Cases that raise a STOP condition

The AVM always validates the integrity of signed archive files when it loads them by verifying the signature information, which guarantees that the manifest and signature related information have not been tampered with. The AVM raises a STOP condition with a specific error message (that is, a Progress.Lang.StopError) if the validation fails, as the contents of the signed archive file cannot be trusted. Some cases which raise Progress.Lang.StopError include:
  • If the signed archive fails validation
  • If the signed archive contains more than one signature file
  • If the signature file contains an entry for a file that does not exist in the archive file
  • If a file has been added or removed from the archive after it has been signed
  • If the archive file is compressed and you try to execute an r-code file or load an image file from it

Enable logging

For diagnostic purposes, you can turn on logging to see various log messages related to archive libraries. These logs can be helpful when troubleshooting problems. Log messages are provided related to the validation of signed archive files and the file entries in them.

To enable logging you set the logging level, log entry type (Sec.Rcode), and log file name. The Sec.Rcode log entry type provides information at the following logging levels:
  • Level 2 (Basic) — Logs messages about values that are missing or incorrect in the manifest file during archive file validation. Attributes validated at this level include: Implementation-Title, Implementation-Vendor, Signature-Policy, Validation-Policy, Package-Type, and Build-Date.
  • Level 3 (Verbose) — Logs messages about values that are missing or invalid from attributes in the manifest file during archive file validation. Attributes validated at this level include: Component-Name, Implementation-Version, OpenEdge-version, and Build-OS.
  • Level 4 (Extended) — Logs messages for a successful file entry validation.
To enable logging, specify these startup parameters:
  • -logginglevel n

    (where n is the desired logging level (for example, 2, 3, or 4))

  • -logentrytypes Sec.Rcode
  • -clientlog logfilename
For general OpenEdge logging information, see Logging in OpenEdge in Troubleshoot ABL Applications.
Examples of Sec.Rcode log messages (with headers suppressed) are shown:
2 4GL SEC.RCODE      The manifest file is missing the vendor attribute.
2 4GL SEC.RCODE      'hwnmv.apl' implementation-vendor attribute may not be blank.
2 4GL SEC.RCODE      'hwnbd.apl' has an invalid build-date attribute: BOBSYOURUNCLE
2 4GL SEC.RCODE      'hwnbpt.apl' package-type must be apl
2 4GL SEC.RCODE      'hwnbsp.apl' has an invalid signature-policy attribute: foo
2 4GL SEC.RCODE      'hwnbvp.apl' has an invalid validation-policy attribute: foo
2 4GL SEC.RCODE      'hwn.apl' has an invalid build-date attribute: 10-6-2022

3 4GL SEC.RCODE      'hwn.apl' build-OS attribute is not set with "windows," "unix," nor "all."
3 4GL SEC.RCODE      'hwn.apl' component-name attribute is blank.
3 4GL SEC.RCODE      'hwn2mic.apl' is missing the component-name attribute.

4 4GL SEC.RCODE      'hwnma.apl' manifest-version attribute provided: 1.0
4 4GL SEC.RCODE      'hwnma.apl' implementation-title attribute provided: HW
4 4GL SEC.RCODE      'hwnma.apl' implementation-version attribute provided: 1.0
4 4GL SEC.RCODE      'hwnma.apl' implementation-vendor ID attribute provided: 111
4 4GL SEC.RCODE      'hwnma.apl' component-name attribute provided: hwnma.apl
4 4GL SEC.RCODE      'hwnma.apl' package-type attribute provided: apl
4 4GL SEC.RCODE      'hwnma.apl' signature-policy attribute provided: open
4 4GL SEC.RCODE      'hwnma.apl' validation-policy attribute provided: none
4 4GL SEC.RCODE      'hwnma.apl' build-OS attribute provided: all
4 4GL SEC.RCODE      'hwnma.apl' build-date attribute provided: 2022-08-15T19:14:38.897-04:00
4 4GL SEC.RCODE      'hwnma.apl' OpenEdge-tool attribute provided: propack v1.00 (MSWin32)
4 4GL SEC.RCODE      'hwnma.apl' OpenEdge-version attribute provided: 12.6ALPHA
4 4GL SEC.RCODE      'hwnma.apl' created-by attribute provided: 17.0.3 (Eclipse Adoptium)