New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Signing on Windows and macOS #203

Open
TimeDoctor opened this Issue Aug 8, 2016 · 4 comments

Comments

Projects
None yet
5 participants
@TimeDoctor
Member

TimeDoctor commented Aug 8, 2016

Modern operating systems that are protective of their user's data present error messages when our binaries are executed because we don't sign our code. This sucks for our users because they experience extreme friction that prevents them from playing Quake 3 and games based on Quake 3, and it will only get worse for applications that don't sign over time as new operating systems make it more difficult to workaround this security measure and run unsigned code. We should probably fix it on our end, though I would guess you can't do that entirely in public on github because you'd be including our keys for whatever signing authority, perhaps we could at least include some pieces of scaffolding for a future release to sign executables?

In some magical ideal world our test builds from Jenkins would even be code signed.

Apple has documentation for macOS here:
https://developer.apple.com/library/prerelease/content/documentation/Security/Conceptual/CodeSigningGuide/Introduction/Introduction.html

Which has very easy to read language to explain the situation:

Code signing is a security technology, used in OS X, that allows you to certify that an app was created by you. Once an app is signed, the system can detect any change to the app—whether the change is introduced accidentally or by malicious code.

I'm not immediately finding a good starting point for Windows' code signing, they probably have some marketing name I'm not immediately aware of, will look again when I get a chance.

@maxcrofts

This comment has been minimized.

maxcrofts commented Apr 8, 2017

Microsoft calls it Authenticode:
https://msdn.microsoft.com/en-us/library/windows/desktop/ee416211.aspx

The documentation has instructions for incorporating the signing process into a build system. Essentially signtool would have to be run by Jenkins as part of the build process in order for the test builds to be code signed.

@timangus

This comment has been minimized.

Member

timangus commented Apr 8, 2017

The hard part is getting a code certificate really. You need to be a legal entity in order to qualify for one. Also, they cost a couple of hundred $ a year, or thereabouts.

@adanski

This comment has been minimized.

adanski commented Apr 8, 2017

Certum used to offer free certificates for open source projects. Unfortunately, they do not do it anymore but their current offer sounds good too.

https://www.certum.eu/certum/cert,offer_en_open_source_cs.xml

@DavidLudwig

This comment has been minimized.

DavidLudwig commented Feb 4, 2018

I've done work with Apple code signing before. I might be able to help with that, at least a bit.

The hard part, in my experience, is setting up infrastructure to reliably sign new Apple-OS builds. That definitely includes maintaining certificates, however, that pain can be alleviated a bit (but not 100%) through use of calendar software, and perhaps some docs (enough to guide people through it).

There's also the issue of designating private-key ownership and distribution, and making sure it doesn't get posted to unwanted places, like, say, Github.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment