Skip to content

Windows signing  #384

New issue
New issue
Open
Open
Windows signing #384
Labels
P3Low: Not priority right nowdif/expertExtensive knowledge (implications, ramifications) requiredeffort/daysEstimated to take multiple days, but less than a weekkind/maintenanceWork required to avoid breaking changes or harm to project's status quostatus/readyReady to be worked
@lidel

Description

@lidel
lidel
opened on Aug 9, 2021

Problem

Lack of signing on Windows means that when a binary is run for the first time and tries to access networking it gets Windows Defender Firewall warning with "Publisher: Unknown":

image
Screenshot from dev instance in Brave (without signing done by Brave, to illustrate the problem)

My guess is that over time, MS Windows will get more and more strict, just like macOS did in recent years.

Solution: sign windows binaries

  • ipfs-desktop has some signing keys set up, but I am not sure how reusable those are (TBD if we need to generate unique pair for each package, or can sign everything with the same pair)
  • We moved build to CI and introduced macOS signing in feat: macos signing and notarization  #367, which makes things easier:
    • Adding sign-windows job after sign-macos (sequentially) should be easy and fast enough
      (we can parallelize them if needed, but given how long macos signing takes, the difference will be minimal)

Metadata

Metadata

Assignees

No one assigned

    Labels

    P3Low: Not priority right nowdif/expertExtensive knowledge (implications, ramifications) requiredeffort/daysEstimated to take multiple days, but less than a weekkind/maintenanceWork required to avoid breaking changes or harm to project's status quostatus/readyReady to be worked

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions