Skip to content

Automate desktop installer signing in CI (.deb GPG + Windows Authenticode) #108

Description

@ahmetabdullahgultekin

Why: Desktop installer signing is a manual, deploy-server-only step today: every .deb is hand-signed with dpkg-sig (key lives only on the deploy server, not in CI secrets), and the Windows .msi is unsigned (Authenticode deferred pending a code-signing cert), so users hit a SmartScreen prompt. SIGNING.md documents the exact future CI steps for both.

Done when: the desktop-installers.yml workflow imports GPG_PRIVATE_KEY_B64 and signs+verifies the .deb automatically (and, once a cert is provisioned, Authenticode-signs the .msi), and SIGNING.md is updated to 'signing is automatic'.

source: docs/SIGNING.md:105


Migrated from docs/SIGNING.md:105.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions