-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Code Signing Certificate Request: Silk.NET #147
Comments
Trade name registration submitted this morning |
Hi @Perksey Sorry for the long delay. There were some hiccups with DigiCert due to some baseline requirements changing. We have the certificate up and configured. Can you please set up with LastPass and I can share the credentials with you? |
No worries! LastPass account created, let me know if you need me to do anything else. |
Just shared the folder with the credentials. There's a sample pipeline here: https://github.com/novotnyllc/CodeSigningDemo |
Brill, thanks! |
Once you have your Pipeline configured, please add |
Hi Claire, Is there any way to achieve this without adding Currently we use an organisation API key to push our packages which has rights to use our reserved prefix, and there's no NuGet REST API to add an owner to a package programmatically. Given that our library sources are mostly generated (monthly), it would mean that we'd have to manually go through our packages (in case the generator has created new ones) and add the org as an owner - something that could be time consuming given it can't be automated. Could we add the certificate to our own organisation, and perhaps add a .NET Foundation account as one of the owners of the |
Will reopen until the above is resolved. |
The foundation requires co-ownership in NuGet regardless. Once a package has |
More than happy with the foundation having ownership of the packages, but from a practicality standpoint we have 163 NuGet packages so any ownership modification would ideally be at the organisation level (i.e. giving a foundation-owned account ownership of the Given that NuGet has no public API endpoints for modifying package ownership, any individual package-level ownership modifications would take a very long time given we have 163 of them! I'm fine with having to update the certificate on our organisation too (less seamless of course) but I understand that the foundation needs ownership for administration purposes as well. Is there an equivalent of the |
I agree that 163 packages is a lot, and it's equally painful on the accepting side.... I can start an email thread with the NuGet team to see what they can do. We don't have individual accounts like that as that's generally an anti-pattern and not the best for security. We do need ownership for admin and project continuity purposes as well, though it'd be extreme circumstances that we'd expect to need it. |
That'd be great, thanks! |
As a short term workaround (as per the email thread), you can save the cert as a DER-encoded .cer file and then register that on the account you're currently using. That'll let you publish the signed packages. |
Will keep this issue open until we do manage to get the package ownership transferred, but will use that workaround in the meantime. Thanks! |
Hi, @Perksey I know it took much longer than expected to address the package ownership issues on NuGet. Now that it's resolved, how is this coming; are you all set here, can we close this issue? |
Yep, now that’s solved this can be closed off - forgot to update this issue, sorry! Thanks for all of your help :) |
Follow up from #115:
Please fill in the information below
Certificate onboarding checklist:
The text was updated successfully, but these errors were encountered: