Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 40

Thread: New Get Lazarus Initiative

  1. #21
    PGD Staff / News Reporter phibermon's Avatar
    Join Date
    Sep 2009
    Location
    England
    Posts
    524
    That's George Takei's catchphrase - I see re-appropriation is a hobby of yours.

    Seriously though it would be interesting to hear where you stand on the subject of misrepresentation when it comes to open source projects.

    Do you think it's morally correct? what benefits do you feel it brings to the community?
    When the moon hits your eye like a big pizza pie - that's an extinction level impact event.

  2. #22
    @sysrpl - I downloaded your windows version of the Lazarus install file and then scanned it with Avast!...no issues. So I installed it, but during the install and for a while afterwards, I keep getting Avast blocking threats like "Win32:Evo-gen" malware in various .exe files in various subfolders of the install...is this a false positive?

    I want to trust you, but have to ask

    cheers,
    Paul

  3. #23
    @paul_nicholls: I have no idea where those messages originate. It might be a false positive, or maybe my system is compromised, that is I have a virus which somehow has infected the files I am distributing, which I guess isn't a complete impossibility.

    Let me go over how I generate the final setup.exe for Windows.

    On a development Windows 7 machine I first download the bintools from the official free pascal locations. Then I download free pascal 2.6.4 win 32 bin from sourceforge. Finally I download silk svn command line tools from the silksvn website. I put all of them in my path and open a cmd terminal.

    Making fpc 3.0.1:

    I cd to path_to and svn checkout a free pascal fixes 3.0 branch revision. I cd to path_to\fpc, make all, then make install INSTALL_PREFIX=path_to\fpc. Then I make crossinstall CPU_TARGET=cpu CPU_TARGET=os INSTALL_PREFIX=path_to\fpc for all cpus and targets. Next I copy the cross compilers to path_to\fpc\bin\i386-win32. Then I copy all the libs for each cross compile target to lib folders. Files like libX11.so libpthread.so, which I didn't compile myself, but downloaded from a bundle on a cross compile website.

    Making lazarus 1.4:

    I remove fpc 2.6.4 from my path, and add path_to\fpc\bin\i386-win32. I fpcmkcfg a new fpc.cfg in that same folder. I cd to path_to and svn checkout a lazarus trunk branch revision. I then cd lazarus, copy changes.diff there, and run patch -p0 -i changes.diff. Then I make all, lazbuild components\anchordocking\design\anchordockingdsgn. lpk, make useride, and finally I strip all exe in path_to\lazarus. I copy in my premade config folder, which contains window layouts, preferences, builds modes already setup.

    Clean up:

    I delete all svn files from path_to\fpc and path_to\lazarus. This frees up maybe 100MB or more of space in the final release. Next I delete a lot of fpc intermediate files used when making the compiler. Next I delete a lot of pas files for architectures I don't see being used for cross compile uses, like MIPS cpu and others, saving up even more space.

    Making setup.exe:

    I run inno setup, copy in this script https://github.com/sysrpl/Codebot.Se...dows/setup.iss, and press build. After five minutes or so setup.exe is created which is then uploaded to an amazon s3 bucket for distribution.

    Now back to, is there a virus? Maybe, I mean I am using a lot of tools I didn't write myself, like silksvn, bintools, the sourceforge stuff, even a downloaded inno setup. Maybe my system has a virus from some other piece of software. I am not totally sure. What I can do though, if your AV is reporting a problem and it's a decent AV, and if other people report similar problems is take a new pc, install a fresh copy of windows, get just the tools I've outlined above on it, repeat all those steps, and deliver another setup.exe, and you can check if your AV software reports the same problem. In that case either the AV is wrong or a tool along my chain of dependencies has a virus.

    In either case, I run a virus scan on my development system every Sunday morning at 3:00AM, which is about 24 hours away. I will consider perhaps a better AV software before then, allowing it to run tomorrow morning. I will look if anything is reported and copy those results back to this thread.

    Edit: I forgot to mention, I also distribute a tool called FART http://fart-it.sourceforge.net/ in the fpc bin folder to replace config paths with locations on my development pc (C:\Development\RC1) and your chosen install location.
    Last edited by sysrpl; 07-02-2015 at 08:24 AM.

  4. #24
    Quote Originally Posted by paul_nicholls View Post
    I downloaded your windows version of the Lazarus install file and then scanned it with Avast!...no issues.
    I also downloaded it and scanned with Eset Smart Security 5 a few days ago and it didn't detect any problem even thou I have it configured to also scan for potentialy dangerous applications (which sometimes returns false positives). Yes I do know there is a newer version out, I have it installed in my other boot, but this one still has fully updated virus definitions. So the only reason why this one ight fail to detect a potentially harmfull program is due to failing to properly extract the installer program for scanning.

    Quote Originally Posted by paul_nicholls View Post
    So I installed it, but during the install and for a while afterwards, I keep getting Avast blocking threats like "Win32:Evo-gen" malware in various .exe files in various subfolders of the install...is this a false positive?
    I have also tried installing it in a virtual machine where I purposly don't have any AV installed, becouse I wanted to monitor all registry and file changes with another program to see what changes might be done to my system. But unfortunately I wasn't able to compleete the process becouse I didn't had large enough hard drive space available for my virtual machine.

    So today I will try and repeat hte process after assigning larger hard drive space to my virtual machine and compleete the analysis.
    Also I will try to instal it in another virtual machine that has fully updated AV to se if it might detect anything.

    As for the Eset Smart Security that I'm using I must say that in the last five years that I own this laptop and still have initial instalation of Windows 7 I failed to fully protect me only three times.
    In two times it failed o detect those nutorious whose only purpose is to try and convince you to go and buy a fake AV software. And the main reason why it failed to recognize them as potential dangerous programs is becouse they actually arent.Yes they are nutorious becouse they prevent you from normaly using your computer by slosing your programs, opening its own windows, etc. But this is pretty hard to detect becouse most of these programs actually simulate user input for their actions. That is why if you are fast enough with your computer you can safetly kill them yourself.
    But in one time Eset Smart Security did fail to properly stop a rootkit but it still emited a warning about it being potentially dangerous so I could get rid of it by launching a clean OS from a CD (Boot CD with a Windows XP) and then deleting registry entries ad deleting the rootkit files.
    So when you take into account that I knowignly expose my computer to posible infections by conecting various USB flash drives or external hard drives that I know that they probaly contain lots of infectious files since I have used them for making backup copies of data that was stored on other infected computers I must say that my AV is doing an excelent job.

    Anywhay after I compleete my test I will let you guys know about my findings.

  5. #25
    Great everyone and thanks for the help. I started a write up of a new wiki page with step by step guide on how to "make it yourself". Hopefully this makes everything we do clearer and more open.

    We will walk Windows users through every step used to make the same Free Pascal and Lazarus in our ready made bundles. The difference being is the guide will walk users through using bintools, svn, and a working fpc 2.6.4 from sourceforge to recreate our bundles from svn sources. I know there was some initial concern we are offering something different at getlazarus.org, but our guide will show you the exact steps used to make our Windows bundle so that if you want, you can just make it yourself.

    When the guide is done it will be linked prominently near the top and at the bottom (under see also) in our setup page http://www.getlazarus.org/setup.

    Linux users can "make it yourself" right now by just looking at setup.sh source on github:

    https://github.com/sysrpl/Codebot.Se...c-3.0.linux.sh

    The only difference is in the above script and the forthcoming Windows guide is that we really didn't think it would be ethical for each Linux setup on our website to leach the bandwidth from free pascal's svn servers. As such, we compress the revision sources to a 7z archive after removing the previously mentioned (detailed in my last post) unnecessary svn and unit files. We then host those files in an amazon s3 bucket for redistribution, and do a build from source just like in the Windows steps in our guide.

    You can see this in Linux setup script on github script at line 145:

    wget -P $BASE $URL/fpc-$FPC.7z


    Which in the script's context expands to:


    wget -P /home/username/Development/FreePascal http://cache.getlazarus.org/archives/fpc-3.0.7z
    Last edited by sysrpl; 07-02-2015 at 10:58 PM.

  6. #26
    I just finished my initial analysis and I'm wondering why is your setup changing settings of my internet explorer?

    Code:
    isolation_full HKEY_CURRENT_USER\Software\Microsoft\IEAK
    isolation_full HKEY_CURRENT_USER\Software\Microsoft\Internet Connection Wizard
      Value=ShellNext
      REG_SZ~http://www.getlazarus.org/installed/?platform=windows#2300
      Value=Completed
      REG_BINARY=#01#00#00#00
    
    isolation_writecopy HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
      Value=FullScreen
      REG_SZ~no#2300
      Value=Window_Placement
      REG_BINARY=#2c#00#00#00#02#00#00#00#03#00#00#00#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#ff#58#00#00#00#74#00#00#00#b0#02#00#00#08#02#00#00
    
    isolation_writecopy HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
      Value=MigrateProxy
      REG_DWORD=#01#00#00#00
    Changing any registry setings regarding Internet Connection Wizard or Proxy settings is a big NO NO as this is most commonly used by various programs in atempt to hijack your computer.

    Now I haven't figured out which part of the instalation makes these changes in the registry but they are enough for me to consider your setup dangerous.

    Why are you forcingly opening your webpage after the instalation has been finished? I realy hate that.
    And finally don't use third party software like "Fart" for changing path destinations. You can achieve all that directly from Inno setup. If it can't be achieved from the UI directly you can write a special Pascal Script code to do that. If my memory serves me corectly the use of pascal script alows you to edit both registry and ini files in the same whay as if you would do it in your Delphi or FreePascal program.

    EDIT: The registry changes have been tracked with WMWare ThinApp aplication.

    And now off I go instaling this in another Virtual machine with a working anti virus software to see if it would give any warnings.

    EDIT2: Running setup on my other virtual machine with anti virus software hasn't caused the same registry change as I shown above. I belive that this registry change was actually made by internet explorer itself when it failed to show the web page during the first test becouse that Virtual machine didn't have access to internet while this one has.

    EDIT3: Just finished instaling and later deep scaning of entire virtual machine and my Anti Virus (Eset Nod 32) hasn't raised any warnings.

    @paul_nicholls
    Can you please export your log from Avast so that we can see which files did it detect as potentionally harmfull. This would be verry helpfull in determining if those are false positives or not.
    Last edited by SilverWarior; 08-02-2015 at 01:26 AM.

  7. #27
    PGDCE Developer Carver413's Avatar
    Join Date
    Jun 2010
    Location
    Spokane,WA,Usa
    Posts
    206
    I installed the linux version,didn't like the anchor docking so I removed it. but I still can't get the bare game to compile maybe because of changes to the fpc? when do you plan to release the new version ?

  8. #28
    @SilverWarrior: Actually those changes aren't bad. I'll show you why and where, the exact location where the changes occur. I'm actually relived you did this because it means everything is normal, so thank you for your research.

    Line 59 of the Inno installer setup https://github.com/sysrpl/Codebot.Se...dows/setup.iss

    Filename: "http://www.getlazarus.org/installed/?platform=windows"; Flags: shellexec runasoriginaluser

    This line causes the default browser, in your case Internet Explorer, to open this page when install is complete http://www.getlazarus.org/installed/?platform=windows

    The WindowPlacement key is written by Internet Explorer itself to record its last position on the screen.

    The MigrateProxy key is set when you create a new account, or in your case open Internet Explorer for the first time:

    http://support.microsoft.com/kb/2587595

    @Carver413: My next project is a new versions of Bare Game. This new version has tons of new functionality including:

    everything visual is based on shaders now
    custom vertex types and vertex buffers
    easy to use render to texture commands
    animation storyboards
    animation tracking support added to many properties such as
    - camera position, heading, and field of view
    - sprite position, origin, color, scale, rotation
    - font writer insert positions, text angle, character angle, kerning, fore color,shadow color
    - 2D brush color
    - 2D pen color, and width
    - sound channel pan, volumes, and position
    much improved sound mixing timing
    - user programmable sound samples
    - programmable musical note generation examples functions
    - easy to use 3D positional sound
    new resource manager with built in compression and packing
    - you simply put images, sounds, anything else into project/resources, and they get compressed into your exe/program as resources when you build
    prebuild skybox class

    I'm sure there is a bunch more. If anyone here wants to help me in this project, maybe with testing, or actual coding, let me know.

    Edit: I've added the above to http://www.getlazarus.org/forums/vie....php?f=17&t=13

    And finally with regards to Bare Game, the previous version, much like getlazarus.org downloads, shipped the compiler and IDE. This is going to change in the next version of Bare Game. It will simply be a package you install. The package will still include the same extensions from the original Bare Game, which were new "Bare Game project" and "Bare Game unit" templates available as extra options in the Lazarus "New..." dialog.
    Last edited by sysrpl; 08-02-2015 at 08:01 AM.

  9. #29
    Here's the manual setup guide for Windows I previously mentioned. If you're uncomfortable running automated installers on getlazarus.org, the guide below has step by step instructions on how to make everything yourself from svn sources.

    http://www.getlazarus.org/setup/making/

    Again, for a Linux guide, just consult the Linux setup script which contains similar steps along with comments.

    https://github.com/sysrpl/Codebot.Se...c-3.0.linux.sh

  10. #30
    @SilverWarior - I have attached a screenshot of the files my Avast put into the virus chest...I don't have the actual files anymore as I uninstalled it.
    @sysrpl - thanks, I will have a look at the setup guide you made for Windows



    cheers,
    Paul
    Attached Images Attached Images

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •