It's not a bug obviously but it's time sensitive as the current certificate expires in 3 weeks. It's not just a certificate replacement as it's not possible anymore to get a Code Signing certificate with a private key bundled. Private keys now have to be stored in an HSM*.
Our new certificate is thus now using a Cloud Signing solution (we dont have the private key).
⚠️ IMPORTANT ⚠️: We have a quota of cloud signs and we decided that we'd only sign releases (AFAIK kiwix-desktop only signs release ATM).
AFAIK, only kiwix-desktop is signed and kiwix-tools are not.
I see that currently, this is still in Appveyor (package_kiwix-desktop.sh) which runs on Windows. I'd recommend to use the second method and download the windows version of CodeSignTool. It bundles a JDK and just requires setting CODE_SIGN_TOOL_PATH environ to its folder then launch it via CodeSignTool.bat
It's not a bug obviously but it's time sensitive as the current certificate expires in 3 weeks. It's not just a certificate replacement as it's not possible anymore to get a Code Signing certificate with a private key bundled. Private keys now have to be stored in an HSM*. Our new certificate is thus now using a Cloud Signing solution (we dont have the private key).
All the details are available at https://github.com/kiwix/overview/wiki/Cloud-Code-Signing-(Windows)
⚠️ IMPORTANT ⚠️: We have a quota of cloud signs and we decided that we'd only sign releases (AFAIK kiwix-desktop only signs release ATM).
AFAIK, only kiwix-desktop is signed and kiwix-tools are not.
I see that currently, this is still in Appveyor (
package_kiwix-desktop.sh
) which runs on Windows. I'd recommend to use the second method and download the windows version of CodeSignTool. It bundles a JDK and just requires settingCODE_SIGN_TOOL_PATH
environ to its folder then launch it viaCodeSignTool.bat
Please let me know if I can be of any assistance