Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticode sign the PowerShell scripts and assemblies #501

Closed
ferventcoder opened this issue Dec 7, 2015 · 3 comments
Closed

Authenticode sign the PowerShell scripts and assemblies #501

ferventcoder opened this issue Dec 7, 2015 · 3 comments

Comments

@ferventcoder
Copy link
Member

One of the things we'll want to do for added security and for companies that need all scripts signed is to sign the PowerShell scripts.

https://groups.google.com/d/msgid/chocolatey/a476ca1e-85b0-4c53-816e-5621ef22ca9e%40googlegroups.com

@lboening
Copy link

👍 Yes, this is irritating.

@ferventcoder
Copy link
Member Author

@ferventcoder ferventcoder changed the title Sign the powershell scripts Sign the powershell scripts and assemblies Mar 25, 2016
ferventcoder added a commit that referenced this issue Mar 25, 2016
To provide trust and more security in choco, signing the assemblies
is a very important aspect. Sign assemblies and PowerShell files
during the build process just before packaging the files into
the Chocolatey package.

 - Sign all assemblies - choco.exe, chocolatey.dll and the shims.
 - Sign all the PowerShell files.
ferventcoder added a commit that referenced this issue Mar 25, 2016
* stable:
  (doc) update changelog/nuspec
  (GH-501) Sign Assemblies/PowerShell Files
  (build) formatting
  (build) fix windows powershell path
  (doc) add example gifs
  (GH-670) Search enhancements
  (GH-668) Search should sort by version desc
  (GH-412) Allow filtering subcommands by match
@ferventcoder
Copy link
Member Author

This is shipping in the latest beta for 0.9.10 in a few minutes

ferventcoder added a commit that referenced this issue Mar 25, 2016
ferventcoder added a commit that referenced this issue Mar 25, 2016
* stable:
  (GH-501) build fixes
ferventcoder added a commit to ferventcoder/choco that referenced this issue Mar 25, 2016
ferventcoder added a commit to ferventcoder/choco that referenced this issue Mar 25, 2016
* stable:
  (chocolateyGH-501) sudo fix the build
ferventcoder added a commit to ferventcoder/choco that referenced this issue Apr 9, 2016
When there is no network available shutting off code signing should be
available.
ferventcoder added a commit to ferventcoder/choco that referenced this issue Apr 9, 2016
* pr613-new:
  (chocolateyGH-501) allow shutting off sign when no network
  (chocolateyGH-448) Add Output Directory for choco new
ferventcoder added a commit to ferventcoder/choco that referenced this issue Apr 9, 2016
* stable:
  (chocolateyGH-501) allow shutting off sign when no network
  (chocolateyGH-448) Add Output Directory for choco new
  (maint) assume xml file is utf8
  (maint) formatting
  (chocolateyGH-258) Switch for only using silent args provided
  (chocolateyGH-682) Add summary log file
  (chocolateyGH-644) Add info command
  (chocolateyGH-646) Add detail/detailed for search/list
  (maint) template share location should be appropriate
  (build) add a run.codesign switch
@ferventcoder ferventcoder changed the title Sign the powershell scripts and assemblies Sign the PowerShell scripts and assemblies with a code certificate Apr 13, 2016
@ferventcoder ferventcoder changed the title Sign the PowerShell scripts and assemblies with a code certificate Authenticode sign the PowerShell scripts and assemblies Apr 15, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants