I installed 27.3.0 (x64 Windows) on one of the machines here today and noticed the initial installer security modal dialog box comes up with the publisher listed as "unknown".
But then I logged in to another user account on that machine afterwards and the publisher is listed as Marcus Straver as expected if I launch the installer from that account. (both have admin rights)
Anyone know why it might not have displayed the proper publisher the first time? Different UAC settings on each account?
Strange..
Code signing (Windows installer)
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Re: Code signing (Windows installer)
I post that in past too.
Only the update is correctly signed.
The normal installer have a sig included too but dont show the publisher info on execution
Only the update is correctly signed.
The normal installer have a sig included too but dont show the publisher info on execution
Re: Code signing (Windows installer)
And I explained in the past already why this is. The actual setup.exe is created on-the-fly as part of the installer packaging process, and as such isn't code-signed before put into the (otherwise signed) installer. I haven't had the opportunity to figure out how to interrupt that process to code-sign setup.exe
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Code signing (Windows installer)
We would need to devise a method that is an alt to Mozilla's Signing Server and Services. I need to know more about how you sign binaries now then a solution can be devised.
Re: Code signing (Windows installer)
Code signing is done by hand with a batch file run on built binaries for release builds.
mach build -> codesign -> mach package && mach installer
Code signing requires my IV certificate+private key and my password for it. Those will not leave my hands.
mach build -> codesign -> mach package && mach installer
Code signing requires my IV certificate+private key and my password for it. Those will not leave my hands.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Code signing (Windows installer)
Today i found that tool: https://www.kcsoftwares.com/?masscert
Maybe it helps you for binary signing?
Maybe it helps you for binary signing?
Re: Code signing (Windows installer)
No, we don't have an issue signing binaries and don't need a different tool. Signing itself is not an issue. Mozilla's way of creating the installer in the source is he issue here.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite