Ways to perform EV code singing od Win Desktop app in cloud
We use EV code signing for our Windows Desktop app, so that SmartScreen treats it as trusted. That's all good, except the signature process requires hardware token to be plugged-in in the system where signing process happens. Now we would like to move building process to cloud and... that's the question: how is it supposed we could plug token to AWS?? Maybe there are another solutions for this issue? I can't believe that huge developers do all builds manually in order to have them signed.
See also questions close to this topic
How to Deploy EFS-Provisioner with PVC working
I have successfully deployed
efs-provisionerfollowing the steps outlined in efs-provisioner.
But the PVC is hanging in
PendingState displaying the same message:
waiting for a volume to be created, either by external provisioner "example.com/aws-efs" or manually created by system administrator.
What could be a reason why PVC is not created properly?
Data error (cyclic redundancy check) when publish cloud project into azure
I have a cloud project and having two Roles in it. I am trying to publish cloud project into Azure Cloud Service but getting error i.e. Data error (cyclic redundancy check). C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\Microsoft\VisualStudio\v15.0\Windows Azure Tools\2.9\Microsoft.WindowsAzure.targets
I published the same cloud project in Azure many times from other systems but unable to publish it from current system that I am using.
Tracking single users activity in cloud services
I have properly working application based on firebase. I need to get information about activities (e.g. on which screen how much time did he spend) of one exact user. I know I would have to connect my app to Big Query, it is too expensive though.
Do you know if Microsoft Azure or other cloud services provide such service (storing exact information about users' activities) on better conditions than Firebase?
Is there a way in Install4j to expose additional logging output during counter signing?
I'm encountering a counter signing error while building an installer
Creating media file 'Multi-File Windows': Collecting files: Compiling launchers: Creating media file: Signing executable install4j: compilation failed. Reason: error during counter signing
I'm wondering if there is a way to expose more information on why the counter signing failed.
I tried two different DigiCert Time Stamping services; Verisign and Globalsign. Both returned the same error, so I'm thinking it isn't an issue on their end. But I don't have enough information to figure out what could be going wrong.
This was on Install4j version 5.1.15
Provisioning profile & signing issue
I am having a signing issue when trying to send an update to iTunes Connect for an iOS app.
For the: Signing (Release) I choose a Provisioning profile
Provis_AppStorewhich is a distribution profile. It uses a Distribution certificate.
And I get this problem:
Provisioning profile "Provis_AppStore" doesn't include signing certificate "iPhone Developer: My Name (A1B2C35XY)".
What is the solution here? And why do I get this message about "iPhone Developer" when my profile is signed with a distribution certificate?
Note that before making this post, I have tried "Automatically manage signing" as I recently do most of the time to avoid this kind of issue. But (this app probably being an old one), it did not work.
Precisely, if I want to use Automatically manage signing; this what I get:
WARNING ITMS-90076: "Potential Loss of Keychain Access. The previous version of software has an application-identifier value of ['A1B2C3D4.my.name.software.MyApp'] and the new version of software being submitted has an application-identifier of ['X6Y7Z8W9.my.name.software.MyApp']. This will result in a loss of keychain access."
Xcode signing using Jenkins
I am trying to sign and archive my Unity application with Jenkins. I have the Xcode jenkins plugin installed and everything seems to run well except for a strange problem.
During the xcodebuild phase, when the archive should be signed, I get the following error:
error: No signing certificate "iOS Development" found: No "iOS Development" signing certificate matching team ID "QF6V2M666X" with a private key was found. (in target 'Unity-iPhone')
Now the problem is that I am not trying to build for development, but for production. I have a production provisioning profile used, which is pointing the production certificate. The team id is the production team id (changed here for security reasons). Here is another part of the build output:
Going to invoke xcodebuild:, scheme: Unity-iPhone, sdk: DEFAULT, project: DEFAULT, configuration: Release, clean: NO, archive:YES, consolelog:YES, symRoot: DEFAULT, buildDir: DEFAULT, developmentTeamID: QF6V2M666X
[sr-ios] $ /usr/bin/xcodebuild -scheme Unity-iPhone -configuration Release archive -archivePath
When I open the project in Xcode, I can see that for some reason Xcode selects "IOSDeveloper" in the code signing identities part and not "IOSDistribution" (or the actual certificate in the provisioning profile):
I don't know if this can be changed from Jenkins, but I think Xcode should pick this up from the provisioning profile.
Is EV code signing enough to guarantee no Windows SmartScreen security warnings?
I am developing a portable C# application to be distributed to Windows computers. (Users will just download a zip file containing the application binary - nothing through the Windows app store.)
If I sign the application with an EV (Extended Validation) code signing certificate from a reputable certificate authority, could I be 100% sure my application will not trigger any Windows SmartScreen warnings?
If not, what are the steps to minimize the risk of that?
"Proper" way of releasing software and creating an installer for it
Let's suppose I've just created an app in visual studio and now I want to distribute it. I've set the app to release mode and I have a copy of the app that works just fine. My main question is how would I go about creating an installer for it and making sure Windows knows it's trustworthy? Do I have to create some sort of certificate?
I've been searching and downloaded NSIS but I'm not sure how to use it so I just used Inno Setup Compiler which works just fine. Sometimes Avast checks my application and takes about 5 or 10 seconds before opening it but that doesn't happen with other applications.
Is that a problem with avast?
Does modifying the source code and build and resign my desktop app affect its reputation?
I have a desktop app built using Electron Framework. I have signed its installer and put it in my google drive for downloading. Because I signed with standard certificate, SmartScreen still shows warning when user runs it.
I have read some articles that says that it takes some time and downloads to build good reputation for the app. While I'm waiting for its to gain better reputation, I have some more feature to put in it. So I want to go and change its source code and rebuild and resign it with the same certificate. Does this process of gaining reputation start over again if I do like this?