Difference between revisions of "Codesigning On Windows"
From Audacity Wiki
(New page.) |
(Links.) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | {{intro|1=This page is about codesigning on windows for release builds.}} | + | {{intro|1=This page is about codesigning on [[Building On Windows|windows for release builds]].}} |
| + | |||
| + | ==The Dongle== | ||
| + | If you plan to codesign on Windows, you will need a USB dongle (smart card reader), so plan in advance to allow time for delivery. | ||
| + | |||
| + | * The dongle is both a card reader AND a USB key. | ||
| + | * Printed instructions are too brief/incomplete to be useful. | ||
| + | * Real instructions for using it are in the USB key itself, strangely in the directory marked 'bin' | ||
| + | |||
| + | {{tip|1=When things get their most complicated, instructions on the website turn into Polish, so you are advised to either learn Polish before you start, or be ready to use Google-translate or a little guesswork about the English URL equivalent. }} | ||
| + | |||
| + | {{tip|1=The card reader may not always be recognised by the card reader utility as a card reader when you plug it in. The card reader name in that GUI will be blank with nothing in the drop-down. If that happens: | ||
| + | * Unplug the card reader, wait a moment and plug it back in.}} | ||
| + | |||
| + | ===Activating the Cert=== | ||
| + | You will need the latest Java with all security patches. | ||
| + | * If you have not used Java ever, or not for a while, you will almost certainly need to update it. | ||
| + | * Update it before you try to activate, as without that it is confusing as to why the process has stalled. | ||
| + | ** ''(the window asking you to install/update Java may appear behind your browser window)'' | ||
| + | |||
| + | ===Registering the Cert on Windows=== | ||
| + | |||
| + | {{tip|1=The instructions for registering the cert are not quite accurate. They show a button that does not exist in the card reader GUI.<br> | ||
| + | Instead: | ||
| + | * Click on the button 'Detailed Information'. Then | ||
| + | * Click on register Cert. | ||
| + | The cert will be registered in the repository.}} | ||
| + | |||
| + | ===Documentation=== | ||
| + | You will need to scan: | ||
| + | * A page from you passport | ||
| + | * A recent utility bill or credit card statement | ||
| + | |||
| + | ===Signing the Installer=== | ||
| + | |||
| + | This is how signing used to work.... | ||
| + | |||
| + | <pre> | ||
| + | "C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /f .\<YourCert>.p12 /p <YourPassword> /fd SHA256 <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe | ||
| + | </pre> | ||
| + | |||
| + | The new way, using the dongle and setting a timestamp: | ||
| + | |||
| + | <pre> | ||
| + | signtool sign /n "James Crook" /t http://time.certum.pl/ /fd sha256 /v <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe | ||
| + | </pre> | ||
| + | |||
| + | {{tip|1=To test the signing, upload the installer to dropbox and then download it again. Then double-click to open. When you launch Audacity, you now get a warning about having downloaded from the internet, with the identity of the signing key shown.}} | ||
| + | |||
| + | [[Category:For Developers]] | ||
Latest revision as of 18:00, 20 September 2018
| This page is about codesigning on windows for release builds.
|
Contents
The Dongle
If you plan to codesign on Windows, you will need a USB dongle (smart card reader), so plan in advance to allow time for delivery.
- The dongle is both a card reader AND a USB key.
- Printed instructions are too brief/incomplete to be useful.
- Real instructions for using it are in the USB key itself, strangely in the directory marked 'bin'
|
When things get their most complicated, instructions on the website turn into Polish, so you are advised to either learn Polish before you start, or be ready to use Google-translate or a little guesswork about the English URL equivalent. |
|
|
The card reader may not always be recognised by the card reader utility as a card reader when you plug it in. The card reader name in that GUI will be blank with nothing in the drop-down. If that happens:
|
Activating the Cert
You will need the latest Java with all security patches.
- If you have not used Java ever, or not for a while, you will almost certainly need to update it.
- Update it before you try to activate, as without that it is confusing as to why the process has stalled.
- (the window asking you to install/update Java may appear behind your browser window)
Registering the Cert on Windows
|
|
The instructions for registering the cert are not quite accurate. They show a button that does not exist in the card reader GUI. Instead:
The cert will be registered in the repository. |
Documentation
You will need to scan:
- A page from you passport
- A recent utility bill or credit card statement
Signing the Installer
This is how signing used to work....
"C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Bin\signtool.exe" sign /f .\<YourCert>.p12 /p <YourPassword> /fd SHA256 <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
The new way, using the dongle and setting a timestamp:
signtool sign /n "James Crook" /t http://time.certum.pl/ /fd sha256 /v <path-to-audacity-git>\win\Output\audacity-win-2.3.0.exe
|
|
To test the signing, upload the installer to dropbox and then download it again. Then double-click to open. When you launch Audacity, you now get a warning about having downloaded from the internet, with the identity of the signing key shown. |
