nikku
commented
2 months ago As part of this change we want to migrate the certificate handling over to vault (cf. https://github.com/bpmn-io/internal-docs/issues/802).
Open marstamm opened 2 months ago
nikku
commented
2 months ago As part of this change we want to migrate the certificate handling over to vault (cf. https://github.com/bpmn-io/internal-docs/issues/802).
nikku
commented
2 months ago Reached out to internally (IT) for further investigation.
nikku
commented
2 months ago Shared updated certificate with @marstamm; you should now be unblocked to work on this issue.
nikku
commented
2 months ago Cross-posting my assessment (yesterday) here:
Status update (quick check with Tim):
There is new restrictions to work with code signing certificates, effectively enabled with June 1, 2023 Code signing can only happen via dedicated signing APIs (similar to MacOS notarization) > and/or via hardware tokens
- We ordered a hardware token which is not usable for our cases (CI/CD-based code signing)
- We need to investigate (ref) how to do signing on our CI using the newly enforced restrictions
Let's look into the linked material as well as the electron builder docs to figure out what we need to change. At the moment I see the next release slightly at risk, but then again it is just a minor we can skip or postpone (for Windows).
marstamm
commented
2 months ago Summary update from internal Slack:
marstamm
commented
2 months ago [Update] We disabled Code signing on Windows for now. @philippfromme has the physical token for backup signing. DigiCert purchase is still in progress
What should we do?
Update our Certificates we use to sign the application during the build process. The windows certs expired on Apr 11.
cf. https://github.com/camunda/camunda-modeler/actions/runs/8681071392
Why should we do it?
To ensure we can release the camunda modeler on windows