brliron
commented
3 years ago Fixed in b44f7aff1952b4a8ae8208b4b400496dd466d553, 5 years ago
Open lilyremigia opened 3 years ago
brliron
commented
3 years ago Fixed in b44f7aff1952b4a8ae8208b4b400496dd466d553, 5 years ago
lilyremigia
commented
3 years ago 1) I think signing shouldn't happen as part of post-build process, because not everyone has a certificate, not everyone should have a certificate, and local debug builds not necessarily should be certified. 2) SignPath wants to make sure between git clone, msbuild, and certification, nothing else is happening.
lilyremigia
commented
3 years ago Also, it won't be possible to break auto-updates, and we will have the possibility to setup a nightly release stream.
brliron
commented
3 years ago Also, it won't be possible to break auto-updates
Is that a challenge? We can find a whole lot of more creative ways to break them. x) I think the restructuring "oops we never tested the directory creation feature of our auto-updater" was already better than this.
mokou
commented
3 years ago I can look into setting AppVeyor up this week.
lilyremigia
commented
3 years ago See their general policy: https://github.com/SignPath/Website-old/blob/v2/src/drafts/oss_policy.md
Alternatively we could always just pay a monthly fee...
In order to use the free certificate, the build process has to be fully automated and integrated with SignPath.io, to ensure that the resulting binary results directly from the source code checked into the repository.
This would mean a basic CI/CD implementation. SignPath recommends AppVeyor.
As for how to setup AppVeyor with C/C++: https://www.appveyor.com/docs/lang/cpp/