Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Windows signing #384

Open
lidel opened this issue Aug 9, 2021 · 1 comment
Open

Windows signing #384

lidel opened this issue Aug 9, 2021 · 1 comment
Labels
dif/expert Extensive knowledge (implications, ramifications) required effort/days Estimated to take multiple days, but less than a week kind/maintenance Work required to avoid breaking changes or harm to project's status quo P3 Low: Not priority right now status/ready Ready to be worked

Comments

@lidel
Copy link
Member

lidel commented Aug 9, 2021
edited

Problem

Lack of signing on Windows means that when a binary is run for the first time and tries to access networking it gets Windows Defender Firewall warning with "Publisher: Unknown":

image
Screenshot from dev instance in Brave (without signing done by Brave, to illustrate the problem)

My guess is that over time, MS Windows will get more and more strict, just like macOS did in recent years.

Solution: sign windows binaries

  • ipfs-desktop has some signing keys set up, but I am not sure how reusable those are (TBD if we need to generate unique pair for each package, or can sign everything with the same pair)
  • We moved build to CI and introduced macOS signing in feat: macos signing and notarization  #367, which makes things easier:
    • Adding sign-windows job after sign-macos (sequentially) should be easy and fast enough
      (we can parallelize them if needed, but given how long macos signing takes, the difference will be minimal)
@lidel lidel added P3 Low: Not priority right now kind/maintenance Work required to avoid breaking changes or harm to project's status quo dif/expert Extensive knowledge (implications, ramifications) required effort/days Estimated to take multiple days, but less than a week status/ready Ready to be worked labels Aug 9, 2021
@lidel lidel mentioned this issue Feb 17, 2022
Closed
14 tasks
@lidel
Copy link
Member Author

lidel commented Mar 4, 2022

I've added WINDOWS_CERTS to this repo, remaining work is to use them :^)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dif/expert Extensive knowledge (implications, ramifications) required effort/days Estimated to take multiple days, but less than a week kind/maintenance Work required to avoid breaking changes or harm to project's status quo P3 Low: Not priority right now status/ready Ready to be worked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lidel