Mail Archives: cygwin/2025/05/04/06:41:10

James Hanley via Cygwin <cygwin AT cygwin DOT com> · Sun, 4 May 2025 06:40:35 -0400

Cygwin as an organization can act as your own CA and leave it up to IT organizations to add the Cygwin public TA cert to the CA trust store.
-Jim

> On May 3, 2025, at 3:43â€¯PM, Jeremy Drake via Cygwin <cygwin AT cygwin DOT com> wrote:
> 
> ï»¿On Sat, 3 May 2025, Brian Inglis via Cygwin wrote:
> 
>>> On 2025-05-03 12:21, Roland Mainz via Cygwin wrote:
>>> Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can
>>> be signed with signtool
>>> (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool)?
>> 
>> No - would break the Cygwin licence terms unless MS releases source!
> 
> Huh?!?
> 
>> Cygwin supports osslsigncode:
>> 
>>    https://cygwin.com/packages/summary/osslsigncode-src.html
>> 
>> OpenSSL-based Authenticode signing and timestamping tool
>> 
>> Platform-independent tool for Authenticode signing of PE(EXE/SYS/DLL/etc), CAB
>> and MSI files. It also supports timestamping (Authenticode and RFC3161).
>> 
>> That would require our volunteers to find and spend more of their free time to
>> integrate the tool into the package build processes, and it would not be
>> available until the volunteers find more of their free time once the next
>> release of each upstream package becomes available.
> 
> It would also require getting an X.509 code signing certificate from a
> Microsoft-blessed authority.  AFAIK, these are not free.  I do remember
> investigating a service for free signing of open-source binaries (I
> believe Vim.org uses it for its Windows binaries), but the requirements
> for integrating with the build automation (so they could verify that
> binaries weren't tampered with during build) was too onerous for MSYS2 to
> consider at the time.
> 
> --
> Problem reports:      https://cygwin.com/problems.html
> FAQ:                  https://cygwin.com/faq/
> Documentation:        https://cygwin.com/docs.html
> Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

-- 
Problem reports:      https://cygwin.com/problems.html
FAQ:                  https://cygwin.com/faq/
Documentation:        https://cygwin.com/docs.html
Unsubscribe info:     https://cygwin.com/ml/#unsubscribe-simple

DMARC-Filter:	OpenDMARC Filter v1.4.2 delorie.com 544AfAxC4148602
Authentication-Results:	delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com
Authentication-Results:	delorie.com; spf=pass smtp.mailfrom=cygwin.com
DKIM-Filter:	OpenDKIM Filter v2.11.0 delorie.com 544AfAxC4148602
Authentication-Results:	delorie.com;
	dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=Cm3oN8uR
X-Recipient:	archive-cygwin AT delorie DOT com
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 886CF3858C62
DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com;
	s=default; t=1746355269;
	bh=r/Tr0KXf1zmKwhnAS3S9kw3jHRgdipNvXLToVgYibLY=;
	h=Subject:Date:References:Cc:In-Reply-To:To:List-Id:
	List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:
	From:Reply-To:From;
	b=Cm3oN8uRURR3SkgeCLk5cSTmRSlyAi/YTharzH2whWiJHNRgf9UeyafoGST29jKfk
	4/fBFFsNeD6rEj25o4aBmQfrksMy+VP0oQuOHiLPB0T8Q+v/Ps3PZY/ibTYW+tPrMA
	r+ClgCQmNo07OaqOrbbjDnODJMoyLK5mDB5BOAjk=
X-Original-To:	cygwin AT cygwin DOT com
Delivered-To:	cygwin AT cygwin DOT com
DMARC-Filter:	OpenDMARC Filter v1.4.2 sourceware.org 37C863858C42
ARC-Filter:	OpenARC Filter v1.0.0 sourceware.org 37C863858C42
ARC-Seal:	i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1746355247; cv=none;
	b=LroyVM3DN+xcKlYahTfFKFqDYuJ8S0x61C7jojyQ0Klar7p2kB/J/Gs6BvORAOnvZtteNtDwZiMvKvOMxEnzux3vC1T9esQ6c2IqoeWatOVKSo102GxLeIOPI+1OcDkbfXehcDRiIm0yZbMpTuyVs2enFNco0DeEXZFz0T3QFQA=
ARC-Message-Signature:	i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1746355247; c=relaxed/simple;
	bh=Qu+dxdl5a9amujZti79seVYyJJWN/bszXY+h+Hndmpo=;
	h=DKIM-Signature:From:Mime-Version:Subject:Date:Message-Id:To;
	b=tvpVV6UQ6ChQIq3dwuM/IIbYzHvxnEIigzFchnOJ/YeE3vXjEgahcfBvetTjUBIrg9FAAjEQ2FIiRazTz8EC8QKxIQXVnC0HB7oGxygNxo0MnRiMpc6dLEpddQ2Kb08sUABRNK+hjU4DzpUG6ZiR58fzir70QMwDVBO0NZ4qz/E=
ARC-Authentication-Results:	i=1; server2.sourceware.org
DKIM-Filter:	OpenDKIM Filter v2.11.0 sourceware.org 37C863858C42
X-Google-DKIM-Signature:	v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20230601; t=1746355246; x=1746960046;
	h=to:in-reply-to:cc:references:message-id:date:subject:mime-version
	:from:content-transfer-encoding:x-gm-message-state:from:to:cc
	:subject:date:message-id:reply-to;
	bh=Go8a8Y6oNymT67WC1rbKAkcjx5ngJWZTq7rH7XgIUzw=;
	b=Jut3YvUrwE7n621BlsbdDodb1rQC10TJthb/0Y9sFOh2yOqPbZkUB2UWSvlJUyZ4Zl
	mKsp35GCpL5kSoLnewUQHbJ+PPEsNjUchl6emGwwdW7pGVGBqYmzKn4SvFDizWQBBegP
	zn02gYSj/LkiNhjmGqVc2nUB5m7CK5ecYqCT6yLx6QCtxWSenQqN+ISvf1YdR9ZZBogQ
	TkV+rcXVpFFF2Pu7Rml/B7DG32MAc5UdC/vGnni2kVplnFYM4KqjTBg5LTT3yaxvbANk
	+lwIi2qFD///iWqQ9du64HD78c23rPUQd4vScHc5FWEcP16c/KRODTtmQGJue6lKqweY
	vCFw==
X-Gm-Message-State:	AOJu0YzyZYOktviAdDE300jaJkcHEkCQhJ1Lu7BsSdECIu2k7Syghgyv
	9qgfve3MC0E/9G0eo3ixvUXRuuJvxmPm2fY2E0cV+znsHMinxGT8qLKFDGbgfvE7RLQkSLMudYg
	=
X-Gm-Gg:	ASbGncuYgc8dx349MMHEZcIXjmQGSasuhr3MOdufya+Ji+cgDcoNtmVnwgIj/kUkg1w
	grMuv6FXqGYFg3uqS/Mut0hjZnARrQkXQAyHvhJRdvGVJ2Yor3FqjtfQxB0Ra5PLvFuruHlhdS5
	f75PIZg7eVx7gGA9gb0StPz0l6nYQqI0tyzp+MvwHOkH50HrWiWZJsSu1lmyzKaXFcTVcqM8mvi
	jVH31Qu0kIlCCWHJnG4qQB6xC+hsU0LkxdKY7dkiykmT6ZusgmjjBgi9vU2YU9PaHdjOHAkguTR
	Mf9jrjoTplOIaG+Q7fPsvhqyMVKP0JudnGc2NH39z8X3kRaFy9mk9q5ez4BK3HcFB3flXA==
X-Google-Smtp-Source:	AGHT+IEidHSJOhQ+Y9/dxH0eajrxUr/ltDIi5cgIVKdbPixCHTHJWRsuhnSYxBWK5r265mdYU8Agfw==
X-Received:	by 2002:a05:690c:6f92:b0:708:3532:ec9a with SMTP id
	00721157ae682-708eaf6d2b7mr44451847b3.34.1746355246285;
	Sun, 04 May 2025 03:40:46 -0700 (PDT)
Mime-Version:	1.0 (1.0)
Subject:	Re: Signing cygwin.com binaries with signtool by default ?
Date:	Sun, 4 May 2025 06:40:35 -0400
Message-Id:	<A9978416-D4F7-4DD3-B7DB-199387C9EAF0@dgtlrift.com>
References:	<082cda25-f30a-f3c2-a360-63551c38f904 AT jdrake DOT com>
Cc:	Brian Inglis via Cygwin <cygwin AT cygwin DOT com>
In-Reply-To:	<082cda25-f30a-f3c2-a360-63551c38f904@jdrake.com>
To:	Jeremy Drake <cygwin AT jdrake DOT com>
X-Mailer:	iPhone Mail (22E252)
X-BeenThere:	cygwin AT cygwin DOT com
X-Mailman-Version:	2.1.30
List-Id:	General Cygwin discussions and problem reports <cygwin.cygwin.com>
List-Unsubscribe:	<https://cygwin.com/mailman/options/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe>
List-Archive:	<https://cygwin.com/pipermail/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-request AT cygwin DOT com?subject=help>
List-Subscribe:	<https://cygwin.com/mailman/listinfo/cygwin>,
	<mailto:cygwin-request AT cygwin DOT com?subject=subscribe>
From:	James Hanley via Cygwin <cygwin AT cygwin DOT com>
Reply-To:	James Hanley <jhanley AT dgtlrift DOT com>
Errors-To:	cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com
Sender:	"Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com>
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id 544AfAxC4148602

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019