Home » MuseScore project » MuseScore » Issues

Sign the MuseScore installer

Submitted by Thomas on April 3, 2012 - 2:04pm.
Project:MuseScore
Component:Code
Category:task
Priority:normal
Assigned:Thomas
Status:closed
Description

We received a question from a Microsoft employee: "did you guys actually digitally sign the install routine so it's source can be publicly verified?". The answer is no, not yet.

First investigation reveals that we will need to acquire a Certificate from a Certificate Authority.

Source:
* http://stackoverflow.com/questions/2282002/how-to-sign-an-installer-to-p...
* http://msdn.microsoft.com/en-us/library/ms537361(VS.85).aspx

#1
Submitted by Thomas on April 3, 2012 - 6:20pm.
Assigned to:Anonymous» Thomas

Assigning this issue to myself in order to follow it up.

#2
Submitted by Thomas on February 7, 2013 - 1:11am.
Status:active» fixed

And code signing is in thanks to lasconic.

code-signing-successful.png

AttachmentSize
code-signing-successful.png 24.79 KB
#3
Submitted by lasconic on February 7, 2013 - 1:21am.
Status:fixed» active

Still some work before release.

#4
Submitted by Xavierjazz on February 7, 2013 - 5:06am.

Way to go Guys. This looks very exciting to me.

#5
Submitted by lasconic on February 27, 2013 - 10:14am.

Build procedure to sign MuseScore 1.3 binaries and installer

SignTool is necessary. It's part of the Windows SDK.
An authenticode certificate needs to be installed on the computer.

Compile and install

make -f Makefile.mingw release
make -f Makefile.mingw install

Sign all exe and dll files in win32install. Timestamp them. Substitute CERT filename and PASSWORD.

set dSource=win32install
for /f "delims=" %%f in ('dir /a-d /b /s "%dSource%\*.dll" "%dSource%\*.exe"') do (
echo "Signing %%f"
SignTool" sign /f "CERT.pfx" /t http://timestamp.verisign.com/scripts/timstamp.dll /p PASSWORD "%%f"
)

Package

make -f Makefile.mingw package

Sign the installers Substitute CERT filename and PASSWORD.

set FILEPATH=win32build\MuseScore-1.3.msi
for /F %%i in ("%FILEPATH%") do set FILENAME=%%~nxI
SignTool sign /f "CERT.pfx" /t http://timestamp.verisign.com/scripts/timstamp.dll /p PASSWORD /d %FILENAME% %FILEPATH%


set FILEPATH=win32build\MuseScore-1.3.exe
for /F %%i in ("%FILEPATH%") do set FILENAME=%%~nxI
SignTool sign /f "CERT.pfx" /t http://timestamp.verisign.com/scripts/timstamp.dll /p PASSWORD /d %FILENAME% %FILEPATH%

#6
Submitted by lasconic on February 27, 2013 - 10:15am.
Status:active» fixed

fixed for 1.3

#7
Submitted by Jojo-Schmitz on February 27, 2013 - 10:21am.

Shouldn't this info get added to the developers' handbook?
Or would it be different for 2.0?

#8
Submitted by lasconic on February 27, 2013 - 12:48pm.

The developer handbook is for developers. They don't need to sign or even create the installer.

#9
Submitted by System Message on March 13, 2013 - 12:50pm.
Status:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.

Syndicate content