Create account / Log in

Code signing

Discussion area for the development team.

Moderators: uckelman, Tim M

Code signing

Postby uckelman » July 21st, 2020, 12:26 pm

It's been mentioned a few times recently that Windows and Mac users are shown various warning dialogs because we're not signing our installer. Code signing has always struck me as providing little assurance to the user on one side, and as sort of a racket for companies selling code signing certificates. Nonetheless, we might be near a point where it would save us enough hassle to do it.

Here are some questions, interspersed with what I've gleaned from a small amount of looking:

1) On Windows, we can sign executables with a code signing certificate. The executables we have are the installer, the launcher (VASSAL.exe), java.exe, and javaw.exe.

1.1) What changes for the user if we sign the installer?

This page (https://mkaz.blog/code/code-signing-a-w ... pplication) suggests that signing the installer would result in a slightly less alarming looking dialog when the user run the installer.

Would anything else change?

1.2) What changes for the user if we sign the launcher?

1.3) Are java.exe and javaw.exe already signed? If not, should they be? By AdoptOpenJDK? By us?

1.4) Would signing have any effect on interference by antivirus software?

1.5) What provider would we use for our code signing certificate? Let's Encrypt, which was the first thing I checked due to their doing SSL certificates for free, doesn't do code signing certificates. Are there any providers which are free for open-source projects? If not, what's our cheapest option?

1.6) It looks like we can do the signing on Linux:

https://stackoverflow.com/questions/182 ... ed-distros
https://stackoverflow.com/questions/252 ... s-exe-file

2) On Macs, you can sign app bundles, and apparently also shared libraries (https://stackoverflow.com/questions/534 ... pplication). What I've read says that you do it with a certificate from Apple that one gets via having one of their $99/yr developer accounts. (Is Apple really the only provider of certificates?)

2.1) What changes for the user if we sign the app bundle?

2.2) Are the AdoptOpenJDK dylibs already signed? If not, should they be? By AdoptOpenJDK? By us?

2.3) Can we sign the app bundle on Linux?

3) Do the benefits of all of this justify the effort?
User avatar
uckelman
Site Admin
 
Posts: 9014
Joined: December 10th, 2007, 9:48 am
Location: Durham, England

Re: Code signing

Postby stew-rt » July 21st, 2020, 12:37 pm

From a user's perspective, especially if they aren't super computer-literate these warnings do look like we are trying to install a virus or steal their children or something...

How about distribute via a closed "store" like steam? this is available for Windows and Mac - and probably doesn't rely on code signing? Yes it's proprietary, but in these instances, so are the OS's.

On the subject of funding, how does Vassal obtain funding for web hosting etc? Other than the "donate" paypal link at the bottom of the main page, I didn't even notice until I looked for it to be honest. Perhaps there could be other ways to get donations, such as a libre-pay sort of subs thing? .. or even making the donate button a bit more prevalent (obviously, without shoving it in users faces like some do).

Speaking of which, I've just made a small donation..
User avatar
stew-rt
 
Posts: 23
Joined: May 22nd, 2020, 8:27 am
Location: Cornwall, UK

Re: Code signing

Postby stew-rt » July 21st, 2020, 12:39 pm

... Or bug bounties? There's probably plenty out there with their pet-peev bugs..
User avatar
stew-rt
 
Posts: 23
Joined: May 22nd, 2020, 8:27 am
Location: Cornwall, UK

Re: Code signing

Postby uckelman » July 21st, 2020, 1:05 pm

Thus spake stew-rt:
> On the subject of funding, how does Vassal obtain funding for web
> hosting etc? Other than the "donate" paypal link at the bottom of the
> main page,

That's how. We take in enough to pay for hosting. We wouldn't have a
problem also paying for code signing certs. I'm not worried about the
cost, though I'd prefer not to pay more than we need to for them.

> I didn't even notice until I looked for it to be honest.
> Perhaps there could be other ways to get donations, such as a libre-pay
> sort of subs thing? .. or even making the donate button a bit more
> prevalent (obviously, without shoving it in users faces like some do).

I'd push a bit harder for donations if they weren't keeping up with
costs, but presently they are.

> Speaking of which, I've just made a small donation..

Thanks.

--
J.
User avatar
uckelman
Site Admin
 
Posts: 9014
Joined: December 10th, 2007, 9:48 am
Location: Durham, England

Re: Code signing

Postby Flint1b » July 21st, 2020, 1:13 pm

uckelman wrote:racket for companies selling code signing certificates


Yes.

Don't have anything productive to add to this discussion as I've said goodbye to all these problems long ago by switching to linux and nowadays I'm laughing at the inconveniences that windows/mac users have.

I don't think we can sign the java binaries, they should be signed by whoever produces them. And AVs will probably always be nervous when an application brings it's own java executable, minecraft doesn't list the AVs at the top of their "incompatible software" list for fun.
User avatar
Flint1b
 
Posts: 461
Joined: May 19th, 2020, 12:27 am
Location: Colonia Agrippina

Re: Code signing

Postby uckelman » July 21st, 2020, 1:28 pm

Thus spake Flint1b:
> Don't have anything productive to add to this discussion as I've said
> goodbye to all these problems long ago by switching to linux and
> nowadays I'm laughing at the inconveniences that windows/mac users have.

This would by my attitude as well were I not in the position of supporting
software for use on Windows and Macs.

> I don't think we can sign the java binaries, they should be signed by
> whoever produces them. And AVs will probably always be nervous when an
> application brings it's own java executable, minecraft doesn't list the
> AVs at the top of their "incompatible software" list for fun.

My _guess_ is that we shouldn't sign the Java executables ourselves, but
that's only a guess. At present, I don't know if they're already signed,
and I'm not sure how to check.

--
J.
User avatar
uckelman
Site Admin
 
Posts: 9014
Joined: December 10th, 2007, 9:48 am
Location: Durham, England

Re: Code signing

Postby uckelman » July 21st, 2020, 1:52 pm

This, from the AdoptOpenJDK blog, seems to suggest that the bundler should oversign some of the bundled AdoptOpenJDK pieces: https://blog.adoptopenjdk.net/2020/05/a ... plication/
User avatar
uckelman
Site Admin
 
Posts: 9014
Joined: December 10th, 2007, 9:48 am
Location: Durham, England


Return to Developers

Who is online

Users browsing this forum: No registered users and 4 guests