-
Notifications
You must be signed in to change notification settings - Fork 132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows installer signing #549
Conversation
https://github.com/brimsec/brim/releases/download/refs%2Fheads%2Fwindows-signing/Brim-Setup.exe is a release asset reviewers may inspect. |
Open question for @alfred-landrum and @philrz : What do we want README-Windows.md to say? Feel free to push changes to this branch if you want. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This may be a pain, but could we use 'windows' instead of 'win32' as the prefix for the introduced variables & options? I think the original usage here stems from node's process.platform, which reports "win32" for any variant of windows.
I pulled the Brim-Setup.exe from this temporary release tag: and ran it on Windows 10. As we now know to expect, it still shows the SmartScreen dialogue* , but clicking on 'More Info' there shows The SmartScreen panel will come up until we've built up enough "reputation" with installs of the application, or usage of our AuthentiCode certificate, or our name in the subject info of the cert, according to what we've read. |
This reverts commit bda49d1.
I got a thumbs up from Phil on the windows readme I just pushed. |
Assuming a PFX base64-encoded password-protected certificate secret pair, sign a Windows installer release asset.
Usage is:
node scripts/release --win32 [--windowsCertificateFile <file> --windowsCertificatePassword <password>]
The stack for signing is as follows, and you can read more about the stack at the links provided.
scripts/release
The basic electron-winstaller method of signing requires file and password parameters. I've taken care to ensure the password is not printed upon either success or failure.
The release CI will produced a signed executable. Interested parties may view certificate details when examining the signed executable's properties.