Adding an embedded signature on setup-x86_64.exe
Thomas Wolff
towo@towo.net
Sun Nov 20 08:46:28 GMT 2022
Am 20.11.2022 um 08:26 schrieb Brian Inglis:
> On Fri Nov 18 21:15:04 GMT 2022, Dale McCoy wrote:
>> I use Cygwin in the course of work, and while I can use the external gpg
>> signature to verify the validity of setup-x86_64.exe, my IT department
>> can't see that step. They get somewhat concerned when they see that
>> Windows
>> thinks setup-x86_64.exe is unsigned, and I certainly don't blame them.
>> Can I convince you to also embed a signature in the installer, so
>> Windows
>> recognizes the file is signed?
>> I couldn't find a previous request on the mailing list for this, but
>> I may
>> have missed it in my attempts to grep the monthly digests.
>
> See thread "Should cygwin's setup*.exe be signed using Sign Tool?":
>
> https://cygwin.com/pipermail/cygwin/2015-April/220978.html
> https://inbox.sourceware.org/cygwin/E1Ydjc5-0000kv-WD@rmm6prod02.runbox.com/
>
>
> In case we ever need it, one of our setup maintainers packaged
> osslsigncode:
>
> https://cygwin.com/packages/summary/osslsigncode-src.html
>
Packaging error: the binary is placed in /usr
More information about the Cygwin
mailing list