Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support AzureSignTool #767

Closed
2 tasks done
marcoesters opened this issue Mar 25, 2024 · 1 comment · Fixed by #771
Closed
2 tasks done

Support AzureSignTool #767

marcoesters opened this issue Mar 25, 2024 · 1 comment · Fixed by #771
Assignees
@marcoesters
Labels
locked [bot] locked due to inactivity type::feature request for a new feature or capability

Comments

@marcoesters
Copy link
Contributor

marcoesters commented Mar 25, 2024
edited
Loading

Checklist

  • I added a descriptive title
  • I searched open requests and couldn't find a duplicate

What is the idea?

AzureSignTool is another tool that can be used to sign binaries. It uses a vault to obtain the certificate instead of using a certificate file.

constructor should extend its support to different signing tools and also support key-vault signature processes.

Why is this needed?

Using vaults to sign binaries is going to be more and more important.
AzureSignTool uses a vault without files, so signing installers is not possible with this

As of now, constructor uses signtool.exe and local files to sign binaries, so AzureSignTool or other file-less signature tools will not work.

What should happen?

  • Expanding construct.yaml to allow for vaults to sign packages.
  • Allow for other tools to sign binaries, starting with AzureSignTool.

Additional Context

No response
@marcoesters marcoesters added the type::feature request for a new feature or capability label Mar 25, 2024
@marcoesters marcoesters self-assigned this Mar 25, 2024
@github-project-automation github-project-automation bot moved this to 🆕 New in 🧭 Planning Mar 25, 2024
@marcoesters
Copy link
Contributor Author

Supporting AzureSignTool is a two-pronged project:

  • signing_certificate is a file name. It can be overloaded to accept vault as a magic keyword or we create a new key.
  • AzureSignTool uses different arguments. If we want to future-proof this, we may want to create a class that can be expanded to add other tools in the future.

@marcoesters marcoesters moved this from 🆕 New to 🏗️ In Progress in 🧭 Planning Apr 8, 2024
@marcoesters marcoesters mentioned this issue Apr 9, 2024
Merged
3 tasks
@github-project-automation github-project-automation bot moved this from 🏗️ In Progress to 🏁 Done in 🧭 Planning May 8, 2024
@github-actions github-actions bot added the locked [bot] locked due to inactivity label Nov 5, 2024
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@marcoesters marcoesters

Labels
locked [bot] locked due to inactivity type::feature request for a new feature or capability
Projects
🧭 Planning
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support azure signtool marcoesters/constructor
1 participant
@marcoesters