[Bug 30187] New: Cisco IP Communicator 7.0.4.0 installation fails

Bug #: 30187 Summary: Cisco IP Communicator 7.0.4.0 installation fails Product: Wine Version: 1.4 Platform: x86-64 OS/Version: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown AssignedTo: wine-bugs@winehq.org ReportedBy: robert.munteanu@gmail.com Classification: Unclassified

The installer starts up and I am able to click through until the actual installation starts. After a few seconds it notifies me that installation has been interrupted.

-- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.

Show replies by date

wine-bugs＠winehq.org

16 Mar 16 Mar

1:51 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #1 from Robert Munteanu robert.munteanu@gmail.com 2012-03-16 08:51:34 CDT --- Created attachment 39399 --> http://bugs.winehq.org/attachment.cgi?id=39399 terminal log from the installer

wine-bugs＠winehq.org

6:47 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Keywords| |Installer

--- Comment #2 from Austin English austinenglish@gmail.com 2012-03-16 13:47:19 CDT --- Please attach a +relay,+msi trace.

wine-bugs＠winehq.org

19 Mar 19 Mar

8:56 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #3 from Robert Munteanu robert.munteanu@gmail.com 2012-03-19 03:56:44 CDT --- (In reply to comment #2)

Please attach a +relay,+msi trace.

http://dl.dropbox.com/u/3160732/cisco-install.log.xz ( 5.9 MB )

wine-bugs＠winehq.org

9:39 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #4 from Hans Leidekker hans@meelstraat.net 2012-03-19 04:39:02 CDT --- It's a custom action called AddCertsRoot.7A023C9A_603E_41F5_8E96_FA2CB0894D3E that fails.

The command line is ""C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\certmgr.exe" -add -all "C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\CDPcredentials.spc" -s -r lo calMachine root"

003d:Call crypt32.CertAddCertificateContextToStore(0017fa40,00149e78,00000003,00000000)

...

003d:Ret crypt32.CertAddCertificateContextToStore() retval=00000000 ret=01003aee

... 003d:Call msvcrt.vwprintf(0100a6b8 L"Error: Failed to save to the destination store\n",0033fd84) ret=01008800

Please generate another trace including +crypt.

wine-bugs＠winehq.org

10:01 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #5 from Robert Munteanu robert.munteanu@gmail.com 2012-03-19 05:01:05 CDT --- Created attachment 39458 --> http://bugs.winehq.org/attachment.cgi?id=39458 +crypt console log

wine-bugs＠winehq.org

5:17 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #6 from Juan Lang juan.lang@gmail.com 2012-03-19 12:17:41 CDT --- It takes a little reading to trace back from the log, but here's the story: the app tries to write a certificate to the global, system-wide trusted certificate store. Bad, bad app. This is a Really Bad Idea, because it'll make all apps that use the Crypto API trust whatever root certificate this app is installing, for any sort of use. SSL Man-in-the-Middle, anyone?

Anyway, this isn't supported in Wine: the global, system-wide trusted certificate store is read from the filesystem, and is read-only. Modifying Wine to write to the filesystem would probably fail, since the trusted root locations are typically not writable by ordinary users, and would have implications for non-Windows applications.

The details, for the curious: trace:crypt:create_root_store returning 0x15be30 (snip) trace:crypt:CertAddCertificateContextToStore (0x16cc78, 0x1370b0, 00000003, (nil)) (snip) trace:crypt:CRYPT_CollectionAddContext (0x16cc78, 20, 0x1370b0, (nil), 20) trace:crypt:CRYPT_ProvAddCert (0x15be30, 0x1370b0, (nil), 0x33fc44) (snip) trace:crypt:CertAddCertificateContextToStore returning 0

This last line is the failing call. I included the lines before it that are relevant. The app is calling CertAddCertificateContextToStore on a collection store, and the only store in that collection has address 0x15be30. That, in turn, turns out to be the root store.

You might be able to work around the problem by installing whatever certificate it is yourself.

wine-bugs＠winehq.org

5:41 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #7 from Robert Munteanu robert.munteanu@gmail.com 2012-03-19 12:41:27 CDT --- (In reply to comment #6)

You might be able to work around the problem by installing whatever certificate it is yourself.

Thanks for the detailed explanation. Should I assume that installing this certificate to the system-wide certificate store will make the installer skip this step and move forward? If that's true, where can I find instructions on how to do that?

wine-bugs＠winehq.org

7:35 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #8 from Juan Lang juan.lang@gmail.com 2012-03-19 14:35:36 CDT --- Instructions for installing certs are Linux distro specific. Basically, wherever you have the system-wide certs installed, put a file with the cert in there. In Ubuntu, for instance, they're installed in /etc/ssl/certs.

wine-bugs＠winehq.org

7:36 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

Juan Lang juan.lang@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Component|-unknown |crypt32

--- Comment #9 from Juan Lang juan.lang@gmail.com 2012-03-19 14:36:29 CDT --- Setting component to crypt32, since that's where the difference in behavior from Windows is.

wine-bugs＠winehq.org

7:38 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

Austin English austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |brian@interlinx.bc.ca

--- Comment #10 from Austin English austinenglish@gmail.com 2012-03-19 14:38:12 CDT --- *** Bug 22371 has been marked as a duplicate of this bug. ***

wine-bugs＠winehq.org

20 Mar 20 Mar

11:19 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #11 from Robert Munteanu robert.munteanu@gmail.com 2012-03-20 06:19:00 CDT --- I confirm that winetricks crypt32 allows the installation to finish.

wine-bugs＠winehq.org

11:32 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

brian@interlinx.bc.ca changed:

What |Removed |Added ---------------------------------------------------------------------------- CC|brian@interlinx.bc.ca |

wine-bugs＠winehq.org

12 Apr 12 Apr

1:28 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #12 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for 2 years. Is this still an issue in current (1.7.16 or newer) wine?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

17 Apr 17 Apr

3:24 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

--- Comment #13 from Robert Munteanu robert.munteanu@gmail.com --- I am no longer using this program, so I can't retest.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

4:24 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

Jerome Leclanche adys.wh@gmail.com changed:

--- Comment #14 from Jerome Leclanche adys.wh@gmail.com --- No download link, OP unable to retest. ABANDONED.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

22 Apr 22 Apr

5:04 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails

austinenglish@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED

--- Comment #15 from austinenglish@gmail.com --- Closing.

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

16 Aug 16 Aug

1:24 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco 'certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store)

Anastasius Focht focht@gmx.net changed:

--- Comment #16 from Anastasius Focht focht@gmx.net --- Hello folks,

I was looking at bug 31306 which was suffering from different issue/broken user environment (now marked 'abandoned') and found this issue still being present.

Reopening since I could reproduce this and a download exists.

Although the bug has already been analysed with some trace snippets, here is a slightly longer version (for search/indexers):

--- snip --- $ WINEDEBUG=+tid,+seh,+relay,+msi wine msiexec -i CiscoIPCommunicatorSetup.msi

MSDN: https://msdn.microsoft.com/en-us/library/windows/desktop/aa388136%28v=vs.85%...

...
log.txt 2>&1

... 002e:trace:msi:MSI_EvaluateConditionW 1 <- L"NOT REMOVE~="ALL" AND Not VersionNT64" 002e:trace:msi:ACTION_PerformUIAction Performing action (L"AddCertsRoot.7A023C9A_603E_41F5_8E96_FA2CB0894D3E") ... 002e:trace:msi:ACTION_CustomAction Handling custom action L"AddCertsRoot.7A023C9A_603E_41F5_8E96_FA2CB0894D3E" (c12 L"certmgr.exe.7A023C9A_603E_41F5_8E96_FA2CB0894D3E" L"-add -all "[CDP.7A023C9A_603E_41F5_8E96_FA2CB0894D3E]CDPcredentials.spc" -s -r localMachine root") ... 002e:trace:msi:HANDLE_CustomType18 exe L"C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\certmgr.exe" arg L"-add -all "C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\CDPcredentials.spc" -s -r localMachine root" ... 002e:Call KERNEL32.SearchPathW(00000000,003ab2a8 L"C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\certmgr.exe",7ed15708 L".exe",00000104,011408f0,00000000) ret=7eca0591 002e:Ret KERNEL32.SearchPathW() retval=00000044 ret=7eca0591 ... 002e:Call KERNEL32.CreateProcessW(011408f0 L"C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\certmgr.exe",01140e28 L""C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\certmgr.exe" -add -all "C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\CDPcredentials.spc" -s -r localMachine root",00000000,00000000,00000000,00000000,00000000,7ed14c48 L"C:\",0033f6cc,0033f6bc) ret=7eca07ed .... 0034:Call KERNEL32.__wine_kernel_init() ret=7bc6b5d4 002e:Ret KERNEL32.CreateProcessW() retval=00000001 ret=7eca07ed ... 0034:Starting process L"C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\certmgr.exe" (entryproc=0x1008320) ... 0034:Call KERNEL32.CreateFileW(001155fa L"C:\Program Files\Cisco Systems\Cisco IP Communicator\CDP\CDPcredentials.spc",80000000,00000001,00000000,00000004,00000080,00000000) ret=7ebb050b 0034:Ret KERNEL32.CreateFileW() retval=00000058 ret=7ebb050b .... 0034:Ret crypt32.CertAddCertificateContextToStore() retval=00000001 ret=01003aee 0034:Call crypt32.CertEnumCertificatesInStore(00155a68,00152d94) ret=01003adb 0034:Ret crypt32.CertEnumCertificatesInStore() retval=00153c9c ret=01003adb 0034:Call crypt32.CertAddCertificateContextToStore(00155ab8,00153c9c,00000003,00000000) ret=01003aee ... 0034:Ret crypt32.CertAddCertificateContextToStore() retval=00000001 ret=01003aee 0034:Call crypt32.CertEnumCertificatesInStore(00155a68,00153c9c) ret=01003adb 0034:Ret crypt32.CertEnumCertificatesInStore() retval=00000000 ret=01003adb 0034:Call crypt32.CertGetCRLFromStore(00155a68,00000000,00000000,0033fd24) ret=01003b41 0034:Ret crypt32.CertGetCRLFromStore() retval=00000000 ret=01003b41 0034:Call crypt32.CertEnumCTLsInStore(00155a68,00000000) ret=01003b0a 0034:Ret crypt32.CertEnumCTLsInStore() retval=00000000 ret=01003b0a 0034:Call crypt32.CertOpenStore(0000000a,00010001,00000000,00020000,001156b8) ret=0100372c 0034:Call KERNEL32.lstrcmpiW(001156b8 L"root",7ebe2c16 L"Root") ret=7ebcf485 0034:Ret KERNEL32.lstrcmpiW() retval=00000000 ret=7ebcf485 ... 0034:Ret crypt32.CertOpenStore() retval=0020de30 ret=0100372c 0034:Call crypt32.CertEnumCertificatesInStore(00155ab8,00000000) ret=01003adb 0034:Ret crypt32.CertEnumCertificatesInStore() retval=001560fc ret=01003adb 0034:Call crypt32.CertAddCertificateContextToStore(0020de30,001560fc,00000003,00000000) ret=01003aee ... 0034:Ret crypt32.CertAddCertificateContextToStore() retval=00000000 ret=01003aee 0034:Call crypt32.CertFreeCertificateContext(001560fc) ret=01003b78 0034:Ret crypt32.CertFreeCertificateContext() retval=00000001 ret=01003b78 0034:Call user32.LoadStringW(01000000,000017c7,0100a6b8,00000200) ret=010086bf 0034:Ret user32.LoadStringW() retval=0000002f ret=010086bf 0034:Call msvcrt.vwprintf(0100a6b8 L"Error: Failed to save to the destination store\n",0033fd28) ret=01008800 ... 0034:Ret msvcrt.vwprintf() retval=0000002f ret=01008800 0034:Call crypt32.CertCloseStore(0020de30,00000000) ret=0100376d ... 0034:Ret crypt32.CertCloseStore() retval=00000001 ret=01001a03 0034:Call msvcrt.exit(ffffffff) ret=0100842c ... 0034:Call KERNEL32.ExitProcess(ffffffff) ret=7ecfaeca ... 0034:Call KERNEL32.WriteFile(00000010,00342360,00000070,0033f88c,00000000) ret=7ed03155 Error: Failed to save to the destination store Error: Failed to save to the destination store CertMgr Failed 0034:Ret KERNEL32.WriteFile() retval=00000001 ret=7ed03155 ... 002e:err:msi:ITERATE_Actions Execution halted, action L"AddCertsRoot.7A023C9A_603E_41F5_8E96_FA2CB0894D3E" returned 1627 ... 002e:trace:msi:MSI_ProcessMessage (nil) (nil) (nil) 0 10 L"Action ended 14:41:38: ExecuteAction. Return value 1627." ... 002e:warn:msi:MSI_InstallPackage installation failed, running rollback script 002e:trace:msi:execute_script executing script 2 ... --- snip ---

To support this feature, Wine would need to maintain certificate stores in registry just as Windows does.

The system certificates are stored as BLOBs in the registry.

'HKLM\Software\Microsoft\SystemCertificates' 'HKCU\Software\Microsoft\SystemCertificates'

$ du -sh CiscoIPCommunicatorSetup.msi 32M CiscoIPCommunicatorSetup.msi

$ sha1sum CiscoIPCommunicatorSetup.msi 0d08b1c6f18953e3b1fe69f2e3f26cb7450bb033 CiscoIPCommunicatorSetup.msi

$ wine --version wine-1.7.49-41-g36a39ce

Regards

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

14 Oct 14 Oct

9:51 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

donanykey@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |donanykey@gmail.com

--- Comment #17 from donanykey@gmail.com --- Hi Anastasius,

To support this feature, Wine would need to maintain certificate stores in registry just as Windows does.

Wine does support certificates in memory, and uses it by default, but treats HKLM\Root as a special case to import system (linux in my case) certificates.

Whenever the line doing this with CRYPT_RootOpenStore at CRYPT_SysRegOpenStoreW() is commented, it starts using registry and allows this app to install. I was able to configure playback with terrible sound (probably a separate problem) and saw the phone-alike window.

Although adding system root certificates makes sense, it could be added to the wine registry with RW rights for an app without a problem with small change (once or each time on crypt load). Not sure what is a proper way, if any wine developer listens this, please let me know, I could handle that

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:55 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

--- Comment #18 from donanykey@gmail.com --- Please read "Wine does support certificates in REGISTRY" in my previous comment

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

18 Oct 18 Oct

1:22 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

--- Comment #19 from donanykey@gmail.com --- The fix for the bug was submitted: https://source.winehq.org/patches/data/127163

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10 Nov 10 Nov

8:54 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

--- Comment #20 from donanykey@gmail.com --- All patches are available by 1.9.22. I can confirm installation working on clean win32 prefix, and Cisco certificates are properly loaded into HKLM\Root store.

I was able to proceed in application, putting some fake values in fields like TFTP to not stack on registration (so actual calls, services, etc are not available) up to the main screen. The audio wizard reflects the sound is not good, you might want to test wine-staging if it is better there.

I think this bug could be closed

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

9:19 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

fjfrackiewicz@gmail.com changed:

What |Removed |Added ---------------------------------------------------------------------------- CC| |fjfrackiewicz@gmail.com

--- Comment #21 from fjfrackiewicz@gmail.com --- (In reply to donanykey from comment #20)

All patches are available by 1.9.22. I can confirm installation working on clean win32 prefix, and Cisco certificates are properly loaded into HKLM\Root store.

I was able to proceed in application, putting some fake values in fields like TFTP to not stack on registration (so actual calls, services, etc are not available) up to the main screen. The audio wizard reflects the sound is not good, you might want to test wine-staging if it is better there.

I think this bug could be closed

Can you link the patches that fix the issue in this bug report?

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

10:32 a.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

http://source.winehq.org/git/wine.git/commit/c2b0dfd73d15e51c14960007336d004...

--- Comment #22 from donanykey@gmail.com --- Fix

Tests http://source.winehq.org/git/wine.git/commit/30164ea3e8d42a6afa21e40f8886e64...

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

12:01 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )

Bruno Jesus 00cpxxx@gmail.com changed:

--- Comment #23 from Bruno Jesus 00cpxxx@gmail.com --- (In reply to donanykey from comment #22)

Fix

http://source.winehq.org/git/wine.git/commit/ c2b0dfd73d15e51c14960007336d004dccf01444

Resolving as fixed then, thanks =)

-- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.

wine-bugs＠winehq.org

11 Nov 11 Nov

5:18 p.m.

New subject: [Bug 30187] Cisco IP Communicator 7.0.4.0 installation fails (Cisco ' certmgr.exe' tool fails to install certificate to the system-wide trusted certificate store )