search

AnEmortalKid / avocapture

A replay renaming overlay
3 stars 0 forks source link

Sign binary #18

Closed AnEmortalKid closed 2 years ago

AnEmortalKid commented 2 years ago

Increase executable trust by signing the binary with a code signing certificate

AnEmortalKid commented 2 years ago

https://www.electronjs.org/docs/latest/tutorial/code-signing

AnEmortalKid commented 2 years ago

This one was the cheapest https://www.ssl.com/certificates/code-signing/# for 129 a year

AnEmortalKid commented 2 years ago

Using envs https://stackoverflow.com/questions/67580218/can-i-use-environment-variables-in-electron-package-json-for-osx-notarize-creden

AnEmortalKid commented 2 years ago

https://headspring.com/2020/09/24/building-signing-and-publishing-electron-forge-applications-for-windows/ samples

AnEmortalKid commented 2 years ago

Test cert to check setup https://mmus.me/blog/certificates/

AnEmortalKid commented 2 years ago

Test cert with sign tool worked. Using the wrong password fails on build but end exe is not actually signed.

It actually did sign the setup.exe with the test certificate.

AnEmortalKid commented 2 years ago

Automation

https://docs.github.com/en/actions/security-guides/encrypted-secrets#storing-base64-binary-blobs-as-secrets

SSL Reqs

https://www.ssl.com/faqs/ssl-ov-validation-requirements/#ftoc-heading-3

AnEmortalKid commented 2 years ago

Completed yay!