Sign the MuseScore installer
We received a question from a Microsoft employee: "did you guys actually digitally sign the install routine so it's source can be publicly verified?". The answer is no, not yet.
First investigation reveals that we will need to acquire a Certificate from a Certificate Authority.
Source:
* http://stackoverflow.com/questions/2282002/how-to-sign-an-installer-to-…
* http://msdn.microsoft.com/en-us/library/ms537361(VS.85).aspx
Comments
Assigning this issue to myself in order to follow it up.
And code signing is in thanks to lasconic.
Still some work before release.
Way to go Guys. This looks very exciting to me.
Build procedure to sign MuseScore 1.3 binaries and installer
SignTool is necessary. It's part of the Windows SDK.
An authenticode certificate needs to be installed on the computer.
Compile and install
make -f Makefile.mingw release
make -f Makefile.mingw install
Sign all exe and dll files in win32install. Timestamp them. Substitute CERT filename and PASSWORD.
set dSource=win32install
for /f "delims=" %%f in ('dir /a-d /b /s "%dSource%\*.dll" "%dSource%\*.exe"') do (
echo "Signing %%f"
SignTool" sign /f "CERT.pfx" /t http://timestamp.verisign.com/scripts/timstamp.dll /p PASSWORD "%%f"
)
Package
make -f Makefile.mingw package
Sign the installers Substitute CERT filename and PASSWORD.
set FILEPATH=win32build\MuseScore-1.3.msi
for /F %%i in ("%FILEPATH%") do set FILENAME=%%~nxI
SignTool sign /f "CERT.pfx" /t http://timestamp.verisign.com/scripts/timstamp.dll /p PASSWORD /d %FILENAME% %FILEPATH%
set FILEPATH=win32build\MuseScore-1.3.exe
for /F %%i in ("%FILEPATH%") do set FILENAME=%%~nxI
SignTool sign /f "CERT.pfx" /t http://timestamp.verisign.com/scripts/timstamp.dll /p PASSWORD /d %FILENAME% %FILEPATH%
fixed for 1.3
Shouldn't this info get added to the developers' handbook?
Or would it be different for 2.0?
The developer handbook is for developers. They don't need to sign or even create the installer.
Automatically closed -- issue fixed for 2 weeks with no activity.