PR: Temporarily use Apple Developer ID Application Certificate for signing Windows installer #21391
Conversation
…g Windows installer.
|
Thanks @mrclary for your work on this! I just have one question for you: what happens if you try to install our Windows app after this change? Does it get rejected by Windows? |
|
@ccordoba12, I'll run a workflow dispatch as |
|
Hmm... If anyone else wants to try them: |
|
Ok, so you think it's safe to merge this one? |
|
@ccordoba12, I think it is safe to merge; I just don't know if it changed the behavior of the Windows installer. |
|
Ok, let's merge then. |
|
@dalthviz, we'd appreciate your input when you have time to check if the Windows installer behavior changed thanks to this PR. |
|
So checking the generated executable with the Apple certificate I see this the first time I execute it:
Also checking the file properties I can see this:
I guess since is not a Windows certificate is not recognized unless the user manually installs it/set it as valid? Just in case, regarding the installer behavior (regardless of certificate), depending on the type of installation (for the current user or the whole system) you will get prompt to run with admin privileges or not (a little shield is added to the next button):
|
Yes, I think this is the expected behavior. The certificate will not satisfy Windows security protocol, but at least users can see the info and know who it is coming from. We will need to get a different certificate for Windows; but at least the signing process seems to work. |
Description of Changes
Use Apple Developer ID Application Certificate for signing Windows installer.
Eventually, a different certificate will be required for full Windows security compliance.
Issue(s) Resolved
Partially addresses #21389