomization (ASLR)
> > > TODO 3.4 : Need verification, we use it
> > > 3.5 Your app must not Read/Write Shared PE Sections
> > > TODO 3.5 : Need verification,
> > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
> > > DYNAMICBASE, but the libraries we ship have to be modified to use these
> > > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
> > about
> > > the RW PW Sections, but I guess we do not have any.
> > >
> > > 4. Apps must adhere to system restart manager messages
> > > 4.1 Your app must handle critical shutdowns appropriately
> > > TODO 4.1 : Need verification,
> > > 4.2 A GUI app must return TRUE immediately in preparation for a restart
> > > TODO 4.2 : Need verification, we do
> > > 4.3 Your app must return 0 within 30 seconds and shut down
> > > TODO 4.3 : Need verification,we do
> > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > > implemented,these new messages are currently ignored
> > >
> > > 5. Apps must support a clean, reversible installation
> > > 5.1 Your app must properly implement a clean, reversible installation
> > > TODO 5.1 : Need verification,
> > > 5.2 Your app must never force the user to restart the computer
> > immediately
> > > TODO 5.2 : Need verification,we never
> > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> > > TODO 5.3 : Need verification,we never
> > > 5.4 Your app must never block silent install/uninstall
> > > TODO 5.4 : Need verification,
> > > 5.5 Your app installer must create the correct registry entries to
> allow
> > > successful detection and uninstalls
> > > TODO 5.5 : Need verification,
> > > Herbert1: Win8 Cert Section 5: making sure that the registry entries
> and
> > > files are restored is difficult
> > >
> > > 6. Apps must digitally sign files and drivers
> > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
> must
> > be
> > > signed with an Authenticode certificate
> > > TODO 6.1:Need to do digitally sign
> > > Herbert1: Win8 Cert Section 6: Having authentication credentials would
> be
> > > good even if don't pursue Win8 shop certification
> > >
> > > 7. Apps don’t block installation or app launch based on an operating
> > system
> > > version check
> > > 7.1 Your app must not perform version checks for equality
> > > TODO 7.1 : Need verification,
> > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
> > > almost certain that it is not a check for equality. Needs to be checked
> > > though.
> > >
> > > 8. Apps don’t load services or drivers in safe mode
> > > TODO 8 : Need verification, we don't
> > >
> > > 9. Apps must follow User Account Control guidelines
> > > 9.1 Your app must have a manifest that defines execution levels and
> tells
> > > the operating system what privileges the app requires in order to run
> > > TODO 9.1 : Need verification,
> > > 9.2 Your app’s main process must be run as a standard user (asInvoker).
> > > TODO 9.2 : Need verification,
> > >
> > > 10. Apps must install to the correct folders by default
> > > 10.1 Your app must be installed in the Program Files folder by default
> > > TODO 10.1: Need verification,we do
> > > 10.2 Your app must avoid starting automatically on startup
> > > TODO 10.2: Need verification, the quick start is a issue
> > > 10.3 Your app data, which must be shared among users on the computer,
> > > should be stored within ProgramData
> > > TODO 10.3: Need verification,we do
> > > 10.4 Your app’s data that is exclusive to a specific user and that is
> not
> > > to be shared with other users of the computer, must be stored in
> > > Users\<username>\AppData
> > > TODO 10.4: Need verification,we do
> > > 10.5 Your app must never write directly to the "Windows" directory and
> or
> > > subdirectories
> > > TODO 10.5: Need verification,we never
> > > 10.6 Your app must write user data at first run and not during the
> > > installation in “per-machine” installations
> > > TODO 10.6: Need verification,we do
> > >
> > > 11. Apps must support multi-user sessions
> > > 11.1 Your app must ensure that when running in multiple sessions either
> > > locally or remotely, the normal functionality of the app is not
> adversely
> > > affected
> > > TODO 11.1: Need verification,
> > > 11.2 Your app’s settings and data files must not persist across users
> > > TODO 11.2: Need verification,
> > > 11.3 A user’s privacy and preferences must be isolated to the user’s
> > > session
> > > TODO 11.3: Need verification,
> > > 11.4 Your app’s instances must be isolated from each other
> > > TODO 11.4: Need verification,
> > > 11.5 Apps that are installed for multiple users must store data in the
> > > correct folder(s) and registry locations
> > > Refer to the UAC requirements.
> > > TODO 11.5: Need verification,
> > > 11.6 User apps must be able to run in multiple user sessions (Fast User
> > > Switching) for both local and remote access
> > > TODO 11.6: Need verification,
> > > 11.7 Your app must check other terminal service (TS) sessions for
> > existing
> > > instances of the app
> > > TODO 11.7: Need verification,
> > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
> > > session management
> > >
> > > 12. Apps must support x64 versions of Windows
> > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> > > Windows-based apps must run seamlessly on 64-bit systems to maintain
> > > compatibility with 64-bit versions of Windows
> > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > > 12.2 Your app and its installers must not contain any 16-bit code or
> rely
> > > on any 16-bit component
> > > TODO 12.2: Need verification, AOO not contain 16-bit code
> > > 12.3 Your app’s setup must detect and install the proper drivers and
> > > components for the 64-bit architecture
> > > TODO 12.3: Need verification,
> > >
> > >
> > >
> > > 2012/6/7 Rob Weir <ro...@apache.org>
> > >
> > > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > > > server. After a few minutes to figure out the new platform UI I
> > > > installed AOO 3.4. Install went without problems and it appears to
> > > > run fine.
> > > >
> > > > Of course, there is more that we could do to be a well-integrated
> > > > Windows desktop application. The best practices are outlined here:
> > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > > >
> > > > A lot of this is goodness that would help users on Windows 7 and
> > > > earlier versions as well. For example, the code signing reduces the
> > > > risk of tampering or corrupt files. It also reduces false complaints
> > > > by some anti-virus products. The recommended compiler options help
> > > > reduce the explotability of security vulnerabilities, especially of
> > > > the kind products run into reading binary file formats. More info on
> > > > these options are here:
> > > >
> > > >
> > > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > > >
> > > > Did OpenOffice.org ever try for logo certification from Microsoft
> > > > before? If so, what was the experience?
> > > >
> > > > I think it might be worth trying for this with AOO, It would takes
> > > > some work, but in the end we would have better platform integration,
> > > > and a better user and admin experience.
> > > >
> > > > -Rob
> > > >
> > >
> >
>
Re: Windows 8 Compatibility?
Posted by Huaidong Qiu <qi...@gmail.com>.
I checked the Certification Kit report, It only complained about the
unzipped installation package of the vcredist library, not the library
itself, we can just fix this installation defect we done, I saw there is a
defect already open for this.
On Tue, Jun 12, 2012 at 5:42 PM, Huaidong Qiu <qi...@gmail.com> wrote:
> Can we remove the vcredist library from AOO and tell the users to download
> it from MS?
>
>
>
> On Tue, Jun 12, 2012 at 1:53 PM, Liu Da Li <wa...@gmail.com> wrote:
>
>> I have create five items on Bugzilla to track these issue.
>>
>> - Issue 1. Test for "Section 3 Apps support Windows security features"
>> is failed.Bugzilla ID 119946 link:
>> [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>>
>>
>> - Issue 2. Test for "Section 4 Apps must adhere to system restart
>> manager messages" is failed. Bugzilla ID 119947 link:
>> [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>>
>>
>> - Issue 3. Test for "Section 5 Apps must support a clean, reversible
>> installation" is failed. Bugzilla ID 119948 link:
>> [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>>
>>
>> - Issue 4. Test for "Section 6 Apps must digitally sign files and
>> drivers" is failed.Bugzilla ID 119949 link:
>> [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>>
>>
>> - Issue 5. Test for "Section 11 Apps must support multi-user sessions"
>> is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
>> [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>>
>> Anyone please help to check them, confirm them and fix them.
>>
>> 2012/6/12 XiuLi Xu <su...@gmail.com>
>>
>> > Hi All,
>> >
>> > I upload the detailed test result and Windows 8 related links in the
>> wiki
>> > document, Windows App Certification Kit Test Results for Apache
>> OpenOffice
>> > 3.4<
>> >
>> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
>> > >
>> >
>> >
>> > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
>> >
>> > > There are so many items in the Windows 8 certification list, I try to
>> go
>> > > through it and find that there is maybe about 43 TODO items for us to
>> do
>> > > the certification. Most of the TODO items are just a verification
>> jobs,
>> > > but some code change jobs maybe are need to do for the sections
>> 4.1,5.1,
>> > > 9.1, 10.2,11.7.
>> > > I have try to verify some items, the result be marked at green.
>> > > Herbert1 also go through the list, I put his result at the end of each
>> > > section.
>> > >
>> > > Items which maybe need to change some codes
>> > > ------------------------------------------------
>> > > 4.1 Your app must handle critical shutdowns appropriately
>> > > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION
>> will
>> > > be sent WM_ENDSESSION and closed, while those that time out in
>> response
>> > to
>> > > WM_QUERYENDSESSION will be terminated. .
>> > > 5.1 Your app must properly implement a clean, reversible installation
>> > > If the installation fails, the app should be able to roll it back and
>> > > restore the machine to its previous state.
>> > > 9.1 Your app must have a manifest that defines execution levels and
>> tells
>> > > the operating system what privileges the app requires in order to run
>> > > The app manifest marking only applies to EXEs, not DLLs. This is
>> because
>> > > UAC does not inspect DLLs during process creation. It is also worth
>> > noting
>> > > that UAC rules do not apply to Windows Services. The manifest can be
>> > either
>> > > embedded or external.
>> > > To create a manifest, create a file with the name
>> <app_name>.exe.manifest
>> > > and store it in the same directory as the EXE. Note that any external
>> > > manifest is ignored if the app has an internal manifest. For example:
>> > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
>> > > requireAdministrator"" uiAccess=""true|false""/>
>> > > 10.2 Your app must avoid starting automatically on startup
>> > > For example, your app should not set any of the following;
>> > > Registry run keys HKLM and, or HKCU under
>> > > Software\Microsoft\Windows\CurrentVersion
>> > > Registry run keys HKLM, and or HKCU under
>> > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
>> > > Start Menu AllPrograms > STARTUP
>> > > 11.7 Your app must check other terminal service (TS) sessions for
>> > existing
>> > > instances of the app
>> > > Note: If an app does not support multiple user sessions or remote
>> access,
>> > > it must clearly state this when launched from this kind of session.
>> > >
>> > >
>> >
>> ------------------------------------------------------------------------------------------
>> > > Full TODO items.
>> > >
>> > > 1. Apps are compatible and resilient
>> > > 1.1 Your app must not take a dependency on Windows compatibility
>> modes,
>> > > AppHelp message, and or any other compatibility fixes
>> > > TODO 1.1 : Need verification , don't depend.
>> > > 1.2 Your app must not take a dependency on the VB6 runtime
>> > > TODO 1.2 : Need verification , don't depend.
>> > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
>> > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
>> > > AppInit_dlls.
>> > > TODO 1.3 : Need verification , don't load.
>> > > Herbert1: Win8 Cert Section 1 : ok
>> > >
>> > > 2. Apps must adhere to Windows Security Best Practices
>> > > 2.1 Your app must use strong and appropriate ACLs to secure executable
>> > > files
>> > > TODO 2.1 : Need verification
>> > > 2.2 Your app must use strong and appropriate ACLs to secure
>> directories
>> > > TODO 2.2 : Need verification
>> > > 2.3 Your app must use strong and appropriate ACLs to secure registry
>> keys
>> > > TODO 2.3 : Need verification
>> > > 2.4 Your app must use strong and appropriate ACLs to secure
>> directories
>> > > that contain objects
>> > > TODO 2.4 : Need verification
>> > > 2.5 Your app must reduce non-administrator access to services that are
>> > > vulnerable to tampering
>> > > TODO 2.5 : Need verification
>> > > 2.6 Your app must prevent services with fast restarts from restarting
>> > more
>> > > than twice every 24 hours
>> > > TODO 2.6 : Need verification
>> > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it
>> is
>> > > fine,we are using nsis-2.46 for building the MSI package but Windows
>> > itself
>> > > does the installation of the MSI packages
>> > >
>> > > 3. Apps support Windows security features
>> > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute
>> (APTCA)
>> > to
>> > > ensure secure access to strong-named assemblies
>> > > TODO 3.1 : Need verification,
>> > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
>> > > exceptions handling
>> > > TODO 3.2 : Need verification, we use it
>> > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
>> > > execution
>> > > TODO 3.3 : Need verification, we use it
>> > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
>> > space
>> > > layout randomization (ASLR)
>> > > TODO 3.4 : Need verification, we use it
>> > > 3.5 Your app must not Read/Write Shared PE Sections
>> > > TODO 3.5 : Need verification,
>> > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
>> > > DYNAMICBASE, but the libraries we ship have to be modified to use
>> these
>> > > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
>> > about
>> > > the RW PW Sections, but I guess we do not have any.
>> > >
>> > > 4. Apps must adhere to system restart manager messages
>> > > 4.1 Your app must handle critical shutdowns appropriately
>> > > TODO 4.1 : Need verification,
>> > > 4.2 A GUI app must return TRUE immediately in preparation for a
>> restart
>> > > TODO 4.2 : Need verification, we do
>> > > 4.3 Your app must return 0 within 30 seconds and shut down
>> > > TODO 4.3 : Need verification,we do
>> > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
>> > > implemented,these new messages are currently ignored
>> > >
>> > > 5. Apps must support a clean, reversible installation
>> > > 5.1 Your app must properly implement a clean, reversible installation
>> > > TODO 5.1 : Need verification,
>> > > 5.2 Your app must never force the user to restart the computer
>> > immediately
>> > > TODO 5.2 : Need verification,we never
>> > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
>> > > TODO 5.3 : Need verification,we never
>> > > 5.4 Your app must never block silent install/uninstall
>> > > TODO 5.4 : Need verification,
>> > > 5.5 Your app installer must create the correct registry entries to
>> allow
>> > > successful detection and uninstalls
>> > > TODO 5.5 : Need verification,
>> > > Herbert1: Win8 Cert Section 5: making sure that the registry entries
>> and
>> > > files are restored is difficult
>> > >
>> > > 6. Apps must digitally sign files and drivers
>> > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
>> must
>> > be
>> > > signed with an Authenticode certificate
>> > > TODO 6.1:Need to do digitally sign
>> > > Herbert1: Win8 Cert Section 6: Having authentication credentials
>> would be
>> > > good even if don't pursue Win8 shop certification
>> > >
>> > > 7. Apps don’t block installation or app launch based on an operating
>> > system
>> > > version check
>> > > 7.1 Your app must not perform version checks for equality
>> > > TODO 7.1 : Need verification,
>> > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but
>> I'm
>> > > almost certain that it is not a check for equality. Needs to be
>> checked
>> > > though.
>> > >
>> > > 8. Apps don’t load services or drivers in safe mode
>> > > TODO 8 : Need verification, we don't
>> > >
>> > > 9. Apps must follow User Account Control guidelines
>> > > 9.1 Your app must have a manifest that defines execution levels and
>> tells
>> > > the operating system what privileges the app requires in order to run
>> > > TODO 9.1 : Need verification,
>> > > 9.2 Your app’s main process must be run as a standard user
>> (asInvoker).
>> > > TODO 9.2 : Need verification,
>> > >
>> > > 10. Apps must install to the correct folders by default
>> > > 10.1 Your app must be installed in the Program Files folder by default
>> > > TODO 10.1: Need verification,we do
>> > > 10.2 Your app must avoid starting automatically on startup
>> > > TODO 10.2: Need verification, the quick start is a issue
>> > > 10.3 Your app data, which must be shared among users on the computer,
>> > > should be stored within ProgramData
>> > > TODO 10.3: Need verification,we do
>> > > 10.4 Your app’s data that is exclusive to a specific user and that is
>> not
>> > > to be shared with other users of the computer, must be stored in
>> > > Users\<username>\AppData
>> > > TODO 10.4: Need verification,we do
>> > > 10.5 Your app must never write directly to the "Windows" directory
>> and or
>> > > subdirectories
>> > > TODO 10.5: Need verification,we never
>> > > 10.6 Your app must write user data at first run and not during the
>> > > installation in “per-machine” installations
>> > > TODO 10.6: Need verification,we do
>> > >
>> > > 11. Apps must support multi-user sessions
>> > > 11.1 Your app must ensure that when running in multiple sessions
>> either
>> > > locally or remotely, the normal functionality of the app is not
>> adversely
>> > > affected
>> > > TODO 11.1: Need verification,
>> > > 11.2 Your app’s settings and data files must not persist across users
>> > > TODO 11.2: Need verification,
>> > > 11.3 A user’s privacy and preferences must be isolated to the user’s
>> > > session
>> > > TODO 11.3: Need verification,
>> > > 11.4 Your app’s instances must be isolated from each other
>> > > TODO 11.4: Need verification,
>> > > 11.5 Apps that are installed for multiple users must store data in the
>> > > correct folder(s) and registry locations
>> > > Refer to the UAC requirements.
>> > > TODO 11.5: Need verification,
>> > > 11.6 User apps must be able to run in multiple user sessions (Fast
>> User
>> > > Switching) for both local and remote access
>> > > TODO 11.6: Need verification,
>> > > 11.7 Your app must check other terminal service (TS) sessions for
>> > existing
>> > > instances of the app
>> > > TODO 11.7: Need verification,
>> > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
>> > > session management
>> > >
>> > > 12. Apps must support x64 versions of Windows
>> > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
>> > > Windows-based apps must run seamlessly on 64-bit systems to maintain
>> > > compatibility with 64-bit versions of Windows
>> > > TODO 12.1: Need verification, AOO can be run on 64-bit system
>> > > 12.2 Your app and its installers must not contain any 16-bit code or
>> rely
>> > > on any 16-bit component
>> > > TODO 12.2: Need verification, AOO not contain 16-bit code
>> > > 12.3 Your app’s setup must detect and install the proper drivers and
>> > > components for the 64-bit architecture
>> > > TODO 12.3: Need verification,
>> > >
>> > >
>> > >
>> > > 2012/6/7 Rob Weir <ro...@apache.org>
>> > >
>> > > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
>> > > > server. After a few minutes to figure out the new platform UI I
>> > > > installed AOO 3.4. Install went without problems and it appears to
>> > > > run fine.
>> > > >
>> > > > Of course, there is more that we could do to be a well-integrated
>> > > > Windows desktop application. The best practices are outlined here:
>> > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
>> > > >
>> > > > A lot of this is goodness that would help users on Windows 7 and
>> > > > earlier versions as well. For example, the code signing reduces the
>> > > > risk of tampering or corrupt files. It also reduces false
>> complaints
>> > > > by some anti-virus products. The recommended compiler options help
>> > > > reduce the explotability of security vulnerabilities, especially of
>> > > > the kind products run into reading binary file formats. More info
>> on
>> > > > these options are here:
>> > > >
>> > > >
>> > > >
>> > >
>> >
>> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
>> > > >
>> > > > Did OpenOffice.org ever try for logo certification from Microsoft
>> > > > before? If so, what was the experience?
>> > > >
>> > > > I think it might be worth trying for this with AOO, It would takes
>> > > > some work, but in the end we would have better platform integration,
>> > > > and a better user and admin experience.
>> > > >
>> > > > -Rob
>> > > >
>> > >
>> >
>>
>
>
Re: Windows 8 Compatibility?
Posted by Huaidong Qiu <qi...@gmail.com>.
Can we remove the vcredist library from AOO and tell the users to download
it from MS?
On Tue, Jun 12, 2012 at 1:53 PM, Liu Da Li <wa...@gmail.com> wrote:
> I have create five items on Bugzilla to track these issue.
>
> - Issue 1. Test for "Section 3 Apps support Windows security features"
> is failed.Bugzilla ID 119946 link:
> [4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
>
>
> - Issue 2. Test for "Section 4 Apps must adhere to system restart
> manager messages" is failed. Bugzilla ID 119947 link:
> [5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
>
>
> - Issue 3. Test for "Section 5 Apps must support a clean, reversible
> installation" is failed. Bugzilla ID 119948 link:
> [6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
>
>
> - Issue 4. Test for "Section 6 Apps must digitally sign files and
> drivers" is failed.Bugzilla ID 119949 link:
> [7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
>
>
> - Issue 5. Test for "Section 11 Apps must support multi-user sessions"
> is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
> [8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
>
> Anyone please help to check them, confirm them and fix them.
>
> 2012/6/12 XiuLi Xu <su...@gmail.com>
>
> > Hi All,
> >
> > I upload the detailed test result and Windows 8 related links in the wiki
> > document, Windows App Certification Kit Test Results for Apache
> OpenOffice
> > 3.4<
> >
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> > >
> >
> >
> > On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
> >
> > > There are so many items in the Windows 8 certification list, I try to
> go
> > > through it and find that there is maybe about 43 TODO items for us to
> do
> > > the certification. Most of the TODO items are just a verification
> jobs,
> > > but some code change jobs maybe are need to do for the sections
> 4.1,5.1,
> > > 9.1, 10.2,11.7.
> > > I have try to verify some items, the result be marked at green.
> > > Herbert1 also go through the list, I put his result at the end of each
> > > section.
> > >
> > > Items which maybe need to change some codes
> > > ------------------------------------------------
> > > 4.1 Your app must handle critical shutdowns appropriately
> > > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION
> will
> > > be sent WM_ENDSESSION and closed, while those that time out in response
> > to
> > > WM_QUERYENDSESSION will be terminated. .
> > > 5.1 Your app must properly implement a clean, reversible installation
> > > If the installation fails, the app should be able to roll it back and
> > > restore the machine to its previous state.
> > > 9.1 Your app must have a manifest that defines execution levels and
> tells
> > > the operating system what privileges the app requires in order to run
> > > The app manifest marking only applies to EXEs, not DLLs. This is
> because
> > > UAC does not inspect DLLs during process creation. It is also worth
> > noting
> > > that UAC rules do not apply to Windows Services. The manifest can be
> > either
> > > embedded or external.
> > > To create a manifest, create a file with the name
> <app_name>.exe.manifest
> > > and store it in the same directory as the EXE. Note that any external
> > > manifest is ignored if the app has an internal manifest. For example:
> > > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > > requireAdministrator"" uiAccess=""true|false""/>
> > > 10.2 Your app must avoid starting automatically on startup
> > > For example, your app should not set any of the following;
> > > Registry run keys HKLM and, or HKCU under
> > > Software\Microsoft\Windows\CurrentVersion
> > > Registry run keys HKLM, and or HKCU under
> > > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > > Start Menu AllPrograms > STARTUP
> > > 11.7 Your app must check other terminal service (TS) sessions for
> > existing
> > > instances of the app
> > > Note: If an app does not support multiple user sessions or remote
> access,
> > > it must clearly state this when launched from this kind of session.
> > >
> > >
> >
> ------------------------------------------------------------------------------------------
> > > Full TODO items.
> > >
> > > 1. Apps are compatible and resilient
> > > 1.1 Your app must not take a dependency on Windows compatibility modes,
> > > AppHelp message, and or any other compatibility fixes
> > > TODO 1.1 : Need verification , don't depend.
> > > 1.2 Your app must not take a dependency on the VB6 runtime
> > > TODO 1.2 : Need verification , don't depend.
> > > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
> > > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > > AppInit_dlls.
> > > TODO 1.3 : Need verification , don't load.
> > > Herbert1: Win8 Cert Section 1 : ok
> > >
> > > 2. Apps must adhere to Windows Security Best Practices
> > > 2.1 Your app must use strong and appropriate ACLs to secure executable
> > > files
> > > TODO 2.1 : Need verification
> > > 2.2 Your app must use strong and appropriate ACLs to secure directories
> > > TODO 2.2 : Need verification
> > > 2.3 Your app must use strong and appropriate ACLs to secure registry
> keys
> > > TODO 2.3 : Need verification
> > > 2.4 Your app must use strong and appropriate ACLs to secure directories
> > > that contain objects
> > > TODO 2.4 : Need verification
> > > 2.5 Your app must reduce non-administrator access to services that are
> > > vulnerable to tampering
> > > TODO 2.5 : Need verification
> > > 2.6 Your app must prevent services with fast restarts from restarting
> > more
> > > than twice every 24 hours
> > > TODO 2.6 : Need verification
> > > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it
> is
> > > fine,we are using nsis-2.46 for building the MSI package but Windows
> > itself
> > > does the installation of the MSI packages
> > >
> > > 3. Apps support Windows security features
> > > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA)
> > to
> > > ensure secure access to strong-named assemblies
> > > TODO 3.1 : Need verification,
> > > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> > > exceptions handling
> > > TODO 3.2 : Need verification, we use it
> > > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
> > > execution
> > > TODO 3.3 : Need verification, we use it
> > > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
> > space
> > > layout randomization (ASLR)
> > > TODO 3.4 : Need verification, we use it
> > > 3.5 Your app must not Read/Write Shared PE Sections
> > > TODO 3.5 : Need verification,
> > > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
> > > DYNAMICBASE, but the libraries we ship have to be modified to use these
> > > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
> > about
> > > the RW PW Sections, but I guess we do not have any.
> > >
> > > 4. Apps must adhere to system restart manager messages
> > > 4.1 Your app must handle critical shutdowns appropriately
> > > TODO 4.1 : Need verification,
> > > 4.2 A GUI app must return TRUE immediately in preparation for a restart
> > > TODO 4.2 : Need verification, we do
> > > 4.3 Your app must return 0 within 30 seconds and shut down
> > > TODO 4.3 : Need verification,we do
> > > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > > implemented,these new messages are currently ignored
> > >
> > > 5. Apps must support a clean, reversible installation
> > > 5.1 Your app must properly implement a clean, reversible installation
> > > TODO 5.1 : Need verification,
> > > 5.2 Your app must never force the user to restart the computer
> > immediately
> > > TODO 5.2 : Need verification,we never
> > > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> > > TODO 5.3 : Need verification,we never
> > > 5.4 Your app must never block silent install/uninstall
> > > TODO 5.4 : Need verification,
> > > 5.5 Your app installer must create the correct registry entries to
> allow
> > > successful detection and uninstalls
> > > TODO 5.5 : Need verification,
> > > Herbert1: Win8 Cert Section 5: making sure that the registry entries
> and
> > > files are restored is difficult
> > >
> > > 6. Apps must digitally sign files and drivers
> > > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr)
> must
> > be
> > > signed with an Authenticode certificate
> > > TODO 6.1:Need to do digitally sign
> > > Herbert1: Win8 Cert Section 6: Having authentication credentials would
> be
> > > good even if don't pursue Win8 shop certification
> > >
> > > 7. Apps don’t block installation or app launch based on an operating
> > system
> > > version check
> > > 7.1 Your app must not perform version checks for equality
> > > TODO 7.1 : Need verification,
> > > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
> > > almost certain that it is not a check for equality. Needs to be checked
> > > though.
> > >
> > > 8. Apps don’t load services or drivers in safe mode
> > > TODO 8 : Need verification, we don't
> > >
> > > 9. Apps must follow User Account Control guidelines
> > > 9.1 Your app must have a manifest that defines execution levels and
> tells
> > > the operating system what privileges the app requires in order to run
> > > TODO 9.1 : Need verification,
> > > 9.2 Your app’s main process must be run as a standard user (asInvoker).
> > > TODO 9.2 : Need verification,
> > >
> > > 10. Apps must install to the correct folders by default
> > > 10.1 Your app must be installed in the Program Files folder by default
> > > TODO 10.1: Need verification,we do
> > > 10.2 Your app must avoid starting automatically on startup
> > > TODO 10.2: Need verification, the quick start is a issue
> > > 10.3 Your app data, which must be shared among users on the computer,
> > > should be stored within ProgramData
> > > TODO 10.3: Need verification,we do
> > > 10.4 Your app’s data that is exclusive to a specific user and that is
> not
> > > to be shared with other users of the computer, must be stored in
> > > Users\<username>\AppData
> > > TODO 10.4: Need verification,we do
> > > 10.5 Your app must never write directly to the "Windows" directory and
> or
> > > subdirectories
> > > TODO 10.5: Need verification,we never
> > > 10.6 Your app must write user data at first run and not during the
> > > installation in “per-machine” installations
> > > TODO 10.6: Need verification,we do
> > >
> > > 11. Apps must support multi-user sessions
> > > 11.1 Your app must ensure that when running in multiple sessions either
> > > locally or remotely, the normal functionality of the app is not
> adversely
> > > affected
> > > TODO 11.1: Need verification,
> > > 11.2 Your app’s settings and data files must not persist across users
> > > TODO 11.2: Need verification,
> > > 11.3 A user’s privacy and preferences must be isolated to the user’s
> > > session
> > > TODO 11.3: Need verification,
> > > 11.4 Your app’s instances must be isolated from each other
> > > TODO 11.4: Need verification,
> > > 11.5 Apps that are installed for multiple users must store data in the
> > > correct folder(s) and registry locations
> > > Refer to the UAC requirements.
> > > TODO 11.5: Need verification,
> > > 11.6 User apps must be able to run in multiple user sessions (Fast User
> > > Switching) for both local and remote access
> > > TODO 11.6: Need verification,
> > > 11.7 Your app must check other terminal service (TS) sessions for
> > existing
> > > instances of the app
> > > TODO 11.7: Need verification,
> > > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
> > > session management
> > >
> > > 12. Apps must support x64 versions of Windows
> > > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> > > Windows-based apps must run seamlessly on 64-bit systems to maintain
> > > compatibility with 64-bit versions of Windows
> > > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > > 12.2 Your app and its installers must not contain any 16-bit code or
> rely
> > > on any 16-bit component
> > > TODO 12.2: Need verification, AOO not contain 16-bit code
> > > 12.3 Your app’s setup must detect and install the proper drivers and
> > > components for the 64-bit architecture
> > > TODO 12.3: Need verification,
> > >
> > >
> > >
> > > 2012/6/7 Rob Weir <ro...@apache.org>
> > >
> > > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > > > server. After a few minutes to figure out the new platform UI I
> > > > installed AOO 3.4. Install went without problems and it appears to
> > > > run fine.
> > > >
> > > > Of course, there is more that we could do to be a well-integrated
> > > > Windows desktop application. The best practices are outlined here:
> > > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > > >
> > > > A lot of this is goodness that would help users on Windows 7 and
> > > > earlier versions as well. For example, the code signing reduces the
> > > > risk of tampering or corrupt files. It also reduces false complaints
> > > > by some anti-virus products. The recommended compiler options help
> > > > reduce the explotability of security vulnerabilities, especially of
> > > > the kind products run into reading binary file formats. More info on
> > > > these options are here:
> > > >
> > > >
> > > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > > >
> > > > Did OpenOffice.org ever try for logo certification from Microsoft
> > > > before? If so, what was the experience?
> > > >
> > > > I think it might be worth trying for this with AOO, It would takes
> > > > some work, but in the end we would have better platform integration,
> > > > and a better user and admin experience.
> > > >
> > > > -Rob
> > > >
> > >
> >
>
Re: Windows 8 Compatibility?
Posted by Liu Da Li <wa...@gmail.com>.
I have create five items on Bugzilla to track these issue.
- Issue 1. Test for "Section 3 Apps support Windows security features"
is failed.Bugzilla ID 119946 link:
[4]<https://issues.apache.org/ooo/show_bug.cgi?id=119946>
- Issue 2. Test for "Section 4 Apps must adhere to system restart
manager messages" is failed. Bugzilla ID 119947 link:
[5]<https://issues.apache.org/ooo/show_bug.cgi?id=119947>
- Issue 3. Test for "Section 5 Apps must support a clean, reversible
installation" is failed. Bugzilla ID 119948 link:
[6]<https://issues.apache.org/ooo/show_bug.cgi?id=119948>
- Issue 4. Test for "Section 6 Apps must digitally sign files and
drivers" is failed.Bugzilla ID 119949 link:
[7]<https://issues.apache.org/ooo/show_bug.cgi?id=119949>
- Issue 5. Test for "Section 11 Apps must support multi-user sessions"
is not tested by Windows App Certification Kit.Bugzilla ID 119950 link:
[8] <https://issues.apache.org/ooo/show_bug.cgi?id=119950>
Anyone please help to check them, confirm them and fix them.
2012/6/12 XiuLi Xu <su...@gmail.com>
> Hi All,
>
> I upload the detailed test result and Windows 8 related links in the wiki
> document, Windows App Certification Kit Test Results for Apache OpenOffice
> 3.4<
> http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4
> >
>
>
> On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
>
> > There are so many items in the Windows 8 certification list, I try to go
> > through it and find that there is maybe about 43 TODO items for us to do
> > the certification. Most of the TODO items are just a verification jobs,
> > but some code change jobs maybe are need to do for the sections 4.1,5.1,
> > 9.1, 10.2,11.7.
> > I have try to verify some items, the result be marked at green.
> > Herbert1 also go through the list, I put his result at the end of each
> > section.
> >
> > Items which maybe need to change some codes
> > ------------------------------------------------
> > 4.1 Your app must handle critical shutdowns appropriately
> > In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION will
> > be sent WM_ENDSESSION and closed, while those that time out in response
> to
> > WM_QUERYENDSESSION will be terminated. .
> > 5.1 Your app must properly implement a clean, reversible installation
> > If the installation fails, the app should be able to roll it back and
> > restore the machine to its previous state.
> > 9.1 Your app must have a manifest that defines execution levels and tells
> > the operating system what privileges the app requires in order to run
> > The app manifest marking only applies to EXEs, not DLLs. This is because
> > UAC does not inspect DLLs during process creation. It is also worth
> noting
> > that UAC rules do not apply to Windows Services. The manifest can be
> either
> > embedded or external.
> > To create a manifest, create a file with the name <app_name>.exe.manifest
> > and store it in the same directory as the EXE. Note that any external
> > manifest is ignored if the app has an internal manifest. For example:
> > <requestedExecutionLevel level=""asInvoker | highestAvailable |
> > requireAdministrator"" uiAccess=""true|false""/>
> > 10.2 Your app must avoid starting automatically on startup
> > For example, your app should not set any of the following;
> > Registry run keys HKLM and, or HKCU under
> > Software\Microsoft\Windows\CurrentVersion
> > Registry run keys HKLM, and or HKCU under
> > Software\Wow6432Node\Microsoft\windows\CurrentVersion
> > Start Menu AllPrograms > STARTUP
> > 11.7 Your app must check other terminal service (TS) sessions for
> existing
> > instances of the app
> > Note: If an app does not support multiple user sessions or remote access,
> > it must clearly state this when launched from this kind of session.
> >
> >
> ------------------------------------------------------------------------------------------
> > Full TODO items.
> >
> > 1. Apps are compatible and resilient
> > 1.1 Your app must not take a dependency on Windows compatibility modes,
> > AppHelp message, and or any other compatibility fixes
> > TODO 1.1 : Need verification , don't depend.
> > 1.2 Your app must not take a dependency on the VB6 runtime
> > TODO 1.2 : Need verification , don't depend.
> > 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
> > using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> > AppInit_dlls.
> > TODO 1.3 : Need verification , don't load.
> > Herbert1: Win8 Cert Section 1 : ok
> >
> > 2. Apps must adhere to Windows Security Best Practices
> > 2.1 Your app must use strong and appropriate ACLs to secure executable
> > files
> > TODO 2.1 : Need verification
> > 2.2 Your app must use strong and appropriate ACLs to secure directories
> > TODO 2.2 : Need verification
> > 2.3 Your app must use strong and appropriate ACLs to secure registry keys
> > TODO 2.3 : Need verification
> > 2.4 Your app must use strong and appropriate ACLs to secure directories
> > that contain objects
> > TODO 2.4 : Need verification
> > 2.5 Your app must reduce non-administrator access to services that are
> > vulnerable to tampering
> > TODO 2.5 : Need verification
> > 2.6 Your app must prevent services with fast restarts from restarting
> more
> > than twice every 24 hours
> > TODO 2.6 : Need verification
> > Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it is
> > fine,we are using nsis-2.46 for building the MSI package but Windows
> itself
> > does the installation of the MSI packages
> >
> > 3. Apps support Windows security features
> > 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA)
> to
> > ensure secure access to strong-named assemblies
> > TODO 3.1 : Need verification,
> > 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> > exceptions handling
> > TODO 3.2 : Need verification, we use it
> > 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
> > execution
> > TODO 3.3 : Need verification, we use it
> > 3.4 Your app must be compiled using the /DYNAMICBASE flag for address
> space
> > layout randomization (ASLR)
> > TODO 3.4 : Need verification, we use it
> > 3.5 Your app must not Read/Write Shared PE Sections
> > TODO 3.5 : Need verification,
> > Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
> > DYNAMICBASE, but the libraries we ship have to be modified to use these
> > flags too,I'm almost certain that we don't use APTCA,I'm not so sure
> about
> > the RW PW Sections, but I guess we do not have any.
> >
> > 4. Apps must adhere to system restart manager messages
> > 4.1 Your app must handle critical shutdowns appropriately
> > TODO 4.1 : Need verification,
> > 4.2 A GUI app must return TRUE immediately in preparation for a restart
> > TODO 4.2 : Need verification, we do
> > 4.3 Your app must return 0 within 30 seconds and shut down
> > TODO 4.3 : Need verification,we do
> > Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> > implemented,these new messages are currently ignored
> >
> > 5. Apps must support a clean, reversible installation
> > 5.1 Your app must properly implement a clean, reversible installation
> > TODO 5.1 : Need verification,
> > 5.2 Your app must never force the user to restart the computer
> immediately
> > TODO 5.2 : Need verification,we never
> > 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> > TODO 5.3 : Need verification,we never
> > 5.4 Your app must never block silent install/uninstall
> > TODO 5.4 : Need verification,
> > 5.5 Your app installer must create the correct registry entries to allow
> > successful detection and uninstalls
> > TODO 5.5 : Need verification,
> > Herbert1: Win8 Cert Section 5: making sure that the registry entries and
> > files are restored is difficult
> >
> > 6. Apps must digitally sign files and drivers
> > 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) must
> be
> > signed with an Authenticode certificate
> > TODO 6.1:Need to do digitally sign
> > Herbert1: Win8 Cert Section 6: Having authentication credentials would be
> > good even if don't pursue Win8 shop certification
> >
> > 7. Apps don’t block installation or app launch based on an operating
> system
> > version check
> > 7.1 Your app must not perform version checks for equality
> > TODO 7.1 : Need verification,
> > Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
> > almost certain that it is not a check for equality. Needs to be checked
> > though.
> >
> > 8. Apps don’t load services or drivers in safe mode
> > TODO 8 : Need verification, we don't
> >
> > 9. Apps must follow User Account Control guidelines
> > 9.1 Your app must have a manifest that defines execution levels and tells
> > the operating system what privileges the app requires in order to run
> > TODO 9.1 : Need verification,
> > 9.2 Your app’s main process must be run as a standard user (asInvoker).
> > TODO 9.2 : Need verification,
> >
> > 10. Apps must install to the correct folders by default
> > 10.1 Your app must be installed in the Program Files folder by default
> > TODO 10.1: Need verification,we do
> > 10.2 Your app must avoid starting automatically on startup
> > TODO 10.2: Need verification, the quick start is a issue
> > 10.3 Your app data, which must be shared among users on the computer,
> > should be stored within ProgramData
> > TODO 10.3: Need verification,we do
> > 10.4 Your app’s data that is exclusive to a specific user and that is not
> > to be shared with other users of the computer, must be stored in
> > Users\<username>\AppData
> > TODO 10.4: Need verification,we do
> > 10.5 Your app must never write directly to the "Windows" directory and or
> > subdirectories
> > TODO 10.5: Need verification,we never
> > 10.6 Your app must write user data at first run and not during the
> > installation in “per-machine” installations
> > TODO 10.6: Need verification,we do
> >
> > 11. Apps must support multi-user sessions
> > 11.1 Your app must ensure that when running in multiple sessions either
> > locally or remotely, the normal functionality of the app is not adversely
> > affected
> > TODO 11.1: Need verification,
> > 11.2 Your app’s settings and data files must not persist across users
> > TODO 11.2: Need verification,
> > 11.3 A user’s privacy and preferences must be isolated to the user’s
> > session
> > TODO 11.3: Need verification,
> > 11.4 Your app’s instances must be isolated from each other
> > TODO 11.4: Need verification,
> > 11.5 Apps that are installed for multiple users must store data in the
> > correct folder(s) and registry locations
> > Refer to the UAC requirements.
> > TODO 11.5: Need verification,
> > 11.6 User apps must be able to run in multiple user sessions (Fast User
> > Switching) for both local and remote access
> > TODO 11.6: Need verification,
> > 11.7 Your app must check other terminal service (TS) sessions for
> existing
> > instances of the app
> > TODO 11.7: Need verification,
> > Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
> > session management
> >
> > 12. Apps must support x64 versions of Windows
> > 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> > Windows-based apps must run seamlessly on 64-bit systems to maintain
> > compatibility with 64-bit versions of Windows
> > TODO 12.1: Need verification, AOO can be run on 64-bit system
> > 12.2 Your app and its installers must not contain any 16-bit code or rely
> > on any 16-bit component
> > TODO 12.2: Need verification, AOO not contain 16-bit code
> > 12.3 Your app’s setup must detect and install the proper drivers and
> > components for the 64-bit architecture
> > TODO 12.3: Need verification,
> >
> >
> >
> > 2012/6/7 Rob Weir <ro...@apache.org>
> >
> > > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > > server. After a few minutes to figure out the new platform UI I
> > > installed AOO 3.4. Install went without problems and it appears to
> > > run fine.
> > >
> > > Of course, there is more that we could do to be a well-integrated
> > > Windows desktop application. The best practices are outlined here:
> > > http://msdn.microsoft.com/library/windows/desktop/hh749939
> > >
> > > A lot of this is goodness that would help users on Windows 7 and
> > > earlier versions as well. For example, the code signing reduces the
> > > risk of tampering or corrupt files. It also reduces false complaints
> > > by some anti-virus products. The recommended compiler options help
> > > reduce the explotability of security vulnerabilities, especially of
> > > the kind products run into reading binary file formats. More info on
> > > these options are here:
> > >
> > >
> > >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> > >
> > > Did OpenOffice.org ever try for logo certification from Microsoft
> > > before? If so, what was the experience?
> > >
> > > I think it might be worth trying for this with AOO, It would takes
> > > some work, but in the end we would have better platform integration,
> > > and a better user and admin experience.
> > >
> > > -Rob
> > >
> >
>
Re: Windows 8 Compatibility?
Posted by XiuLi Xu <su...@gmail.com>.
Hi All,
I upload the detailed test result and Windows 8 related links in the wiki
document, Windows App Certification Kit Test Results for Apache OpenOffice
3.4<http://wiki.services.openoffice.org/wiki/Documentation/Windows_App_Certification_Kit_-_Test_Results_for_Apache_OpenOffice_3.4>
On Mon, Jun 11, 2012 at 2:48 PM, Liu Da Li <wa...@gmail.com> wrote:
> There are so many items in the Windows 8 certification list, I try to go
> through it and find that there is maybe about 43 TODO items for us to do
> the certification. Most of the TODO items are just a verification jobs,
> but some code change jobs maybe are need to do for the sections 4.1,5.1,
> 9.1, 10.2,11.7.
> I have try to verify some items, the result be marked at green.
> Herbert1 also go through the list, I put his result at the end of each
> section.
>
> Items which maybe need to change some codes
> ------------------------------------------------
> 4.1 Your app must handle critical shutdowns appropriately
> In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION will
> be sent WM_ENDSESSION and closed, while those that time out in response to
> WM_QUERYENDSESSION will be terminated. .
> 5.1 Your app must properly implement a clean, reversible installation
> If the installation fails, the app should be able to roll it back and
> restore the machine to its previous state.
> 9.1 Your app must have a manifest that defines execution levels and tells
> the operating system what privileges the app requires in order to run
> The app manifest marking only applies to EXEs, not DLLs. This is because
> UAC does not inspect DLLs during process creation. It is also worth noting
> that UAC rules do not apply to Windows Services. The manifest can be either
> embedded or external.
> To create a manifest, create a file with the name <app_name>.exe.manifest
> and store it in the same directory as the EXE. Note that any external
> manifest is ignored if the app has an internal manifest. For example:
> <requestedExecutionLevel level=""asInvoker | highestAvailable |
> requireAdministrator"" uiAccess=""true|false""/>
> 10.2 Your app must avoid starting automatically on startup
> For example, your app should not set any of the following;
> Registry run keys HKLM and, or HKCU under
> Software\Microsoft\Windows\CurrentVersion
> Registry run keys HKLM, and or HKCU under
> Software\Wow6432Node\Microsoft\windows\CurrentVersion
> Start Menu AllPrograms > STARTUP
> 11.7 Your app must check other terminal service (TS) sessions for existing
> instances of the app
> Note: If an app does not support multiple user sessions or remote access,
> it must clearly state this when launched from this kind of session.
>
> ------------------------------------------------------------------------------------------
> Full TODO items.
>
> 1. Apps are compatible and resilient
> 1.1 Your app must not take a dependency on Windows compatibility modes,
> AppHelp message, and or any other compatibility fixes
> TODO 1.1 : Need verification , don't depend.
> 1.2 Your app must not take a dependency on the VB6 runtime
> TODO 1.2 : Need verification , don't depend.
> 1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
> using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
> AppInit_dlls.
> TODO 1.3 : Need verification , don't load.
> Herbert1: Win8 Cert Section 1 : ok
>
> 2. Apps must adhere to Windows Security Best Practices
> 2.1 Your app must use strong and appropriate ACLs to secure executable
> files
> TODO 2.1 : Need verification
> 2.2 Your app must use strong and appropriate ACLs to secure directories
> TODO 2.2 : Need verification
> 2.3 Your app must use strong and appropriate ACLs to secure registry keys
> TODO 2.3 : Need verification
> 2.4 Your app must use strong and appropriate ACLs to secure directories
> that contain objects
> TODO 2.4 : Need verification
> 2.5 Your app must reduce non-administrator access to services that are
> vulnerable to tampering
> TODO 2.5 : Need verification
> 2.6 Your app must prevent services with fast restarts from restarting more
> than twice every 24 hours
> TODO 2.6 : Need verification
> Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it is
> fine,we are using nsis-2.46 for building the MSI package but Windows itself
> does the installation of the MSI packages
>
> 3. Apps support Windows security features
> 3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA) to
> ensure secure access to strong-named assemblies
> TODO 3.1 : Need verification,
> 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
> exceptions handling
> TODO 3.2 : Need verification, we use it
> 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
> execution
> TODO 3.3 : Need verification, we use it
> 3.4 Your app must be compiled using the /DYNAMICBASE flag for address space
> layout randomization (ASLR)
> TODO 3.4 : Need verification, we use it
> 3.5 Your app must not Read/Write Shared PE Sections
> TODO 3.5 : Need verification,
> Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
> DYNAMICBASE, but the libraries we ship have to be modified to use these
> flags too,I'm almost certain that we don't use APTCA,I'm not so sure about
> the RW PW Sections, but I guess we do not have any.
>
> 4. Apps must adhere to system restart manager messages
> 4.1 Your app must handle critical shutdowns appropriately
> TODO 4.1 : Need verification,
> 4.2 A GUI app must return TRUE immediately in preparation for a restart
> TODO 4.2 : Need verification, we do
> 4.3 Your app must return 0 within 30 seconds and shut down
> TODO 4.3 : Need verification,we do
> Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
> implemented,these new messages are currently ignored
>
> 5. Apps must support a clean, reversible installation
> 5.1 Your app must properly implement a clean, reversible installation
> TODO 5.1 : Need verification,
> 5.2 Your app must never force the user to restart the computer immediately
> TODO 5.2 : Need verification,we never
> 5.3 Your app must never be dependent on 8.3 short file names (SFN)
> TODO 5.3 : Need verification,we never
> 5.4 Your app must never block silent install/uninstall
> TODO 5.4 : Need verification,
> 5.5 Your app installer must create the correct registry entries to allow
> successful detection and uninstalls
> TODO 5.5 : Need verification,
> Herbert1: Win8 Cert Section 5: making sure that the registry entries and
> files are restored is difficult
>
> 6. Apps must digitally sign files and drivers
> 6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) must be
> signed with an Authenticode certificate
> TODO 6.1:Need to do digitally sign
> Herbert1: Win8 Cert Section 6: Having authentication credentials would be
> good even if don't pursue Win8 shop certification
>
> 7. Apps don’t block installation or app launch based on an operating system
> version check
> 7.1 Your app must not perform version checks for equality
> TODO 7.1 : Need verification,
> Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
> almost certain that it is not a check for equality. Needs to be checked
> though.
>
> 8. Apps don’t load services or drivers in safe mode
> TODO 8 : Need verification, we don't
>
> 9. Apps must follow User Account Control guidelines
> 9.1 Your app must have a manifest that defines execution levels and tells
> the operating system what privileges the app requires in order to run
> TODO 9.1 : Need verification,
> 9.2 Your app’s main process must be run as a standard user (asInvoker).
> TODO 9.2 : Need verification,
>
> 10. Apps must install to the correct folders by default
> 10.1 Your app must be installed in the Program Files folder by default
> TODO 10.1: Need verification,we do
> 10.2 Your app must avoid starting automatically on startup
> TODO 10.2: Need verification, the quick start is a issue
> 10.3 Your app data, which must be shared among users on the computer,
> should be stored within ProgramData
> TODO 10.3: Need verification,we do
> 10.4 Your app’s data that is exclusive to a specific user and that is not
> to be shared with other users of the computer, must be stored in
> Users\<username>\AppData
> TODO 10.4: Need verification,we do
> 10.5 Your app must never write directly to the "Windows" directory and or
> subdirectories
> TODO 10.5: Need verification,we never
> 10.6 Your app must write user data at first run and not during the
> installation in “per-machine” installations
> TODO 10.6: Need verification,we do
>
> 11. Apps must support multi-user sessions
> 11.1 Your app must ensure that when running in multiple sessions either
> locally or remotely, the normal functionality of the app is not adversely
> affected
> TODO 11.1: Need verification,
> 11.2 Your app’s settings and data files must not persist across users
> TODO 11.2: Need verification,
> 11.3 A user’s privacy and preferences must be isolated to the user’s
> session
> TODO 11.3: Need verification,
> 11.4 Your app’s instances must be isolated from each other
> TODO 11.4: Need verification,
> 11.5 Apps that are installed for multiple users must store data in the
> correct folder(s) and registry locations
> Refer to the UAC requirements.
> TODO 11.5: Need verification,
> 11.6 User apps must be able to run in multiple user sessions (Fast User
> Switching) for both local and remote access
> TODO 11.6: Need verification,
> 11.7 Your app must check other terminal service (TS) sessions for existing
> instances of the app
> TODO 11.7: Need verification,
> Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
> session management
>
> 12. Apps must support x64 versions of Windows
> 12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
> Windows-based apps must run seamlessly on 64-bit systems to maintain
> compatibility with 64-bit versions of Windows
> TODO 12.1: Need verification, AOO can be run on 64-bit system
> 12.2 Your app and its installers must not contain any 16-bit code or rely
> on any 16-bit component
> TODO 12.2: Need verification, AOO not contain 16-bit code
> 12.3 Your app’s setup must detect and install the proper drivers and
> components for the 64-bit architecture
> TODO 12.3: Need verification,
>
>
>
> 2012/6/7 Rob Weir <ro...@apache.org>
>
> > I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> > server. After a few minutes to figure out the new platform UI I
> > installed AOO 3.4. Install went without problems and it appears to
> > run fine.
> >
> > Of course, there is more that we could do to be a well-integrated
> > Windows desktop application. The best practices are outlined here:
> > http://msdn.microsoft.com/library/windows/desktop/hh749939
> >
> > A lot of this is goodness that would help users on Windows 7 and
> > earlier versions as well. For example, the code signing reduces the
> > risk of tampering or corrupt files. It also reduces false complaints
> > by some anti-virus products. The recommended compiler options help
> > reduce the explotability of security vulnerabilities, especially of
> > the kind products run into reading binary file formats. More info on
> > these options are here:
> >
> >
> >
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
> >
> > Did OpenOffice.org ever try for logo certification from Microsoft
> > before? If so, what was the experience?
> >
> > I think it might be worth trying for this with AOO, It would takes
> > some work, but in the end we would have better platform integration,
> > and a better user and admin experience.
> >
> > -Rob
> >
>
Re: Windows 8 Compatibility?
Posted by Liu Da Li <wa...@gmail.com>.
There are so many items in the Windows 8 certification list, I try to go
through it and find that there is maybe about 43 TODO items for us to do
the certification. Most of the TODO items are just a verification jobs,
but some code change jobs maybe are need to do for the sections 4.1,5.1,
9.1, 10.2,11.7.
I have try to verify some items, the result be marked at green.
Herbert1 also go through the list, I put his result at the end of each
section.
Items which maybe need to change some codes
------------------------------------------------
4.1 Your app must handle critical shutdowns appropriately
In a critical shutdown, apps that return FALSE to WM_QUERYENDSESSION will
be sent WM_ENDSESSION and closed, while those that time out in response to
WM_QUERYENDSESSION will be terminated. .
5.1 Your app must properly implement a clean, reversible installation
If the installation fails, the app should be able to roll it back and
restore the machine to its previous state.
9.1 Your app must have a manifest that defines execution levels and tells
the operating system what privileges the app requires in order to run
The app manifest marking only applies to EXEs, not DLLs. This is because
UAC does not inspect DLLs during process creation. It is also worth noting
that UAC rules do not apply to Windows Services. The manifest can be either
embedded or external.
To create a manifest, create a file with the name <app_name>.exe.manifest
and store it in the same directory as the EXE. Note that any external
manifest is ignored if the app has an internal manifest. For example:
<requestedExecutionLevel level=""asInvoker | highestAvailable |
requireAdministrator"" uiAccess=""true|false""/>
10.2 Your app must avoid starting automatically on startup
For example, your app should not set any of the following;
Registry run keys HKLM and, or HKCU under
Software\Microsoft\Windows\CurrentVersion
Registry run keys HKLM, and or HKCU under
Software\Wow6432Node\Microsoft\windows\CurrentVersion
Start Menu AllPrograms > STARTUP
11.7 Your app must check other terminal service (TS) sessions for existing
instances of the app
Note: If an app does not support multiple user sessions or remote access,
it must clearly state this when launched from this kind of session.
------------------------------------------------------------------------------------------
Full TODO items.
1. Apps are compatible and resilient
1.1 Your app must not take a dependency on Windows compatibility modes,
AppHelp message, and or any other compatibility fixes
TODO 1.1 : Need verification , don't depend.
1.2 Your app must not take a dependency on the VB6 runtime
TODO 1.2 : Need verification , don't depend.
1.3 Your app must not load arbitrary DLLs to intercept Win32 API calls
using HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_dlls.
TODO 1.3 : Need verification , don't load.
Herbert1: Win8 Cert Section 1 : ok
2. Apps must adhere to Windows Security Best Practices
2.1 Your app must use strong and appropriate ACLs to secure executable files
TODO 2.1 : Need verification
2.2 Your app must use strong and appropriate ACLs to secure directories
TODO 2.2 : Need verification
2.3 Your app must use strong and appropriate ACLs to secure registry keys
TODO 2.3 : Need verification
2.4 Your app must use strong and appropriate ACLs to secure directories
that contain objects
TODO 2.4 : Need verification
2.5 Your app must reduce non-administrator access to services that are
vulnerable to tampering
TODO 2.5 : Need verification
2.6 Your app must prevent services with fast restarts from restarting more
than twice every 24 hours
TODO 2.6 : Need verification
Herbert1: Win8 Cert Section 2 : if the MSI based installer does it it is
fine,we are using nsis-2.46 for building the MSI package but Windows itself
does the installation of the MSI packages
3. Apps support Windows security features
3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA) to
ensure secure access to strong-named assemblies
TODO 3.1 : Need verification,
3.2 Your app must be compiled using the /SafeSEH flag to ensure safe
exceptions handling
TODO 3.2 : Need verification, we use it
3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data
execution
TODO 3.3 : Need verification, we use it
3.4 Your app must be compiled using the /DYNAMICBASE flag for address space
layout randomization (ASLR)
TODO 3.4 : Need verification, we use it
3.5 Your app must not Read/Write Shared PE Sections
TODO 3.5 : Need verification,
Herbert1: Win8 Cert Section 3 : we are running with SafeSEH, NXCOMPAT,
DYNAMICBASE, but the libraries we ship have to be modified to use these
flags too,I'm almost certain that we don't use APTCA,I'm not so sure about
the RW PW Sections, but I guess we do not have any.
4. Apps must adhere to system restart manager messages
4.1 Your app must handle critical shutdowns appropriately
TODO 4.1 : Need verification,
4.2 A GUI app must return TRUE immediately in preparation for a restart
TODO 4.2 : Need verification, we do
4.3 Your app must return 0 within 30 seconds and shut down
TODO 4.3 : Need verification,we do
Herbert1: Win8 Cert Section 4 : WM_QUERYENDSESSION needs to be
implemented,these new messages are currently ignored
5. Apps must support a clean, reversible installation
5.1 Your app must properly implement a clean, reversible installation
TODO 5.1 : Need verification,
5.2 Your app must never force the user to restart the computer immediately
TODO 5.2 : Need verification,we never
5.3 Your app must never be dependent on 8.3 short file names (SFN)
TODO 5.3 : Need verification,we never
5.4 Your app must never block silent install/uninstall
TODO 5.4 : Need verification,
5.5 Your app installer must create the correct registry entries to allow
successful detection and uninstalls
TODO 5.5 : Need verification,
Herbert1: Win8 Cert Section 5: making sure that the registry entries and
files are restored is difficult
6. Apps must digitally sign files and drivers
6.1 All executable files (.exe, .dll, .ocx, .sys, .cpl, .drv, .scr) must be
signed with an Authenticode certificate
TODO 6.1:Need to do digitally sign
Herbert1: Win8 Cert Section 6: Having authentication credentials would be
good even if don't pursue Win8 shop certification
7. Apps don’t block installation or app launch based on an operating system
version check
7.1 Your app must not perform version checks for equality
TODO 7.1 : Need verification,
Herbert1: Win8 Cert Section 7: We are doing win-version checks, but I'm
almost certain that it is not a check for equality. Needs to be checked
though.
8. Apps don’t load services or drivers in safe mode
TODO 8 : Need verification, we don't
9. Apps must follow User Account Control guidelines
9.1 Your app must have a manifest that defines execution levels and tells
the operating system what privileges the app requires in order to run
TODO 9.1 : Need verification,
9.2 Your app’s main process must be run as a standard user (asInvoker).
TODO 9.2 : Need verification,
10. Apps must install to the correct folders by default
10.1 Your app must be installed in the Program Files folder by default
TODO 10.1: Need verification,we do
10.2 Your app must avoid starting automatically on startup
TODO 10.2: Need verification, the quick start is a issue
10.3 Your app data, which must be shared among users on the computer,
should be stored within ProgramData
TODO 10.3: Need verification,we do
10.4 Your app’s data that is exclusive to a specific user and that is not
to be shared with other users of the computer, must be stored in
Users\<username>\AppData
TODO 10.4: Need verification,we do
10.5 Your app must never write directly to the "Windows" directory and or
subdirectories
TODO 10.5: Need verification,we never
10.6 Your app must write user data at first run and not during the
installation in “per-machine” installations
TODO 10.6: Need verification,we do
11. Apps must support multi-user sessions
11.1 Your app must ensure that when running in multiple sessions either
locally or remotely, the normal functionality of the app is not adversely
affected
TODO 11.1: Need verification,
11.2 Your app’s settings and data files must not persist across users
TODO 11.2: Need verification,
11.3 A user’s privacy and preferences must be isolated to the user’s
session
TODO 11.3: Need verification,
11.4 Your app’s instances must be isolated from each other
TODO 11.4: Need verification,
11.5 Apps that are installed for multiple users must store data in the
correct folder(s) and registry locations
Refer to the UAC requirements.
TODO 11.5: Need verification,
11.6 User apps must be able to run in multiple user sessions (Fast User
Switching) for both local and remote access
TODO 11.6: Need verification,
11.7 Your app must check other terminal service (TS) sessions for existing
instances of the app
TODO 11.7: Need verification,
Herbert1: Win8 Cert Section 11.7: we need to rearchitect our IPC to TS
session management
12. Apps must support x64 versions of Windows
12.1 Your app must natively support 64-bit or, at a minimum, 32-bit
Windows-based apps must run seamlessly on 64-bit systems to maintain
compatibility with 64-bit versions of Windows
TODO 12.1: Need verification, AOO can be run on 64-bit system
12.2 Your app and its installers must not contain any 16-bit code or rely
on any 16-bit component
TODO 12.2: Need verification, AOO not contain 16-bit code
12.3 Your app’s setup must detect and install the proper drivers and
components for the 64-bit architecture
TODO 12.3: Need verification,
2012/6/7 Rob Weir <ro...@apache.org>
> I installed the Windows 8 Tech Preview (32-bit) today on a virtual
> server. After a few minutes to figure out the new platform UI I
> installed AOO 3.4. Install went without problems and it appears to
> run fine.
>
> Of course, there is more that we could do to be a well-integrated
> Windows desktop application. The best practices are outlined here:
> http://msdn.microsoft.com/library/windows/desktop/hh749939
>
> A lot of this is goodness that would help users on Windows 7 and
> earlier versions as well. For example, the code signing reduces the
> risk of tampering or corrupt files. It also reduces false complaints
> by some anti-virus products. The recommended compiler options help
> reduce the explotability of security vulnerabilities, especially of
> the kind products run into reading binary file formats. More info on
> these options are here:
>
>
> http://blogs.msdn.com/b/vcblog/archive/2009/05/21/dynamicbase-and-nxcompat.aspx
>
> Did OpenOffice.org ever try for logo certification from Microsoft
> before? If so, what was the experience?
>
> I think it might be worth trying for this with AOO, It would takes
> some work, but in the end we would have better platform integration,
> and a better user and admin experience.
>
> -Rob
>
Re: Windows 8 Compatibility?
Posted by Pedro Giffuni <pf...@apache.org>.
--- Gio 7/6/12, Tor Lillqvist <tm...@iki.fi> ha scritto:
...
> Data: Giovedì 7 giugno 2012, 00:57
> > http://www.libreofficeaustralia.org/lt/community/blog/planet/20110328/porting-libreoffice-x64-windows
>
> No idea why that blog post of mine shows up on that site,
> and in a Lithuanian ("lt") subdirectory there even.
> (I have no connections to Australia or the Lithuanian
> language.) Anyway, the real location is
> http://tml-blog.blogspot.com/2011/03/porting-libreoffice-to-x64-windows.html
> .
>
Thanks!
Its really nice to see this type of explanations somewhere,
and also learn about a new blog to follow ocasionally :).
Pedro.
> --tml
>
Re: Windows 8 Compatibility?
Posted by Tor Lillqvist <tm...@iki.fi>.
> http://www.libreofficeaustralia.org/lt/community/blog/planet/20110328/porting-libreoffice-x64-windows
No idea why that blog post of mine shows up on that site, and in a
Lithuanian ("lt") subdirectory there even. (I have no connections to
Australia or the Lithuanian language.) Anyway, the real location is
http://tml-blog.blogspot.com/2011/03/porting-libreoffice-to-x64-windows.html
.
--tml
Re: Windows 8 Compatibility?
Posted by Pedro Giffuni <pf...@apache.org>.
Hi;
--- Mer 6/6/12, Rob Weir <ro...@apache.org> ha scritto:
...
> I installed the Windows 8 Tech Preview (32-bit) today
> on a virtual server. After a few minutes to figure
> out the new platform UI I installed AOO 3.4. Install
> went without problems and it appears to run fine.
>
> Of course, there is more that we could do to be a
> well-integrated Windows desktop application. The
> best practices are outlined here:
> http://msdn.microsoft.com/library/windows/desktop/hh749939
>
>
Anything above an including Vista requires a modern
computer nowadays so I think 64-bit windows will be
gaining many adopters. I understand on win64 requiring
32bit Java will be a problem so we should
consider a native win64 port.
Our LibreOffice friends are kindly sharing some
notes about it:
http://www.libreofficeaustralia.org/lt/community/blog/planet/20110328/porting-libreoffice-x64-windows
And of course Microsoft has kindly made the
required tools available for Apache committers.
So nice to live in a world with friendly
competitors :)
Pedro.