Closed captaincaaaaveman closed 4 years ago
You reported this on SO, too:
I think it would be good if you would cross-reference those postings when you decide to post the exact same question to multiple forums to avoid people doing the work to look into those questions multiple times.
I posted an answer to the SO question above. Short version: we do NOT sign the Windows executable of our STS4 distribution, so the error looks to be related to a false warning of your malicious code detection software).
As written in a comment here: https://stackoverflow.com/questions/58819600/hashmismatch-on-sts-exe-in-sts-3-9-10-release-windows-zip/58832777?noredirect=1#comment103942961_58832777 - the signing signature might come from the Eclipse executable that serves as a base for the STS executable in the build. We need to investigate this.
Cheers @martinlippert - You probably already know/suspect this but I can confirm that this is still a problem on STS 4.4.1.
Also fwiw - It was also not a problem on 3.9.6, I'm guessing because the eclipsec.exe was not signed on that version.
I started with the Spring Tools 4 for Eclipse and added signing of the Windows executable to it. Can you double check this? You can download the latest nightly build from here:
https://dist.springsource.com/snapshot/STS4/nightly-distributions.html
Grab one of the Windows distributions and try it. Would be great to know whether that works for you. If so, I will go ahead and add the signing mechanics to the STS3 builds, too.
@martinlippert - Perfect; It looks good and the Powershell command Get-AuthenticodeSignature .\SpringToolSuite4.exe
now returns State=Valid
Thanks very much
Awesome, thanks for the feedback, much appreciated!
In the windows 3-9-10 download the STS.exe is signed but there is a hash mismatch (which triggers malicious code detection software).
I have checked the MD5 signature for the ZIP file and that matches, and I have re-extracted from a different zip file - so it is not unlikely to be due to file corruption.