Skip to content

Rotate our Windows signing certificates#5196

Merged
mislav merged 6 commits intotrunkfrom
windows-cert
Feb 15, 2022
Merged

Rotate our Windows signing certificates#5196
mislav merged 6 commits intotrunkfrom
windows-cert

Conversation

@mislav
Copy link
Copy Markdown
Contributor

@mislav mislav commented Feb 11, 2022

We've been reusing the same certificate GitHub Desktop is using to sign Windows binaries. Since that one expired this week and we now have our own certificate (stored as secrets in this repo), this switches to the new approach.

  • The certificate pfx file is now read from WINDOWS_CERT_PFX
  • The password to decode the pfx is in WINDOWS_CERT_PASSWORD
  • Quit reading from desktop-secrets repo
  • For simplicity, switch osslsigncode to take in pfx instead of individual certs
  • 🔥 obsolete setup scripts

TODO:

  • make a test release
  • 🔥 GITHUB_CERT_PASSWORD secret
  • 🔥 DESKTOP_CERT_TOKEN

Ref. https://github.com/github/cli/issues/112
Follow up to #2160

- The certificate pfx file is now read from WINDOWS_CERT_PFX
- The password to decode the pfx is in WINDOWS_CERT_PASSWORD
- Quit reading from desktop-secrets repo
- Switch osslsigncode to take in pfx instead of individual certs
- 🔥 obsolete setup scripts
@mislav mislav requested a review from a team as a code owner February 11, 2022 17:25
@mislav mislav requested review from vilmibm and removed request for a team February 11, 2022 17:25
Copy link
Copy Markdown
Contributor

@vilmibm vilmibm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for working on this!

Copy link
Copy Markdown

@cApTO23 cApTO23 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Commits look great.

@cApTO23

This comment was marked as spam.

@mislav mislav merged commit 3e0db56 into trunk Feb 15, 2022
@mislav mislav deleted the windows-cert branch February 15, 2022 16:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants