New signing rules - how will SB respond?
Friedrich,
I am sure you are aware of the new code signing rules for certificates sold after June 1, 2023.
How is SB going to function in that environment? It's curious, particularly as it relates to vendors offering HSM signatures that live somewhere in the cloud (AWS and others).
Some online services are popping up now (including the AWS HSM one I mentioned previously), and it appears that all of them will require 2 passes (at best) to sign an installers files (wildcarded) and then to sign the installer.
The more passes, the more you pay.
Mark
Re: New signing rules - how will SB respond?
Hi Mark,
at the moment, SB only supports software-based (traditional) and EV code-signing certificates. Code-signing is handled by Microsoft SignTool.
Do you have such a certificate available that lives on AWS?
Friedrich
Re: New signing rules - how will SB respond?
Friedrich,
We set it up, but the ongoing costs were prohibitive given that we didn't know if we'd be able to use it. Result: We turned it off for now.
Until we can do that, I may have to move builds from AWS back to my house, which is really undesirable. Or at least move signing to my house and ship files back and forth. Also undesirable.
Mark
Re: New signing rules - how will SB respond?
Hi Mark,
all this (new and old <g>) certificate stuff is a nightmare..........
Friedrich
Re: New signing rules - how will SB respond?
Mark,
I have requested information from several providers on how to use the new "code-signing in the cloud" stuff. Not too much information available right now...
Friedrich
Re: New signing rules - how will SB respond?
IIRC, there are several SAAS based providers, plus AWS (and I suspect, Azure). I havent looked much beyond that. One of our guys is handling it.
Re: New signing rules - how will SB respond?
BTW, we found another way to get HSM to work without paying $1000 a month for a HSM instance. Will eventually get this written up on ClarionHub.com
Re: New signing rules - how will SB respond?
WOW. Could you please keep me posted on how this work (for you)?
Thanks,
Friedrich
Re: New signing rules - how will SB respond?
It's working fine. Already in production in our cloud.
Re: New signing rules - how will SB respond?
Very cool! It would be great if we could work on this so we have a built-in solution in SB...
Friedrich