digitally sign Windows downloads of talosctl #9067
Comments
|
We plan on doing this at some point as we're getting the chocolaty repo transferred to siderolabs so we can properly release it in that repo. A helpful walkthrough on how we can do it with GitHub CI https://federicoterzi.com/blog/automatic-codesigning-on-windows-using-github-actions/ |
|
@rothgar I got properties added to the omnictl Windows binary with the bulk of the change in Dockerfile. Since Dockerfile is generated though, I need to figure out the kres stuff and figure out where/how to adjust that. I'm sure similar adjustment would be needed for the signing too. That's in pull request draft siderolabs/omni#667 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature Request
digitally sign the talosctl executable for Windows to help build reputation so SmartScreen and similar download screening can build reputation around a SideroLabs signing certificate instead of the current state of treating the downloads independently which means new version have no reputation and get treated as suspicious and made hard to download in browser.
Description
Frequently talosctl downloads will trigger initial SmartScreen blocking.
Omnictl has similar issues and a feature request was opened for it as well.
The text was updated successfully, but these errors were encountered: