www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Juergen Schmidt <jogischm...@gmail.com>
Subject Re: Official code signing certificate
Date Mon, 25 Mar 2013 21:04:32 GMT
Am Montag, 25. März 2013 um 18:27 schrieb Clint Modien:
> When I worked on a project for Amazon the binaries were submitted via ssh to the security
department along with an md5 file for each binary.
> Before the project started I was required to produce a step by step document for signing
the code. (tools, downloads, setup)
> After the binaries were checked against their associated md5 hashes, security then simply
signed the binaries according to the process outlined in the document.
> I was told that the cert and private key were kept on a usb stick in a safe and the protocols
surrounding the handling of the usb stick were as strict as those used for nuclear launch
> I feel like the process to sign most code nowadays does not require the cert+key be available
during compilation… but I could be wrong.
it works probably later as well but as pointed out earlier, AOO is huge and complex and the
current process is a multistep signing process.  
1. dlls, exe etc. are signed
2. these files get packaged and cab files are signed as well
3. self extracting exe is created and also signed

Well I have to double check if I remember all steps correct. But it is close to the steps
described above. Accessing the cert during the build process is probably less error prone.
Keep in mind we have many packages for different languages.
Important is to find a working and scalable process and for this a dedicated build machine
seems to be one possible solution.


> On Mar 25, 2013, at 9:06 AM, Rob Weir <robweir@apache.org> wrote:
> >  
> > I like the idea of having multiple PMC members attest to the RC, by
> > signing or whatever. But we still would need to tie that back to a
> > SVN revision number somehow. In other words, how we do prove the
> > revision number that was used to build the RC?
> >  
> > Perhaps the flow is like this:
> >  
> > 1) RC built by buildbot and that records the SVN revision.
> >  
> > 2) Three PMC members sign the RC
> >  
> > 3) Comparison of the MD5 hashes for the signed RC and the buildbot
> > output confirms the revision that was used.
> >  
> > 4) Infra then releases the signing cert for use by buildbot automation
> > to rebuild the same revision
> >  

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message