Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add command for signing windows executables with the default code signing certificate #3772

Merged
merged 1 commit into from Dec 16, 2019

Conversation

@ripcurlx
Copy link
Member

ripcurlx commented Dec 10, 2019

Fixes #1952.

In my role as Bisq desktop maintainer and release manager I applied for a personal code signing certificate for DI(FH) Christoph Johann Atteneder (yes they wanted all academic titles and names included) at Sectigo (former Comodo). I applied for a code signing certificate which will expire on December 10th 2020.

Verification steps

To test the behavior of a signed Windows executable you'll actually need a Windows machine to do so.
For testing purpose I've created a signed version of our Windows installer for v1.2.4.
Executable: https://www.dropbox.com/s/ukrotb5neajgwwu/Bisq-1.2.4.exe?dl=0
Signature: https://www.dropbox.com/s/hasuwvch0lag7wx/Bisq-1.2.4.exe.asc?dl=0

…ning certificate
@ripcurlx ripcurlx requested a review from sqrrm as a code owner Dec 10, 2019
@ripcurlx ripcurlx requested a review from devinbileck Dec 10, 2019
@ripcurlx

This comment has been minimized.

Copy link
Member Author

ripcurlx commented Dec 10, 2019

@devinbileck Could you please verify if the behavior is now as expected for Windows OS?

@devinbileck

This comment has been minimized.

Copy link
Member

devinbileck commented Dec 11, 2019

Posting my results here.

I still get the smartscreen dialog, although it does show you as the publisher:
image

As mentioned here:

the SmartScreen will continue to warn about the application until the certificate develops a reputation. But it would display a valid publisher name instead of unknown publisher.

Although not required, programs signed by an EV code signing certificate* can immediately establish reputation with SmartScreen reputation services even if no prior reputation exists for that file or publisher. EV code signing certificates also have a unique identifier which makes it easier to maintain reputation across certificate renewals.

I am not sure if the EV certificate is worth the hassle, nor am I sure how long it would take to develop reputation with the standard certificate.

@sqrrm

This comment has been minimized.

Copy link
Member

sqrrm commented Dec 12, 2019

I don't feel well equipped to review this PR. @devinbileck could you do a proper review? Anyone else I can ask?

@ripcurlx

This comment has been minimized.

Copy link
Member Author

ripcurlx commented Dec 12, 2019

I am not sure if the EV certificate is worth the hassle, nor am I sure how long it would take to develop reputation with the standard certificate.

Besides being more expensive an EV certificate has stronger KYC requirements. I have to have a look how difficult it would be to get one based on the existing code certificate I already have.

Regarding reputation it seems you get it e.g. by getting signed applications installed. So I think maybe we could start with the current code signing certificate to see if it would gain enough reputation already after the next round of updates. @devinbileck What do you think?

@devinbileck

This comment has been minimized.

Copy link
Member

devinbileck commented Dec 13, 2019

So I think maybe we could start with the current code signing certificate to see if it would gain enough reputation already after the next round of updates.

Yes, that sounds good to me.

Copy link
Member

devinbileck left a comment

ACK

I am not able to test with a signing certificate, but when attempting to run the script without it, I encounter the following error and the script still completes.

SignTool Error: No certificates were found that met all the given criteria.

That seems reasonable to me. That way anyone can still run the script to generate an installer without requiring a signing certificate.

@sqrrm
sqrrm approved these changes Dec 16, 2019
Copy link
Member

sqrrm left a comment

utACK

@sqrrm sqrrm merged commit db6c13a into bisq-network:master Dec 16, 2019
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@ripcurlx ripcurlx added this to the v1.2.5 milestone Dec 17, 2019
@ripcurlx ripcurlx deleted the ripcurlx:add-windows-signing branch Dec 18, 2019
@sqrrm sqrrm mentioned this pull request Jan 13, 2020
@ripcurlx ripcurlx mentioned this pull request Jan 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.