-
-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
27$: Sign pre-built executables #133
Comments
For macOS, I need an Apple developer account. This requires 2fac on my Apple ID, and I'm having trouble setting up 2fac. =\ |
For Windows, I don't think Microsoft has an option for them to notarize executables. Therefore, I'd need my own CA-signed certificate. Cheap certificates seem to be around 75$: https://cheapcodesign.com/codesigning/authenti-codesigning |
One use case for code signing on all platforms: editor plugins can verify that |
macOSmacOS code signing ( WindowsWindows code signing ( LinuxLinux has no de-facto executable signing. Separate PGP signatures are common. We don't need the signature to be embedded into the executable. For embedded signatures, there are several options, including:
(I didn't audit these solutions.) |
Goal: Allow Vim plugin to use Problem: Any npm package can create LinuxSolution: Sign quick-lint-js with GnuPG. Have the Vim plugin verify the signature. The Vim plugin contains the public key. macOSSolution: Sign with WindowsSolution: Sign with Authenticode. Verify in Vim plugin. |
|
I think that |
macOS
I did get
(For some reason, I need a .cer, not a .p12, for file-based verification.) |
macOSI finally have a patch which makes CI sign executables. However, I don't know how to make the signing secure (e.g. only for |
Perhaps we should sign during the build->release copy. That would fix security problems. But it would mean we're not testing signing on CI. (Maybe we could use a testing cert on CI?) |
In commit 795efd9, I implemented a build post-processing tool which invokes Apple's |
Commit 67358b9 added signing for Windows .exe-s and .dll-s. |
Commit 4158540 added signing for Linux executables and DSOs. |
Digitally sign the Windows and macOS executables we ship on npm.
The text was updated successfully, but these errors were encountered: