| Thread overview | ||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
August 13, 2018 Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 | As a few of you might have noticed, we bought a Code Signing Certificate a few days ago and while we're still investigating on how to integrate the code signing best into the release process, I thought a share a first preview of signed DMD binaries with you. So I semi-officially repacked 2.081.2 and signed the released binaries and libraries: http://files.wilzba.ch/dlang/releases > sha256sum dmd.2.081.2.windows.7z 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 dmd.2.081.2.windows.7z In the future, the official releases will come with signed binaries, but as there are a few people running into troubles with their company software policy or virus scanner, I thought I share this semi-official release with you. Feedback is welcome ;-) | |||
Permalink
ReplyAugust 13, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Seb | On 2018-08-13 20:48, Seb wrote: > As a few of you might have noticed, we bought a Code Signing Certificate a few days ago and while we're still investigating on how to integrate the code signing best into the release process, I thought a share a first preview of signed DMD binaries with you. > > So I semi-officially repacked 2.081.2 and signed the released binaries and libraries: > > http://files.wilzba.ch/dlang/releases > >> sha256sum dmd.2.081.2.windows.7z > 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 dmd.2.081.2.windows.7z > > In the future, the official releases will come with signed binaries, but as there are a few people running into troubles with their company software policy or virus scanner, I thought I share this semi-official release with you. > > Feedback is welcome ;-) Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. -- /Jacob Carlborg | |||
August 13, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Seb | On 8/13/2018 11:48 AM, Seb wrote:
> Feedback is welcome ;-)
Thank you!
| |||
August 14, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Seb | On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote: > Feedback is welcome ;-) Thanks a lot for doing this. Honestly, I think this small change, if we can keep it maintained, will make a significant impact in users' perception of D. I don't think the issue is actually with the DMD executables, but with the DMD installer package. I'm speaking somewhat in ignorance here, but I think what's most important is to sign the installer package. I asked about what installer packaging software we are using (InstallShield, InnoSetup, etc...) at https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a response. When you try to run the installer on a recent Windows machine, you see this (https://cdn1.tekrevue.com/wp-content/uploads/2017/09/windows-protected-your-pc.jpg). That is what's scaring people. User's have to click the "More info" link, and then a "Run anyway" button appears (https://www.autoitscript.com/site/wp-content/uploads/2018/01/SmartScreen_Windows_Protected_Your_PC_Run_Anyway.png) So, I think the solution is to sign the installer package. I've never done that before, but a quick search on the Internet yielded: http://www.samlogic.net/visual-installer/tips/tips-pages/code-sign-setup-package/code-sign-setup-package.htm https://learn.adafruit.com/how-to-sign-windows-drivers-installer/making-an-installer#sign-the-installer-5-28 I don't think that will solve the virus problem, but it should at least remove the scary *Windows is protecting you* popup message. For the virus problem, it would be helpful to know what software we are using to create the installer package. Is it legit? Mike | |||
August 14, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Mike Franklin | On 14/08/2018 12:58 PM, Mike Franklin wrote: > I don't think the issue is actually with the DMD executables, but with the DMD installer package. I'm speaking somewhat in ignorance here, but I think what's most important is to sign the installer package. I asked about what installer packaging software we are using (InstallShield, InnoSetup, etc...) at https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a response. https://github.com/dlang/installer/tree/master/windows NSIS so yes fairly standard. And no, there are popups that can happen because it isn't signed/trusted. So we should sign everything that we can. | |||
August 14, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Seb | > Feedback is welcome ;-)
The latest DMD installer seems not to be flaged by Kaspersky Antivirus, thanks!
| |||
August 14, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Jacob Carlborg | On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote:
> Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer.
Can't you just usually right-click the file and select "Open" which enables something like the "Open anyway" option to be displayed (usually not visible when just double clicking the file...)?
| |||
August 15, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Timoses | On 15/08/2018 2:14 AM, Timoses wrote:
> On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote:
>> Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer.
>
> Can't you just usually right-click the file and select "Open" which enables something like the "Open anyway" option to be displayed (usually not visible when just double clicking the file...)?
Only after you have disabled said check.
| |||
August 14, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Jacob Carlborg | On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: > Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. Yes, the certificate allows signing binaries for OSX too. However, as we still haven't fully figured out how to integrate the binary signing for Windows in the release process (and this can be done on Linux) and OSX binary signing can only be done on OSX AFAICT, this might take a bit until it gets integrated. Also I think Martin is the only one who currently has the VirtualBox image for OSX setup which is required by the create_dmd_release build tool. In case someone wants to have a look, the relevant steps happen/should happen here: https://github.com/dlang/installer/blob/master/create_dmd_release/build_all.d#L329 | |||
August 14, 2018 Re: Signed DMD binaries | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Seb | On Tuesday, 14 August 2018 at 14:42:54 UTC, Seb wrote: > On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote: >> Any plans for doing the same thing for the installer on macOS? It complains that it's from an unidentified developer and forces the user to go into System Preferences and reopen the installer. > > Yes, the certificate allows signing binaries for OSX too. On macOS the certificate needs to be obtained from Apple through the developer program [1]. [1] https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW30 — /Jacob Carlborg | |||
Copyright © 1999-2021 by the D Language Foundation