• Manu (9/9) Jun 27 2018 Hey people,
• Ali (2/15) Jun 27 2018 Also please add a sha1 or something like it
• Seb (9/22) Jun 27 2018 For the record, the releases are already signed:
• Petar Kirov [ZombineDev] (9/35) Jun 27 2018 Yes it is not. What is needed is for the D Language Foundation to
• Radu (12/25) Jun 28 2018 This can be done easily, you need something like this on the
• Radu (3/16) Jun 28 2018 A more detailed read for the `osslsigncode` tool

Manu <turkeyman gmail.com> writes:

Hey people,

So I had a few people in the office refuse to install DMD because when
they launched the installer, Windows displayed the prompt that it was
untrusted (ie, unsigned) and not offer the install button without
manual override.
True also for VisualD.

Can we get a key and start signing the install packages?

It would be super-cool to sign the 2.081 release since it's like, imminent ;)

- Manu

Ali <fakeemail example.com> writes:

On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
 Hey people,

 So I had a few people in the office refuse to install DMD 
 because when
 they launched the installer, Windows displayed the prompt that 
 it was
 untrusted (ie, unsigned) and not offer the install button 
 without
 manual override.
 True also for VisualD.

 Can we get a key and start signing the install packages?

 It would be super-cool to sign the 2.081 release since it's 
 like, imminent ;)

 - Manu

Also please add a sha1 or something like it

Seb <seb wilzba.ch> writes:

On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
 Hey people,

 So I had a few people in the office refuse to install DMD 
 because when
 they launched the installer, Windows displayed the prompt that 
 it was
 untrusted (ie, unsigned) and not offer the install button 
 without
 manual override.
 True also for VisualD.

 Can we get a key and start signing the install packages?

 It would be super-cool to sign the 2.081 release since it's 
 like, imminent ;)

 - Manu

For the record, the releases are already signed:

http://downloads.dlang.org/releases/2018/

dmd.2.080.1.windows.zip.sig
dmd.2.080.1.windows.zip
dmd.2.080.1.windows.7z.sig
dmd.2.080.1.windows.7z

Though I know that a PGP signature isn't what you are looking for 
;-)

Petar Kirov [ZombineDev] <petar.p.kirov gmail.com> writes:

On Thursday, 28 June 2018 at 05:57:36 UTC, Seb wrote:
 On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
 Hey people,

 So I had a few people in the office refuse to install DMD 
 because when
 they launched the installer, Windows displayed the prompt that 
 it was
 untrusted (ie, unsigned) and not offer the install button 
 without
 manual override.
 True also for VisualD.

 Can we get a key and start signing the install packages?

 It would be super-cool to sign the 2.081 release since it's 
 like, imminent ;)

 - Manu

 For the record, the releases are already signed:

 http://downloads.dlang.org/releases/2018/

 dmd.2.080.1.windows.zip.sig
 dmd.2.080.1.windows.zip
 dmd.2.080.1.windows.7z.sig
 dmd.2.080.1.windows.7z

 Though I know that a PGP signature isn't what you are looking 
 for ;-)

Yes it is not. What is needed is for the D Language Foundation to 
obtain a code signing certificate from a trusted by Microsoft 
certificate authority and then to sign each individual .exe and 
.dll part of official realease both in the .7z archive and then 
the .exe installer as a whole.

See also:
https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537361(v=vs.85)

https://docs.microsoft.com/en-us/windows-hardware/drivers/dashboard/get-a-code-signing-certificate

Radu <void null.pt> writes:

On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
 Hey people,

 So I had a few people in the office refuse to install DMD 
 because when
 they launched the installer, Windows displayed the prompt that 
 it was
 untrusted (ie, unsigned) and not offer the install button 
 without
 manual override.
 True also for VisualD.

 Can we get a key and start signing the install packages?

 It would be super-cool to sign the 2.081 release since it's 
 like, imminent ;)

 - Manu

This can be done easily, you need something like this on the 
Linux build server
---
osslsigncode sign -pkcs12 dlang-cert.pkcs12.p12 -pass `cat 
dlang-cert.pkcs12.pwd` -n "Dlang installer" -i 
http://www.dlang.org/ -t 
http://timestamp.verisign.com/scripts/timstamp.dll -in 
./org_setup.exe -out ./signed_setup.exe
---

I think the SSL certificate can be used to create the pkcs12.p12 
one used for signing.

Radu <void null.pt> writes:

On Thursday, 28 June 2018 at 07:35:13 UTC, Radu wrote:
 On Wednesday, 27 June 2018 at 23:54:55 UTC, Manu wrote:
 [...]

 This can be done easily, you need something like this on the 
 Linux build server
 ---
 osslsigncode sign -pkcs12 dlang-cert.pkcs12.p12 -pass `cat 
 dlang-cert.pkcs12.pwd` -n "Dlang installer" -i 
 http://www.dlang.org/ -t 
 http://timestamp.verisign.com/scripts/timstamp.dll -in 
 ./org_setup.exe -out ./signed_setup.exe
 ---

 I think the SSL certificate can be used to create the 
 pkcs12.p12 one used for signing.

A more detailed read for the `osslsigncode` tool 
https://github.com/antoinevg/osslsigncode/blob/master/README