Thread overview |
---|
June 27, 2018 Sign the installers | ||||
---|---|---|---|---|
| ||||
Hey people, So I had a few people in the office refuse to install DMD because when they launched the installer, Windows displayed the prompt that it was untrusted (ie, unsigned) and not offer the install button without manual override. True also for VisualD. Can we get a key and start signing the install packages? It would be super-cool to sign the 2.081 release since it's like, imminent ;) - Manu |
June 28, 2018 Re: Sign the installers | ||||
---|---|---|---|---|
| ||||
Posted in reply to Manu | On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
> Hey people,
>
> So I had a few people in the office refuse to install DMD because when
> they launched the installer, Windows displayed the prompt that it was
> untrusted (ie, unsigned) and not offer the install button without
> manual override.
> True also for VisualD.
>
> Can we get a key and start signing the install packages?
>
> It would be super-cool to sign the 2.081 release since it's like, imminent ;)
>
> - Manu
Also please add a sha1 or something like it
|
June 28, 2018 Re: Sign the installers | ||||
---|---|---|---|---|
| ||||
Posted in reply to Manu | On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote: > Hey people, > > So I had a few people in the office refuse to install DMD because when > they launched the installer, Windows displayed the prompt that it was > untrusted (ie, unsigned) and not offer the install button without > manual override. > True also for VisualD. > > Can we get a key and start signing the install packages? > > It would be super-cool to sign the 2.081 release since it's like, imminent ;) > > - Manu For the record, the releases are already signed: http://downloads.dlang.org/releases/2018/ dmd.2.080.1.windows.zip.sig dmd.2.080.1.windows.zip dmd.2.080.1.windows.7z.sig dmd.2.080.1.windows.7z Though I know that a PGP signature isn't what you are looking for ;-) |
June 28, 2018 Re: Sign the installers | ||||
---|---|---|---|---|
| ||||
Posted in reply to Seb | On Thursday, 28 June 2018 at 05:57:36 UTC, Seb wrote: > On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote: >> Hey people, >> >> So I had a few people in the office refuse to install DMD because when >> they launched the installer, Windows displayed the prompt that it was >> untrusted (ie, unsigned) and not offer the install button without >> manual override. >> True also for VisualD. >> >> Can we get a key and start signing the install packages? >> >> It would be super-cool to sign the 2.081 release since it's like, imminent ;) >> >> - Manu > > For the record, the releases are already signed: > > http://downloads.dlang.org/releases/2018/ > > dmd.2.080.1.windows.zip.sig > dmd.2.080.1.windows.zip > dmd.2.080.1.windows.7z.sig > dmd.2.080.1.windows.7z > > Though I know that a PGP signature isn't what you are looking for ;-) Yes it is not. What is needed is for the D Language Foundation to obtain a code signing certificate from a trusted by Microsoft certificate authority and then to sign each individual .exe and .dll part of official realease both in the .7z archive and then the .exe installer as a whole. See also: https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537361(v=vs.85) https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate |
June 28, 2018 Re: Sign the installers | ||||
---|---|---|---|---|
| ||||
Posted in reply to Manu | On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote: > Hey people, > > So I had a few people in the office refuse to install DMD because when > they launched the installer, Windows displayed the prompt that it was > untrusted (ie, unsigned) and not offer the install button without > manual override. > True also for VisualD. > > Can we get a key and start signing the install packages? > > It would be super-cool to sign the 2.081 release since it's like, imminent ;) > > - Manu This can be done easily, you need something like this on the Linux build server --- osslsigncode sign -pkcs12 dlang-cert.pkcs12.p12 -pass `cat dlang-cert.pkcs12.pwd` -n "Dlang installer" -i http://www.dlang.org/ -t http://timestamp.verisign.com/scripts/timstamp.dll -in ./org_setup.exe -out ./signed_setup.exe --- I think the SSL certificate can be used to create the pkcs12.p12 one used for signing. |
June 28, 2018 Re: Sign the installers | ||||
---|---|---|---|---|
| ||||
Posted in reply to Radu | On Thursday, 28 June 2018 at 07:35:13 UTC, Radu wrote: > On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote: >> [...] > > This can be done easily, you need something like this on the Linux build server > --- > osslsigncode sign -pkcs12 dlang-cert.pkcs12.p12 -pass `cat dlang-cert.pkcs12.pwd` -n "Dlang installer" -i http://www.dlang.org/ -t http://timestamp.verisign.com/scripts/timstamp.dll -in ./org_setup.exe -out ./signed_setup.exe > --- > > I think the SSL certificate can be used to create the pkcs12.p12 one used for signing. A more detailed read for the `osslsigncode` tool https://github.com/antoinevg/osslsigncode/blob/master/README |
Copyright © 1999-2021 by the D Language Foundation