Oops; I had meant to reply to this sooner. I just saw this unfinished reply in an open browser tab.
Both p3dcert and certlist are compiled as packages and uploaded to the runtime host. In order to use your version of certlist, you need your own version of nppanda3d.dll that’s hard-coded to point to the runtime host containing your version of certlist.
In order to add a custom certificate to certlist package, edit direct/src/p3d/coreapi.pdef and look for “class certlist”.
I’ve changed cerlist class like this:
class certlist(package):
# This package holds any certificates that should be considered
# pre-approved by the plugin vendor. If you build and host your
# own version of the Panda3D plugin, you can add your own
# certificates to this list. The certificates in this package
# will be assumed to have been approved by the user when he/she
# installed the plugin.
# They should be PEM-encoded and their filenames must end in the
# ".pem" or ".crt" extension, and they should be added with the
# extract = True flag so they will be extracted to disk.
file('mycert.pem', extract=True)And then i’ve rebuilt runtime and plugin with no error, then i’ve re-installed them. finally i’ve used new packp3d with mycert.pem to produce my pack, but it is still asking for certification approval. maybe i’ve put mycert.pem in the wrong place.
Can you verify in certlist/certlist.xml in your host directory that it does indeed exist? Mine looks like this:
<package name="certlist" per_platform="1" seq="17">
<uncompressed_archive filename="certlist.mf" size="1279" timestamp="1427570654" hash="63ce2a4bdcd1b52d0d5c378d4f45cd90"/>
<compressed_archive filename="certlist.mf.pz" size="966" timestamp="1427570654" hash="d275bbacdba0ff8211f5488d069a65ec"/>
<extract filename="cert.pem" size="1229" timestamp="1427570653" hash="7cb30c2103dddb9c01366047ba666420"/>
</package>If it’s missing when regenerating certlist package, the error can be rather subtle, like when I put it in the wrong directory I only get a warning:
built_rdb/stage/ppackage1.9.p3d -i built_rdb/stage direct/src/p3d/coreapi.pdef certlist
:AppRunner: Total Panda3D disk space used: 131 MB
:AppRunner: Configured max usage is: 2048 MB
:Packager: Reading direct/src/p3d/coreapi.pdef
:Packager(warning): No such file: cert.pem
Generating certlist/certlist.mf
:AppRunner: Normal exit.I just tested the whole process and it works fine for me.
Generating the self-signed cert:
openssl genrsa 1024 > mycert.pem
openssl req -new -x509 -nodes -sha1 -days 365 -key mycert.pem >> mycert.pemEditing direct/src/p3d/coreapi.pdef:
class certlist(package):
file("mycert.pem", extract=True, required=True)Note: it’s searched in the current directory, not in direct/src/p3d. Adding required=True makes ppackage yell slightly louder when it’s missing.
Selectively regenerating certlist package:
built_rdb/stage/ppackage1.9.p3d -i built_rdb/stage direct/src/p3d/coreapi.pdef certlist(Point -i at the location of your runtime host - I run my host directly out of the stage directory)
Packing a signed sample:
cd samples/asteroids
../../built_rdb/stage/packp3d1.9.p3d -o ../asteroids.p3d -S../../mycert.pemPurging my local cache:
rm -rf ~/.panda3d/Now running asteroids.p3d in a browser produces the green play button rather than the red one, and clicking it immediately shows the game without even downloading the cert dialog. (If I had set it to auto-start in the HTML, it would be starting automatically now.)
I put mycert.pem in right place and rebuilt…Now everything looks fine.
Thanks alot.
Update: I’ve included localization for p3dcert in the current 1.9 runtime distribution. 7 languages are currently supported.