-
Notifications
You must be signed in to change notification settings - Fork 0
Signing Windows Installers
Windows installers are signed with a Certum Open Source Code Signing Certificate. Due to the smart card / HSM requirements for signing Windows installers, the Windows installer is not signed during the build process.
Before running the signing script, you must set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables to the Cloudflare R2 credentials. You must also set the AWS_ENDPOINT_URL_S3 variable to the Cloudflare R2 endpoint.
export AWS_ACCESS_KEY_ID=<READ_WRITE_ACCESS_KEY>
export AWS_SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>
export AWS_ENDPOINT_URL_S3=https://<ACCOUNT_ID>.r2.cloudflarestorage.comTo sign the installer, run the scripts/sign-windows-installer.ps1 script with the following command:
.\scripts\sign-windows-installer.ps1 -version <version> -sha <sha> [-promote <channel>]Where <version> is the version number to sign (e.g. 1.0.0) and <sha> is the 7 character short commit hash of the installer. The -promote flag is optional and will promote the installer to the specified release channel after signing. The script requires that signtool and aws are installed and in the system path, and that the AWS_ environment variables are set as described above. The certificate must be installed in the system certificate store. For signing with the Certum Code Signing Certificate, the Certum SimplySign utility must be installed and logged in.
Rack Manage • Website • Support • Getting Started