Add code signing to the Windows MSI package command #366
Comments
freakboy3742
added
enhancement
|
I wanted to start tackling this issue, but then I realized that in order to validate that this is working I need to get a code signing certificate, which costs money. Do you have a certificate I can use for testing? or a dummy certificate that I could use? |
|
We don't; but if you need one, I can cover the cost. Let me know what you need/where to get it, and I can sort it out for you. That said: most certificate handling code has an option for "self signed" certificates. The cost comes when you want an external party to validate that the certificate is valid, but you can usually generate a certificate that will be valid for the purposes of "being a certificate". This is (or was, before LetsEncrypt) a common approach for testing HTTPS webservers - you can generate a self-signed certificate, but the certificate doesn't have a trust chain, which is what actually provides the security. Is there as "self signed" testing option for Windows app signing? This page would seem to suggest there might be. |
|
I never used code signing before, so I'm not familiar with the specifics of how it is done, but if you say I can use self-signed certificates, that would be more than enough by now for development. Once we finish, maybe we should consider trying out a "real" certificate on one of our BeeWare-based programs (Maybe Cricket for example). I'll let you know how its's going :) |
|
I just stumbled across this and was hyped until I found you also didn't solve signing yet 😄 ... Just fyi: I once dug into it a little and saw that Certum is offering a rather cheap Open-Source certificate. Everything else seems WAY to much for a hobby project. |
|
@ewerybody Thanks for the link. The cost isn't a huge impediment; thanks to some very generous sponsors, we have a small income stream to offset expenses like this. That said, cheap is always nice... :-) |
|
This was resolved by #890, released in Briefcase 0.3.14. |
MSI installers can be code signed so that users don't get the "unknown publisher" warning when installing your app.
This blog post seems to cover the steps involved in signing an MSI file; it may be helpful in building a solution.
The
--no-signcommand line option used on the macOS package command should be mirrored here.The text was updated successfully, but these errors were encountered: