DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 543IoqKe3796930 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 543IoqKe3796930 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=IgDQGOjG X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 517333858405 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1746298251; bh=BTt9iH0tgPf/6qq/LhBjyCm5+LUgSUykTuf/OkgBjGk=; h=References:In-Reply-To:Date:Subject:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To: From; b=IgDQGOjGF1Xif/eLYnH1mYHjZcevkQT/m2iJy36tfhhMpNDKn+yfGArgjUgmYC5Q+ JdTXC69MEmXVD3PG4/NS/naFnEyjltGppvLOnbOdHPHN6wBzW8UQA3grGq9aAVQKN3 URET7pKTgkk/AR8gOCOBt5jlc8ulnMAKhDVQCQNw= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 4218E3858D21 ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 4218E3858D21 ARC-Seal: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1746298227; cv=pass; b=wJio1qI7VZvNondyXl0QYxlAGmjolrAV02lkOmowmIetT1f4Zrt0wdlxhzKr7C9VR7VOukNMMrepvOfVE40NPTbWsNpwMID5tzm81mpu4hiTTjCVY1P3GfLgXnk3KqEH4OaQaZLCEcf5aUyvoa9hg1KJwZEdVVmBKBt89VaGKvA= ARC-Message-Signature: i=2; a=rsa-sha256; d=sourceware.org; s=key; t=1746298227; c=relaxed/simple; bh=UCcIOfshrxoFguvtfNaov5Mp7xymBQ1vgyf9aCak7K0=; h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=Qs+ekjb9D9fSHAdjcVYP1fxpXjqSuCKrNcafzaA9OQw1ItZnM+o5KOBO4i0J5j/rOo4e8cigQcPxAvX6pSpAekKXGMlKbPzQKLN43B+YpwCz+jO55D7UwG/t4YRpqmh7x3bjn99QIVv9pMaWG+ubITKqx+t5UPjHKIsIP7K9ZyQ= ARC-Authentication-Results: i=2; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4218E3858D21 X-Sender-Id: dreamhost|x-authsender|gisburn AT nrubsig DOT org ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1746298225; a=rsa-sha256; cv=none; b=REWG5764L+c92lrsYLSDQ7zmAjITORUdGyON0vwlEby9RvAPXB5T5N7n5Dn3qoS6lrf/8c L8iMMziOUmGI4p8mSS9DBLoVz3iuHuJKWPziKMVmWVNHqpnkh8ciE9redxqhRFzBzlcDhO DMG0DTzwSfFj0MQ3DM0DfIeKxjX8LHu5p/ORh1XeazHOZ8ql/GoqtfhXBr1RKEmYxca+5c sFS4PHO1zA6dLftJnNGDL5eQfPdfwkV9nVJWrmbwe0qApPVkpmuaKtbKi6coYm4sFk0igm y3F7KNEyRAZuIx65MxhOn7Gbf/i6RE/fEZX4Rb3F+X9+a82hxLK/hXp60hAldA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1746298225; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Zv8eYZdXipnlZrEf5BHQr4/eMhzpJYuL/NbBt62WIwM=; b=YddtZFA7/VzNsNTE9tr+3ay3sv50sOocYrLQkzua0wwi2qv733TNZ6X0crpWb3OPMIPcfZ CgHl3bJf4ieKJWTQYeF20UdI12Zx86WQg0PGmj++K2DQPINbLWgS86ZEAmDPX+VxSuvvec B1njic0PiSilJ2xxoyKyPfYaD8r22dJGzs9bflJ3ngn49UstowjL8mwxUiVf8b0+wAdU0e 9RrtTLo9rLK0x3DleF21LoCDwbfzVWsq8D1CPLYftMpaowlThKewjpBXuEA0FDULQw13S6 yA55/+KO6J6THC2txI8wWuWqaRaRPrR5fAtuQxD+FKMWBOFgQRiKEU8uIofFUQ== ARC-Authentication-Results: i=1; rspamd-56c68c6fd9-b8s9d; auth=pass smtp.auth=dreamhost smtp.mailfrom=roland DOT mainz AT nrubsig DOT org X-Sender-Id: dreamhost|x-authsender|gisburn AT nrubsig DOT org X-MC-Relay: Bad X-MailChannels-SenderId: dreamhost|x-authsender|gisburn AT nrubsig DOT org X-MailChannels-Auth-Id: dreamhost X-Supply-Fumbling: 7eb96c6e09b85b6d_1746298226167_2607834349 X-MC-Loop-Signature: 1746298226167:2738493695 X-MC-Ingress-Time: 1746298226167 X-Gm-Message-State: AOJu0YwkAp3KjBB9cYLP6gpuMImJ27EPQX23SZVgqlHXhXMzecDNaBIo eMq0BzTz4zXP6ITXVTpWTtrMHsHhTlrrDuLYjMFc/k3z2uoedi0QOVNA+SSQfU1yBjd0A6UbTrS QFukdS3AEbvI994J8XFOQU5pSDMM= X-Google-Smtp-Source: AGHT+IFK3eWJgO8JoOOUWYtsIirSL80Qert9E1kJnvj621rLY5bWKWX0RiFePi/BA01SPGkCWSEx++xt72wLlknRivo= X-Received: by 2002:a5d:59af:0:b0:3a0:8bf6:dc8 with SMTP id ffacd0b85a97d-3a094035176mr8210010f8f.11.1746298224201; Sat, 03 May 2025 11:50:24 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Sat, 3 May 2025 20:49:48 +0200 X-Gmail-Original-Message-ID: X-Gm-Features: ATxdqUFNHIZEAdyPtgmB0_mmMokLVoWsEEbYLa-rokc-mlKf9UZBzkbEZ0z09v4 Message-ID: Subject: Re: Signing cygwin.com binaries with signtool by default ? To: cygwin AT cygwin DOT com X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 List-Id: General Cygwin discussions and problem reports List-Archive: List-Post: List-Help: List-Subscribe: , From: Roland Mainz via Cygwin Reply-To: Roland Mainz Content-Type: text/plain; charset="utf-8" Sender: "Cygwin" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id 543IoqKe3796930 On Sat, May 3, 2025 at 8:21 PM Roland Mainz wrote: > Is it somehow possible that the CI+Release binaries (*.exe, *.dll) can > be signed with signtool > (https://learn.microsoft.com/en-us/windows/win32/seccrypto/signtool) ? > It seems that Microsoft Defender has become overly aggressive to some > Cygwin binaries (mostly /usr/bin/hostname, /usr/bin/find, /usr/bin/tar > etc.) in the last couple of weeks and just blocks them. > > Our IT supports that they can "whitelist" binaries based on their > cryptographic signature... but neither the binaries from the CI nor > the Release binaries have any signatures... BTW: The Windows Defender rule which causes /usr/bin/find.exe, /usr/bin/hostname.exe etc. to be blocked is "Block use of copied or impersonated system tools" (C0033C00-D16D-4114-A5A0-DC9B3A7D2CEB) ... ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland DOT mainz AT nrubsig DOT org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 3992797 (;O/ \/ \O;) -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple