Am Montag, 15. Januar 2024, 01:34:05 CET schrieb Dirk Hohndel via subsurface: > Not being able to leave your house, a laptop and internet connection... > ideal conditions to keep dinking around with stuff :) > > On Jan 13, 2024, at 10:53, Dirk wrote: > > > > In order to address some of these concerns, I built a new download page > > and some automation that keeps it updated. This happens with, at a > > minimum, a 1h time lag so that all binaries show up at the same time; > > this also gives us some margin of error if we merge something that fails > > that allows us to not post a release. And of course there's a mechanism > > to manually point at a different release. > So this should now be the https://subsurface-divelog.org/latest-release/ > page - clearly showing that this is the Latest CICD Release. > > In addition, there is a https://subsurface-divelog.org/current-release/ > Current Release page. With the goal to iterate this more slowly - maybe > once a week. And, now that I had the time to figure out how this can work > (see above), this even links to a SIGNED macOS DMG. > > Finally, app signing. > > Given how painful macOS makes it to install unsigned apps, I think I'll > > need to figure out how to sign at least the "weekly" builds. I doubt that > > I can truly automate that, but maybe I can figure out a way to keep up > > with things. > Done > > > As for Windows - that's a harder problem. The signing mechanisms for > > Windows are either prohibitively expensive (even with the generous > > donations from some of you - we are talking around $300-500 a year plus > > hardware cost (as I would need an actual real Windows machine for this -- > > apparently doing this in a VM no longer works) for what is essentially a > > blessed random number. The old system that was more affordable > > (~$100/year) has been killed by Microsoft when they started making > > additional requirements (including allowing signing certificates only > > when they are on hardware keys). And as I mentioned before, I'm seeing a > > lot more companies release unsigned apps for Windows again. If a better > > and more realistically priced solution pops up, I'll happily revisit this > > topic. > Also, some googling and following countless broken links later... it appears > there is a not quite as expensive option: > https://cheapsslsecurity.com/fastssl/code-signing-certificate.html > > With the required hardware token, a three year certificate is about $500 > with shipping - so $170/yr. That is still a lot, but seems more doable. Now > all I would need is a Windows PC 🤣
AFAIK you don't need a windows pc for this. At work, I'm able to sign windows apps on my linux system using a hardware token. that works just fine. it's even possible to let more people use that token if you make it available over the network (usb over it)... /martin
_______________________________________________ subsurface mailing list subsurface@subsurface-divelog.org http://lists.subsurface-divelog.org/cgi-bin/mailman/listinfo/subsurface
