distributions icon indicating copy to clipboard operation
distributions copied to clipboard
verified publisher icon ipfs

Windows signing

Open lidel opened this issue 4 years ago • 1 comments

Problem

Lack of signing on Windows means that when a binary is run for the first time and tries to access networking it gets Windows Defender Firewall warning with "Publisher: Unknown":

image Screenshot from dev instance in Brave (without signing done by Brave, to illustrate the problem)

My guess is that over time, MS Windows will get more and more strict, just like macOS did in recent years.

Solution: sign windows binaries

  • ipfs-desktop has some signing keys set up, but I am not sure how reusable those are (TBD if we need to generate unique pair for each package, or can sign everything with the same pair)
  • We moved build to CI and introduced macOS signing in #367, which makes things easier:
    • Adding sign-windows job after sign-macos (sequentially) should be easy and fast enough (we can parallelize them if needed, but given how long macos signing takes, the difference will be minimal)

lidel avatar Aug 09 '21 17:08 lidel

I've added WINDOWS_CERTS to this repo, remaining work is to use them :^)

lidel avatar Mar 04 '22 23:03 lidel