Status Desktop client made in Nim & QML
https://status.app
e0852d2f73
Add a code signing step to the `pkg-windows` target. If the environment
variable `WINDOWS_CODESIGN_PFX_PATH` is not set then code signing is
skipped. If the environment variable `WINDOWS_CODESIGN_TIMESTAMP_URL` is not
set then a verified timestamp will not be included in the signature. Both
variables should be set in production/CI builds.
Signing is performed with Window's [SignTool][signtool]. There is a helpful
[Stack Overflow answer][soa] which explains how to easily setup a self-signed
CA and code signing certificate and then use them with `signtool`, which is how
I tested these changes on my local Windows machine.
Absolute paths are used for `egrep`, `xargs`, and `bash` to avoid accidentally
running other installations of those executables than the ones that ship with
Git Bash. I was experiencing mysterious failures in the sequence of commands
and then noticed that e.g. `which xargs` was resolving to an executable in
`${HOME}/scoop/shims`.
I tested locally that the signed DLLs and EXEs run correctly on Windows 7 and
Windows 10.
For CI builds Status will need to acquire a signing certificate from
e.g. DigiCert. There will be a yearly renewal cost.
In researching what files should be signed, I concluded that it only makes
sense to sign `.dll` and `.exe` files. It's possible to generate signatures for
other file types but the signatures would have to be stored apart from those
files, unlike `.dll` and `.exe` where the signature is embedded in the
executable. Also, it doesn't seem to be possible to embed a signature in a
`.zip` file, though it would be possible to sign the compressed package if we
chose to build and distribute a self-extracting `Status.exe` instead of
`Status.zip`.
If a DLL or EXE file is already validly signed, e.g. the Qt DLLs, `signtool.exe
sign` is not invoked on that file.
Closes #288.
[signtool]: https://docs.microsoft.com/en-us/windows/win32/seccrypto/signtool
[soa]: https://stackoverflow.com/a/201277
|
||
|---|---|---|
| ci | ||
| docs | ||
| scripts | ||
| src | ||
| ui | ||
| vendor | ||
| .gitignore | ||
| .gitmodules | ||
| .npmrc | ||
| .yarnrc | ||
| AppRun | ||
| Info.plist | ||
| Info.runner.plist | ||
| Makefile | ||
| QtWebEngineProcess.plist | ||
| README.md | ||
| build-linux.sh | ||
| config.nims | ||
| docker-linux-app-image.sh | ||
| env.sh | ||
| nim-status.desktop | ||
| nim.cfg | ||
| nim_status_client.nimble | ||
| nim_status_client.sh | ||
| package-lock.json | ||
| package.json | ||
| screenRec.gif | ||
| status-icon.icns | ||
| status.ico | ||
| status.svg | ||
| windows-install.txt | ||
README.md
Nim-status-client
note: this documentation is wip