CHEF-5815: Update signing of all msi packages with new cli tool - `smctl` - Githubissues

chef / omnibus

Easily create full-stack installers for your project across a variety of platforms.

Apache License 2.0

1.29k stars 296 forks source link

CHEF-5815: Update signing of all msi packages with new cli tool - `smctl` #1128

Closed ahasunos closed 11 months ago

ahasunos commented 1 year ago

Description

This PR attempts at making changes to the cli tool used for signing the msi packages.

The main reason for this change is that all Code Signing EV certificates must now have a HSM to store their private keys.

https://cabforum.org/baseline-requirements-code-signing/

https://knowledge.digicert.com/alerts/code-signings-new-private-key-storage-requirement.html

Maintainers

Please ensure that you check for:

[ ] If this change impacts git cache validity, it bumps the git cache serial number
[ ] If this change impacts compatibility with omnibus-software, the corresponding change is reviewed and there is a release plan
[ ] If this change impacts compatibility with the omnibus cookbook, the corresponding change is reviewed and there is a release plan

sonarcloud[bot] commented 12 months ago

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
1 Code Smell

No Coverage information
0.0% Duplication