View Issue Details

IDProjectCategoryView StatusLast Update
0004531Slicer4Core: Building (CMake, Superbuild)public2018-11-01 15:08
ReporterjcfrAssigned Tojcfr 
PrioritynormalSeverityminorReproducibilityhave not tried
Status assignedResolutionopen 
Product Version 
Target VersionbacklogFixed in Version 
Summary0004531: Automated signing of Stable and Preview build artifacts
Description

Following our meeting with Kitware team, we identified a way forward

While we have an internal document with a lot more details and comments, I will share here only few notes and comments.

Roughly, the plan would be to have:

  • a windows and a macOS workstation
    • these would NOT be connected to the internet while the dongle with the signing key is plugged.
    • these would only be visible from Kitware internal network.
  • a server to manage the request to sign.
  • only dashboard in either internal network or DMZ will be able to communicate with the signing server.
    • artifacts to sign are either uploaded or copied into a shared space (exact workflow to be defined)
    • the two machines responsible to run the signing scripts will be pulling from the signing server / shared space (nothing is pushed to the signing machine)
    • once signing is completed, dashboard are either stopping their active wait loop to resume the build process (or are notified to take action) . And then copy the mutated artifact.

There is also some complexity to update the operating system of the signing machine (e.g updating firewall rule, ... )

While I do not have an exact date of completion, we are making progress. We already bought the two machine responsible for running the signing scripts.

References:

TagsNo tags attached.

Relationships

related to 0002697 resolvedjcfr Associated publisher to windows NSIS installer - signing of package/application 
related to 0002708 resolvedjcfr Gatekeeper - Mac OSX 10.8 - Can't open because it s from an unidentified developer 

Activities

jcfr

jcfr

2018-11-01 15:07

administrator   ~0016188

Last edited: 2018-11-01 15:08

View 2 revisions

As indicated in 0002708, macOS packages can be signed.

Issue History

Date Modified Username Field Change
2018-03-31 00:58 jcfr New Issue
2018-03-31 00:58 jcfr Status new => assigned
2018-03-31 00:58 jcfr Assigned To => jcfr
2018-03-31 01:00 jcfr Description Updated View Revisions
2018-03-31 01:01 jcfr Relationship added related to 0002697
2018-03-31 01:01 jcfr Relationship added related to 0002708
2018-11-01 15:07 jcfr Note Added: 0016188
2018-11-01 15:08 jcfr Note Edited: 0016188 View Revisions