Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat(windows): add product information to coder.exe #5055

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

feat(windows): add product information to coder.exe #5055

wants to merge 1 commit into from

Conversation

ghuntley
Copy link
Contributor

@ghuntley ghuntley commented Nov 14, 2022
edited
Loading

Progresses #5050

Outstanding

  • Generate syso and update build infrastructure
  • Embed the syso into a windows build
  • Produce a windows build and test that the information is being stamped.
  • (optionally): Obtain code signing certificate and enable signing in CI/CD configuration

Recommended Reading

Remarks

@github-actions
Copy link

This Pull Request is becoming stale. In order to minimize WIP, prevent merge conflicts and keep the tracker readable, I'm going close to this PR in 3 days if there isn't more activity.

@github-actions github-actions bot added the stale This issue is like stale bread. label Nov 22, 2022
@ghuntley ghuntley removed the stale This issue is like stale bread. label Nov 23, 2022
@ghuntley ghuntley force-pushed the gh/windows-product-info branch 3 times, most recently from 8de3a1e to 539ddd1 Compare November 23, 2022 05:01
@ghuntley ghuntley force-pushed the gh/windows-product-info branch from 539ddd1 to 11ca693 Compare November 23, 2022 05:02
ghuntley
ghuntley commented Nov 23, 2022
View reviewed changes
scripts/sign_windows.sh
dependencies osslsigncode
requiredenvs AUTHENTICODE_CERTIFICATE_FILE AUTHENTICODE_CERTIFICATE_PASSWORD_FILE

osslsigncode sign \
Copy link
Contributor Author

@ghuntley ghuntley Nov 23, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Signing of windows executables in the next year is migrating [1] to requiring storage of the certificate to be within a hardware appliance (ie Google Cloud HSM).

[1] https://twitter.com/vcsjones/status/1595236155276120065 and https://knowledge.digicert.com/generalinformation/new-private-key-storage-requirement-for-standard-code-signing-certificates-november-2022.html

ghuntley
ghuntley commented Nov 23, 2022
View reviewed changes
scripts/build_go.sh
fi

if [[ "$os" == "windows" ]]; then
goversioninfo -platform-specific=true \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently the following files are outputted in ~

-rw-r--r--  1 coder coder 193962 Nov 23 05:07 resource_windows_386.syso
-rw-r--r--  1 coder coder 193962 Nov 23 05:07 resource_windows_amd64.syso
-rw-r--r--  1 coder coder 193962 Nov 23 05:07 resource_windows_arm.syso
-rw-r--r--  1 coder coder 193962 Nov 23 05:07 resource_windows_arm64.syso

Need to embed the appropriate arch into the appropriate windows build.

ghuntley
ghuntley commented Nov 23, 2022
View reviewed changes
.github/workflows/release.yaml
@@ -119,6 +119,9 @@ jobs:
AC_APIKEY_ISSUER_ID: ${{ secrets.AC_APIKEY_ISSUER_ID }}
AC_APIKEY_ID: ${{ secrets.AC_APIKEY_ID }}
AC_APIKEY_FILE: /tmp/apple_apikey.p8
CODER_SIGN_WINDOWS: "0"
AUTHENTICODE_CERTIFICATE_FILE: /tmp/windows_cert.pkcs12
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code signing certificates can be obtained via https://sectigo.com/ssl-certificates-tls/code-signing and will require organization validation (ie. a DUNS number and corresponding phone number that works)

ghuntley
ghuntley commented Nov 23, 2022
View reviewed changes
.github/workflows/release.yaml
@@ -119,6 +119,9 @@ jobs:
AC_APIKEY_ISSUER_ID: ${{ secrets.AC_APIKEY_ISSUER_ID }}
AC_APIKEY_ID: ${{ secrets.AC_APIKEY_ID }}
AC_APIKEY_FILE: /tmp/apple_apikey.p8
CODER_SIGN_WINDOWS: "0"
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've set this at 0 by default under assumption that we will obtain the signing certificate and install it afterwards as part of a seperate pull-request as signing certificates will take a couple of weeks.

@deansheather
Copy link
Member

Please ping me for review on this PR when it's ready and I'll give it a review for you 👍

@github-actions
Copy link

github-actions bot commented Dec 1, 2022

This Pull Request is becoming stale. In order to minimize WIP, prevent merge conflicts and keep the tracker readable, I'm going close to this PR in 3 days if there isn't more activity.

@github-actions github-actions bot added the stale This issue is like stale bread. label Dec 1, 2022
@github-actions github-actions bot closed this Dec 5, 2022
@github-actions github-actions bot deleted the gh/windows-product-info branch May 24, 2023 00:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
stale This issue is like stale bread.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ghuntley @deansheather