Make build process for free code signing certificate automatic and transparent

[lilyremigia]

In order to use the free certificate, the build process has to be fully automated and integrated with SignPath.io, to ensure that the resulting binary results directly from the source code checked into the repository.

This would mean a basic CI/CD implementation. SignPath recommends AppVeyor.

As for how to setup AppVeyor with C/C++: https://www.appveyor.com/docs/lang/cpp/

[brliron]

Fixed in b44f7aff1952b4a8ae8208b4b400496dd466d553, 5 years ago

[lilyremigia]

1. I think signing shouldn't happen as part of post-build process, because not everyone has a certificate, not everyone should have a certificate, and local debug builds not necessarily should be certified.
2. SignPath wants to make sure between git clone, msbuild, and certification, nothing else is happening.

[lilyremigia]

Also, it won't be possible to break auto-updates, and we will have the possibility to setup a nightly release stream.

[brliron]

Also, it won't be possible to break auto-updates

Is that a challenge? We can find a whole lot of more creative ways to break them. x) I think the restructuring "oops we never tested the directory creation feature of our auto-updater" was already better than this.

[mokou]

I can look into setting AppVeyor up this week.

[lilyremigia]

See their general policy: https://github.com/SignPath/Website-old/blob/v2/src/drafts/oss_policy.md

Alternatively we could always just pay a monthly fee...