Mail Archives: cygwin/2025/05/03/14:50:52

Roland Mainz via Cygwin <cygwin AT cygwin DOT com> · Sat, 3 May 2025 20:49:48 +0200

On Sat, May 3, 2025 at 8:21ā€ÆPM Roland Mainz <roland DOT mainz AT nrubsig DOT org> wrote:
> Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can
> be signed with signtool
> (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) ?
> It seems that Microsoft Defender has become overly aggressive to some
> Cygwin binaries (mostly /usr/bin/hostname, /usr/bin/find, /usr/bin/tar
> etc.) in the last couple of weeks and just blocks them.
>
> Our IT supports that they can "whitelist" binaries based on their
> cryptographic signature... but neither the binaries from the CI nor
> the Release binaries have any signatures...

BTW: The Windows Defender rule which causes /usr/bin/find.exe,
/usr/bin/hostname.exe etc. to be blocked is "Block use of copied or
impersonated system tools" (C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB) ...

----

Bye,
Roland
-- 
  __ .  . __
 (o.\ \/ /.o) roland DOT mainz AT nrubsig DOT org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 3992797
 (;O/ \/ \O;)

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 543IoqKe3796930
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 543IoqKe3796930
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=IgDQGOjG
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 517333858405
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1746298251;
	bh=BTt9iH0tgPf/6qq/LhBjyCm5+LUgSUykTuf/OkgBjGk=;
	h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe:
	List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:
	From;
	b=IgDQGOjGF1Xif/eLYnH1mYHjZcevkQT/m2iJy36tfhhMpNDKn+yfGArgjUgmYC5Q+
	JdTXC69MEmXVD3PG4/NS/naFnEyjltGppvLOnbOdHPHN6wBzW8UQA3grGq9aAVQKN3
	URET7pKTgkk/AR8gOCOBt5jlc8ulnMAKhDVQCQNw=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 4218E3858D21
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 4218E3858D21
ARC-Seal:	i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1746298227; cv=pass;
	b=wJio1qI7VZvNondyXl0QYxlAGmjolrAV02lkOmowmIetT1f4Zrt0wdlxhzKr7C9VR7VOukNMMrepvOfVE40NPTbWsNpwMID5tzm81mpu4hiTTjCVY1P3GfLgXnk3KqEH4OaQaZLCEcf5aUyvoa9hg1KJwZEdVVmBKBt89VaGKvA=
ARC-Message-Signature:	i=2; a=rsa-sha256; d=sourceware.org; s=key;
	t=1746298227; c=relaxed/simple;
	bh=UCcIOfshrxoFguvtfNaov5Mp7xymBQ1vgyf9aCak7K0=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To;
	b=Qs+ekjb9D9fSHAdjcVYP1fxpXjqSuCKrNcafzaA9OQw1ItZnM+o5KOBO4i0J5j/rOo4e8cigQcPxAvX6pSpAekKXGMlKbPzQKLN43B+YpwCz+jO55D7UwG/t4YRpqmh7x3bjn99QIVv9pMaWG+ubITKqx+t5UPjHKIsIP7K9ZyQ=
ARC-Authentication-Results:	i=2; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 4218E3858D21
X-Sender-Id:	dreamhost\|x-authsender\|gisburn AT nrubsig DOT org
ARC-Seal:	i=1; s=arc-2022; d=mailchannels.net; t=1746298225; a=rsa-sha256;
	cv=none;
	b=REWG5764L+c92lrsYLSDQ7zmAjITORUdGyON0vwlEby9RvAPXB5T5N7n5Dn3qoS6lrf/8c
	L8iMMziOUmGI4p8mSS9DBLoVz3iuHuJKWPziKMVmWVNHqpnkh8ciE9redxqhRFzBzlcDhO
	DMG0DTzwSfFj0MQ3DM0DfIeKxjX8LHu5p/ORh1XeazHOZ8ql/GoqtfhXBr1RKEmYxca+5c
	sFS4PHO1zA6dLftJnNGDL5eQfPdfwkV9nVJWrmbwe0qApPVkpmuaKtbKi6coYm4sFk0igm
	y3F7KNEyRAZuIx65MxhOn7Gbf/i6RE/fEZX4Rb3F+X9+a82hxLK/hXp60hAldA==
ARC-Message-Signature:	i=1; a=rsa-sha256; c=relaxed/relaxed;
	d=mailchannels.net; s=arc-2022; t=1746298225;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	to:to:cc:mime-version:mime-version:content-type:content-type:
	content-transfer-encoding:content-transfer-encoding:
	in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=Zv8eYZdXipnlZrEf5BHQr4/eMhzpJYuL/NbBt62WIwM=;
	b=YddtZFA7/VzNsNTE9tr+3ay3sv50sOocYrLQkzua0wwi2qv733TNZ6X0crpWb3OPMIPcfZ
	CgHl3bJf4ieKJWTQYeF20UdI12Zx86WQg0PGmj++K2DQPINbLWgS86ZEAmDPX+VxSuvvec
	B1njic0PiSilJ2xxoyKyPfYaD8r22dJGzs9bflJ3ngn49UstowjL8mwxUiVf8b0+wAdU0e
	9RrtTLo9rLK0x3DleF21LoCDwbfzVWsq8D1CPLYftMpaowlThKewjpBXuEA0FDULQw13S6
	yA55/+KO6J6THC2txI8wWuWqaRaRPrR5fAtuQxD+FKMWBOFgQRiKEU8uIofFUQ==
ARC-Authentication-Results:	i=1; rspamd-56c68c6fd9-b8s9d;
	auth=pass smtp.auth=dreamhost smtp.mailfrom=roland DOT mainz AT nrubsig DOT org
X-Sender-Id:	dreamhost\|x-authsender\|gisburn AT nrubsig DOT org
X-MC-Relay:	Bad
X-MailChannels-SenderId:	dreamhost\|x-authsender\|gisburn AT nrubsig DOT org
X-MailChannels-Auth-Id:	dreamhost
X-Supply-Fumbling:	7eb96c6e09b85b6d_1746298226167_2607834349
X-MC-Loop-Signature:	1746298226167:2738493695
X-MC-Ingress-Time:	1746298226167
X-Gm-Message-State:	AOJu0YwkAp3KjBB9cYLP6gpuMImJ27EPQX23SZVgqlHXhXMzecDNaBIo
	eMq0BzTz4zXP6ITXVTpWTtrMHsHhTlrrDuLYjMFc/k3z2uoedi0QOVNA+SSQfU1yBjd0A6UbTrS
	QFukdS3AEbvI994J8XFOQU5pSDMM=
X-Google-Smtp-Source:	AGHT+IFK3eWJgO8JoOOUWYtsIirSL80Qert9E1kJnvj621rLY5bWKWX0RiFePi/BA01SPGkCWSEx++xt72wLlknRivo=
X-Received:	by 2002:a5d:59af:0:b0:3a0:8bf6:dc8 with SMTP id
	ffacd0b85a97d-3a094035176mr8210010f8f.11.1746298224201; Sat, 03 May 2025
	11:50:24 -0700 (PDT)
MIME-Version:	1.0
References:	<CAKAoaQn=-jVLnrO1hmM_4JAPodO-YnUuw+fcnDScHa=d2G48=A AT mail DOT gmail DOT com>
In-Reply-To:	<CAKAoaQn=-jVLnrO1hmM_4JAPodO-YnUuw+fcnDScHa=d2G48=A@mail.gmail.com>
Date:	Sat, 3 May 2025 20:49:48 +0200
X-Gmail-Original-Message-ID:	<CAKAoaQkwnZ2LJeKwHFmJ7yWLxFvJrdp+3iewqzS6ujj0cupuJQ AT mail DOT gmail DOT com>
X-Gm-Features:	ATxdqUFNHIZEAdyPtgmB0_mmMokLVoWsEEbYLa-rokc-mlKf9UZBzkbEZ0z09v4
Message-ID:	<CAKAoaQkwnZ2LJeKwHFmJ7yWLxFvJrdp+3iewqzS6ujj0cupuJQ@mail.gmail.com>
Subject:	Re: Signing cygwin.com binaries with signtool by default ?
To:	cygwin AT cygwin DOT com
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	Roland Mainz via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	Roland Mainz <roland DOT mainz AT nrubsig DOT org>
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 543IoqKe3796930

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019