• Seb (14/15) Aug 13 2018 As a few of you might have noticed, we bought a Code Signing
• Jacob Carlborg (6/26) Aug 13 2018 Any plans for doing the same thing for the installer on macOS? It
• Timoses (5/9) Aug 14 2018 Can't you just usually right-click the file and select "Open"
• rikki cattermole (2/10) Aug 14 2018 Only after you have disabled said check.
• Seb (12/16) Aug 14 2018 Yes, the certificate allows signing binaries for OSX too.
• Jacob Carlborg (7/13) Aug 14 2018 On macOS the certificate needs to be obtained from Apple through
• Radu (14/29) Aug 15 2018 The say this:
• Jacob Carlborg (3/16) Aug 16 2018 Cool, I didn't know that.
• Walter Bright (2/3) Aug 13 2018 Thank you!
• Mike Franklin (24/25) Aug 13 2018 Thanks a lot for doing this. Honestly, I think this small
• rikki cattermole (5/11) Aug 13 2018 https://github.com/dlang/installer/tree/master/windows
• Manu (5/30) Aug 15 2018 Indeed, it's the installer that's in critical need of being signed...
• Andrei Alexandrescu (5/8) Aug 16 2018 Any chance we could delegate some of the effort of working on this to yo...
• Martin Nowak (4/13) Aug 16 2018 A review would be helpful.
• Mike Franklin (5/7) Aug 16 2018 It looks fine to me, though, that's not saying much. If you need
• Martin Nowak (23/33) Aug 17 2018 Well from my point of view the most important outstanding Windows tasks ...
• Mike Franklin (13/20) Aug 17 2018 [...]
• Mike Franklin (5/8) Aug 17 2018 I'd be happy to test this, but where are the instructions for
• Manu (9/14) Aug 18 2018 Is there any reason to believe Walter would accept that?
• rikki cattermole (6/10) Aug 18 2018 Yes. We're adding support (experimental) for LLD (LLVM linker) with
• Rel (2/3) Aug 14 2018 The latest DMD installer seems not to be flaged by Kaspersky
• Radu (2/17) Aug 15 2018 :) Thanks!

Seb <seb wilzba.ch> writes:

As a few of you might have noticed, we bought a Code Signing 
Certificate a few days ago and while we're still investigating on 
how to integrate the code signing best into the release process, 
I thought a share a first preview of signed DMD binaries with you.

So I semi-officially repacked 2.081.2 and signed the released 
binaries and libraries:

http://files.wilzba.ch/dlang/releases

 sha256sum dmd.2.081.2.windows.7z

598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751  
dmd.2.081.2.windows.7z

In the future, the official releases will come with signed 
binaries, but as there are a few people running into troubles 
with their company software policy or virus scanner, I thought I 
share this semi-official release with you.

Feedback is welcome ;-)

Jacob Carlborg <doob me.com> writes:

On 2018-08-13 20:48, Seb wrote:
 As a few of you might have noticed, we bought a Code Signing Certificate 
 a few days ago and while we're still investigating on how to integrate 
 the code signing best into the release process, I thought a share a 
 first preview of signed DMD binaries with you.
 
 So I semi-officially repacked 2.081.2 and signed the released binaries 
 and libraries:
 
 http://files.wilzba.ch/dlang/releases
 
 sha256sum dmd.2.081.2.windows.7z

 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 
 dmd.2.081.2.windows.7z
 
 In the future, the official releases will come with signed binaries, but 
 as there are a few people running into troubles with their company 
 software policy or virus scanner, I thought I share this semi-official 
 release with you.
 
 Feedback is welcome ;-)

Any plans for doing the same thing for the installer on macOS? It 
complains that it's from an unidentified developer and forces the user 
to go into System Preferences and reopen the installer.

-- 
/Jacob Carlborg

Timoses <timosesu gmail.com> writes:

On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote:
 Any plans for doing the same thing for the installer on macOS? 
 It complains that it's from an unidentified developer and 
 forces the user to go into System Preferences and reopen the 
 installer.

Can't you just usually right-click the file and select "Open" 
which enables something like the "Open anyway" option to be 
displayed (usually not visible when just double clicking the 
file...)?

rikki cattermole <rikki cattermole.co.nz> writes:

On 15/08/2018 2:14 AM, Timoses wrote:
 On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote:
 Any plans for doing the same thing for the installer on macOS? It 
 complains that it's from an unidentified developer and forces the user 
 to go into System Preferences and reopen the installer.

 
 Can't you just usually right-click the file and select "Open" which 
 enables something like the "Open anyway" option to be displayed (usually 
 not visible when just double clicking the file...)?

Only after you have disabled said check.

Seb <seb wilzba.ch> writes:

On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote:
 Any plans for doing the same thing for the installer on macOS? 
 It complains that it's from an unidentified developer and 
 forces the user to go into System Preferences and reopen the 
 installer.

Yes, the certificate allows signing binaries for OSX too.
However, as we still haven't fully figured out how to integrate 
the binary signing for Windows in the release process (and this 
can be done on Linux) and OSX binary signing can only be done on 
OSX AFAICT, this might take a bit until it gets integrated.
Also I think Martin is the only one who currently has the 
VirtualBox image for OSX setup which is required by the 
create_dmd_release build tool.

In case someone wants to have a look, the relevant steps 
happen/should happen here:

https://github.com/dlang/installer/blob/master/create_dmd_release/build_all.d#L329

Jacob Carlborg <doob me.com> writes:

On Tuesday, 14 August 2018 at 14:42:54 UTC, Seb wrote:
 On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg wrote:
 Any plans for doing the same thing for the installer on macOS? 
 It complains that it's from an unidentified developer and 
 forces the user to go into System Preferences and reopen the 
 installer.

 Yes, the certificate allows signing binaries for OSX too.

On macOS the certificate needs to be obtained from Apple through 
the developer program [1].

[1] 
https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW30

—
/Jacob Carlborg

Radu <void null.pt> writes:

On Tuesday, 14 August 2018 at 16:10:41 UTC, Jacob Carlborg wrote:
 On Tuesday, 14 August 2018 at 14:42:54 UTC, Seb wrote:
 On Monday, 13 August 2018 at 19:09:55 UTC, Jacob Carlborg 
 wrote:
 Any plans for doing the same thing for the installer on 
 macOS? It complains that it's from an unidentified developer 
 and forces the user to go into System Preferences and reopen 
 the installer.

 Yes, the certificate allows signing binaries for OSX too.

 On macOS the certificate needs to be obtained from Apple 
 through the developer program [1].

 [1] 
 https://developer.apple.com/library/archive/documentation/Security/Conceptual/CodeSigningGuide/Procedures/Procedures.html#//apple_ref/doc/uid/TP40005929-CH4-SW30

 —
 /Jacob Carlborg

The say this:
```
Note: Apple uses the industry-standard form and format of code 
signing certificates. Therefore, if your company already has a 
third-party signing identity that you use to sign code on other 
systems, you can use it with the macOS codesign command. 
Similarly, if your company is a certificate issuing authority, 
contact your IT department to find out how to get a signing 
certificate issued by your company. However, while these valid 
certificates allow you to sign your code, you can only distribute 
through the App Store or through the Developer ID program when 
you sign with a certificate issued by Apple.
```

Jacob Carlborg <doob me.com> writes:

On Wednesday, 15 August 2018 at 09:39:42 UTC, Radu wrote:

 The say this:
 ```
 Note: Apple uses the industry-standard form and format of code 
 signing certificates. Therefore, if your company already has a 
 third-party signing identity that you use to sign code on other 
 systems, you can use it with the macOS codesign command. 
 Similarly, if your company is a certificate issuing authority, 
 contact your IT department to find out how to get a signing 
 certificate issued by your company. However, while these valid 
 certificates allow you to sign your code, you can only 
 distribute through the App Store or through the Developer ID 
 program when you sign with a certificate issued by Apple.
 ```

Cool, I didn't know that.

/Jacob Carlborg

Walter Bright <newshound2 digitalmars.com> writes:

On 8/13/2018 11:48 AM, Seb wrote:
 Feedback is welcome ;-)

Thank you!

Mike Franklin <slavo5150 yahoo.com> writes:

On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote:

 Feedback is welcome ;-)

Thanks a lot for doing this.  Honestly, I think this small 
change, if we can keep it maintained, will make a significant 
impact in users' perception of D.

I don't think the issue is actually with the DMD executables, but 
with the DMD installer package.  I'm speaking somewhat in 
ignorance here, but I think what's most important is to sign the 
installer package.  I asked about what installer packaging 
software we are using (InstallShield, InnoSetup, etc...) at 
https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a 
response.

When you try to run the installer on a recent Windows machine, 
you see this 
(https://cdn1.tekrevue.com/wp-content/uploads/2017/09/windows-pro
ected-your-pc.jpg).  That is what's scaring people.  User's have to click the
"More info" link, and then a "Run anyway" button appears
(https://www.autoitscript.com/site/wp-content/uploads/2018/01/SmartScreen_Windows_Protected_Your_PC_Run_Anyway.png)

So, I think the solution is to sign the installer package.  I've 
never done that before, but a quick search on the Internet 
yielded:

http://www.samlogic.net/visual-installer/tips/tips-pages/code-sign-setup-package/code-sign-setup-package.htm
https://learn.adafruit.com/how-to-sign-windows-drivers-installer/making-an-installer#sign-the-installer-5-28

I don't think that will solve the virus problem, but it should at 
least remove the scary *Windows is protecting you* popup message.

For the virus problem, it would be helpful to know what software 
we are using to create the installer package.  Is it legit?

Mike

rikki cattermole <rikki cattermole.co.nz> writes:

On 14/08/2018 12:58 PM, Mike Franklin wrote:
 I don't think the issue is actually with the DMD executables, but with 
 the DMD installer package.  I'm speaking somewhat in ignorance here, but 
 I think what's most important is to sign the installer package.  I asked 
 about what installer packaging software we are using (InstallShield, 
 InnoSetup, etc...) at https://issues.dlang.org/show_bug.cgi?id=18786, 
 but didn't get a response.

https://github.com/dlang/installer/tree/master/windows

NSIS so yes fairly standard.

And no, there are popups that can happen because it isn't 
signed/trusted. So we should sign everything that we can.

Manu <turkeyman gmail.com> writes:

On Mon, 13 Aug 2018 at 18:00, Mike Franklin via Digitalmars-d
<digitalmars-d puremagic.com> wrote:
 On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote:

 Feedback is welcome ;-)

 Thanks a lot for doing this.  Honestly, I think this small
 change, if we can keep it maintained, will make a significant
 impact in users' perception of D.

 I don't think the issue is actually with the DMD executables, but
 with the DMD installer package.  I'm speaking somewhat in
 ignorance here, but I think what's most important is to sign the
 installer package.  I asked about what installer packaging
 software we are using (InstallShield, InnoSetup, etc...) at
 https://issues.dlang.org/show_bug.cgi?id=18786, but didn't get a
 response.

 When you try to run the installer on a recent Windows machine,
 you see this
 (https://cdn1.tekrevue.com/wp-content/uploads/2017/09/windows-pro
ected-your-pc.jpg).  That is what's scaring people.  User's have to click the
"More info" link, and then a "Run anyway" button appears
(https://www.autoitscript.com/site/wp-content/uploads/2018/01/SmartScreen_Windows_Protected_Your_PC_Run_Anyway.png)

 So, I think the solution is to sign the installer package.  I've
 never done that before, but a quick search on the Internet
 yielded:

 http://www.samlogic.net/visual-installer/tips/tips-pages/code-sign-setup-package/code-sign-setup-package.htm
 https://learn.adafruit.com/how-to-sign-windows-drivers-installer/making-an-installer#sign-the-installer-5-28

 I don't think that will solve the virus problem, but it should at
 least remove the scary *Windows is protecting you* popup message.

 For the virus problem, it would be helpful to know what software
 we are using to create the installer package.  Is it legit?

 Mike

Indeed, it's the installer that's in critical need of being signed...
but all the binaries are worth signing if that's convenient.

Andrei Alexandrescu <SeeWebsiteForEmail erdani.com> writes:

On 8/15/18 7:44 PM, Manu wrote:
 Indeed, it's the installer that's in critical need of being signed...
 but all the binaries are worth signing if that's convenient.


Any chance we could delegate some of the effort of working on this to you?

Are other Windows users interested in helping?

Martin has spent a fair amount of time dealing with this, and he's not a 
Windows expert. We could definitely use some help here.

Martin Nowak <code+news.digitalmars dawg.eu> writes:

On 08/16/2018 04:13 PM, Andrei Alexandrescu wrote:
 On 8/15/18 7:44 PM, Manu wrote:
 Indeed, it's the installer that's in critical need of being signed...
 but all the binaries are worth signing if that's convenient.


 Any chance we could delegate some of the effort of working on this to
 you?

 Are other Windows users interested in helping?

 Martin has spent a fair amount of time dealing with this, and he's not
 a Windows expert. We could definitely use some help here.

A review would be helpful.

https://github.com/dlang/installer/pull/339

And more Windows dev-volunteers for upcoming features.

Mike Franklin <slavo5150 yahoo.com> writes:

On Thursday, 16 August 2018 at 17:06:27 UTC, Martin Nowak wrote:

 A review would be helpful.

It looks fine to me, though, that's not saying much.  If you need 
someone to test something, contact me on Slack.

 And more Windows dev-volunteers for upcoming features.

To do what exactly?

Mike

Martin Nowak <code+news.digitalmars dawg.eu> writes:

On 08/17/2018 01:24 AM, Mike Franklin wrote:
 On Thursday, 16 August 2018 at 17:06:27 UTC, Martin Nowak wrote:
 
 A review would be helpful.

 
 It looks fine to me, though, that's not saying much.  If you need
 someone to test something, contact me on Slack.
 
 And more Windows dev-volunteers for upcoming features.

 
 To do what exactly?

Well from my point of view the most important outstanding Windows tasks are:

- help to test, debug, and fix the experimental lld/mingw toolchain
  (https://dlang.org/changelog/2.079.0.html#lld_mingw)

  Once this is ready for production use it would simplify the Windows
installation and allowed us to drop optlink and OMF.

- help Benjamin Thaut with the export feature

  This is intended to cover dllimport/dllexport, but in a single keyword
without macros (more info https://dconf.org/2016/talks/thaut.html).
  It's a necessity for full DLL support on Windows and we also want to
use explicitly exported symbols to speed up Posix binaries (by avoiding
PLT indirections).

- get a 64-bit VC dmd.exe into the release

  64-bit builds should be fully CI-integrated (mostly already done via
AppVeyor AFAIK).
  Integrate build script/makefile with existing Windows release build
(https://github.com/dlang/installer/blob/f7ee5aeab79a800317d875b5ee2e34ec2ad8803c/create_dmd_release/build_all.d#L41-L43,
and
https://github.com/dlang/installer/blob/f7ee5aeab79a800317d875b5ee2e34ec2ad8803c/create_dmd_release/create_dmd_release.d#L444).

I'd be happy to add anyone remotely interested in Windows-support to our
#Windows channel on slack (https://dlang.slack.com/messages/C6D5FEJ78).
It's unfortunately fairly quiet atm.

-Martin

Mike Franklin <slavo5150 yahoo.com> writes:

On Friday, 17 August 2018 at 16:42:08 UTC, Martin Nowak wrote:
 On 08/17/2018 01:24 AM, Mike Franklin wrote:

 Well from my point of view the most important outstanding 
 Windows tasks are:

[...]

Thanks.  I'm currently working on getting build.d to work on 
Windows.

https://github.com/dlang/dmd/pull/8570
https://github.com/dlang/dmd/pull/8568
https://github.com/dlang/dmd/pull/8566
https://github.com/dlang/dmd/pull/8546

I think once that's done it won't be such a huge burden to set up 
a development environment for Windows, and hopefully we'll see 
more participation.

 I'd be happy to add anyone remotely interested in 
 Windows-support to our #Windows channel on slack 
 (https://dlang.slack.com/messages/C6D5FEJ78). It's 
 unfortunately fairly quiet atm.

Joined.

Mike

Mike Franklin <slavo5150 yahoo.com> writes:

On Friday, 17 August 2018 at 16:42:08 UTC, Martin Nowak wrote:

 - help to test, debug, and fix the experimental lld/mingw 
 toolchain
   (https://dlang.org/changelog/2.079.0.html#lld_mingw)

I'd be happy to test this, but where are the instructions for 
using it?    Do I need to uninstall Visual Studio first (please 
no)?

Mike

Manu <turkeyman gmail.com> writes:

On Fri, 17 Aug 2018 at 09:45, Martin Nowak via Digitalmars-d
<digitalmars-d puremagic.com> wrote:
 Well from my point of view the most important outstanding Windows tasks are:

 - help to test, debug, and fix the experimental lld/mingw toolchain
   (https://dlang.org/changelog/2.079.0.html#lld_mingw)

   Once this is ready for production use it would simplify the Windows
 installation and allowed us to drop optlink and OMF.

Is there any reason to believe Walter would accept that?
It's come up countless times. He rejects it in principle.
https://github.com/dlang/dmd/pull/8347

He genuinely believes OMF+OPTLINK should be the deliberate and
preferred default that everyone should be confronted with as their
first experience. It clearly improves new users experience with D.
Has something changed?

rikki cattermole <rikki cattermole.co.nz> writes:

On 19/08/2018 7:16 AM, Manu wrote:
 He genuinely believes OMF+OPTLINK should be the deliberate and
 preferred default that everyone should be confronted with as their
 first experience. It clearly improves new users experience with D.
 Has something changed?

Yes. We're adding support (experimental) for LLD (LLVM linker) with 
MinGW import libraries and VC2010 as of 2.079.

Which gives out of the box support for PE-COFF. Long term this should 
mean we can drop OMF altogether. But like 64bit support took, it'll be a 
while before its ready to go primary.

Rel <relmail rambler.ru> writes:

 Feedback is welcome ;-)

The latest DMD installer seems not to be flaged by Kaspersky 
Antivirus, thanks!

Radu <void null.pt> writes:

On Monday, 13 August 2018 at 18:48:21 UTC, Seb wrote:
 As a few of you might have noticed, we bought a Code Signing 
 Certificate a few days ago and while we're still investigating 
 on how to integrate the code signing best into the release 
 process, I thought a share a first preview of signed DMD 
 binaries with you.

 So I semi-officially repacked 2.081.2 and signed the released 
 binaries and libraries:

 http://files.wilzba.ch/dlang/releases

 sha256sum dmd.2.081.2.windows.7z

 598a477e3692fb43c2bf010d62620506e0d0169e5dbaaa909ab9fca84204f751 
dmd.2.081.2.windows.7z

 In the future, the official releases will come with signed 
 binaries, but as there are a few people running into troubles 
 with their company software policy or virus scanner, I thought 
 I share this semi-official release with you.

 Feedback is welcome ;-)

:) Thanks!