search

lisongmechlab / lsml

Li Song Mech Lab
http://lisongmechlab.github.io/lsml/
GNU General Public License v3.0
42 stars 6 forks source link

Set up signing workflow for MSI installer #818

Closed LiSongMWO closed 10 months ago

LiSongMWO commented 1 year ago

LSML version: 2.1.0 Screen resolution: N/A Operating System: Windows 10+

To Reproduce Steps to reproduce the behavior:

  1. Open LSML installer

Actual result: Windows has protected your pc

Expected behavior A normal UAC prompt is shown instead.

Additional context This is caused by the MSI not being cryptographically signed. I'm not sure if selfsigning is OK or if a certificate has to be bought...

LiSongMWO commented 10 months ago

https://wixtoolset.org/docs/tools/signing/#:~:text=Signing%20Windows%20Installer%20packages%E2%80%8B,haven't%20been%20tampered%20with.

LiSongMWO commented 10 months ago

Based on https://security.stackexchange.com/questions/139347/smart-screen-filter-still-complains-despite-i-signed-the-executable-why even if the installer is signed by a key from a trusted CA, the Smart Screen prompt will still appear until the application has "enough installs worldwide to be deemed trusted", realistically this number is in the thousands that LSML will never reach. One can pay MS for "extended validation" to be immedieately trusted, "pay for trust" seems broken to me.

It seems like we're not getting rid of the smart screen warning. This is bullshit. Not worth the effort.