Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sign Windows binaries with a digital certificate #2279

Open
jackwotherspoon opened this issue Jul 23, 2024 · 1 comment
Open

Sign Windows binaries with a digital certificate #2279

jackwotherspoon opened this issue Jul 23, 2024 · 1 comment
Assignees
@jackwotherspoon
Labels
priority: p0 Highest priority. Critical issue. P0 implies highest priority. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@jackwotherspoon
Copy link
Collaborator

Supply chain security often requires binaries to be verified prior to use.

The current recommended way is to use the sha256 sums from the releases page to verify against the installed binary.

However, this may not be ideal for organizations looking to automate this process as the shasums will change release to release.

A separate solution for Windows would be to sign the binaries with a digital certificate that specifies the binary was signed and built by Google.
@jackwotherspoon jackwotherspoon added priority: p2 Moderately-important priority. Fix may not be included in next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. labels Jul 23, 2024
@jackwotherspoon jackwotherspoon self-assigned this Jul 23, 2024
@enocom
Copy link
Member

enocom commented Jul 23, 2024

Possibly helpful: https://stackoverflow.com/questions/252226/signing-a-windows-exe-file.

@jackwotherspoon jackwotherspoon added priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. and removed priority: p2 Moderately-important priority. Fix may not be included in next release. labels Aug 14, 2024
@jackwotherspoon jackwotherspoon added priority: p0 Highest priority. Critical issue. P0 implies highest priority. and removed priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. labels Aug 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jackwotherspoon jackwotherspoon

Labels
priority: p0 Highest priority. Critical issue. P0 implies highest priority. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@enocom @jackwotherspoon